From 59430e90b1b9334761d815aeb6e519effe7e5243 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 13 Feb 2018 17:52:52 +0100
Subject: [dozmod] Move subpages to pages/, hide pages where user has no
 permission

---
 modules-available/dozmod/pages/users.inc.php | 121 +++++++++++++++++++++++++++
 1 file changed, 121 insertions(+)
 create mode 100644 modules-available/dozmod/pages/users.inc.php

(limited to 'modules-available/dozmod/pages/users.inc.php')

diff --git a/modules-available/dozmod/pages/users.inc.php b/modules-available/dozmod/pages/users.inc.php
new file mode 100644
index 00000000..79d13827
--- /dev/null
+++ b/modules-available/dozmod/pages/users.inc.php
@@ -0,0 +1,121 @@
+<?php
+
+class SubPage
+{
+
+	public static function doPreprocess()
+	{
+
+	}
+
+	public static function doRender()
+	{
+		self::listUsers();
+		self::listOrganizations();
+	}
+
+	protected static function doAjax()
+	{
+		User::load();
+
+		$action = Request::post('action', '', 'string');
+		if ($action === 'setmail' || $action === 'setsu' || $action == 'setlogin') {
+			if (User::hasPermission("users.".$action)) {
+				self::setUserOption($action);
+			}
+		} elseif ($action === 'setorglogin') {
+			if (User::hasPermission("users.setorglogin")) {
+				self::setOrgOption($action);
+			}
+		} else {
+			die('No such action');
+		}
+	}
+
+	// Helpers
+
+	private static function listUsers()
+	{
+		$res = Database::simpleQuery('SELECT userid, firstname, lastname, email, lastlogin, user.canlogin, issuperuser, emailnotifications,'
+			. ' organization.displayname AS orgname FROM sat.user'
+			. ' LEFT JOIN sat.organization USING (organizationid)'
+			. ' ORDER BY lastname ASC, firstname ASC');
+		$rows = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$row['canlogin'] = self::checked($row['canlogin']);
+			$row['issuperuser'] = self::checked($row['issuperuser']);
+			$row['emailnotifications'] = self::checked($row['emailnotifications']);
+			$row['lastlogin'] = date('d.m.Y', $row['lastlogin']);
+			$rows[] = $row;
+		}
+		Render::addTemplate('userlist', array('users' => $rows));
+	}
+
+	private static function listOrganizations()
+	{
+		$res = Database::simpleQuery('SELECT organizationid, displayname, canlogin FROM sat.organization'
+			. ' ORDER BY displayname ASC');
+		$rows = array();
+		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+			$row['canlogin'] = self::checked($row['canlogin']);
+			$rows[] = $row;
+		}
+		Render::addTemplate('orglist', array('organizations' => $rows));
+	}
+
+	private static function checked($val)
+	{
+		if ($val)
+			return 'checked="checked"';
+		return '';
+	}
+
+	private static function setUserOption($option)
+	{
+		$val = (string) Request::post('value', '-');
+		if ($val !== '1' && $val !== '0')
+			die('Nein');
+		if ($option === 'setmail') {
+			$field = 'emailnotifications';
+		} elseif ($option === 'setsu') {
+			$field = 'issuperuser';
+		} elseif ($option === 'setlogin') {
+			$field = 'canlogin';
+		} else {
+			die('Unknown');
+		}
+		$user = (string) Request::post('userid', '?');
+		$ret = Database::exec("UPDATE sat.user SET $field = :onoff WHERE userid = :userid", array(
+			'userid' => $user,
+			'onoff' => $val
+		));
+		error_log("Setting $field to $val for $user - affected: $ret");
+		if ($ret === false)
+			die('Error');
+		if ($ret === 0)
+			die(1 - $val);
+		die($val);
+	}
+
+	private static function setOrgOption($option)
+	{
+		$val = (string) Request::post('value', '-');
+		if ($val !== '1' && $val !== '0')
+			die('Nein');
+		if ($option === 'setorglogin') {
+			$field = 'canlogin';
+		} else {
+			die('Unknown');
+		}
+		$ret = Database::exec("UPDATE sat.organization SET $field = :onoff WHERE organizationid = :organizationid", array(
+			'organizationid' => (string) Request::post('organizationid', ''),
+			'onoff' => $val
+		));
+		if ($ret === false)
+			die('Error');
+		if ($ret === 0)
+			die(1 - $val);
+		die($val);
+	}
+
+}
\ No newline at end of file
-- 
cgit v1.2.3-55-g7522