diff --git a/nginx.conf b/nginx.conf index 0ba4244fde..ceebaf8751 100644 --- a/nginx.conf +++ b/nginx.conf @@ -129,7 +129,7 @@ server { rewrite admin/api/(.*) /admin/api/index.php last; # Administration pages - rewrite admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|password|session-keep-alive|stopwords|system|update|user) /admin/front.php last; + rewrite admin/(attachments|backup|configuration|elasticsearch|export|group|import|instance|instances|password|session-keep-alive|stopwords|system|update|user) /admin/front.php last; # REST API v3.0 and v3.1 rewrite ^api/v3\.[01]/(.*) /api/index.php last; diff --git a/phpmyfaq/.htaccess b/phpmyfaq/.htaccess index bb12ac2661..102c313151 100644 --- a/phpmyfaq/.htaccess +++ b/phpmyfaq/.htaccess @@ -143,7 +143,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization" # Administration API RewriteRule ^admin/api/(.*) admin/api/index.php [L,QSA] # Administration pages - RewriteRule ^admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|password|session-keep-alive|stopwords|system|update|user) admin/front.php [L,QSA] + RewriteRule ^admin/(attachments|backup|configuration|elasticsearch|export|group|import|instance|instances|password|session-keep-alive|stopwords|system|update|user) admin/front.php [L,QSA] # Private APIs RewriteRule ^api/(autocomplete|bookmark/delete|bookmark/create|user/data/update|user/password/update|user/request-removal|user/remove-twofactor|contact|voting|register|captcha|share|comment/create|faq/create|question/create|webauthn/prepare|webauthn/register|webauthn/prepare-login|webauthn/login) api/index.php [L,QSA] # Setup APIs diff --git a/phpmyfaq/admin/group.php b/phpmyfaq/admin/group.php deleted file mode 100644 index f5dca44163..0000000000 --- a/phpmyfaq/admin/group.php +++ /dev/null @@ -1,331 +0,0 @@ - - * @author Thorsten Rinne - * @author Charles Boin - * @copyright 2005-2024 phpMyFAQ Team - * @license https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 - * @link https://www.phpmyfaq.de - * @since 2005-12-15 - */ - -use phpMyFAQ\Configuration; -use phpMyFAQ\Enums\PermissionType; -use phpMyFAQ\Filter; -use phpMyFAQ\Session\Token; -use phpMyFAQ\Strings; -use phpMyFAQ\Template\Extensions\PermissionTranslationTwigExtension; -use phpMyFAQ\Template\TwigWrapper; -use phpMyFAQ\Translation; -use phpMyFAQ\User; -use phpMyFAQ\User\CurrentUser; - -if (!defined('IS_VALID_PHPMYFAQ')) { - http_response_code(400); - exit(); -} - -$faqConfig = Configuration::getConfigurationInstance(); -$user = CurrentUser::getCurrentUser($faqConfig); - -$templateVars = []; - -if ( - !$user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_ADD->value) && - !$user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_DELETE->value) && - !$user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - require __DIR__ . '/no-permission.php'; -} - -// set some parameters -$defaultGroupAction = 'list'; -$groupActionList = [ - 'update_members', - 'update_rights', - 'update_data', - 'delete_confirm', - 'delete', - 'addsave', - 'add', - 'list', - 'import-ldap-groups', -]; - -// what shall we do? -// actions defined by url: group_action= -$groupAction = Filter::filterInput(INPUT_GET, 'group_action', FILTER_SANITIZE_SPECIAL_CHARS, $defaultGroupAction); - -$currentUser = new CurrentUser($faqConfig); - -// actions defined by submit button -if (isset($_POST['group_action_deleteConfirm'])) { - $groupAction = 'delete_confirm'; -} -if (isset($_POST['cancel'])) { - $groupAction = $defaultGroupAction; -} - -if (!in_array($groupAction, $groupActionList)) { - // @Todo: implement Error message -} - -// update group members -if ( - $groupAction == 'update_members' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - $message = ''; - $groupAction = $defaultGroupAction; - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - $groupMembers = $_POST['group_members'] ?? []; - - if ($groupId == 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - $user = new User($faqConfig); - $perm = $user->perm; - if (!$perm->removeAllUsersFromGroup($groupId)) { - $message .= sprintf('
%s
', Translation::get('ad_msg_mysqlerr')); - } - foreach ($groupMembers as $memberId) { - $perm->addToGroup((int)$memberId, $groupId); - } - $message .= sprintf( - '

%s %s %s

', - Translation::get('ad_msg_savedsuc_1'), - $perm->getGroupName($groupId), - Translation::get('ad_msg_savedsuc_2') - ); - } -} - -// update group rights -if ( - $groupAction == 'update_rights' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - $message = ''; - $groupAction = $defaultGroupAction; - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - if ($groupId == 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - $user = new User($faqConfig); - $perm = $user->perm; - $groupRights = $_POST['group_rights'] ?? []; - if (!$perm->refuseAllGroupRights($groupId)) { - $message .= sprintf('
%s
', Translation::get('ad_msg_mysqlerr')); - } - foreach ($groupRights as $rightId) { - $perm->grantGroupRight($groupId, (int)$rightId); - } - $message .= sprintf( - '

%s %s %s

', - Translation::get('ad_msg_savedsuc_1'), - $perm->getGroupName($groupId), - Translation::get('ad_msg_savedsuc_2') - ); - } -} - -// update group data -if ( - $groupAction == 'update_data' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - $message = ''; - $groupAction = $defaultGroupAction; - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - if ($groupId == 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - $groupData = []; - $dataFields = ['name', 'description', 'auto_join']; - foreach ($dataFields as $field) { - $groupData[$field] = Filter::filterInput(INPUT_POST, $field, FILTER_SANITIZE_SPECIAL_CHARS, ''); - } - $user = new User($faqConfig); - $perm = $user->perm; - if (!$perm->changeGroup($groupId, $groupData)) { - $message .= sprintf( - '
%s %s
', - Translation::get('ad_msg_mysqlerr'), - $faqConfig->getDb()->error() - ); - } else { - $message .= sprintf( - '

%s %s %s

', - Translation::get('ad_msg_savedsuc_1'), - $perm->getGroupName($groupId), - Translation::get('ad_msg_savedsuc_2') - ); - } - } -} - -// delete group confirmation -if ( - $groupAction == 'delete_confirm' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_DELETE->value) -) { - $message = ''; - $user = new CurrentUser($faqConfig); - $perm = $user->perm; - $groupId = Filter::filterInput(INPUT_POST, 'group_list_select', FILTER_VALIDATE_INT, 0); - if ($groupId <= 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - $groupAction = $defaultGroupAction; - } else { - $groupData = $perm->getGroupData($groupId); - $showDeleteGroupForm = true; - $templateVars = [ - ...$templateVars, - 'ad_group_deleteGroup' => Translation::get('ad_group_deleteGroup'), - 'groupName' => Strings::htmlentities($groupData['name']), - 'ad_group_deleteQuestion' => Translation::get('ad_group_deleteQuestion'), - 'groupId' => $groupId, - 'csrfDeleteGroup' => Token::getInstance($container->get('session'))->getTokenString('delete-group'), - 'ad_gen_no' => Translation::get('ad_gen_no'), - 'ad_gen_yes' => Translation::get('ad_gen_yes'), - 'showDeleteGroupForm' => $showDeleteGroupForm - ]; - } -} - -if ($groupAction == 'delete' && $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_DELETE->value)) { - $message = ''; - $user = new User($faqConfig); - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - $csrfOkay = true; - $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('delete-group', $csrfToken)) { - $csrfOkay = false; - } - $groupAction = $defaultGroupAction; - if ($groupId <= 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - if (!$user->perm->deleteGroup($groupId) && !$csrfOkay) { - $message .= sprintf('
%s
', Translation::get('ad_group_error_delete')); - } else { - $message .= sprintf('
%s
', Translation::get('ad_group_deleted')); - } - $userError = $user->error(); - if ($userError != '') { - $message .= sprintf('

%s

', $userError); - } - } -} - -if ($groupAction == 'addsave' && $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_ADD->value)) { - $user = new User($faqConfig); - $message = ''; - $messages = []; - $groupName = Filter::filterInput(INPUT_POST, 'group_name', FILTER_SANITIZE_SPECIAL_CHARS, ''); - $groupDescription = Filter::filterInput(INPUT_POST, 'group_description', FILTER_SANITIZE_SPECIAL_CHARS, ''); - $groupAutoJoin = Filter::filterInput(INPUT_POST, 'group_auto_join', FILTER_SANITIZE_SPECIAL_CHARS, ''); - $csrfOkay = true; - $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); - - if (!Token::getInstance()->verifyToken('add-group', $csrfToken)) { - $csrfOkay = false; - } - // check group name - if ($groupName == '') { - $messages[] = Translation::get('ad_group_error_noName'); - } - // ok, let's go - if (count($messages) == 0 && $csrfOkay) { - // create group - $groupData = [ - 'name' => $groupName, - 'description' => $groupDescription, - 'auto_join' => $groupAutoJoin, - ]; - - if ($user->perm->addGroup($groupData) <= 0) { - $messages[] = Translation::get('ad_adus_dberr'); - } - } - - // no errors, show list - if (count($messages) === 0) { - $groupAction = $defaultGroupAction; - $message = sprintf('
%s
', Translation::get('ad_group_suc')); - // display error messages and show form again - } else { - $groupAction = 'add'; - $message = '

'; - foreach ($messages as $err) { - $message .= $err . '
'; - } - $message .= '

'; - } -} - -if (!isset($message)) { - $message = ''; -} - -// show new group form -if ($groupAction == 'add' && $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_ADD->value)) { - $user = new CurrentUser($faqConfig); - $templateVars = [ - ...$templateVars, - 'ad_group_add' => Translation::get('ad_group_add'), - 'csrfAddGroup' => Token::getInstance()->getTokenString('add-group'), - 'ad_group_name' => Translation::get('ad_group_name'), - 'groupName' => $groupName ?? '', - 'ad_group_description' => Translation::get('ad_group_description'), - 'groupDescription' => $groupDescription ?? '', - 'ad_group_autoJoin' => Translation::get('ad_group_autoJoin'), - 'autoJoinCheckbox' => ((isset($groupAutoJoin) && $groupAutoJoin) ? ' checked' : ''), - 'ad_gen_cancel' => Translation::get('ad_gen_cancel'), - 'ad_gen_save' => Translation::get('ad_gen_save'), - 'groupAction' => $groupAction - ]; -} - -// show list of users -if ('list' === $groupAction) { - $templateVars = [ - ...$templateVars, - 'ad_menu_group_administration' => Translation::get('ad_menu_group_administration'), - 'ad_group_add_link' => Translation::get('ad_group_add_link'), - 'message' => $message, - 'ad_groups' => Translation::get('ad_groups'), - 'ad_gen_delete' => Translation::get('ad_gen_delete'), - 'ad_group_details' => Translation::get('ad_group_details'), - 'ad_group_name' => Translation::get('ad_group_name'), - 'groupName' => $groupName ?? '', - 'ad_group_description' => Translation::get('ad_group_description'), - 'groupDescription' => $groupDescription ?? '', - 'autoJoinCheckbox' => ((isset($groupAutoJoin) && $groupAutoJoin) ? ' checked' : ''), - 'ad_group_autoJoin' => Translation::get('ad_group_autoJoin'), - 'ad_gen_save' => Translation::get('ad_gen_save'), - 'ad_group_membership' => Translation::get('ad_group_membership'), - 'ad_group_addMember' => Translation::get('ad_group_addMember'), - 'ad_group_members' => Translation::get('ad_group_members'), - 'ad_group_removeMember' => Translation::get('ad_group_removeMember'), - 'ad_group_rights' => Translation::get('ad_group_rights'), - 'ad_user_checkall' => Translation::get('ad_user_checkall'), - 'ad_user_uncheckall' => Translation::get('ad_user_uncheckall'), - 'rightData' => $user->perm->getAllRightsData(), - 'groupAction' => $groupAction - ]; -} - -$twig = new TwigWrapper(PMF_ROOT_DIR . '/assets/templates'); -$twig->addExtension(new PermissionTranslationTwigExtension()); -$template = $twig->loadTemplate('@admin/user/group.twig'); - -echo $template->render($templateVars); diff --git a/phpmyfaq/admin/header.php b/phpmyfaq/admin/header.php index 7ba8c7f455..92cefe0dfa 100644 --- a/phpmyfaq/admin/header.php +++ b/phpmyfaq/admin/header.php @@ -55,7 +55,8 @@ $secLevelEntries['user'] .= $adminHelper->addMenuEntry( 'addgroup+editgroup+delgroup', 'group', - 'ad_menu_group_administration' + 'ad_menu_group_administration', + 'group' ); } $secLevelEntries['content'] = $adminHelper->addMenuEntry( diff --git a/phpmyfaq/admin/index.php b/phpmyfaq/admin/index.php index 15ac6366d6..c3c34ef258 100755 --- a/phpmyfaq/admin/index.php +++ b/phpmyfaq/admin/index.php @@ -256,10 +256,6 @@ if (!is_null($action)) { // the various sections of the admin area switch ($action) { - // functions for user administration - case 'group': - require 'group.php'; - break; // functions for content administration case 'faqs-overview': require 'faqs.overview.php'; diff --git a/phpmyfaq/assets/templates/admin/user/group.add.twig b/phpmyfaq/assets/templates/admin/user/group.add.twig new file mode 100644 index 0000000000..9c5c148aec --- /dev/null +++ b/phpmyfaq/assets/templates/admin/user/group.add.twig @@ -0,0 +1,62 @@ +{% extends '@admin/index.twig' %} + +{% block content %} +
+

+ + {{ 'ad_group_add' | translate }} +

+
+ +
+
+
{{ message }}
+
+ + +
+ +
+ +
+
+ +
+ +
+ +
+
+ +
+
+
+ + +
+
+
+ +
+
+ + {{ 'ad_gen_cancel' | translate }} + + +
+
+
+
+
+{% endblock %} diff --git a/phpmyfaq/assets/templates/admin/user/group.confirm.twig b/phpmyfaq/assets/templates/admin/user/group.confirm.twig new file mode 100644 index 0000000000..878a21c350 --- /dev/null +++ b/phpmyfaq/assets/templates/admin/user/group.confirm.twig @@ -0,0 +1,33 @@ +{% extends '@admin/index.twig' %} + +{% block content %} +
+

+ + {{ 'ad_group_deleteGroup' | translate }} "{{ groupName }}" +

+
+ +
+
+
+
+
{{ 'ad_group_deleteQuestion' | translate }}
+
+ + +

+ + +

+
+
+
+ +
+
+{% endblock %} diff --git a/phpmyfaq/assets/templates/admin/user/group.twig b/phpmyfaq/assets/templates/admin/user/group.twig index f11dfcf576..774e661cd9 100644 --- a/phpmyfaq/assets/templates/admin/user/group.twig +++ b/phpmyfaq/assets/templates/admin/user/group.twig @@ -1,298 +1,209 @@ -{% if groupAction == 'add' %} -
-

- - {{ ad_group_add }} -

-
- -
-
-
-
- - -
- -
- -
-
- -
- -
- -
-
- -
-
-
- - -
-
+{% extends '@admin/index.twig' %} + +{% block content %} +
+

+ + {{ 'ad_menu_group_administration' | translate }} +

+
+
+ + + {{ 'ad_group_add_link' | translate }} +
- -
-
- - -
-
- -
-
-{% endif %} -{% if groupAction == 'list' %} -
-

- - {{ ad_menu_group_administration }} -

-
-
- - - {{ ad_group_add_link }} -
-
-
{{ message|raw }}
+
{{ message|raw }}
-
+
-
-
-
-
- {{ ad_groups }} -
-
- -
-
-
- +
+
+ +
+ {{ 'ad_groups' | translate }} +
+
+
-
- -
- -
-
- {{ ad_group_details }} -
-
- -
-
- -
- +
+
+
-
- -
+ +
+ +
+
+ {{ 'ad_group_details' | translate }} +
+
+ +
+
+ +
+ +
+
+
+ +
+
-
-
-
-
- - +
+
+
+ + +
-
-
-
- +
+
+ +
-
- + +
-
-
-
- -
-
- {{ ad_group_membership }} -
-
-
-
+
+ + +
+
+ {{ 'ad_group_membership' | translate }} +
+
+
+
- + +
-
-
- -
+
+ +
-
-
- - +
+
+ + +
-
-
    -
  • - {{ ad_group_members }}
    • -
+
    +
  • + {{ 'ad_group_members' | translate }}
    • +
-
-
-
+
+
+
- + +
-
-
- +
+ +
-
-
-
- +
+
+ +
-
- -
- -
- -
-
- -
- {{ ad_group_rights }} -
+
+
-
-
- - -
- {% for right in rightData %} -
- - +
+ +
+
+ +
+ {{ 'ad_group_rights' | translate }} +
+ +
+
+ + +
+ {% for right in rightData %} +
+ + +
+ {% endfor %}
- {% endfor %} -
-
-
- +
+
+ +
-
- + +
-
-{% endif %} - -{% if showDeleteGroupForm is defined %} -
-

- - {{ ad_group_deleteGroup }} "{{ groupName }}" -

-
- -
-
-

{{ ad_group_deleteQuestion }}

-
- - -

- - -

-
-
-
-{% endif %} +{% endblock %} diff --git a/phpmyfaq/src/admin-routes.php b/phpmyfaq/src/admin-routes.php index 5f612fea49..fdd30c560c 100644 --- a/phpmyfaq/src/admin-routes.php +++ b/phpmyfaq/src/admin-routes.php @@ -20,6 +20,7 @@ use phpMyFAQ\Controller\Administration\ConfigurationController; use phpMyFAQ\Controller\Administration\ElasticsearchController; use phpMyFAQ\Controller\Administration\ExportController; +use phpMyFAQ\Controller\Administration\GroupController; use phpMyFAQ\Controller\Administration\ImportController; use phpMyFAQ\Controller\Administration\InstanceController; use phpMyFAQ\Controller\Administration\PasswordChangeController; @@ -39,6 +40,11 @@ 'controller' => [AttachmentsController::class, 'index'], 'methods' => 'GET' ], + 'admin.backup' => [ + 'path' => '/backup', + 'controller' => [BackupController::class, 'index'], + 'methods' => 'GET' + ], 'admin.backup.export' => [ 'path' => '/backup/export/{type}', 'controller' => [BackupController::class, 'export'], @@ -49,11 +55,6 @@ 'controller' => [BackupController::class, 'restore'], 'methods' => 'POST' ], - 'admin.backup' => [ - 'path' => '/backup', - 'controller' => [BackupController::class, 'index'], - 'methods' => 'GET' - ], 'admin.configuration' => [ 'path' => '/configuration', 'controller' => [ConfigurationController::class, 'index'], @@ -69,6 +70,46 @@ 'controller' => [ExportController::class, 'index'], 'methods' => 'GET' ], + 'admin.group' => [ + 'path' => '/group', + 'controller' => [GroupController::class, 'index'], + 'methods' => 'GET' + ], + 'admin.group.add' => [ + 'path' => '/group/add', + 'controller' => [GroupController::class, 'add'], + 'methods' => 'GET' + ], + 'admin.group.create' => [ + 'path' => '/group/create', + 'controller' => [GroupController::class, 'create'], + 'methods' => 'POST' + ], + 'admin.group.confirm' => [ + 'path' => '/group/confirm', + 'controller' => [GroupController::class, 'confirm'], + 'methods' => 'POST' + ], + 'admin.group.delete' => [ + 'path' => '/group/delete', + 'controller' => [GroupController::class, 'delete'], + 'methods' => 'POST' + ], + 'admin.group.update' => [ + 'path' => '/group/update', + 'controller' => [GroupController::class, 'update'], + 'methods' => 'POST' + ], + 'admin.group.update.members' => [ + 'path' => '/group/update/members', + 'controller' => [GroupController::class, 'updateMembers'], + 'methods' => 'POST' + ], + 'admin.group.update.permissions' => [ + 'path' => '/group/update/permissions', + 'controller' => [GroupController::class, 'updatePermissions'], + 'methods' => 'POST' + ], 'admin.import' => [ 'path' => '/import', 'controller' => [ImportController::class, 'index'], diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/AbstractAdministrationController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/AbstractAdministrationController.php index 3a8f4a6b21..28f262707d 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/AbstractAdministrationController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/AbstractAdministrationController.php @@ -61,7 +61,8 @@ protected function getHeader(Request $request): array $secLevelEntries['user'] .= $adminHelper->addMenuEntry( 'addgroup+editgroup+delgroup', 'group', - 'ad_menu_group_administration' + 'ad_menu_group_administration', + 'group' ); } $secLevelEntries['user'] .= $adminHelper->addMenuEntry( @@ -201,9 +202,6 @@ protected function getHeader(Request $request): array ); switch ($action) { - case 'group': - $userPage = true; - break; case 'category-overview': case 'addcategory': case 'savecategory': @@ -252,10 +250,19 @@ protected function getHeader(Request $request): array } switch ($request->attributes->get('_route')) { + case 'admin.group': + case 'admin.group.add': + case 'admin.group.create': + case 'admin.group.confirm': + case 'admin.group.delete': + case 'admin.group.update': + case 'admin.group.update.members': + case 'admin.group.update.permissions': case 'admin.password.change': case 'admin.password.update': case 'admin.user': case 'admin.user.list': + case 'admin.user.edit': $userPage = true; break; case 'admin.attachments': diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/GroupController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/GroupController.php new file mode 100644 index 0000000000..4dd6272954 --- /dev/null +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/GroupController.php @@ -0,0 +1,316 @@ +userHasPermission(PermissionType::GROUP_ADD); + $this->userHasPermission(PermissionType::GROUP_EDIT); + $this->userHasPermission(PermissionType::GROUP_DELETE); + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + ... $this->getBaseTemplateVars(), + ] + ); + } + + /** + * @throws LoaderError + * @throws Exception + * @throws \Exception + */ + #[Route('/group/add', name: 'admin.group.add', methods: ['GET'])] + public function add(Request $request): Response + { + $this->userHasPermission(PermissionType::GROUP_ADD); + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.add.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + ... $this->getBaseTemplateVars(), + 'csrfAddGroup' => Token::getInstance($this->container->get('session'))->getTokenString('add-group'), + ] + ); + } + + /** + * @throws Exception + * @throws LoaderError + * @throws \Exception + */ + #[Route('/group/create', name: 'admin.group.create', methods: ['POST'])] + public function create(Request $request): Response + { + $this->userHasPermission(PermissionType::GROUP_ADD); + + if (!Token::getInstance($this->container->get('session'))->verifyToken('add-group', $request->get('csrf'))) { + throw new UnauthorizedHttpException('Invalid CSRF token'); + } + + $user = $this->container->get('phpmyfaq.user'); + + $groupName = Filter::filterVar($request->get('group_name'), FILTER_SANITIZE_SPECIAL_CHARS); + $groupDescription = Filter::filterVar($request->get('group_description'), FILTER_SANITIZE_SPECIAL_CHARS); + $groupAutoJoin = Filter::filterVar($request->get('group_auto_join'), FILTER_SANITIZE_SPECIAL_CHARS); + + // check group name + if ($groupName === '') { + $message = Translation::get('ad_group_error_noName'); + } + + $groupData = [ + 'name' => $groupName, + 'description' => $groupDescription, + 'auto_join' => $groupAutoJoin, + ]; + + if ($user->perm->addGroup($groupData) === 0) { + $message = sprintf('
%s
', Translation::get('ad_adus_dberr')); + } else { + $message = sprintf('
%s
', Translation::get('ad_group_suc')); + } + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + ... $this->getBaseTemplateVars(), + 'message' => $message, + ] + ); + } + + /** + * @throws Exception + * @throws LoaderError + * @throws \Exception + */ + #[Route('/group/confirm', name: 'admin.group.confirm', methods: ['POST'])] + public function confirm(Request $request): Response + { + $this->userHasPermission(PermissionType::GROUP_DELETE); + + $session = $this->container->get('session'); + + $groupId = Filter::filterVar($request->get('group_list_select'), FILTER_VALIDATE_INT); + $groupData = $this->currentUser->perm->getGroupData($groupId); + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.confirm.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + 'groupName' => $groupData['name'], + 'groupId' => $groupId, + 'csrfDeleteGroup' => Token::getInstance($session)->getTokenString('delete-group'), + ] + ); + } + + /** + * @throws LoaderError + * @throws Exception + */ + #[Route('/group/delete', name: 'admin.group.delete', methods: ['POST'])] + public function delete(Request $request): Response + { + $this->userHasPermission(PermissionType::GROUP_DELETE); + + $groupId = Filter::filterVar($request->get('group_id'), FILTER_VALIDATE_INT); + $csrfToken = Filter::filterVar($request->get('pmf-csrf-token'), FILTER_SANITIZE_SPECIAL_CHARS); + + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-group', $csrfToken)) { + throw new UnauthorizedHttpException('Invalid CSRF token'); + } + + if (!$this->currentUser->perm->deleteGroup($groupId)) { + $message = sprintf('
%s
', Translation::get('ad_group_error_delete')); + } else { + $message = sprintf('
%s
', Translation::get('ad_group_deleted')); + } + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + ... $this->getBaseTemplateVars(), + 'message' => $message, + ] + ); + } + + /** + * @throws LoaderError + * @throws Exception + * @throws \Exception + */ + #[Route('/group/update', name: 'admin.group.update', methods: ['POST'])] + public function update(Request $request): Response + { + $this->userHasPermission(PermissionType::GROUP_EDIT); + + $groupId = Filter::filterVar($request->get('group_id'), FILTER_VALIDATE_INT); + + $groupData = []; + $dataFields = ['name', 'description', 'auto_join']; + foreach ($dataFields as $field) { + $groupData[$field] = Filter::filterVar($request->get($field), FILTER_SANITIZE_SPECIAL_CHARS, ''); + } + + $user = $this->container->get('phpmyfaq.user'); + + if (!$user->perm->changeGroup($groupId, $groupData)) { + $message = sprintf( + '
%s %s
', + Translation::get('ad_msg_mysqlerr'), + $this->configuration->getDb()->error() + ); + } else { + $message = sprintf( + '

%s %s %s

', + Translation::get('ad_msg_savedsuc_1'), + $user->perm->getGroupName($groupId), + Translation::get('ad_msg_savedsuc_2') + ); + } + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + ... $this->getBaseTemplateVars(), + 'message' => $message, + ] + ); + } + + /** + * @throws LoaderError + * @throws Exception + * @throws \Exception + */ + #[Route('/group/update/members', name: 'admin.group.update.members', methods: ['POST'])] + public function updateMembers(Request $request): Response + { + $this->userHasPermission(PermissionType::GROUP_EDIT); + + $groupId = Filter::filterVar($request->get('group_id'), FILTER_VALIDATE_INT); + $groupMembers = $request->request->all()['group_members']; + + $user = $this->container->get('phpmyfaq.user'); + if (!$user->perm->removeAllUsersFromGroup($groupId)) { + $message = sprintf('
%s
', Translation::get('ad_msg_mysqlerr')); + } else { + foreach ($groupMembers as $memberId) { + $user->perm->addToGroup((int)$memberId, $groupId); + } + + $message = sprintf( + '

%s %s %s

', + Translation::get('ad_msg_savedsuc_1'), + $user->perm->getGroupName($groupId), + Translation::get('ad_msg_savedsuc_2') + ); + } + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + ... $this->getBaseTemplateVars(), + 'message' => $message, + ] + ); + } + + /** + * @throws LoaderError + * @throws Exception + * @throws \Exception + */ + #[Route('/group/update/permissions', name: 'admin.group.update.permissions', methods: ['POST'])] + public function updatePermissions(Request $request): Response + { + $this->userHasPermission(PermissionType::GROUP_EDIT); + + $groupId = Filter::filterVar($request->get('group_id'), FILTER_VALIDATE_INT); + $groupPermissions = $request->request->all()['group_rights']; + + $user = $this->container->get('phpmyfaq.user'); + if (!$user->perm->refuseAllGroupRights($groupId)) { + $message = sprintf('
%s
', Translation::get('ad_msg_mysqlerr')); + } else { + foreach ($groupPermissions as $rightId) { + $user->perm->grantGroupRight($groupId, (int)$rightId); + } + $message = sprintf( + '

%s %s %s

', + Translation::get('ad_msg_savedsuc_1'), + $user->perm->getGroupName($groupId), + Translation::get('ad_msg_savedsuc_2') + ); + } + + $this->addExtension(new PermissionTranslationTwigExtension()); + return $this->render( + '@admin/user/group.twig', + [ + ... $this->getHeader($request), + ... $this->getFooter(), + ... $this->getBaseTemplateVars(), + 'message' => $message, + ] + ); + } + + /** + * @throws \Exception + * @return array + */ + private function getBaseTemplateVars(): array + { + $user = $this->container->get('phpmyfaq.user'); + return [ + 'rightData' => $user->perm->getAllRightsData(), + ]; + } +} diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php index 0575bfe170..53f44381ca 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php @@ -45,6 +45,7 @@ public function index(Request $request): Response * @throws LoaderError * @throws \Exception */ + #[Route('/user/edit/:userId', name: 'admin.user.edit', methods: ['GET'])] public function edit(Request $request): Response { $this->userHasPermission(PermissionType::USER_ADD);