user and group management.

check if in use before deletion

diff --git a/CHANGELOG b/CHANGELOG
index 83d67c90015ca02639b42772979ff75c7f0ff326..fe6f478a96969649293f51e7860107934beb3ef7 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,6 @@
 1.x - The Ceremonial Chambers
     * Added group infos to profile view.
+    * User- and groupmanagement: Check if in use before deletion.
 
 
 1.6 - Chizra 2024-02-03

diff --git a/TODO b/TODO
index c613771382595e304b62b41d00896b413d77ee8f..607e8a970be53f4efd2a8e557cfad2bd3826ec4a 100644 (file)
--- a/TODO
+++ b/TODO
@@ -9,7 +9,6 @@
 ** change the css and js lookup too in main file
 * i18n support
 * Definition of fields in "card view"
-* User and groupmanagement: Check where a user or group is used!
 * Export of an entry, collection or everything. Stored on disk.
 * Import of the export
 * remove ifset and maybe ifsetvalue from summoner

diff --git a/webclient/lib/possessed.class.php b/webclient/lib/possessed.class.php
index a5550968277a70b083bd27fd4f6dd82d004f27c0..d1007f3c2eb09ab1c7c832bc9b64cd4452789dbe 100644 (file)
--- a/webclient/lib/possessed.class.php
+++ b/webclient/lib/possessed.class.php
@@ -290,25 +290,27 @@ class Possessed {
                $ret = false;
 
                if(Summoner::validate($id,'digit')) {
-                       try {
-                               $this->_DB->begin_transaction(MYSQLI_TRANS_START_READ_WRITE);
-                               $d1 = $this->_DB->query("DELETE FROM `".DB_PREFIX."_user` 
-                                       WHERE `id` = '".$this->_DB->real_escape_string($id)."'
-                                       AND ".$this->_User->getSQLRightsString("delete")."
-                                       AND `protected` = '0'");
-                               $d2 = $this->_DB->query("DELETE FROM `".DB_PREFIX."_user2group` WHERE `fk_user_id` = '".$this->_DB->real_escape_string($id)."'");
-                               $d3 = $this->_DB->query("DELETE FROM `".DB_PREFIX."_userSession` WHERE `fk_user_id` = '".$this->_DB->real_escape_string($id)."'");
-
-                               if($d1 === false || $d2 === false || $d3 === false) {
-                                       throw new Exception('Failed to delete the user');
-                               }
-                               $this->_DB->commit();
-                               $ret = true;
-                       }
-                       catch (Exception $e) {
-                               $this->_DB->rollback();
-                               Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
-                       }
+
+            if(!$this->_checkIfUserIsInUse($id)) {
+                try {
+                    $this->_DB->begin_transaction(MYSQLI_TRANS_START_READ_WRITE);
+                    $d1 = $this->_DB->query("DELETE FROM `".DB_PREFIX."_user` 
+                        WHERE `id` = '".$this->_DB->real_escape_string($id)."'
+                        AND ".$this->_User->getSQLRightsString("delete")."
+                        AND `protected` = '0'");
+                    $d2 = $this->_DB->query("DELETE FROM `".DB_PREFIX."_user2group` WHERE `fk_user_id` = '".$this->_DB->real_escape_string($id)."'");
+                    $d3 = $this->_DB->query("DELETE FROM `".DB_PREFIX."_userSession` WHERE `fk_user_id` = '".$this->_DB->real_escape_string($id)."'");
+
+                    if ($d1 === false || $d2 === false || $d3 === false) {
+                        throw new Exception('Failed to delete the user');
+                    }
+                    $this->_DB->commit();
+                    $ret = true;
+                } catch (Exception $e) {
+                    $this->_DB->rollback();
+                    Summoner::sysLog("[ERROR] " . __METHOD__ . " mysql catch: " . $e->getMessage());
+                }
+            }
                }
 
                return $ret;
@@ -387,18 +389,19 @@ class Possessed {
                $ret = false;
 
                if(Summoner::validate($id,'digit')) {
-                       $queryStr = "DELETE FROM `".DB_PREFIX."_group`
-                                               WHERE ".$this->_User->getSQLRightsString("delete")."
-                                                       AND `protected` = '0'
-                                                       AND `id` = '".$this->_DB->real_escape_string($id)."'";
-                       if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
-                       try {
-                               $this->_DB->query($queryStr);
-                               $ret = true;
-                       }
-                       catch (Exception $e) {
-                               Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
-                       }
+            if(!$this->_checkIfGroupIsInUse($id)) {
+                $queryStr = "DELETE FROM `" . DB_PREFIX . "_group`
+                            WHERE " . $this->_User->getSQLRightsString("delete") . "
+                                AND `protected` = '0'
+                                AND `id` = '" . $this->_DB->real_escape_string($id) . "'";
+                if (QUERY_DEBUG) Summoner::sysLog("[QUERY] " . __METHOD__ . " query: " . Summoner::cleanForLog($queryStr));
+                try {
+                    $this->_DB->query($queryStr);
+                    $ret = true;
+                } catch (Exception $e) {
+                    Summoner::sysLog("[ERROR] " . __METHOD__ . " mysql catch: " . $e->getMessage());
+                }
+            }
                }
 
                return $ret;
@@ -647,4 +650,84 @@ class Possessed {
 
                return $ret;
        }
+
+    /**
+     * Check if given userId is used and should not be deleted.
+     *
+     * @param string $userId
+     * @return bool
+     */
+    private function _checkIfUserIsInUse(string $userId): bool {
+        $ret = false;
+
+        $queryStr = "SELECT `id` FROM `".DB_PREFIX."_collection` 
+                    WHERE `owner` = '".$this->_DB->real_escape_string($userId)."'";
+        if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
+        try {
+            $query = $this->_DB->query($queryStr);
+            if($query !== false && $query->num_rows > 0) {
+                $ret = true;
+            }
+        }
+        catch (Exception $e) {
+            Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+        }
+
+        if(!$ret) {
+            $queryStr = "SELECT `id` FROM `".DB_PREFIX."_user2group` 
+                    WHERE `fk_user_id` = '".$this->_DB->real_escape_string($userId)."'";
+            if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
+            try {
+                $query = $this->_DB->query($queryStr);
+                if($query !== false && $query->num_rows > 0) {
+                    $ret = true;
+                }
+            }
+            catch (Exception $e) {
+                Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+            }
+        }
+
+        return $ret;
+    }
+
+    /**
+     * Check if given groupId is used and should not be deleted.
+     *
+     * @param string $groupId
+     * @return bool
+     */
+    private function _checkIfGroupIsInUse(string $groupId): bool {
+        $ret = false;
+
+        $queryStr = "SELECT `id` FROM `".DB_PREFIX."_collection` 
+                    WHERE `group` = '".$this->_DB->real_escape_string($groupId)."'";
+        if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
+        try {
+            $query = $this->_DB->query($queryStr);
+            if($query !== false && $query->num_rows > 0) {
+                $ret = true;
+            }
+        }
+        catch (Exception $e) {
+            Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+        }
+
+        if(!$ret) {
+            $queryStr = "SELECT `id` FROM `".DB_PREFIX."_user2group` 
+                    WHERE `fk_group_id` = '".$this->_DB->real_escape_string($groupId)."'";
+            if(QUERY_DEBUG) Summoner::sysLog("[QUERY] ".__METHOD__." query: ".Summoner::cleanForLog($queryStr));
+            try {
+                $query = $this->_DB->query($queryStr);
+                if($query !== false && $query->num_rows > 0) {
+                    $ret = true;
+                }
+            }
+            catch (Exception $e) {
+                Summoner::sysLog("[ERROR] ".__METHOD__." mysql catch: ".$e->getMessage());
+            }
+        }
+
+        return $ret;
+    }
 }

diff --git a/webclient/view/default/manageusers/manageusers.php b/webclient/view/default/manageusers/manageusers.php
index b236e39b27a5b3fd37d3431089f2f8d301ddbcf3..0264a230ba308cd4a855c92acf1053fdc90ee175 100644 (file)
--- a/webclient/view/default/manageusers/manageusers.php
+++ b/webclient/view/default/manageusers/manageusers.php
@@ -65,7 +65,7 @@ if(isset($_POST['submitForm'])) {
                                        $TemplateData['refresh'] = 'index.php?p=manageusers';
                                }
                                else {
-                                       $TemplateData['message']['content'] = "User could not be deleted.";
+                                       $TemplateData['message']['content'] = "User could not be deleted. Make sure the user is not used anymore.";
                                        $TemplateData['message']['status'] = "error";
                                }
                        }