usermanagement: additional groups

diff --git a/CHANGELOG b/CHANGELOG
index 0534559f748123b53f755ec10ae8a27b374f3b1a..7eb9f9a97ff9ac0f1299beb8bcd8bb30d7212f3f 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,7 @@
        * Entry rights can now be managed. More info about user and rights can be found in documentation.
        * User management: Honor rights from current logged in user
        * Group management now available. But no relation check yet.
+       * User management: Additional groups
 
 1.0 - Castle 20210106
        * First usable version

diff --git a/TODO b/TODO
index e5a9a96e2112e8e3777153f36600dc494fe1953d..03c45ab687e3bc1e47190b014bf66458eda8c35d 100644 (file)
--- a/TODO
+++ b/TODO
@@ -7,7 +7,5 @@
 * stats overview page. amount of entries. file and db storage.
 * Export of an entry, collection or everything. Stored on disk.
 * Import of the export
-* User management: Adding secondary groups
-* User management: Rights for a user and group. Used in user and group selections.
 * Field management: Web interface
 * minimal theme

diff --git a/webclient/lib/managecollectionfields.class.php b/webclient/lib/managecollectionfields.class.php
index ce78f8937106675cbf3f8328164d26c658164e4f..c4a90ce9463aa48ad5656ef311cad1f814d0c31a 100644 (file)
--- a/webclient/lib/managecollectionfields.class.php
+++ b/webclient/lib/managecollectionfields.class.php
@@ -189,7 +189,7 @@ class ManageCollectionFields {
 
                        $queryStrInsertFields = "INSERT INTO `".DB_PREFIX."_collection_fields_".$this->_collectionId."` (`fk_field_id`,`sort`) VALUES ";
                        foreach ($ids as $k => $v) {
-                               $queryStrInsertFields .= "($v,$k),";
+                               $queryStrInsertFields .= "('".$this->_DB->real_escape_string($v)."','".$this->_DB->real_escape_string($k)."'),";
                        }
                        $queryStrInsertFields = trim($queryStrInsertFields, ",");
                        $queryStrInsertFields .= " ON DUPLICATE KEY UPDATE `sort` = VALUES(`sort`)";

diff --git a/webclient/lib/possessed.class.php b/webclient/lib/possessed.class.php
index 3d7eb31e9e7e16e6bde6e33d90d84b91e3791e22..996279be862bcc43edf934764eec390ebdce6b01 100644 (file)
--- a/webclient/lib/possessed.class.php
+++ b/webclient/lib/possessed.class.php
@@ -113,10 +113,11 @@ class Possessed {
         * @param string $login
         * @param string $password
         * @param string $group Number
+        * @param array $groups
         * @param bool $active
         * @return bool
         */
-       public function createUser($username, $login, $password, $group, $active=false) {
+       public function createUser($username, $login, $password, $group, $groups, $active=false) {
                $ret = false;
 
                if($this->_validNewLogin($login) && $this->_validUsergroup($group)) {
@@ -150,7 +151,13 @@ class Possessed {
                                                                                WHERE `id` = '".$this->_DB->real_escape_string($_userid)."'";
                                        if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStrOwner,true));
                                        $this->_DB->query($queryStrOwner);
-                                       $_setGroupRelation = $this->_setGroupReleation($_userid,$group);
+                                       if(!empty($groups)) {
+                                               $groups[] = $group;
+                                       }
+                                       else {
+                                               $groups = array($group);
+                                       }
+                                       $_setGroupRelation = $this->_setGroupReleation($_userid,$groups);
                                        if($_setGroupRelation === false) {
                                                throw new Exception("Failed to insert user relation");
                                        }
@@ -178,11 +185,12 @@ class Possessed {
         * @param string $login
         * @param string $password
         * @param string $group
+        * @param array $groups
         * @param bool $active
         * @param bool $refreshApiToken
         * @return bool
         */
-       public function updateUser($id, $username, $login, $password, $group, $active=false, $refreshApiToken=false) {
+       public function updateUser($id, $username, $login, $password, $group, $groups, $active=false, $refreshApiToken=false) {
                $ret = false;
 
                if($this->_validUpdateLogin($login,$id) && $this->_validUsergroup($group)) {
@@ -214,7 +222,13 @@ class Possessed {
                                $query = $this->_DB->query($queryStr);
 
                                if ($query !== false) {
-                                       $_setGroupRelation = $this->_setGroupReleation($id,$group, true);
+                                       if(!empty($groups)) {
+                                               $groups[] = $group;
+                                       }
+                                       else {
+                                               $groups = array($group);
+                                       }
+                                       $_setGroupRelation = $this->_setGroupReleation($id,$groups,true);
                                        if($_setGroupRelation === false) {
                                                throw new Exception('Failed to insert user relation');
                                        }
@@ -561,15 +575,15 @@ class Possessed {
         * clean will delete all existing ones for given userid first.
         *
         * @param string $userid Number
-        * @param string $groupid Number
+        * @param array $group Array with group ids
         * @param bool $clean
         * @return bool
         */
-       private function _setGroupReleation($userid, $groupid, $clean=false) {
+       private function _setGroupReleation($userid, $group, $clean=false) {
                $ret = false;
 
                if(Summoner::validate($userid,'digit')
-                       && Summoner::validate($groupid,'digit')) {
+                       && is_array($group) && !empty($group)) {
 
                        try {
                                if($clean === true) {
@@ -579,9 +593,11 @@ class Possessed {
                                        $this->_DB->query($queryStrDelete);
                                }
 
-                               $queryStr = "INSERT IGNORE INTO `".DB_PREFIX."_user2group`
-                                                               SET `fk_user_id` = '".$this->_DB->real_escape_string($userid)."',
-                                                                       `fk_group_id` = '".$this->_DB->real_escape_string($groupid)."'";
+                               $queryStr = "INSERT IGNORE INTO `".DB_PREFIX."_user2group` (`fk_user_id`, `fk_group_id`) VALUES ";
+                               foreach($group as $g) {
+                                       $queryStr .= "('".$this->_DB->real_escape_string($userid)."','".$this->_DB->real_escape_string($g)."'),";
+                               }
+                               $queryStr = trim($queryStr, ",");
                                if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true));
                                $ret = $this->_DB->query($queryStr);
                        }

diff --git a/webclient/view/default/collections/collections.php b/webclient/view/default/collections/collections.php
index b46b9e6dde15884c0fef8a3f73802c5cc247bac3..1200856dd7bb59bd68e2cc635ca6ccdb9bf6af42 100644 (file)
--- a/webclient/view/default/collections/collections.php
+++ b/webclient/view/default/collections/collections.php
@@ -81,7 +81,7 @@ if(!empty($_collection)) {
                        $TemplateData['pagination']['currentGetParameters']['fid'] = $_fid;
                        $TemplateData['pagination']['currentGetParameters']['fv'] = $_fv;
                }
-               else {
+               elseif(isset($_fd[$Trite->param('defaultSearchField')])) {
                        $_sdata[0] = array(
                                'colName' => $Trite->param('defaultSearchField'),
                                'colValue' => $_search,

diff --git a/webclient/view/default/manageusers/manageusers.html b/webclient/view/default/manageusers/manageusers.html
index b358d4d553ac7ed1753787436bc5bb736ddca62f..a08d8da0aba8102b9ebdb2abb67a31ad264ee065 100644 (file)
--- a/webclient/view/default/manageusers/manageusers.html
+++ b/webclient/view/default/manageusers/manageusers.html
@@ -37,10 +37,16 @@
                                </div>
                        </div>
                        <div class="uk-margin">
-                               <label class="uk-form-label" for="additionalgroups">Additional groups</label>
+                               <label class="uk-form-label" for="groups">Additional groups</label>
                                <div class="uk-form-controls">
-                                       <select class="uk-select" id="additionalgroups" name="fdata[additionalgroups]">
-                                               <option value="">To be done</option>
+                                       <select class="uk-select" id="groups" name="fdata[groups][]" multiple="multiple"
+                                               size="5">
+                                               <option value="">None</option>
+                                               <?php foreach($TemplateData['existingGroups'] as $k=>$v) { ?>
+                                               <option value="<?php echo $k; ?>"
+                                               <?php if(Summoner::ifset($TemplateData['editData']['groups'],$k)) echo 'selected'; ?>
+                                               ><?php echo $v['name']; ?> (<?php echo $v['description']; ?>)</option>
+                                               <?php } ?>
                                        </select>
                                </div>
                        </div>

diff --git a/webclient/view/default/manageusers/manageusers.php b/webclient/view/default/manageusers/manageusers.php
index c9a201bdaa4c27aac947e2f8c4652ec1e86bc81c..09c11bb3cc0247ad3ea67cad40309082d283648a 100644 (file)
--- a/webclient/view/default/manageusers/manageusers.php
+++ b/webclient/view/default/manageusers/manageusers.php
@@ -20,6 +20,7 @@ $Possessed = new Possessed($DB, $Doomguy);
 $TemplateData['existingGroups'] = $Possessed->getGroups();
 $TemplateData['existingUsers'] = $Possessed->getUsers();
 $TemplateData['editData'] = false;
+$TemplateData['editData']['groups'] = array();
 
 $_id = false;
 if(isset($_GET['id']) && !empty($_GET['id'])) {
@@ -48,6 +49,11 @@ if(isset($_POST['submitForm'])) {
                        $_active = true;
                }
 
+               $_groups = array();
+               if(isset($fdata['groups'])) {
+                       $_groups = $fdata['groups'];
+               }
+
                if(!empty($TemplateData['editData'])) {
                        if(isset($fdata['doDelete'])) {
                                $do = $Possessed->deleteUser($_id);
@@ -68,7 +74,7 @@ if(isset($_POST['submitForm'])) {
                                        if(isset($fdata['refreshApiToken'])) {
                                                $refreshApi = true;
                                        }
-                                       $do = $Possessed->updateUser($_id, $_username, $_login, $_password, $_group, $_active, $refreshApi);
+                                       $do = $Possessed->updateUser($_id, $_username, $_login, $_password, $_group, $_groups, $_active, $refreshApi);
                                        if ($do === true) {
                                                $TemplateData['refresh'] = 'index.php?p=manageusers';
                                        }
@@ -90,7 +96,7 @@ if(isset($_POST['submitForm'])) {
                                        && Summoner::validate($_login, 'nospace') === true
                                        && isset($TemplateData['existingGroups'][$_group])
                                ) {
-                                       $do = $Possessed->createUser($_username, $_login, $_password, $_group, $_active);
+                                       $do = $Possessed->createUser($_username, $_login, $_password, $_group, $_groups, $_active);
                                        if ($do === true) {
                                                $TemplateData['refresh'] = 'index.php?p=manageusers';
                                        }