From 7f9d40b89d6db52717b0dd8f8bdf468d3b52037c Mon Sep 17 00:00:00 2001 From: Banana Date: Sun, 17 Jan 2021 17:09:36 +0100 Subject: [PATCH] usermanagement: additional groups --- CHANGELOG | 1 + TODO | 2 -- .../lib/managecollectionfields.class.php | 2 +- webclient/lib/possessed.class.php | 36 +++++++++++++------ .../view/default/collections/collections.php | 2 +- .../view/default/manageusers/manageusers.html | 12 +++++-- .../view/default/manageusers/manageusers.php | 10 ++++-- 7 files changed, 46 insertions(+), 19 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 0534559..7eb9f9a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -7,6 +7,7 @@ * Entry rights can now be managed. More info about user and rights can be found in documentation. * User management: Honor rights from current logged in user * Group management now available. But no relation check yet. + * User management: Additional groups 1.0 - Castle 20210106 * First usable version diff --git a/TODO b/TODO index e5a9a96..03c45ab 100644 --- a/TODO +++ b/TODO @@ -7,7 +7,5 @@ * stats overview page. amount of entries. file and db storage. * Export of an entry, collection or everything. Stored on disk. * Import of the export -* User management: Adding secondary groups -* User management: Rights for a user and group. Used in user and group selections. * Field management: Web interface * minimal theme diff --git a/webclient/lib/managecollectionfields.class.php b/webclient/lib/managecollectionfields.class.php index ce78f89..c4a90ce 100644 --- a/webclient/lib/managecollectionfields.class.php +++ b/webclient/lib/managecollectionfields.class.php @@ -189,7 +189,7 @@ class ManageCollectionFields { $queryStrInsertFields = "INSERT INTO `".DB_PREFIX."_collection_fields_".$this->_collectionId."` (`fk_field_id`,`sort`) VALUES "; foreach ($ids as $k => $v) { - $queryStrInsertFields .= "($v,$k),"; + $queryStrInsertFields .= "('".$this->_DB->real_escape_string($v)."','".$this->_DB->real_escape_string($k)."'),"; } $queryStrInsertFields = trim($queryStrInsertFields, ","); $queryStrInsertFields .= " ON DUPLICATE KEY UPDATE `sort` = VALUES(`sort`)"; diff --git a/webclient/lib/possessed.class.php b/webclient/lib/possessed.class.php index 3d7eb31..996279b 100644 --- a/webclient/lib/possessed.class.php +++ b/webclient/lib/possessed.class.php @@ -113,10 +113,11 @@ class Possessed { * @param string $login * @param string $password * @param string $group Number + * @param array $groups * @param bool $active * @return bool */ - public function createUser($username, $login, $password, $group, $active=false) { + public function createUser($username, $login, $password, $group, $groups, $active=false) { $ret = false; if($this->_validNewLogin($login) && $this->_validUsergroup($group)) { @@ -150,7 +151,13 @@ class Possessed { WHERE `id` = '".$this->_DB->real_escape_string($_userid)."'"; if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStrOwner,true)); $this->_DB->query($queryStrOwner); - $_setGroupRelation = $this->_setGroupReleation($_userid,$group); + if(!empty($groups)) { + $groups[] = $group; + } + else { + $groups = array($group); + } + $_setGroupRelation = $this->_setGroupReleation($_userid,$groups); if($_setGroupRelation === false) { throw new Exception("Failed to insert user relation"); } @@ -178,11 +185,12 @@ class Possessed { * @param string $login * @param string $password * @param string $group + * @param array $groups * @param bool $active * @param bool $refreshApiToken * @return bool */ - public function updateUser($id, $username, $login, $password, $group, $active=false, $refreshApiToken=false) { + public function updateUser($id, $username, $login, $password, $group, $groups, $active=false, $refreshApiToken=false) { $ret = false; if($this->_validUpdateLogin($login,$id) && $this->_validUsergroup($group)) { @@ -214,7 +222,13 @@ class Possessed { $query = $this->_DB->query($queryStr); if ($query !== false) { - $_setGroupRelation = $this->_setGroupReleation($id,$group, true); + if(!empty($groups)) { + $groups[] = $group; + } + else { + $groups = array($group); + } + $_setGroupRelation = $this->_setGroupReleation($id,$groups,true); if($_setGroupRelation === false) { throw new Exception('Failed to insert user relation'); } @@ -561,15 +575,15 @@ class Possessed { * clean will delete all existing ones for given userid first. * * @param string $userid Number - * @param string $groupid Number + * @param array $group Array with group ids * @param bool $clean * @return bool */ - private function _setGroupReleation($userid, $groupid, $clean=false) { + private function _setGroupReleation($userid, $group, $clean=false) { $ret = false; if(Summoner::validate($userid,'digit') - && Summoner::validate($groupid,'digit')) { + && is_array($group) && !empty($group)) { try { if($clean === true) { @@ -579,9 +593,11 @@ class Possessed { $this->_DB->query($queryStrDelete); } - $queryStr = "INSERT IGNORE INTO `".DB_PREFIX."_user2group` - SET `fk_user_id` = '".$this->_DB->real_escape_string($userid)."', - `fk_group_id` = '".$this->_DB->real_escape_string($groupid)."'"; + $queryStr = "INSERT IGNORE INTO `".DB_PREFIX."_user2group` (`fk_user_id`, `fk_group_id`) VALUES "; + foreach($group as $g) { + $queryStr .= "('".$this->_DB->real_escape_string($userid)."','".$this->_DB->real_escape_string($g)."'),"; + } + $queryStr = trim($queryStr, ","); if(QUERY_DEBUG) error_log("[QUERY] ".__METHOD__." query: ".var_export($queryStr,true)); $ret = $this->_DB->query($queryStr); } diff --git a/webclient/view/default/collections/collections.php b/webclient/view/default/collections/collections.php index b46b9e6..1200856 100644 --- a/webclient/view/default/collections/collections.php +++ b/webclient/view/default/collections/collections.php @@ -81,7 +81,7 @@ if(!empty($_collection)) { $TemplateData['pagination']['currentGetParameters']['fid'] = $_fid; $TemplateData['pagination']['currentGetParameters']['fv'] = $_fv; } - else { + elseif(isset($_fd[$Trite->param('defaultSearchField')])) { $_sdata[0] = array( 'colName' => $Trite->param('defaultSearchField'), 'colValue' => $_search, diff --git a/webclient/view/default/manageusers/manageusers.html b/webclient/view/default/manageusers/manageusers.html index b358d4d..a08d8da 100644 --- a/webclient/view/default/manageusers/manageusers.html +++ b/webclient/view/default/manageusers/manageusers.html @@ -37,10 +37,16 @@
- +
- + + $v) { ?> + +
diff --git a/webclient/view/default/manageusers/manageusers.php b/webclient/view/default/manageusers/manageusers.php index c9a201b..09c11bb 100644 --- a/webclient/view/default/manageusers/manageusers.php +++ b/webclient/view/default/manageusers/manageusers.php @@ -20,6 +20,7 @@ $Possessed = new Possessed($DB, $Doomguy); $TemplateData['existingGroups'] = $Possessed->getGroups(); $TemplateData['existingUsers'] = $Possessed->getUsers(); $TemplateData['editData'] = false; +$TemplateData['editData']['groups'] = array(); $_id = false; if(isset($_GET['id']) && !empty($_GET['id'])) { @@ -48,6 +49,11 @@ if(isset($_POST['submitForm'])) { $_active = true; } + $_groups = array(); + if(isset($fdata['groups'])) { + $_groups = $fdata['groups']; + } + if(!empty($TemplateData['editData'])) { if(isset($fdata['doDelete'])) { $do = $Possessed->deleteUser($_id); @@ -68,7 +74,7 @@ if(isset($_POST['submitForm'])) { if(isset($fdata['refreshApiToken'])) { $refreshApi = true; } - $do = $Possessed->updateUser($_id, $_username, $_login, $_password, $_group, $_active, $refreshApi); + $do = $Possessed->updateUser($_id, $_username, $_login, $_password, $_group, $_groups, $_active, $refreshApi); if ($do === true) { $TemplateData['refresh'] = 'index.php?p=manageusers'; } @@ -90,7 +96,7 @@ if(isset($_POST['submitForm'])) { && Summoner::validate($_login, 'nospace') === true && isset($TemplateData['existingGroups'][$_group]) ) { - $do = $Possessed->createUser($_username, $_login, $_password, $_group, $_active); + $do = $Possessed->createUser($_username, $_login, $_password, $_group, $_groups, $_active); if ($do === true) { $TemplateData['refresh'] = 'index.php?p=manageusers'; } -- 2.39.5