From 546bb8eda6c15a95f2c5a8acfcb7d71b838b9cb4 Mon Sep 17 00:00:00 2001 From: Thorsten Rinne Date: Sun, 24 Nov 2024 13:35:00 +0100 Subject: [PATCH] refactor: migrated group page to controller (#3257) --- nginx.conf | 2 +- phpmyfaq/.htaccess | 2 +- phpmyfaq/admin/group.php | 331 --------------- phpmyfaq/admin/header.php | 3 +- phpmyfaq/admin/index.php | 4 - .../templates/admin/user/group.add.twig | 62 +++ .../templates/admin/user/group.confirm.twig | 33 ++ .../assets/templates/admin/user/group.twig | 401 +++++++----------- phpmyfaq/src/admin-routes.php | 51 ++- .../AbstractAdministrationController.php | 15 +- .../Administration/GroupController.php | 316 ++++++++++++++ .../Administration/UserController.php | 1 + 12 files changed, 629 insertions(+), 592 deletions(-) delete mode 100644 phpmyfaq/admin/group.php create mode 100644 phpmyfaq/assets/templates/admin/user/group.add.twig create mode 100644 phpmyfaq/assets/templates/admin/user/group.confirm.twig create mode 100644 phpmyfaq/src/phpMyFAQ/Controller/Administration/GroupController.php diff --git a/nginx.conf b/nginx.conf index 0ba4244fde..ceebaf8751 100644 --- a/nginx.conf +++ b/nginx.conf @@ -129,7 +129,7 @@ server { rewrite admin/api/(.*) /admin/api/index.php last; # Administration pages - rewrite admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|password|session-keep-alive|stopwords|system|update|user) /admin/front.php last; + rewrite admin/(attachments|backup|configuration|elasticsearch|export|group|import|instance|instances|password|session-keep-alive|stopwords|system|update|user) /admin/front.php last; # REST API v3.0 and v3.1 rewrite ^api/v3\.[01]/(.*) /api/index.php last; diff --git a/phpmyfaq/.htaccess b/phpmyfaq/.htaccess index bb12ac2661..102c313151 100644 --- a/phpmyfaq/.htaccess +++ b/phpmyfaq/.htaccess @@ -143,7 +143,7 @@ Header set Access-Control-Allow-Headers "Content-Type, Authorization" # Administration API RewriteRule ^admin/api/(.*) admin/api/index.php [L,QSA] # Administration pages - RewriteRule ^admin/(attachments|backup|backup/export|backup/restore|configuration|elasticsearch|export|import|instance/edit|instance/update|instances|password|session-keep-alive|stopwords|system|update|user) admin/front.php [L,QSA] + RewriteRule ^admin/(attachments|backup|configuration|elasticsearch|export|group|import|instance|instances|password|session-keep-alive|stopwords|system|update|user) admin/front.php [L,QSA] # Private APIs RewriteRule ^api/(autocomplete|bookmark/delete|bookmark/create|user/data/update|user/password/update|user/request-removal|user/remove-twofactor|contact|voting|register|captcha|share|comment/create|faq/create|question/create|webauthn/prepare|webauthn/register|webauthn/prepare-login|webauthn/login) api/index.php [L,QSA] # Setup APIs diff --git a/phpmyfaq/admin/group.php b/phpmyfaq/admin/group.php deleted file mode 100644 index f5dca44163..0000000000 --- a/phpmyfaq/admin/group.php +++ /dev/null @@ -1,331 +0,0 @@ - - * @author Thorsten Rinne - * @author Charles Boin - * @copyright 2005-2024 phpMyFAQ Team - * @license https://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0 - * @link https://www.phpmyfaq.de - * @since 2005-12-15 - */ - -use phpMyFAQ\Configuration; -use phpMyFAQ\Enums\PermissionType; -use phpMyFAQ\Filter; -use phpMyFAQ\Session\Token; -use phpMyFAQ\Strings; -use phpMyFAQ\Template\Extensions\PermissionTranslationTwigExtension; -use phpMyFAQ\Template\TwigWrapper; -use phpMyFAQ\Translation; -use phpMyFAQ\User; -use phpMyFAQ\User\CurrentUser; - -if (!defined('IS_VALID_PHPMYFAQ')) { - http_response_code(400); - exit(); -} - -$faqConfig = Configuration::getConfigurationInstance(); -$user = CurrentUser::getCurrentUser($faqConfig); - -$templateVars = []; - -if ( - !$user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_ADD->value) && - !$user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_DELETE->value) && - !$user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - require __DIR__ . '/no-permission.php'; -} - -// set some parameters -$defaultGroupAction = 'list'; -$groupActionList = [ - 'update_members', - 'update_rights', - 'update_data', - 'delete_confirm', - 'delete', - 'addsave', - 'add', - 'list', - 'import-ldap-groups', -]; - -// what shall we do? -// actions defined by url: group_action= -$groupAction = Filter::filterInput(INPUT_GET, 'group_action', FILTER_SANITIZE_SPECIAL_CHARS, $defaultGroupAction); - -$currentUser = new CurrentUser($faqConfig); - -// actions defined by submit button -if (isset($_POST['group_action_deleteConfirm'])) { - $groupAction = 'delete_confirm'; -} -if (isset($_POST['cancel'])) { - $groupAction = $defaultGroupAction; -} - -if (!in_array($groupAction, $groupActionList)) { - // @Todo: implement Error message -} - -// update group members -if ( - $groupAction == 'update_members' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - $message = ''; - $groupAction = $defaultGroupAction; - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - $groupMembers = $_POST['group_members'] ?? []; - - if ($groupId == 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - $user = new User($faqConfig); - $perm = $user->perm; - if (!$perm->removeAllUsersFromGroup($groupId)) { - $message .= sprintf('
%s
', Translation::get('ad_msg_mysqlerr')); - } - foreach ($groupMembers as $memberId) { - $perm->addToGroup((int)$memberId, $groupId); - } - $message .= sprintf( - '

%s %s %s

', - Translation::get('ad_msg_savedsuc_1'), - $perm->getGroupName($groupId), - Translation::get('ad_msg_savedsuc_2') - ); - } -} - -// update group rights -if ( - $groupAction == 'update_rights' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - $message = ''; - $groupAction = $defaultGroupAction; - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - if ($groupId == 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - $user = new User($faqConfig); - $perm = $user->perm; - $groupRights = $_POST['group_rights'] ?? []; - if (!$perm->refuseAllGroupRights($groupId)) { - $message .= sprintf('
%s
', Translation::get('ad_msg_mysqlerr')); - } - foreach ($groupRights as $rightId) { - $perm->grantGroupRight($groupId, (int)$rightId); - } - $message .= sprintf( - '

%s %s %s

', - Translation::get('ad_msg_savedsuc_1'), - $perm->getGroupName($groupId), - Translation::get('ad_msg_savedsuc_2') - ); - } -} - -// update group data -if ( - $groupAction == 'update_data' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_EDIT->value) -) { - $message = ''; - $groupAction = $defaultGroupAction; - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - if ($groupId == 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - $groupData = []; - $dataFields = ['name', 'description', 'auto_join']; - foreach ($dataFields as $field) { - $groupData[$field] = Filter::filterInput(INPUT_POST, $field, FILTER_SANITIZE_SPECIAL_CHARS, ''); - } - $user = new User($faqConfig); - $perm = $user->perm; - if (!$perm->changeGroup($groupId, $groupData)) { - $message .= sprintf( - '
%s %s
', - Translation::get('ad_msg_mysqlerr'), - $faqConfig->getDb()->error() - ); - } else { - $message .= sprintf( - '

%s %s %s

', - Translation::get('ad_msg_savedsuc_1'), - $perm->getGroupName($groupId), - Translation::get('ad_msg_savedsuc_2') - ); - } - } -} - -// delete group confirmation -if ( - $groupAction == 'delete_confirm' && - $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_DELETE->value) -) { - $message = ''; - $user = new CurrentUser($faqConfig); - $perm = $user->perm; - $groupId = Filter::filterInput(INPUT_POST, 'group_list_select', FILTER_VALIDATE_INT, 0); - if ($groupId <= 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - $groupAction = $defaultGroupAction; - } else { - $groupData = $perm->getGroupData($groupId); - $showDeleteGroupForm = true; - $templateVars = [ - ...$templateVars, - 'ad_group_deleteGroup' => Translation::get('ad_group_deleteGroup'), - 'groupName' => Strings::htmlentities($groupData['name']), - 'ad_group_deleteQuestion' => Translation::get('ad_group_deleteQuestion'), - 'groupId' => $groupId, - 'csrfDeleteGroup' => Token::getInstance($container->get('session'))->getTokenString('delete-group'), - 'ad_gen_no' => Translation::get('ad_gen_no'), - 'ad_gen_yes' => Translation::get('ad_gen_yes'), - 'showDeleteGroupForm' => $showDeleteGroupForm - ]; - } -} - -if ($groupAction == 'delete' && $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_DELETE->value)) { - $message = ''; - $user = new User($faqConfig); - $groupId = Filter::filterInput(INPUT_POST, 'group_id', FILTER_VALIDATE_INT); - $csrfOkay = true; - $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('delete-group', $csrfToken)) { - $csrfOkay = false; - } - $groupAction = $defaultGroupAction; - if ($groupId <= 0) { - $message .= sprintf('
%s
', Translation::get('ad_user_error_noId')); - } else { - if (!$user->perm->deleteGroup($groupId) && !$csrfOkay) { - $message .= sprintf('
%s
', Translation::get('ad_group_error_delete')); - } else { - $message .= sprintf('
%s
', Translation::get('ad_group_deleted')); - } - $userError = $user->error(); - if ($userError != '') { - $message .= sprintf('

%s

', $userError); - } - } -} - -if ($groupAction == 'addsave' && $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_ADD->value)) { - $user = new User($faqConfig); - $message = ''; - $messages = []; - $groupName = Filter::filterInput(INPUT_POST, 'group_name', FILTER_SANITIZE_SPECIAL_CHARS, ''); - $groupDescription = Filter::filterInput(INPUT_POST, 'group_description', FILTER_SANITIZE_SPECIAL_CHARS, ''); - $groupAutoJoin = Filter::filterInput(INPUT_POST, 'group_auto_join', FILTER_SANITIZE_SPECIAL_CHARS, ''); - $csrfOkay = true; - $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); - - if (!Token::getInstance()->verifyToken('add-group', $csrfToken)) { - $csrfOkay = false; - } - // check group name - if ($groupName == '') { - $messages[] = Translation::get('ad_group_error_noName'); - } - // ok, let's go - if (count($messages) == 0 && $csrfOkay) { - // create group - $groupData = [ - 'name' => $groupName, - 'description' => $groupDescription, - 'auto_join' => $groupAutoJoin, - ]; - - if ($user->perm->addGroup($groupData) <= 0) { - $messages[] = Translation::get('ad_adus_dberr'); - } - } - - // no errors, show list - if (count($messages) === 0) { - $groupAction = $defaultGroupAction; - $message = sprintf('
%s
', Translation::get('ad_group_suc')); - // display error messages and show form again - } else { - $groupAction = 'add'; - $message = '

'; - foreach ($messages as $err) { - $message .= $err . '
'; - } - $message .= '

'; - } -} - -if (!isset($message)) { - $message = ''; -} - -// show new group form -if ($groupAction == 'add' && $user->perm->hasPermission($user->getUserId(), PermissionType::GROUP_ADD->value)) { - $user = new CurrentUser($faqConfig); - $templateVars = [ - ...$templateVars, - 'ad_group_add' => Translation::get('ad_group_add'), - 'csrfAddGroup' => Token::getInstance()->getTokenString('add-group'), - 'ad_group_name' => Translation::get('ad_group_name'), - 'groupName' => $groupName ?? '', - 'ad_group_description' => Translation::get('ad_group_description'), - 'groupDescription' => $groupDescription ?? '', - 'ad_group_autoJoin' => Translation::get('ad_group_autoJoin'), - 'autoJoinCheckbox' => ((isset($groupAutoJoin) && $groupAutoJoin) ? ' checked' : ''), - 'ad_gen_cancel' => Translation::get('ad_gen_cancel'), - 'ad_gen_save' => Translation::get('ad_gen_save'), - 'groupAction' => $groupAction - ]; -} - -// show list of users -if ('list' === $groupAction) { - $templateVars = [ - ...$templateVars, - 'ad_menu_group_administration' => Translation::get('ad_menu_group_administration'), - 'ad_group_add_link' => Translation::get('ad_group_add_link'), - 'message' => $message, - 'ad_groups' => Translation::get('ad_groups'), - 'ad_gen_delete' => Translation::get('ad_gen_delete'), - 'ad_group_details' => Translation::get('ad_group_details'), - 'ad_group_name' => Translation::get('ad_group_name'), - 'groupName' => $groupName ?? '', - 'ad_group_description' => Translation::get('ad_group_description'), - 'groupDescription' => $groupDescription ?? '', - 'autoJoinCheckbox' => ((isset($groupAutoJoin) && $groupAutoJoin) ? ' checked' : ''), - 'ad_group_autoJoin' => Translation::get('ad_group_autoJoin'), - 'ad_gen_save' => Translation::get('ad_gen_save'), - 'ad_group_membership' => Translation::get('ad_group_membership'), - 'ad_group_addMember' => Translation::get('ad_group_addMember'), - 'ad_group_members' => Translation::get('ad_group_members'), - 'ad_group_removeMember' => Translation::get('ad_group_removeMember'), - 'ad_group_rights' => Translation::get('ad_group_rights'), - 'ad_user_checkall' => Translation::get('ad_user_checkall'), - 'ad_user_uncheckall' => Translation::get('ad_user_uncheckall'), - 'rightData' => $user->perm->getAllRightsData(), - 'groupAction' => $groupAction - ]; -} - -$twig = new TwigWrapper(PMF_ROOT_DIR . '/assets/templates'); -$twig->addExtension(new PermissionTranslationTwigExtension()); -$template = $twig->loadTemplate('@admin/user/group.twig'); - -echo $template->render($templateVars); diff --git a/phpmyfaq/admin/header.php b/phpmyfaq/admin/header.php index 7ba8c7f455..92cefe0dfa 100644 --- a/phpmyfaq/admin/header.php +++ b/phpmyfaq/admin/header.php @@ -55,7 +55,8 @@ $secLevelEntries['user'] .= $adminHelper->addMenuEntry( 'addgroup+editgroup+delgroup', 'group', - 'ad_menu_group_administration' + 'ad_menu_group_administration', + 'group' ); } $secLevelEntries['content'] = $adminHelper->addMenuEntry( diff --git a/phpmyfaq/admin/index.php b/phpmyfaq/admin/index.php index 15ac6366d6..c3c34ef258 100755 --- a/phpmyfaq/admin/index.php +++ b/phpmyfaq/admin/index.php @@ -256,10 +256,6 @@ if (!is_null($action)) { // the various sections of the admin area switch ($action) { - // functions for user administration - case 'group': - require 'group.php'; - break; // functions for content administration case 'faqs-overview': require 'faqs.overview.php'; diff --git a/phpmyfaq/assets/templates/admin/user/group.add.twig b/phpmyfaq/assets/templates/admin/user/group.add.twig new file mode 100644 index 0000000000..9c5c148aec --- /dev/null +++ b/phpmyfaq/assets/templates/admin/user/group.add.twig @@ -0,0 +1,62 @@ +{% extends '@admin/index.twig' %} + +{% block content %} +
+

+ + {{ 'ad_group_add' | translate }} +

+
+ +
+
+
{{ message }}
+
+ + +
+ +
+ +
+
+ +
+ +
+ +
+
+ +
+
+
+ + +
+
+
+ +
+
+ + {{ 'ad_gen_cancel' | translate }} + + +
+
+
+
+
+{% endblock %} diff --git a/phpmyfaq/assets/templates/admin/user/group.confirm.twig b/phpmyfaq/assets/templates/admin/user/group.confirm.twig new file mode 100644 index 0000000000..878a21c350 --- /dev/null +++ b/phpmyfaq/assets/templates/admin/user/group.confirm.twig @@ -0,0 +1,33 @@ +{% extends '@admin/index.twig' %} + +{% block content %} +
+

+ + {{ 'ad_group_deleteGroup' | translate }} "{{ groupName }}" +

+
+ +
+
+
+
+
{{ 'ad_group_deleteQuestion' | translate }}
+
+ + +

+ + +

+
+
+
+ +
+
+{% endblock %} diff --git a/phpmyfaq/assets/templates/admin/user/group.twig b/phpmyfaq/assets/templates/admin/user/group.twig index f11dfcf576..774e661cd9 100644 --- a/phpmyfaq/assets/templates/admin/user/group.twig +++ b/phpmyfaq/assets/templates/admin/user/group.twig @@ -1,298 +1,209 @@ -{% if groupAction == 'add' %} -
-

- - {{ ad_group_add }} -

-
- -
-
-
-
- - -
- -
- -
-
- -
- -
- -
-
- -
-
-
- - -
-
+{% extends '@admin/index.twig' %} + +{% block content %} +
+

+ + {{ 'ad_menu_group_administration' | translate }} +

+
+ - -
-
- - -
-
- -
-
-{% endif %} -{% if groupAction == 'list' %} -
-

- - {{ ad_menu_group_administration }} -

- -
-
{{ message|raw }}
+
{{ message|raw }}
-
+
-
-
-
-
- {{ ad_groups }} -
-
- -
-