raspisms/controllers/publics/User.php

477 lines
17 KiB
PHP
Raw Permalink Normal View History

2019-10-29 14:57:13 +01:00
<?php
2019-10-29 18:36:25 +01:00
/*
2019-11-10 17:48:54 +01:00
* This file is part of RaspiSMS.
*
2019-11-10 17:48:54 +01:00
* (c) Pierre-Lin Bonnemaison <plebwebsas@gmail.com>
*
2019-11-10 17:48:54 +01:00
* This source file is subject to the GPL-3.0 license that is bundled
* with this source code in the file LICENSE.
*/
namespace controllers\publics;
/**
* Page des users.
*/
class User extends \descartes\Controller
{
private $internal_user;
2021-06-12 23:23:15 +02:00
private $internal_quota;
2021-07-13 01:21:23 +02:00
private $internal_setting;
/**
* Cette fonction est appelée avant toute les autres :
* Elle vérifie que l'utilisateur est bien connecté.
*
* @return void;
*/
public function __construct()
2019-10-29 18:36:25 +01:00
{
$bdd = \descartes\Model::_connect(DATABASE_HOST, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD);
$this->internal_user = new \controllers\internals\User($bdd);
2021-06-12 23:23:15 +02:00
$this->internal_quota = new \controllers\internals\Quota($bdd);
2021-07-13 01:21:23 +02:00
$this->internal_setting = new \controllers\internals\Setting($bdd);
\controllers\internals\Tool::verifyconnect();
if (!\controllers\internals\Tool::is_admin())
{
return $this->redirect(\descartes\Router::url('Dashboard', 'show'));
}
}
2019-10-29 14:57:13 +01:00
/**
* Cette fonction retourne tous les users, sous forme d'un tableau permettant l'administration de ces users.
*/
2020-04-07 03:02:33 +02:00
public function list()
{
$this->render('user/list');
}
2021-01-14 03:32:17 +01:00
/**
2021-01-14 03:32:17 +01:00
* Return users as json.
*/
public function list_json()
{
$entities = $this->internal_user->list();
2021-06-13 00:14:54 +02:00
foreach ($entities as &$entity)
{
$quota_percentage = $this->internal_quota->get_usage_percentage($entity['id']);
$entity['quota_percentage'] = $quota_percentage * 100;
2021-06-17 00:51:33 +02:00
$quota = $this->internal_quota->get_user_quota($entity['id']);
if (!$quota)
{
continue;
}
if (new \DateTime() > new \DateTime($quota['expiration_date']))
{
$entity['quota_expired_at'] = $quota['expiration_date'];
}
2021-06-13 00:14:54 +02:00
}
header('Content-Type: application/json');
echo json_encode(['data' => $entities]);
}
2020-06-23 21:06:13 +02:00
2020-03-30 01:52:53 +02:00
/**
2020-06-23 21:06:13 +02:00
* Update status of users.
2020-03-30 01:52:53 +02:00
*
2021-06-12 23:23:15 +02:00
* @param array int $_GET['user_ids'] : User ids
2020-03-30 01:52:53 +02:00
* @param mixed $csrf
2021-06-17 00:51:33 +02:00
* @param int $status : 1 -> active, 0 -> suspended
2020-03-30 01:52:53 +02:00
*
* @return boolean;
*/
2020-06-23 21:06:13 +02:00
public function update_status($csrf, int $status)
2020-03-30 01:52:53 +02:00
{
if (!$this->verify_csrf($csrf))
{
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('User', 'list'));
}
2020-06-23 21:06:13 +02:00
if (0 === $status)
2020-03-30 01:52:53 +02:00
{
$status = \models\User::STATUS_SUSPENDED;
}
else
{
$status = \models\User::STATUS_ACTIVE;
}
2021-06-12 23:23:15 +02:00
$ids = $_GET['user_ids'] ?? [];
2020-03-30 01:52:53 +02:00
foreach ($ids as $id)
{
$this->internal_user->update_status($id, $status);
}
return $this->redirect(\descartes\Router::url('User', 'list'));
}
/**
* Cette fonction va supprimer une liste de users.
*
2021-06-12 23:23:15 +02:00
* @param array int $_GET['user_ids'] : Les id des useres à supprimer
* @param mixed $csrf
*
* @return boolean;
*/
public function delete($csrf)
{
if (!$this->verify_csrf($csrf))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('User', 'list'));
2019-10-29 14:57:13 +01:00
}
if (!\controllers\internals\Tool::is_admin())
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Vous devez être administrateur pour supprimer un utilisateur !');
return $this->redirect(\descartes\Router::url('User', 'list'));
2019-10-29 18:36:25 +01:00
}
2019-10-29 14:57:13 +01:00
2021-06-12 23:23:15 +02:00
$ids = $_GET['user_ids'] ?? [];
foreach ($ids as $id)
{
$this->internal_user->delete($id);
}
2019-10-29 14:57:13 +01:00
return $this->redirect(\descartes\Router::url('User', 'list'));
}
2019-10-29 14:57:13 +01:00
/**
* Cette fonction retourne la page d'ajout d'un user.
*/
public function add()
{
$now = new \DateTime();
$now = $now->format('Y-m-d H:i:00');
2021-06-12 23:23:15 +02:00
return $this->render('user/add', ['now' => $now]);
}
2019-10-29 14:57:13 +01:00
/**
* Cette fonction insert un nouveau user.
*
* @param $csrf : Le jeton CSRF
2021-06-17 00:51:33 +02:00
* @param string $_POST['email'] : User email
* @param optional string $_POST['password'] : User password, (if empty the password is randomly generated)
* @param optional boolean $_POST['admin'] : If true user is admin
* @param optional boolean $_POST['quota_enable'] : If true create a quota for the user
* @param bool $_POST['quota_enable'] : If true create a quota for the user
* @param optional int $_POST['quota_credit'] : credit for quota
* @param optional int $_POST['quota_additional'] : additional credit
* @param optional string $_POST['quota_start_date'] : quota beginning date
* @param optional string $_POST['quota_renewal_interval'] : period to use on renewal to calculate new expiration date. Also use to calculate first expiration date.
* @param optional boolean $_POST['quota_auto_renew'] : Should the quota be automatically renewed on expiration
* @param optional boolean $_POST['quota_report_unused'] : Should unused credit be reported next month
2021-06-12 23:23:15 +02:00
* @param optional boolean $_POST['quota_report_unused_additional'] : Should unused additional credit be transfered next month
*/
public function create($csrf)
{
if (!$this->verify_csrf($csrf))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('User', 'add'));
2019-10-29 18:36:25 +01:00
}
$email = $_POST['email'] ?? false;
2020-05-19 05:00:35 +02:00
$password = !empty($_POST['password']) ? $_POST['password'] : \controllers\internals\Tool::generate_password(rand(6, 12));
$admin = $_POST['admin'] ?? false;
2020-03-30 01:52:53 +02:00
$status = 'active';
2021-06-12 23:23:15 +02:00
$quota_enable = $_POST['quota_enable'] ?? false;
$quota_credit = $_POST['quota_credit'] ?? false;
$quota_additional = $_POST['quota_additional'] ?? false;
$quota_start_date = $_POST['quota_start_date'] ?? false;
$quota_renew_interval = $_POST['quota_renew_interval'] ?? false;
$quota_auto_renew = $_POST['quota_auto_renew'] ?? false;
$quota_report_unused = $_POST['quota_report_unused'] ?? false;
$quota_report_unused_additional = $_POST['quota_report_unused_additional'] ?? false;
if (!$email)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Vous devez au moins fournir une adresse e-mail pour l\'utilisateur.');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('User', 'add'));
}
2019-10-29 14:57:13 +01:00
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'L\'adresse e-mail n\'est pas valide.');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('User', 'add'));
}
2019-10-29 14:57:13 +01:00
2021-06-12 23:23:15 +02:00
//Forge quota for user if needed
$quota = null;
if ($quota_enable)
{
$quota = [];
$quota['credit'] = (int) $quota_credit;
$quota['additional'] = (int) $quota_additional;
2021-06-17 00:51:33 +02:00
if (false === $quota_start_date || !\controllers\internals\Tool::validate_date($quota_start_date, 'Y-m-d H:i:s'))
2021-06-12 23:23:15 +02:00
{
\FlashMessage\FlashMessage::push('danger', 'Vous devez définir une date de début valide pour le quota.');
return $this->redirect(\descartes\Router::url('User', 'add'));
}
$quota['start_date'] = new \DateTime($quota_start_date);
2021-06-17 00:51:33 +02:00
if (false === $quota_renew_interval || !\controllers\internals\Tool::validate_period($quota_renew_interval))
2021-06-12 23:23:15 +02:00
{
\FlashMessage\FlashMessage::push('danger', 'Vous devez définir une durée de quota parmis la liste proposée.');
return $this->redirect(\descartes\Router::url('User', 'add'));
}
$quota['renew_interval'] = $quota_renew_interval;
$quota['expiration_date'] = clone $quota['start_date'];
$quota['expiration_date']->add(new \DateInterval($quota_renew_interval));
$quota['auto_renew'] = (bool) $quota_auto_renew;
$quota['report_unused'] = (bool) $quota_report_unused;
$quota['report_unused_additional'] = (bool) $quota_report_unused_additional;
}
$id_user = $this->internal_user->create($email, $password, $admin, null, \models\User::STATUS_ACTIVE, true, $quota);
2020-04-02 19:10:54 +02:00
if (!$id_user)
{
2021-06-12 23:23:15 +02:00
\FlashMessage\FlashMessage::push('danger', 'Impossible de créer cet utilisateur.');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('User', 'add'));
2019-10-29 18:36:25 +01:00
}
2020-04-16 07:50:30 +02:00
$mailer = new \controllers\internals\Mailer();
$email_send = $mailer->enqueue($email, EMAIL_CREATE_USER, ['email' => $email, 'password' => $password]);
if (!$email_send)
{
\FlashMessage\FlashMessage::push('danger', 'Impossible d\'envoyer l\'e-mail à l\'utilisateur.');
}
\FlashMessage\FlashMessage::push('success', 'L\'utilisateur a bien été créé.');
2019-11-10 17:36:42 +01:00
return $this->redirect(\descartes\Router::url('User', 'list'));
2019-10-29 18:36:25 +01:00
}
2021-06-17 00:51:33 +02:00
2021-06-12 23:23:15 +02:00
/**
2021-06-17 00:51:33 +02:00
* Return the edition page for the users.
2021-06-12 23:23:15 +02:00
*
* @param int... $ids : users ids
*/
public function edit()
{
$ids = $_GET['user_ids'] ?? [];
$id_user = $_SESSION['user']['id'];
$users = $this->internal_user->gets_in_by_id($ids);
if (!$users)
{
return $this->redirect(\descartes\Router::url('User', 'list'));
}
foreach ($users as &$user)
{
$user['quota'] = $this->internal_quota->get_user_quota($user['id']);
}
2021-06-17 00:51:33 +02:00
2021-06-12 23:23:15 +02:00
$now = new \DateTime();
$now = $now->format('Y-m-d H:i:00');
$this->render('user/edit', [
'users' => $users,
'now' => $now,
]);
}
2021-06-17 00:51:33 +02:00
2021-06-12 23:23:15 +02:00
/**
2021-06-17 00:51:33 +02:00
* Update a list of users.
2021-06-12 23:23:15 +02:00
*
* @param $csrf : Le jeton CSRF
* @param array $_POST['users'] : Array of the users and new values, id as key. Quota may also be defined.
*/
public function update($csrf)
{
if (!$this->verify_csrf($csrf))
{
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('User', 'add'));
}
2021-06-17 00:51:33 +02:00
$nb_update = 0;
2021-06-12 23:23:15 +02:00
$users = $_POST['users'] ?? [];
foreach ($users as $id_user => $user)
{
$email = $user['email'] ?? false;
$password = !empty($user['password']) ? $user['password'] : null;
$admin = $user['admin'] ?? false;
$quota_enable = $user['quota_enable'] ?? false;
$quota_consumed = $user['quota_consumed'] ?? false;
$quota_credit = $user['quota_credit'] ?? false;
$quota_additional = $user['quota_additional'] ?? false;
$quota_start_date = $user['quota_start_date'] ?? false;
$quota_renew_interval = $user['quota_renew_interval'] ?? false;
$quota_auto_renew = $user['quota_auto_renew'] ?? false;
$quota_report_unused = $user['quota_report_unused'] ?? false;
$quota_report_unused_additional = $user['quota_report_unused_additional'] ?? false;
if (!$email)
{
\FlashMessage\FlashMessage::push('danger', 'L\'utilisateur #' . (int) $id_user . ' n\'as pas pu être mis à jour car l\'adresse e-mail n\'as pas été fournie.');
continue;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
\FlashMessage\FlashMessage::push('danger', 'L\'utilisateur #' . (int) $id_user . ' n\'as pas pu être mis à jour car l\'adresse e-mail fournie n\'est pas valide.');
return $this->redirect(\descartes\Router::url('User', 'add'));
}
//Forge quota for user if needed
$quota = false;
if ($quota_enable)
{
$quota = [];
$quota['credit'] = (int) $quota_credit;
$quota['consumed'] = (int) $quota_consumed;
$quota['additional'] = (int) $quota_additional;
2021-06-17 00:51:33 +02:00
if (false === $quota_start_date || !\controllers\internals\Tool::validate_date($quota_start_date, 'Y-m-d H:i:s'))
2021-06-12 23:23:15 +02:00
{
\FlashMessage\FlashMessage::push('danger', 'L\'utilisateur #' . (int) $id_user . ' n\'as pas pu être mis à jour car la date de début du quota associé n\'est pas valide.');
continue;
}
$quota['start_date'] = new \DateTime($quota_start_date);
2021-06-17 00:51:33 +02:00
if (false === $quota_renew_interval || !\controllers\internals\Tool::validate_period($quota_renew_interval))
2021-06-12 23:23:15 +02:00
{
\FlashMessage\FlashMessage::push('danger', 'L\'utilisateur #' . (int) $id_user . ' n\'as pas pu être mis à jour car la durée du quota associé n\'est pas valide.');
2021-06-17 00:51:33 +02:00
2021-06-12 23:23:15 +02:00
continue;
}
$quota['renew_interval'] = $quota_renew_interval;
$quota['expiration_date'] = clone $quota['start_date'];
$quota['expiration_date']->add(new \DateInterval($quota_renew_interval));
$quota['auto_renew'] = (bool) $quota_auto_renew;
$quota['report_unused'] = (bool) $quota_report_unused;
$quota['report_unused_additional'] = (bool) $quota_report_unused_additional;
//Format dates
$quota['start_date'] = $quota['start_date']->format('Y-m-d H:i:s');
$quota['expiration_date'] = $quota['expiration_date']->format('Y-m-d H:i:s');
}
$updated_user = [
'email' => $email,
'admin' => $admin,
];
if ($password)
{
$updated_user['password'] = password_hash($password, PASSWORD_DEFAULT);
2021-06-12 23:23:15 +02:00
}
$success = $this->internal_user->update($id_user, $updated_user, $quota);
if (!$success)
{
\FlashMessage\FlashMessage::push('danger', 'L\'utilisateur #' . (int) $id_user . ' n\'as pas pu être mis à jour.');
2021-06-17 00:51:33 +02:00
2021-06-12 23:23:15 +02:00
continue;
}
2021-06-17 00:51:33 +02:00
++$nb_update;
2021-06-12 23:23:15 +02:00
}
if ($nb_update != count($users))
{
\FlashMessage\FlashMessage::push('danger', 'Certains utilisateurs n\'ont pas pu être mis à jour.');
2021-06-17 00:51:33 +02:00
return $this->redirect(\descartes\Router::url('User', 'list'));
}
2021-06-17 00:51:33 +02:00
\FlashMessage\FlashMessage::push('success', 'Tous les utilisateurs ont bien été mis à jour.');
2021-06-17 00:51:33 +02:00
return $this->redirect(\descartes\Router::url('User', 'list'));
2021-06-12 23:23:15 +02:00
}
2021-07-13 01:21:23 +02:00
/**
2021-07-19 17:32:23 +02:00
* Allow an admin to impersonate a user.
*
2021-07-13 01:21:23 +02:00
* @param mixed $csrf
* @param array int $_GET['user_ids'] : Ids of users to impersonate, the array should actually contain one id only, we keep use of array for simpler compatibility in UI
*/
2021-07-19 17:32:23 +02:00
public function impersonate($csrf)
2021-07-13 01:21:23 +02:00
{
if (!$this->verify_csrf($csrf))
{
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
return $this->redirect(\descartes\Router::url('User', 'list'));
}
2021-07-19 17:32:23 +02:00
if (1 != count($_GET['user_ids']))
2021-07-13 01:21:23 +02:00
{
\FlashMessage\FlashMessage::push('danger', 'Vous devez séléctionner un et un seul utilisateur à incarner !');
return $this->redirect(\descartes\Router::url('User', 'list'));
}
$id_user = (int) $_GET['user_ids'][0];
//Check if this user exists
$user = $this->internal_user->get($id_user);
if (!$user)
{
\FlashMessage\FlashMessage::push('danger', 'Cet utilisateur n\'existe pas !');
return $this->redirect(\descartes\Router::url('User', 'list'));
}
$settings = $this->internal_setting->gets_for_user($id_user);
if (!$settings)
{
\FlashMessage\FlashMessage::push('danger', 'Impossible de charger les settings de cet utilisateur !');
return $this->redirect(\descartes\Router::url('User', 'list'));
}
if (\models\User::STATUS_ACTIVE !== $user['status'])
{
\FlashMessage\FlashMessage::push('danger', 'Impossible d\'incarner cet utilisateur car il est actuellement suspendu');
return $this->redirect(\descartes\Router::url('User', 'list'));
}
$user['settings'] = $settings;
2021-07-19 17:32:23 +02:00
//Save old session to get it back later
2021-07-13 01:21:23 +02:00
$old_session = $_SESSION;
$_SESSION = [
2021-07-19 17:32:23 +02:00
'old_session' => $old_session,
2021-07-13 01:21:23 +02:00
'impersonate' => true,
'connect' => true,
'user' => $user,
];
\FlashMessage\FlashMessage::push('success', 'Vous incarnez désormais l\'utilisateur ' . $user['email'] . '.');
2021-07-19 17:32:23 +02:00
2021-07-13 01:21:23 +02:00
return $this->redirect(\descartes\Router::url('Dashboard', 'show'));
}
}