Merge pull request #7720 from MrPetovan/task/4090-move-delegate-to-src

Move mod/delegate to src/Module/Settings/Delegation
This commit is contained in:
Philipp 2019-10-10 10:24:15 +02:00 committed by GitHub
commit cf4bae26c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 230 additions and 253 deletions

View File

@ -40,7 +40,7 @@ You are not required to do this, but the alternative is to log out and log back
This could get cumbersome if you manage several different forums/identities. This could get cumbersome if you manage several different forums/identities.
You may also appoint a delegate to manage your forum. You may also appoint a delegate to manage your forum.
Do this by visiting the [Delegation Setup Page](delegate). Do this by visiting the [Delegation Setup Page](settings/delegation).
This will provide you with a list of contacts on this system under "Potential Delegates". This will provide you with a list of contacts on this system under "Potential Delegates".
Selecting one or more persons will give them access to manage your forum. Selecting one or more persons will give them access to manage your forum.
They will be able to edit contacts, profiles, and all content for this account/page. They will be able to edit contacts, profiles, and all content for this account/page.

View File

@ -38,7 +38,7 @@ Du musst das nicht machen, die Alternative ist allerdings, Dich immer wieder aus
Und das kann umständlich sein, wenn Du mehrere verschiedene Foren/Identitäten verwaltest. Und das kann umständlich sein, wenn Du mehrere verschiedene Foren/Identitäten verwaltest.
Du kannst ebenso jemanden wählen, der Dein Forum verwaltet. Du kannst ebenso jemanden wählen, der Dein Forum verwaltet.
Mach das, indem Du die [Delegations-Setup-Seite](/delegate) besuchst. Mach das, indem Du die [Delegations-Setup-Seite](/settings/delegation) besuchst.
Dort wird Dir eine Liste an "Potentiellen Bevollmächtigen" angezeigt. Dort wird Dir eine Liste an "Potentiellen Bevollmächtigen" angezeigt.
Die Auswahl einer oder mehrerer Personen gibt diesen die Möglichkeit, Dein Forum zu verwalten. Die Auswahl einer oder mehrerer Personen gibt diesen die Möglichkeit, Dein Forum zu verwalten.
Sie können Kontakte, Profile und alle Inhalte Deines Accounts/deiner Seite bearbeiten. Sie können Kontakte, Profile und alle Inhalte Deines Accounts/deiner Seite bearbeiten.

View File

@ -1,191 +0,0 @@
<?php
/**
* @file mod/delegate.php
*/
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\Strings;
require_once 'mod/settings.php';
function delegate_init(App $a)
{
settings_init($a);
}
function delegate_post(App $a)
{
if (!local_user()) {
return;
}
if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
notice(L10n::t('Permission denied.') . EOL);
return;
}
BaseModule::checkFormSecurityTokenRedirectOnError('/delegate', 'delegate');
$parent_uid = defaults($_POST, 'parent_user', 0);
$parent_password = defaults($_POST, 'parent_password', '');
if ($parent_uid != 0) {
$user = DBA::selectFirst('user', ['nickname'], ['uid' => $parent_uid]);
if (!DBA::isResult($user)) {
notice(L10n::t('Parent user not found.') . EOL);
return;
}
$success = User::authenticate($user['nickname'], trim($parent_password));
if (!$success) {
notice(L10n::t('Permission denied.') . EOL);
return;
}
}
DBA::update('user', ['parent-uid' => $parent_uid], ['uid' => local_user()]);
}
function delegate_content(App $a)
{
if (!local_user()) {
notice(L10n::t('Permission denied.') . EOL);
return;
}
if ($a->argc > 2 && $a->argv[1] === 'add' && intval($a->argv[2])) {
// delegated admins can view but not change delegation permissions
if (!empty($_SESSION['submanage'])) {
$a->internalRedirect('delegate');
}
$user_id = $a->argv[2];
$user = DBA::selectFirst('user', ['nickname'], ['uid' => $user_id]);
if (DBA::isResult($user)) {
$condition = [
'uid' => local_user(),
'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname'])
];
if (DBA::exists('contact', $condition)) {
DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]);
}
}
$a->internalRedirect('delegate');
}
if ($a->argc > 2 && $a->argv[1] === 'remove' && intval($a->argv[2])) {
// delegated admins can view but not change delegation permissions
if (!empty($_SESSION['submanage'])) {
$a->internalRedirect('delegate');
}
DBA::delete('manage', ['uid' => $a->argv[2], 'mid' => local_user()]);
$a->internalRedirect('delegate');
}
// find everybody that currently has delegated management to this account/page
$delegates = [];
$r = q("SELECT * FROM `user` WHERE `uid` IN (SELECT `uid` FROM `manage` WHERE `mid` = %d)",
intval(local_user())
);
if (DBA::isResult($r)) {
$delegates = $r;
}
$uids = [];
foreach ($delegates as $rr) {
$uids[] = $rr['uid'];
}
// find every contact who might be a candidate for delegation
$potentials = [];
$r = q("SELECT `nurl`
FROM `contact`
WHERE `self` = 0
AND SUBSTRING_INDEX(`nurl`, '/', 3) = '%s'
AND `uid` = %d
AND `network` = '%s' ",
DBA::escape(Strings::normaliseLink(System::baseUrl())),
intval(local_user()),
DBA::escape(Protocol::DFRN)
);
if (DBA::isResult($r)) {
$nicknames = [];
foreach ($r as $rr) {
$nicknames[] = "'" . DBA::escape(basename($rr['nurl'])) . "'";
}
$nicks = implode(',', $nicknames);
// get user records for all potential page delegates who are not already delegates or managers
$r = q("SELECT `uid`, `username`, `nickname` FROM `user` WHERE `nickname` IN ($nicks)");
if (DBA::isResult($r)) {
foreach ($r as $rr) {
if (!in_array($rr['uid'], $uids)) {
$potentials[] = $rr;
}
}
}
}
settings_init($a);
$user = DBA::selectFirst('user', ['parent-uid', 'email'], ['uid' => local_user()]);
$parent_user = null;
if (DBA::isResult($user)) {
if (!DBA::exists('user', ['parent-uid' => local_user()])) {
$parent_uid = $user['parent-uid'];
$parents = [0 => L10n::t('No parent user')];
$fields = ['uid', 'username', 'nickname'];
$condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => 0];
$parent_users = DBA::select('user', $fields, $condition);
while ($parent = DBA::fetch($parent_users)) {
if ($parent['uid'] != local_user()) {
$parents[$parent['uid']] = sprintf('%s (%s)', $parent['username'], $parent['nickname']);
}
}
$parent_user = ['parent_user', '', $parent_uid, '', $parents];
}
}
if (!is_null($parent_user)) {
$parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
} else {
$parent_password = '';
}
$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegate.tpl'), [
'$form_security_token' => BaseModule::getFormSecurityToken('delegate'),
'$parent_header' => L10n::t('Parent User'),
'$parent_user' => $parent_user,
'$parent_password' => $parent_password,
'$parent_desc' => L10n::t('Parent users have total control about this account, including the account settings. Please double check whom you give this access.'),
'$submit' => L10n::t('Save Settings'),
'$header' => L10n::t('Delegate Page Management'),
'$delegates_header' => L10n::t('Delegates'),
'$base' => System::baseUrl(),
'$desc' => L10n::t('Delegates are able to manage all aspects of this account/page except for basic account settings. Please do not delegate your personal account to anybody that you do not trust completely.'),
'$head_delegates' => L10n::t('Existing Page Delegates'),
'$delegates' => $delegates,
'$head_potentials' => L10n::t('Potential Delegates'),
'$potentials' => $potentials,
'$remove' => L10n::t('Remove'),
'$add' => L10n::t('Add'),
'$none' => L10n::t('No entries.')
]);
return $o;
}

View File

@ -115,8 +115,8 @@ function settings_init(App $a)
$tabs[] = [ $tabs[] = [
'label' => L10n::t('Delegations'), 'label' => L10n::t('Delegations'),
'url' => 'delegate', 'url' => 'settings/delegation',
'selected' => (($a->argc == 1) && ($a->argv[0] === 'delegate')?'active':''), 'selected' => (($a->argc > 1) && ($a->argv[1] === 'delegation')?'active':''),
'accesskey' => 'd', 'accesskey' => 'd',
]; ];

View File

@ -260,7 +260,7 @@ class Nav
$nav['manage'] = ['manage', L10n::t('Manage'), '', L10n::t('Manage other pages')]; $nav['manage'] = ['manage', L10n::t('Manage'), '', L10n::t('Manage other pages')];
} }
$nav['delegations'] = ['delegate', L10n::t('Delegations'), '', L10n::t('Delegate Page Management')]; $nav['delegations'] = ['settings/delegation', L10n::t('Delegations'), '', L10n::t('Delegate Page Management')];
$nav['settings'] = ['settings', L10n::t('Settings'), '', L10n::t('Account settings')]; $nav['settings'] = ['settings', L10n::t('Settings'), '', L10n::t('Account settings')];

View File

@ -73,8 +73,8 @@ class BaseSettingsModule extends BaseModule
$tabs[] = [ $tabs[] = [
'label' => L10n::t('Delegations'), 'label' => L10n::t('Delegations'),
'url' => 'delegate', 'url' => 'settings/delegation',
'selected' => (($a->argc == 1) && ($a->argv[0] === 'delegate') ? 'active' : ''), 'selected' => (($a->argc > 1) && ($a->argv[1] === 'delegation') ? 'active' : ''),
'accesskey' => 'd', 'accesskey' => 'd',
]; ];

View File

@ -0,0 +1,174 @@
<?php
namespace Friendica\Module\Settings;
use Friendica\App\Arguments;
use Friendica\BaseModule;
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Module\BaseSettingsModule;
use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
/**
* Account delegation settings module
*/
class Delegation extends BaseSettingsModule
{
public static function post()
{
if (!local_user() || !empty(self::getApp()->user['uid']) && self::getApp()->user['uid'] != local_user()) {
throw new HTTPException\ForbiddenException(L10n::t('Permission denied.'));
}
BaseModule::checkFormSecurityTokenRedirectOnError('settings/delegation', 'delegate');
$parent_uid = $_POST['parent_user'] ?? 0;
$parent_password = $_POST['parent_password'] ?? '';
if ($parent_uid != 0) {
try {
User::getIdFromPasswordAuthentication($parent_uid, $parent_password);
info(L10n::t('Delegation successfully granted.'));
} catch (\Exception $ex) {
notice(L10n::t('Parent user not found, unavailable or password doesn\'t match.'));
return;
}
} else {
info(L10n::t('Delegation successfully revoked.'));
}
DBA::update('user', ['parent-uid' => $parent_uid], ['uid' => local_user()]);
}
public static function content()
{
parent::content();
if (!local_user()) {
throw new HTTPException\ForbiddenException(L10n::t('Permission denied.'));
}
/** @var Arguments $args */
$args = self::getClass(Arguments::class);
// @TODO Replace with router-provided arguments
$action = $args->get(2);
$user_id = $args->get(3);
if ($action === 'add' && $user_id) {
if (Session::get('submanage')) {
notice(L10n::t('Delegated administrators can view but not change delegation permissions.'));
self::getApp()->internalRedirect('settings/delegation');
}
$user = User::getById($user_id, ['nickname']);
if (DBA::isResult($user)) {
$condition = [
'uid' => local_user(),
'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname'])
];
if (DBA::exists('contact', $condition)) {
DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]);
}
} else {
notice(L10n::t('Delegate user not found.'));
}
self::getApp()->internalRedirect('settings/delegation');
}
if ($action === 'remove' && $user_id) {
if (Session::get('submanage')) {
notice(L10n::t('Delegated administrators can view but not change delegation permissions.'));
self::getApp()->internalRedirect('settings/delegation');
}
DBA::delete('manage', ['uid' => $user_id, 'mid' => local_user()]);
self::getApp()->internalRedirect('settings/delegation');
}
// find everybody that currently has delegated management to this account/page
$delegates = DBA::selectToArray('user', [], ['`uid` IN (SELECT `uid` FROM `manage` WHERE `mid` = ?)', local_user()]);
$uids = [];
foreach ($delegates as $user) {
$uids[] = $user['uid'];
}
// find every contact who might be a candidate for delegation
$potentials = [];
$contacts = DBA::selectToArray(
'contact',
['nurl'],
[
"`self` = 0 AND SUBSTRING_INDEX(`nurl`, '/', 3) = ? AND `uid` = ? AND `network` = ?",
Strings::normaliseLink(System::baseUrl()),
local_user(),
Protocol::DFRN,
]
);
if ($contacts) {
$nicknames = [];
foreach ($contacts as $contact) {
$nicknames[] = "'" . DBA::escape(basename($contact['nurl'])) . "'";
}
// get user records for all potential page delegates who are not already delegates or managers
$potentialDelegateUsers = DBA::selectToArray('user', ['uid', 'username', 'nickname'], ['nickname' => $nicknames]);
foreach ($potentialDelegateUsers as $user) {
if (!in_array($user['uid'], $uids)) {
$potentials[] = $user;
}
}
}
$parent_user = null;
$parent_password = null;
$user = User::getById(local_user(), ['parent-uid', 'email']);
if (DBA::isResult($user) && !DBA::exists('user', ['parent-uid' => local_user()])) {
$parent_uid = $user['parent-uid'];
$parents = [0 => L10n::t('No parent user')];
$fields = ['uid', 'username', 'nickname'];
$condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => 0];
$parent_users = DBA::selectToArray('user', $fields, $condition);
foreach($parent_users as $parent) {
if ($parent['uid'] != local_user()) {
$parents[$parent['uid']] = sprintf('%s (%s)', $parent['username'], $parent['nickname']);
}
}
$parent_user = ['parent_user', '', $parent_uid, '', $parents];
$parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
}
$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/delegation.tpl'), [
'$form_security_token' => BaseModule::getFormSecurityToken('delegate'),
'$parent_header' => L10n::t('Parent User'),
'$parent_user' => $parent_user,
'$parent_password' => $parent_password,
'$parent_desc' => L10n::t('Parent users have total control about this account, including the account settings. Please double check whom you give this access.'),
'$submit' => L10n::t('Save Settings'),
'$header' => L10n::t('Delegate Page Management'),
'$delegates_header' => L10n::t('Delegates'),
'$base' => System::baseUrl(),
'$desc' => L10n::t('Delegates are able to manage all aspects of this account/page except for basic account settings. Please do not delegate your personal account to anybody that you do not trust completely.'),
'$head_delegates' => L10n::t('Existing Page Delegates'),
'$delegates' => $delegates,
'$head_potentials' => L10n::t('Potential Delegates'),
'$potentials' => $potentials,
'$remove' => L10n::t('Remove'),
'$add' => L10n::t('Add'),
'$none' => L10n::t('No entries.')
]);
return $o;
}
}

View File

@ -202,6 +202,7 @@ return [
'/app_specific' => [Module\Settings\TwoFactor\AppSpecific::class, [R::GET, R::POST]], '/app_specific' => [Module\Settings\TwoFactor\AppSpecific::class, [R::GET, R::POST]],
'/verify' => [Module\Settings\TwoFactor\Verify::class, [R::GET, R::POST]], '/verify' => [Module\Settings\TwoFactor\Verify::class, [R::GET, R::POST]],
], ],
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
], ],
'/randprof' => [Module\RandomProfile::class, [R::GET]], '/randprof' => [Module\RandomProfile::class, [R::GET]],

View File

@ -1,55 +0,0 @@
<h3>{{$header}}</h3>
{{if $parent_user}}
<h4>{{$parent_header}}</h4>
<div id="delegate-parent-desc" class="delegate-parent-desc">{{$parent_desc}}</div>
<div id="delegate-parent" class="delegate-parent">
<form action="{{$baseurl}}/delegate" method="post">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
{{include file="field_select.tpl" field=$parent_user}}
{{include file="field_password.tpl" field=$parent_password}}
<div class="submit"><input type="submit" name="delegate" value="{{$submit}}" /></div>
</form>
</div>
{{/if}}
<h4>{{$delegates_header}}</h4>
<div id="delegate-desc" class="delegate-desc">{{$desc nofilter}}</div>
<h4>{{$head_delegates}}</h4>
{{if $delegates}}
{{foreach $delegates as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="{{$base}}/delegate/remove/{{$x.uid}}" >
<img class="contact-block-img" src="{{$base}}/photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})" />
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}
<hr />
<h4>{{$head_potentials}}</h4>
{{if $potentials}}
{{foreach $potentials as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="{{$base}}/delegate/add/{{$x.uid}}" >
<img class="contact-block-img" src="{{$base}}/photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})" />
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}
<hr />

View File

@ -0,0 +1,48 @@
<h3>{{$header}}</h3>
{{if $parent_user}}
<h4>{{$parent_header}}</h4>
<div id="delegate-parent-desc" class="delegate-parent-desc">{{$parent_desc}}</div>
<div id="delegate-parent" class="delegate-parent">
<form action="settings/delegation" method="post">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
{{include file="field_select.tpl" field=$parent_user}}
{{include file="field_password.tpl" field=$parent_password}}
<div class="submit"><input type="submit" name="delegate" value="{{$submit}}"/></div>
</form>
</div>
{{/if}}
<h4>{{$delegates_header}}</h4>
<div id="delegate-desc" class="delegate-desc">{{$desc nofilter}}</div>
<h4>{{$head_delegates}}</h4>
{{if $delegates}}
{{foreach $delegates as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="settings/delegation/remove/{{$x.uid}}">
<img class="contact-block-img" src="photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})">
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}
<hr/>
<h4>{{$head_potentials}}</h4>
{{if $potentials}}
{{foreach $potentials as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="settings/delegation/add/{{$x.uid}}">
<img class="contact-block-img" src="photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})">
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}