UserAction.class.php (13481B)
1 <?php 2 3 namespace cms\action; 4 5 use cms\model\Acl; 6 use cms\model\User; 7 use cms\model\Project; 8 use cms\model\Group; 9 use cms\model\BaseObject; 10 use cms\model\Language; 11 12 13 use Http; 14 use security\Base2n; 15 use \security\Password; 16 use \Session; 17 use \Html; 18 use \Mail; 19 20 // OpenRat Content Management System 21 // Copyright (C) 2002-2012 Jan Dankert, cms@jandankert.de 22 // 23 // This program is free software; you can redistribute it and/or 24 // modify it under the terms of the GNU General Public License 25 // as published by the Free Software Foundation; either version 2 26 // of the License, or (at your option) any later version. 27 // 28 // This program is distributed in the hope that it will be useful, 29 // but WITHOUT ANY WARRANTY; without even the implied warranty of 30 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 31 // GNU General Public License for more details. 32 // 33 // You should have received a copy of the GNU General Public License 34 // along with this program; if not, write to the Free Software 35 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 36 37 38 /** 39 * Action-Klasse zum Bearbeiten eines Benutzers 40 * @author $Author$ 41 * @version $Revision$ 42 * @package openrat.actions 43 */ 44 class UserAction extends BaseAction 45 { 46 public $security = Action::SECURITY_ADMIN; 47 48 /** 49 * @var User 50 */ 51 private $user; 52 53 54 /** 55 * UserAction constructor. 56 * @throws \ObjectNotFoundException 57 */ 58 function __construct() 59 { 60 parent::__construct(); 61 62 } 63 64 65 public function init() 66 { 67 $this->user = new User( $this->getRequestId() ); 68 $this->user->load(); 69 $this->setTemplateVar('userid',$this->user->userid); 70 } 71 72 73 public function propPost() 74 { 75 if ( ! $this->getRequestVar('name') ) 76 throw new \ValidationException( 'name'); 77 78 // Benutzer speichern 79 $this->user->name = $this->getRequestVar('name' ); 80 $this->user->fullname = $this->getRequestVar('fullname'); 81 $this->user->isAdmin = $this->hasRequestVar('is_admin'); 82 $this->user->ldap_dn = $this->getRequestVar('ldap_dn' ); 83 $this->user->tel = $this->getRequestVar('tel' ); 84 $this->user->desc = $this->getRequestVar('desc' ); 85 $this->user->language = $this->getRequestVar('language'); 86 $this->user->timezone = $this->getRequestVar('timezone'); 87 $this->user->hotp = $this->hasRequestVar('hotp' ); 88 $this->user->totp = $this->hasRequestVar('totp' ); 89 90 global $conf; 91 if ( @$conf['security']['user']['show_admin_mail'] ) 92 $this->user->mail = $this->getRequestVar('mail' ); 93 94 $this->user->style = $this->getRequestVar('style' ); 95 96 $this->user->save(); 97 $this->addNotice('user',$this->user->name,'SAVED','ok'); 98 } 99 100 101 102 function removeView() 103 { 104 $this->setTemplateVars( $this->user->getProperties() ); 105 } 106 107 108 109 function removePost() 110 { 111 if ( $this->hasRequestVar('confirm') ) 112 { 113 $this->user->delete(); 114 $this->addNotice('user',$this->user->name,'DELETED','ok'); 115 } 116 else 117 { 118 $this->addValidationError('confirm'); 119 return; 120 } 121 } 122 123 124 function addgrouptouser() 125 { 126 $this->user->addGroup( $this->getRequestVar('groupid') ); 127 128 $this->addNotice('user',$this->user->name,'ADDED','ok'); 129 } 130 131 132 function addgroup() 133 { 134 // Alle hinzufuegbaren Gruppen ermitteln 135 $this->setTemplateVar('groups',$this->user->getOtherGroups()); 136 } 137 138 139 function delgroup() 140 { 141 $this->user->delGroup( $this->getRequestVar('groupid') ); 142 143 $this->addNotice('user',$this->user->name,'DELETED','ok'); 144 } 145 146 147 /** 148 * Das Kennwort wird an den Benutzer geschickt 149 * 150 * @access private 151 */ 152 function mailPw( $pw ) 153 { 154 $to = $this->user->fullname.' <'.$this->user->mail.'>'; 155 $mail = new Mail($to,'USER_MAIL'); 156 157 $mail->setVar('username',$this->user->name ); 158 $mail->setVar('password',$pw ); 159 $mail->setVar('name' ,$this->user->getName() ); 160 161 $mail->send(); 162 } 163 164 165 /** 166 * Aendern des Kennwortes 167 */ 168 public function pwPost() 169 { 170 global $conf; 171 172 $pw1 = $this->getRequestVar('password1'); 173 $pw2 = $this->getRequestVar('password2'); 174 175 $type = $this->getRequestVar('type'); 176 177 switch( $type ) 178 { 179 case 'input': 180 if ( strlen($pw1)<intval($conf['security']['password']['min_length']) ) 181 { 182 $this->addValidationError('password1'); 183 return; 184 } 185 elseif ( $pw1 != $pw2 ) 186 { 187 $this->addValidationError('password2'); 188 return; 189 } 190 else 191 { 192 $newPassword = $pw1; 193 } 194 break; 195 case 'proposal'; 196 $newPassword = $this->getRequestVar('password_proposal'); 197 break; 198 case 'random'; 199 $newPassword = $this->user->createPassword(); 200 break; 201 default: 202 throw new \LogicException('Type unknown: '.$type); 203 } 204 205 // Kennwoerter identisch und lang genug 206 $this->user->setPassword($newPassword,!$this->hasRequestVar('timeout') ); // Kennwort setzen 207 208 // E-Mail mit dem neuen Kennwort an Benutzer senden 209 if ( $this->hasRequestVar('email') && !empty($this->user->mail) && $conf['mail']['enabled'] ) 210 { 211 $this->mailPw( $newPassword ); 212 $this->addNotice('user',$this->user->name,'MAIL_SENT','ok'); 213 } 214 215 $this->addNotice('user',$this->user->name,'SAVED','ok'); 216 217 } 218 219 220 221 function listingView() 222 { 223 $list = array(); 224 225 foreach( User::getAllUsers() as $user ) 226 { 227 /* @var $user User */ 228 $list[$user->userid] = $user->getProperties(); 229 } 230 $this->setTemplateVar('el',$list); 231 } 232 233 234 /** 235 * Eigenschaften des Benutzers ermitteln. 236 */ 237 public function propView() 238 { 239 global $conf; 240 241 $issuer = urlencode(config('application','operator')); 242 $account = $this->user->name.'@'.$_SERVER['SERVER_NAME']; 243 244 $base32 = new Base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE); 245 $secret = $base32->encode(@hex2bin($this->user->otpSecret)); 246 247 $counter = $this->user->hotpCount; 248 249 $this->setTemplateVars( 250 $this->user->getProperties() + 251 array('totpSecretUrl' => "otpauth://totp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}", 252 'hotpSecretUrl' => "otpauth://hotp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}&counter={$counter}" 253 ) 254 + array('totpToken'=>Password::getTOTPCode($this->user->otpSecret)) 255 ); 256 257 $this->setTemplateVar( 'allstyles',$this->user->getAvailableStyles() ); 258 259 $this->setTemplateVar('timezone_list',timezone_identifiers_list() ); 260 261 $languages = explode(',',$conf['i18n']['available']); 262 foreach($languages as $id=>$name) 263 { 264 unset($languages[$id]); 265 $languages[$name] = $name; 266 } 267 $this->setTemplateVar('language_list',$languages); 268 269 } 270 271 272 273 274 /** 275 * Eigenschaften des Benutzers anzeigen 276 */ 277 function infoView() 278 { 279 $this->setTemplateVars( $this->user->getProperties() ); 280 281 $gravatarConfig = config('interface','gravatar'); 282 283 $this->setTemplateVar( 'image', 'about:blank' ); 284 if ( is_array($gravatarConfig) ) 285 { 286 extract($gravatarConfig); 287 288 if ( isset($enable) && $enable && !empty($this->user->mail) ) 289 { 290 $url = 'http://www.gravatar.com/avatar/'.md5($this->user->mail).'?'; 291 if ( isset($size)) 292 $url .= '&s='.$size; 293 if ( isset($default)) 294 $url .= '&d='.$default; 295 if ( isset($rating)) 296 $url .= '&r='.$rating; 297 298 $this->setTemplateVar( 'image', $url ); 299 } 300 } 301 302 303 304 305 $issuer = urlencode(config('application','operator')); 306 $account = $this->user->name.'@'.$_SERVER['SERVER_NAME']; 307 308 $base32 = new Base2n(5, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567', FALSE, TRUE, TRUE); 309 $secret = $base32->encode(@hex2bin($this->user->otpSecret)); 310 311 $counter = $this->user->hotpCount; 312 313 $this->setTemplateVars( 314 $this->user->getProperties() + 315 array('totpSecretUrl' => "otpauth://totp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}", 316 'hotpSecretUrl' => "otpauth://hotp/{$issuer}:{$account}?secret={$secret}&issuer={$issuer}&counter={$counter}" 317 ) 318 + array('totpToken'=>Password::getTOTPCode($this->user->otpSecret)) 319 ); 320 321 //$this->setTemplateVar( 'allstyles',$this->user->getAvailableStyles() ); 322 323 //$this->setTemplateVar('timezone_list',timezone_identifiers_list() ); 324 325 //$languages = explode(',',Config()->subset('i18n')->is('available')); 326 //foreach($languages as $id=>$name) 327 //{ 328 // unset($languages[$id]); 329 // $languages[$name] = $name; 330 //} 331 //$this->setTemplateVar('language_list',$languages); 332 } 333 334 335 function membershipsView() 336 { 337 $gruppenListe = array(); 338 339 $allGroups = Group::getAll(); 340 $userGroups = $this->user->getGroups(); 341 342 foreach( $allGroups as $id=>$name ) 343 { 344 345 $hasGroup = array_key_exists($id,$userGroups); 346 $varName = 'group'.$id; 347 $gruppenListe[$id] = array('name' =>$name, 348 'id' =>$id, 349 'var' =>$varName, 350 'member' =>$hasGroup 351 ); 352 $this->setTemplateVar($varName,$hasGroup); 353 } 354 $this->setTemplateVar('memberships',$gruppenListe); 355 356 global $conf; 357 if ($conf['security']['authorize']['type']=='ldap') 358 $this->addNotice('user',$this->user->name,'GROUPS_MAY_CONFLICT_WITH_LDAP',OR_NOTICE_WARN); 359 } 360 361 362 function membershipsPost() 363 { 364 $allGroups = Group::getAll(); 365 $userGroups = $this->user->getGroups(); 366 $aenderung = false; 367 368 foreach( $allGroups as $id=>$name ) 369 { 370 $hasGroup = array_key_exists($id,$userGroups); 371 372 if ( !$hasGroup && $this->hasRequestVar('group'.$id) ) 373 { 374 $this->user->addGroup($id); 375 $this->addNotice('group',$name,'ADDED'); 376 $aenderung = true; 377 } 378 379 if ( $hasGroup && !$this->hasRequestVar('group'.$id) ) 380 { 381 $this->user->delGroup($id); 382 $this->addNotice('group',$name,'DELETED'); 383 $aenderung = true; 384 } 385 } 386 387 if ( ! $aenderung ) 388 $this->addNotice('group',$name,'NOTHING_DONE'); 389 } 390 391 392 /** 393 * Aendern des Kennwortes 394 */ 395 function pwView() 396 { 397 $this->setTemplateVars( $this->user->getProperties() ); 398 399 $this->setTemplateVar('password_proposal', $this->user->createPassword() ); 400 } 401 402 403 /** 404 * Anzeigen der Benutzerrechte 405 * @throws \ObjectNotFoundException 406 */ 407 function rightsView() 408 { 409 $rights = $this->user->getAllAcls(); 410 411 $projects = array(); 412 413 foreach( $rights as $acl ) 414 { 415 /* @var $acl Acl */ 416 if ( !isset($projects[$acl->projectid])) 417 { 418 $p = Project::create( $acl->projectid ); 419 420 $projects[$acl->projectid] = array(); 421 $projects[$acl->projectid]['projectname'] = $p->load()->name; 422 $projects[$acl->projectid]['rights' ] = array(); 423 } 424 425 $right = array(); 426 427 if ( $acl->languageid > 0 ) 428 { 429 $language = new Language($acl->languageid); 430 $language->load(); 431 $right['languagename'] = $language->name; 432 } 433 else 434 { 435 $right['languagename'] = lang('ALL_LANGUAGES'); 436 } 437 438 439 $o = new BaseObject($acl->objectid); 440 $o->objectLoad(); 441 $right['objectname'] = $o->name; 442 $right['objectid' ] = $o->objectid; 443 $right['objecttype'] = $o->getType(); 444 445 if ( $acl->userid > 0 ) 446 { 447 $user = new User($acl->userid); 448 $user->load(); 449 $right['username'] = $user->name; 450 } 451 elseif ( $acl->groupid > 0 ) 452 { 453 $group = new Group($acl->groupid); 454 $group->load(); 455 $right['groupname'] = $group->name; 456 } 457 else 458 { 459 ; 460 // Berechtigung fuer "alle". 461 } 462 463 // $show = array(); 464 // foreach( $acl->getProperties() as $p=>$set) 465 // $show[$p] = $set; 466 // 467 // $right['show'] = $show; 468 $right['bits'] = $acl->getProperties(); 469 470 $projects[$acl->projectid]['rights'][] = $right; 471 } 472 473 $this->setTemplateVar('projects' ,$projects ); 474 475 $this->setTemplateVar('show',Acl::getAvailableRights() ); 476 477 if ( $this->user->isAdmin ) 478 $this->addNotice('user',$this->user->name,'ADMIN_NEEDS_NO_RIGHTS',OR_NOTICE_WARN); 479 } 480 481 482 /** 483 * @param String $name Men�punkt 484 * @return boolean 485 */ 486 function checkMenu( $menu ) 487 { 488 global $conf; 489 490 switch( $menu ) 491 { 492 case 'add': 493 case 'remove': 494 return !readonly(); 495 496 case 'addgroup': 497 return !readonly() && count($this->user->getOtherGroups()) > 0; 498 499 case 'groups': 500 return !readonly() && count(Group::getAll()) > 0; 501 502 case 'pw': 503 return !readonly() 504 && @$conf['security']['auth']['type'] == 'database' 505 && !@$conf['security']['auth']['userdn']; 506 } 507 508 return true; 509 } 510 511 512 /** 513 * Wechselt zu einem ausgewählten User. 514 * @throws \ObjectNotFoundException 515 */ 516 public function switchPost() 517 { 518 // User laden... 519 $user = new User( $this->getRequestId() ); 520 $user->load(); 521 522 // Und in der Sitzung speichern. 523 Session::setUser( $user ); 524 } 525 526 527 /** 528 * Ermittelt die letzten Änderungen, die durch den aktuellen Benutzer in allen Projekten gemacht worden sind. 529 */ 530 public function historyView() 531 { 532 $lastChanges = $this->user->getLastChanges(); 533 534 $timeline = array(); 535 536 foreach( $lastChanges as $entry ) 537 { 538 $timeline[ $entry['objectid'] ] = $entry; 539 $baseObject = new BaseObject( $entry['objectid']); 540 $baseObject->objectLoad(); 541 $timeline[ $entry['objectid'] ]['type'] = $baseObject->getType(); 542 } 543 $this->setTemplateVar('timeline', $timeline); 544 } 545 546 547 }