Browse Source

Move mod/delegate to src/Module/Settings/Delegation

- Move templates/delegate to templates/settings/delegation
pull/7720/head
Hypolite Petovan 2 years ago
parent
commit
616edd0600
  1. 2
      doc/Forums.md
  2. 2
      doc/de/Forums.md
  3. 191
      mod/delegate.php
  4. 4
      mod/settings.php
  5. 2
      src/Content/Nav.php
  6. 4
      src/Module/BaseSettingsModule.php
  7. 175
      src/Module/Settings/Delegation.php
  8. 1
      static/routes.config.php
  9. 55
      view/templates/delegate.tpl
  10. 48
      view/templates/settings/delegation.tpl

2
doc/Forums.md

@ -40,7 +40,7 @@ You are not required to do this, but the alternative is to log out and log back
This could get cumbersome if you manage several different forums/identities.
You may also appoint a delegate to manage your forum.
Do this by visiting the [Delegation Setup Page](delegate).
Do this by visiting the [Delegation Setup Page](settings/delegation).
This will provide you with a list of contacts on this system under "Potential Delegates".
Selecting one or more persons will give them access to manage your forum.
They will be able to edit contacts, profiles, and all content for this account/page.

2
doc/de/Forums.md

@ -38,7 +38,7 @@ Du musst das nicht machen, die Alternative ist allerdings, Dich immer wieder aus
Und das kann umständlich sein, wenn Du mehrere verschiedene Foren/Identitäten verwaltest.
Du kannst ebenso jemanden wählen, der Dein Forum verwaltet.
Mach das, indem Du die [Delegations-Setup-Seite](/delegate) besuchst.
Mach das, indem Du die [Delegations-Setup-Seite](/settings/delegation) besuchst.
Dort wird Dir eine Liste an "Potentiellen Bevollmächtigen" angezeigt.
Die Auswahl einer oder mehrerer Personen gibt diesen die Möglichkeit, Dein Forum zu verwalten.
Sie können Kontakte, Profile und alle Inhalte Deines Accounts/deiner Seite bearbeiten.

191
mod/delegate.php

@ -1,191 +0,0 @@
<?php
/**
* @file mod/delegate.php
*/
use Friendica\App;
use Friendica\BaseModule;
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Util\Strings;
require_once 'mod/settings.php';
function delegate_init(App $a)
{
settings_init($a);
}
function delegate_post(App $a)
{
if (!local_user()) {
return;
}
if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
notice(L10n::t('Permission denied.') . EOL);
return;
}
BaseModule::checkFormSecurityTokenRedirectOnError('/delegate', 'delegate');
$parent_uid = defaults($_POST, 'parent_user', 0);
$parent_password = defaults($_POST, 'parent_password', '');
if ($parent_uid != 0) {
$user = DBA::selectFirst('user', ['nickname'], ['uid' => $parent_uid]);
if (!DBA::isResult($user)) {
notice(L10n::t('Parent user not found.') . EOL);
return;
}
$success = User::authenticate($user['nickname'], trim($parent_password));
if (!$success) {
notice(L10n::t('Permission denied.') . EOL);
return;
}
}
DBA::update('user', ['parent-uid' => $parent_uid], ['uid' => local_user()]);
}
function delegate_content(App $a)
{
if (!local_user()) {
notice(L10n::t('Permission denied.') . EOL);
return;
}
if ($a->argc > 2 && $a->argv[1] === 'add' && intval($a->argv[2])) {
// delegated admins can view but not change delegation permissions
if (!empty($_SESSION['submanage'])) {
$a->internalRedirect('delegate');
}
$user_id = $a->argv[2];
$user = DBA::selectFirst('user', ['nickname'], ['uid' => $user_id]);
if (DBA::isResult($user)) {
$condition = [
'uid' => local_user(),
'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname'])
];
if (DBA::exists('contact', $condition)) {
DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]);
}
}
$a->internalRedirect('delegate');
}
if ($a->argc > 2 && $a->argv[1] === 'remove' && intval($a->argv[2])) {
// delegated admins can view but not change delegation permissions
if (!empty($_SESSION['submanage'])) {
$a->internalRedirect('delegate');
}
DBA::delete('manage', ['uid' => $a->argv[2], 'mid' => local_user()]);
$a->internalRedirect('delegate');
}
// find everybody that currently has delegated management to this account/page
$delegates = [];
$r = q("SELECT * FROM `user` WHERE `uid` IN (SELECT `uid` FROM `manage` WHERE `mid` = %d)",
intval(local_user())
);
if (DBA::isResult($r)) {
$delegates = $r;
}
$uids = [];
foreach ($delegates as $rr) {
$uids[] = $rr['uid'];
}
// find every contact who might be a candidate for delegation
$potentials = [];
$r = q("SELECT `nurl`
FROM `contact`
WHERE `self` = 0
AND SUBSTRING_INDEX(`nurl`, '/', 3) = '%s'
AND `uid` = %d
AND `network` = '%s' ",
DBA::escape(Strings::normaliseLink(System::baseUrl())),
intval(local_user()),
DBA::escape(Protocol::DFRN)
);
if (DBA::isResult($r)) {
$nicknames = [];
foreach ($r as $rr) {
$nicknames[] = "'" . DBA::escape(basename($rr['nurl'])) . "'";
}
$nicks = implode(',', $nicknames);
// get user records for all potential page delegates who are not already delegates or managers
$r = q("SELECT `uid`, `username`, `nickname` FROM `user` WHERE `nickname` IN ($nicks)");
if (DBA::isResult($r)) {
foreach ($r as $rr) {
if (!in_array($rr['uid'], $uids)) {
$potentials[] = $rr;
}
}
}
}
settings_init($a);
$user = DBA::selectFirst('user', ['parent-uid', 'email'], ['uid' => local_user()]);
$parent_user = null;
if (DBA::isResult($user)) {
if (!DBA::exists('user', ['parent-uid' => local_user()])) {
$parent_uid = $user['parent-uid'];
$parents = [0 => L10n::t('No parent user')];
$fields = ['uid', 'username', 'nickname'];
$condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => 0];
$parent_users = DBA::select('user', $fields, $condition);
while ($parent = DBA::fetch($parent_users)) {
if ($parent['uid'] != local_user()) {
$parents[$parent['uid']] = sprintf('%s (%s)', $parent['username'], $parent['nickname']);
}
}
$parent_user = ['parent_user', '', $parent_uid, '', $parents];
}
}
if (!is_null($parent_user)) {
$parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
} else {
$parent_password = '';
}
$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegate.tpl'), [
'$form_security_token' => BaseModule::getFormSecurityToken('delegate'),
'$parent_header' => L10n::t('Parent User'),
'$parent_user' => $parent_user,
'$parent_password' => $parent_password,
'$parent_desc' => L10n::t('Parent users have total control about this account, including the account settings. Please double check whom you give this access.'),
'$submit' => L10n::t('Save Settings'),
'$header' => L10n::t('Delegate Page Management'),
'$delegates_header' => L10n::t('Delegates'),
'$base' => System::baseUrl(),
'$desc' => L10n::t('Delegates are able to manage all aspects of this account/page except for basic account settings. Please do not delegate your personal account to anybody that you do not trust completely.'),
'$head_delegates' => L10n::t('Existing Page Delegates'),
'$delegates' => $delegates,
'$head_potentials' => L10n::t('Potential Delegates'),
'$potentials' => $potentials,
'$remove' => L10n::t('Remove'),
'$add' => L10n::t('Add'),
'$none' => L10n::t('No entries.')
]);
return $o;
}

4
mod/settings.php

@ -115,8 +115,8 @@ function settings_init(App $a)
$tabs[] = [
'label' => L10n::t('Delegations'),
'url' => 'delegate',
'selected' => (($a->argc == 1) && ($a->argv[0] === 'delegate')?'active':''),
'url' => 'settings/delegation',
'selected' => (($a->argc > 1) && ($a->argv[1] === 'delegation')?'active':''),
'accesskey' => 'd',
];

2
src/Content/Nav.php

@ -260,7 +260,7 @@ class Nav
$nav['manage'] = ['manage', L10n::t('Manage'), '', L10n::t('Manage other pages')];
}
$nav['delegations'] = ['delegate', L10n::t('Delegations'), '', L10n::t('Delegate Page Management')];
$nav['delegations'] = ['settings/delegation', L10n::t('Delegations'), '', L10n::t('Delegate Page Management')];
$nav['settings'] = ['settings', L10n::t('Settings'), '', L10n::t('Account settings')];

4
src/Module/BaseSettingsModule.php

@ -73,8 +73,8 @@ class BaseSettingsModule extends BaseModule
$tabs[] = [
'label' => L10n::t('Delegations'),
'url' => 'delegate',
'selected' => (($a->argc == 1) && ($a->argv[0] === 'delegate') ? 'active' : ''),
'url' => 'settings/delegation',
'selected' => (($a->argc > 1) && ($a->argv[1] === 'delegation') ? 'active' : ''),
'accesskey' => 'd',
];

175
src/Module/Settings/Delegation.php

@ -0,0 +1,175 @@
<?php
namespace Friendica\Module\Settings;
use Friendica\App\Arguments;
use Friendica\BaseModule;
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\Model\User;
use Friendica\Module\BaseSettingsModule;
use Friendica\Network\HTTPException;
use Friendica\Util\Strings;
class Delegation extends BaseSettingsModule
{
public static function post()
{
if (!local_user() || !empty(self::getApp()->user['uid']) && self::getApp()->user['uid'] != local_user()) {
throw new HTTPException\ForbiddenException(L10n::t('Permission denied.'));
}
BaseModule::checkFormSecurityTokenRedirectOnError('settings/delegation', 'delegate');
$parent_uid = $_POST['parent_user'] ?? 0;
$parent_password = $_POST['parent_password'] ?? '';
if ($parent_uid != 0) {
$user = DBA::selectFirst('user', ['nickname'], ['uid' => $parent_uid]);
if (!DBA::isResult($user)) {
notice(L10n::t('Parent user not found.'));
return;
}
try {
User::getIdFromPasswordAuthentication($user['nickname'], $parent_password);
info(L10n::t('Delegation successfully granted.'));
} catch (\Throwable $ex) {
notice(L10n::t('Parent user password doesn\'t match.'));
return;
}
} else {
info(L10n::t('Delegation successfully revoked.'));
}
DBA::update('user', ['parent-uid' => $parent_uid], ['uid' => local_user()]);
}
public static function content()
{
parent::content();
if (!local_user()) {
throw new HTTPException\ForbiddenException(L10n::t('Permission denied.'));
}
/** @var Arguments $args */
$args = self::getClass(Arguments::class);
$action = $args->get(2);
$user_id = $args->get(3);
if ($action === 'add' && $user_id) {
if (Session::get('submanage')) {
notice(L10n::t('Delegated administrators can view but not change delegation permissions.'));
self::getApp()->internalRedirect('settings/delegation');
}
$user = DBA::selectFirst('user', ['nickname'], ['uid' => $user_id]);
if (DBA::isResult($user)) {
$condition = [
'uid' => local_user(),
'nurl' => Strings::normaliseLink(System::baseUrl() . '/profile/' . $user['nickname'])
];
if (DBA::exists('contact', $condition)) {
DBA::insert('manage', ['uid' => $user_id, 'mid' => local_user()]);
}
} else {
notice(L10n::t('Delegate user not found.'));
}
self::getApp()->internalRedirect('settings/delegation');
}
if ($action === 'remove' && $user_id) {
if (Session::get('submanage')) {
notice(L10n::t('Delegated administrators can view but not change delegation permissions.'));
self::getApp()->internalRedirect('settings/delegation');
}
DBA::delete('manage', ['uid' => $user_id, 'mid' => local_user()]);
self::getApp()->internalRedirect('settings/delegation');
}
// find everybody that currently has delegated management to this account/page
$delegates = DBA::selectToArray('user', [], ['`uid` IN (SELECT `uid` FROM `manage` WHERE `mid` = ?)', local_user()]);
$uids = [];
foreach ($delegates as $user) {
$uids[] = $user['uid'];
}
// find every contact who might be a candidate for delegation
$potentials = [];
$contacts = DBA::selectToArray(
'contact',
['nurl'],
[
"`self` = 0 AND SUBSTRING_INDEX(`nurl`, '/', 3) = ? AND `uid` = ? AND `network` = ?",
Strings::normaliseLink(System::baseUrl()),
local_user(),
Protocol::DFRN,
]
);
if ($contacts) {
$nicknames = [];
foreach ($contacts as $contact) {
$nicknames[] = "'" . DBA::escape(basename($contact['nurl'])) . "'";
}
// get user records for all potential page delegates who are not already delegates or managers
$potentialDelegateUsers = DBA::selectToArray('user', ['uid', 'username', 'nickname'], ['nickname' => $nicknames]);
foreach ($potentialDelegateUsers as $user) {
if (!in_array($user['uid'], $uids)) {
$potentials[] = $user;
}
}
}
$parent_user = null;
$parent_password = null;
$user = DBA::selectFirst('user', ['parent-uid', 'email'], ['uid' => local_user()]);
if (DBA::isResult($user) && !DBA::exists('user', ['parent-uid' => local_user()])) {
$parent_uid = $user['parent-uid'];
$parents = [0 => L10n::t('No parent user')];
$fields = ['uid', 'username', 'nickname'];
$condition = ['email' => $user['email'], 'verified' => true, 'blocked' => false, 'parent-uid' => 0];
$parent_users = DBA::selectToArray('user', $fields, $condition);
foreach($parent_users as $parent) {
if ($parent['uid'] != local_user()) {
$parents[$parent['uid']] = sprintf('%s (%s)', $parent['username'], $parent['nickname']);
}
}
$parent_user = ['parent_user', '', $parent_uid, '', $parents];
$parent_password = ['parent_password', L10n::t('Parent Password:'), '', L10n::t('Please enter the password of the parent account to legitimize your request.')];
}
$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('settings/delegation.tpl'), [
'$form_security_token' => BaseModule::getFormSecurityToken('delegate'),
'$parent_header' => L10n::t('Parent User'),
'$parent_user' => $parent_user,
'$parent_password' => $parent_password,
'$parent_desc' => L10n::t('Parent users have total control about this account, including the account settings. Please double check whom you give this access.'),
'$submit' => L10n::t('Save Settings'),
'$header' => L10n::t('Delegate Page Management'),
'$delegates_header' => L10n::t('Delegates'),
'$base' => System::baseUrl(),
'$desc' => L10n::t('Delegates are able to manage all aspects of this account/page except for basic account settings. Please do not delegate your personal account to anybody that you do not trust completely.'),
'$head_delegates' => L10n::t('Existing Page Delegates'),
'$delegates' => $delegates,
'$head_potentials' => L10n::t('Potential Delegates'),
'$potentials' => $potentials,
'$remove' => L10n::t('Remove'),
'$add' => L10n::t('Add'),
'$none' => L10n::t('No entries.')
]);
return $o;
}
}

1
static/routes.config.php

@ -199,6 +199,7 @@ return [
'/app_specific' => [Module\Settings\TwoFactor\AppSpecific::class, [R::GET, R::POST]],
'/verify' => [Module\Settings\TwoFactor\Verify::class, [R::GET, R::POST]],
],
'/delegation[/{action}/{user_id}]' => [Module\Settings\Delegation::class, [R::GET, R::POST]],
],
'/randprof' => [Module\RandomProfile::class, [R::GET]],

55
view/templates/delegate.tpl

@ -1,55 +0,0 @@
<h3>{{$header}}</h3>
{{if $parent_user}}
<h4>{{$parent_header}}</h4>
<div id="delegate-parent-desc" class="delegate-parent-desc">{{$parent_desc}}</div>
<div id="delegate-parent" class="delegate-parent">
<form action="{{$baseurl}}/delegate" method="post">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
{{include file="field_select.tpl" field=$parent_user}}
{{include file="field_password.tpl" field=$parent_password}}
<div class="submit"><input type="submit" name="delegate" value="{{$submit}}" /></div>
</form>
</div>
{{/if}}
<h4>{{$delegates_header}}</h4>
<div id="delegate-desc" class="delegate-desc">{{$desc nofilter}}</div>
<h4>{{$head_delegates}}</h4>
{{if $delegates}}
{{foreach $delegates as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="{{$base}}/delegate/remove/{{$x.uid}}" >
<img class="contact-block-img" src="{{$base}}/photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})" />
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}
<hr />
<h4>{{$head_potentials}}</h4>
{{if $potentials}}
{{foreach $potentials as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="{{$base}}/delegate/add/{{$x.uid}}" >
<img class="contact-block-img" src="{{$base}}/photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})" />
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}
<hr />

48
view/templates/settings/delegation.tpl

@ -0,0 +1,48 @@
<h3>{{$header}}</h3>
{{if $parent_user}}
<h4>{{$parent_header}}</h4>
<div id="delegate-parent-desc" class="delegate-parent-desc">{{$parent_desc}}</div>
<div id="delegate-parent" class="delegate-parent">
<form action="settings/delegation" method="post">
<input type='hidden' name='form_security_token' value='{{$form_security_token}}'>
{{include file="field_select.tpl" field=$parent_user}}
{{include file="field_password.tpl" field=$parent_password}}
<div class="submit"><input type="submit" name="delegate" value="{{$submit}}"/></div>
</form>
</div>
{{/if}}
<h4>{{$delegates_header}}</h4>
<div id="delegate-desc" class="delegate-desc">{{$desc nofilter}}</div>
<h4>{{$head_delegates}}</h4>
{{if $delegates}}
{{foreach $delegates as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="settings/delegation/remove/{{$x.uid}}">
<img class="contact-block-img" src="photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})">
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}
<hr/>
<h4>{{$head_potentials}}</h4>
{{if $potentials}}
{{foreach $potentials as $x}}
<div class="contact-block-div">
<a class="contact-block-link" href="settings/delegation/add/{{$x.uid}}">
<img class="contact-block-img" src="photo/thumb/{{$x.uid}}" title="{{$x.username}} ({{$x.nickname}})">
</a>
</div>
{{/foreach}}
<div class="clear"></div>
{{else}}
{{$none}}
{{/if}}
Loading…
Cancel
Save