Merge branch 'feature/edituser' into develop

11 years ago · eab62d5985
parent 2385ce3613 1ec52b4f4a
commit eab62d5985
5 changed files with 138 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@ installer/slave_sfx.py
 installer/master_sfx.py
 *.pyc
 testing
+.geanyprj
--- a/frontend/locales/english.lng
+++ b/frontend/locales/english.lng
@ -248,6 +248,13 @@ admin-level-nodeadmin;							Node administrator
 admin-level-masteradmin;						Master administrator
 header-admin-user-vpses;						VPSes owned by this user

+## User editing
+title-admin-edituser;							Edit user
+edituser-username;							Username
+edituser-email;								Email address
+edituser-access;							Account type
+button-admin-edituser;							Apply changes
+
 ## VPS list
 title-admin-vpslist;							VPS overview
 list-column-hostname;							Hostname
--- a/frontend/modules/admin/user/edit.php
+++ b/frontend/modules/admin/user/edit.php
@ -0,0 +1,78 @@
+<?php
+/*
+ * CVM is more free software. It is licensed under the WTFPL, which
+ * allows you to do pretty much anything with it, without having to
+ * ask permission. Commercial use is allowed, and no attribution is
+ * required. We do politely request that you share your modifications
+ * to benefit other developers, but you are under no enforced
+ * obligation to do so :)
+ * 
+ * Please read the accompanying LICENSE document for the full WTFPL
+ * licensing text.
+ */
+
+if(!isset($_APP)) { die("Unauthorized."); }
+
+try
+{
+	$sUser = new User($router->uParameters[1]);
+}
+catch (NotFoundException $e)
+{
+	throw new RouterException("Specified user does not exist.");
+}
+
+$sErrors = array();
+
+if($router->uMethod == "post")
+{	
+	if(empty($_POST['username']) || preg_match("/^[a-z0-9_.-]+$/i", $_POST['username']) === 0)
+	{
+		$sErrors[] = "You did not enter a valid username.";
+	}
+	
+	if(empty($_POST['email']) || filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false)
+	{
+		$sErrors[] = "You did not enter a valid e-mail address.";
+	}
+	
+	if(empty($_POST['access']) || preg_match("/^[0-9]+$/", $_POST['access']) === 0)
+	{
+		$sErrors[] = "You did not specify a valid user type.";
+	}
+	else
+	{
+		if($sUser->sAccessLevel == 30 && $_POST['access'] < 30)
+		{
+			/* This user is a master admin, check if any other master admins exist before lowering
+			 * the permissions of this one, to prevent lock-outs. */
+			 
+			try
+			{
+				User::CreateFromQuery("SELECT * FROM users WHERE `AccessLevel` = 30 AND `Id` != :Id", array(":Id" => $sUser->sId), 0);
+			}
+			catch (NotFoundException $e)
+			{
+				$sErrors[] = "You can't remove your master administrator permissions if no other master administrators exist!";
+			}
+		}
+	}
+	
+	if(empty($sErrors))
+	{
+		$sUser->uUsername = $_POST['username'];
+		$sUser->uEmailAddress = $_POST['email'];
+		$sUser->uAccessLevel = $_POST['access'];
+		$sUser->InsertIntoDatabase();
+		redirect("/admin/user/{$sUser->sId}/");
+	}
+}
+
+$sPageContents = NewTemplater::Render("{$sTheme}/admin/user/edit", $locale->strings, array(
+	"errors"	=> $sErrors,
+	"id"		=> $router->uParameters[1]
+), array(
+	"username"	=> $sUser->sUsername,
+	"email"		=> $sUser->sEmailAddress,
+	"access"	=> $sUser->sAccessLevel
+));
--- a/frontend/rewrite.php
+++ b/frontend/rewrite.php
@ -136,6 +136,13 @@ try
 				'auth_error'			=> "modules/error/access.php",
 				'_menu'				=> "admin"
 			),
+			/* Admin - Users - Edit */
+			'^/admin/user/([0-9]+)/edit/?$'	=> array(
+				'target'			=> "modules/admin/user/edit.php",
+				'authenticator'			=> "authenticators/admin.php",
+				'auth_error'			=> "modules/error/access.php",
+				'_menu'				=> "admin"
+			),
 			/* Admin - Users - Create VPS */
 			'^/admin/user/([0-9]+)/add/?$'	=> array(
 				'target'			=> "modules/admin/vps/create.php",
--- a/frontend/templates/default/admin/user/edit.tpl
+++ b/frontend/templates/default/admin/user/edit.tpl
@ -0,0 +1,45 @@
+<h2>{%!title-admin-edituser}</h2>
+
+{%if isempty|errors == false}
+	<div class="errorhandler error-error">
+		<div class="error-title">{%!error-form}</div>
+		<div class="error-message">
+			<ul>
+				{%foreach error in errors}
+					<li>{%?error}</li>
+				{%/foreach}
+			</ul>
+		</div>
+	</div>
+{%/if}
+
+<form method="post" action="/admin/user/{%?id}/edit/" class="add dark">
+	<div class="field">
+		<label for="form_edituser_username">{%!edituser-username}</label>
+		{%input type="text" group="edituser" name="username"}
+		<div class="clear"></div>
+	</div>
+	
+	<div class="field">
+		<label for="form_edituser_email">{%!edituser-email}</label>
+		{%input type="text" group="edituser" name="email"}
+		<div class="clear"></div>
+	</div>
+	
+	<div class="field">
+		<label for="form_edituser_access">{%!edituser-access}</label>
+		{%select type="text" group="edituser" name="access"}
+			{%option value="1" text="{%!admin-level-enduser}"}
+			<!-- {%option value="10" text="{%!admin-level-reseller}"} -->
+			{%option value="20" text="{%!admin-level-nodeadmin}"}
+			{%option value="30" text="{%!admin-level-masteradmin}"}
+		{%/select}
+		<div class="clear"></div>
+	</div>
+	
+	<div class="field">
+		<div class="filler"></div>
+		<button type="submit" name="submit">{%!button-admin-edituser}</button>
+		<div class="clear"></div>
+	</div>
+</form>