Added group table to users tab. Allow group name editing for now.

2025-04-20 20:13:40 +03:00 · 2016-09-30 14:23:09 +01:00 · 2016-09-30 14:23:09 +01:00 · e172ba6502
commit e172ba6502
parent 9b6ce2001e
4 changed files with 224 additions and 7 deletions
--- a/groups.php
+++ b/groups.php
@ -0,0 +1,87 @@
+<?php
+
+include_once('includes/config.inc.php');
+include_once('includes/session.inc.php');
+include_once('includes/misc.inc.php');
+
+if (!is_csrf_safe()) {
+    header('Status: 403');
+    header('Location: ./index.php');
+    jtable_respond(null, 'error', "Authentication required");
+}
+
+if (!is_adminuser()) {
+    header('Status: 403');
+    jtable_respond(null, 'error', "You need adminprivileges to get here");
+}
+
+if (!isset($_GET['action'])) {
+    header('Status: 400');
+    jtable_respond(null, 'error', 'No action given');
+}
+
+switch ($_GET['action']) {
+
+case "list":
+    $groups = get_all_groups();
+    jtable_respond($groups);
+    break;
+
+case "listoptions":
+    $groups = get_all_groups();
+    $retgroups = array();
+    foreach ($groups as $group) {
+        $retgroups[] = array(
+            'DisplayText' => $group['name'] . " - " . $group['desc'],
+            'Value'       => $group['name']);
+    }
+    jtable_respond($retgroups, 'options');
+    break;
+
+case "create":
+    $name = isset($_POST['name']) ? $_POST['name'] : '';
+    $desc = isset($_POST['desc']) ? $_POST['desc'] : '';
+
+    if (!valid_group($name)) {
+        jtable_respond(null, 'error', "Please only use ^[a-z0-9@_.-]+$ for group names");
+    }
+
+    if (group_exists($name)) {
+        jtable_respond(null, 'error', 'Group already exists');
+    }
+
+    if (add_group($name, $desc)) {
+        $result = array('name' => $name, 'desc' => $desc);
+        jtable_respond($result, 'single');
+    } else {
+        jtable_respond(null, 'error', 'Could not create group');
+    }
+    break;
+
+case "update":
+    $id = isset($_POST['id']) ? intval($_POST['id']) : '';
+    $name = isset($_POST['name']) ? $_POST['name'] : '';
+    $desc = isset($_POST['desc']) ? $_POST['desc'] : '';
+
+    if ($id != '' and update_group($id, $name, $desc)) {
+        $result = array('name' => $name, 'desc' => $desc);
+        jtable_respond($result, 'single');
+    } else {
+        jtable_respond(null, 'error', 'Could not update group');
+    }
+    break;
+
+case "delete":
+    $id = isset($_POST['id']) ? intval($_POST['id']) : '';
+
+    if ($id != '' and delete_group($id) !== FALSE) {
+        jtable_respond(null, 'delete');
+    } else {
+        jtable_respond(null, 'error', 'Could not delete group');
+    }
+    break;
+
+default:
+    jtable_respond(null, 'error', 'Invalid action');
+    break;
+}
--- a/includes/groups.inc.php
+++ b/includes/groups.inc.php
@ -0,0 +1,88 @@
+<?php
+
+function get_all_groups() {
+    $db = get_db();
+    $r = $db->query('SELECT id, name, desc FROM groups ORDER BY name');
+    $ret = array();
+    while ($row = $r->fetchArray(SQLITE3_ASSOC)) {
+        array_push($ret, $row);
+    }
+
+    return $ret;
+}
+
+function get_group_info($name) {
+    $db = get_db();
+    $q = $db->prepare('SELECT * FROM groups WHERE name = ?');
+    $q->bindValue(1, $name);
+    $result = $q->execute();
+    $groupinfo = $result->fetchArray(SQLITE3_ASSOC);
+    $db->close();
+
+    return $groupinfo;
+}
+
+function group_exists($name) {
+    return (bool) get_group_info($name);
+}
+
+function add_group($name, $desc) {
+    $db = get_db();
+    $q = $db->prepare('INSERT INTO groups (name, desc) VALUES (?, ?)');
+    $q->bindValue(1, $name, SQLITE3_TEXT);
+    $q->bindValue(2, $desc, SQLITE3_TEXT);
+    $ret = $q->execute();
+    $db->close();
+
+    writelog("Added group $name ($desc).");
+    return $ret;
+}
+
+function update_group($id, $name, $desc) {
+    $db = get_db();
+
+    $q = $db->prepare('SELECT * FROM groups WHERE id = ?');
+    $q->bindValue(1, $id, SQLITE3_INTEGER);
+    $result = $q->execute();
+    $groupinfo = $result->fetchArray(SQLITE3_ASSOC);
+    $q->close();
+    $oldname = $groupinfo['name'];
+
+    $q = $db->prepare('UPDATE groups SET name = ?, desc = ? WHERE id = ?');
+    $q->bindValue(1, $name, SQLITE3_TEXT);
+    $q->bindValue(2, $desc, SQLITE3_TEXT);
+    $q->bindValue(3, $id, SQLITE3_INTEGER);
+    writelog("Updating group $oldname to: $name ($desc) ");
+    $ret = $q->execute();
+    $db->close();
+
+    return $ret;
+}
+
+function delete_group($id) {
+    $db = get_db();
+
+    $q = $db->prepare('SELECT * FROM groups WHERE id = ?');
+    $q->bindValue(1, $id, SQLITE3_INTEGER);
+    $result = $q->execute();
+    $groupinfo = $result->fetchArray(SQLITE3_ASSOC);
+    $q->close();
+
+    if($groupinfo) {
+        $q = $db->prepare('DELETE FROM groups WHERE id = ?');
+        $q->bindValue(1, $id, SQLITE3_INTEGER);
+        $ret = $q->execute();
+        $db->close();
+
+        writelog("Deleted group " . $groupinfo['name'] . ".");
+        return $ret;
+    } else {
+        return false;
+    }
+}
+
+function valid_group($name) {
+    return ( bool ) preg_match( "/^[a-z0-9@_.-]+$/i" , $name );
+}
+
+?>
--- a/includes/misc.inc.php
+++ b/includes/misc.inc.php
@ -1,6 +1,6 @@
 <?php

-include('config.inc.php');
+include_once('config.inc.php');

 $blocklogin = FALSE;

@ -458,4 +458,7 @@ if (!function_exists('hash_pbkdf2')) {
    }
 }

+// Include functions for group management
+include_once('groups.inc.php');
+
 ?>
--- a/index.php
+++ b/index.php
@ -160,7 +160,7 @@ if ($blocklogin === TRUE) {
        <ul>
            <li><a href="#" id="zoneadmin">Zones</a></li>
            <?php if (is_adminuser()) { ?>
-                <li><a href="#" id="useradmin">Users</a></li>
+                <li><a href="#" id="useradmin">Users/Groups</a></li>
                <li><a href="#" id="logadmin">Logs</a></li>
            <?php } ?>
            <li><a href="#" id="aboutme">About me</a></li>
@ -186,6 +186,7 @@ if ($blocklogin === TRUE) {
    <?php if (is_adminuser()) { ?>
    <div id="users">
        <div class="tables" id="Users"></div>
+        <div class="tables" id="Groups"></div>
    </div>
    <div id="logs">
        <div class="tables" id="Logs"></div>
@ -941,11 +942,11 @@ $(document).ready(function () {

    <?php if (is_adminuser()) { ?>
    $('#logs').hide();
-    $('#Users').hide();
+    $('#users').hide();
    $('#AboutMe').hide();
    $('#aboutme').click(function () {
        $('#logs').hide();
-        $('#Users').hide();
+        $('#users').hide();
        $('#MasterZones').hide();
        $('#SlaveZones').hide();
        $('#AboutMe').show();
@ -956,17 +957,18 @@ $(document).ready(function () {
        $('#SlaveZones').hide();
        $('#AboutMe').hide();
        $('#Users').jtable('load');
-        $('#Users').show();
+        $('#Groups').jtable('load');
+        $('#users').show();
    });
    $('#zoneadmin').click(function () {
        $('#logs').hide();
-        $('#Users').hide();
+        $('#users').hide();
        $('#AboutMe').hide();
        $('#MasterZones').show();
        $('#SlaveZones').show();
    });
    $('#logadmin').click(function () {
-        $('#Users').hide();
+        $('#users').hide();
        $('#AboutMe').hide();
        $('#MasterZones').hide();
        $('#SlaveZones').hide();
@ -1023,6 +1025,43 @@ $(document).ready(function () {
        }
    });

+    $('#Groups').jtable({
+        title: 'Groups',
+        paging: true,
+        pageSize: 20,
+        sorting: false,
+        actions: {
+            listAction: 'groups.php?action=list',
+            createAction: 'groups.php?action=create',
+            deleteAction: 'groups.php?action=delete',
+            updateAction: 'groups.php?action=update'
+        },
+        messages: {
+            addNewRecord: 'Add new group',
+            deleteConfirmation: 'This group will be deleted. Are you sure?'
+        },
+        fields: {
+            id: {
+                key: true,
+                type: 'hidden'
+            },
+            name: {
+                title: 'Group name',
+                display: displayContent('name'),
+                edit: true
+            },
+            desc: {
+                title: 'Description',
+                display: displayContent('desc')
+            }
+        },
+        recordAdded: function() {
+            $epoch = getEpoch();
+            $("#MasterZones").jtable('reload');
+            $("#SlaveZones").jtable('reload');
+        }
+    });
+
    $('#Logs').jtable({
        title: 'Logs',
        paging: true,