restricted user management to a couple of users
This commit is contained in:
Luca Haid
@@ -12,6 +12,9 @@ class UserController extends mfBaseController
|
||||
{
|
||||
private $me;
|
||||
|
||||
// User IDs allowed to manage (add/edit/delete) users
|
||||
private const ALLOWED_USER_MANAGER_IDS = [2, 5, 9, 6, 89, 145, 24];
|
||||
|
||||
protected function init($request = null)
|
||||
{
|
||||
$this->needlogin = true;
|
||||
@@ -24,6 +27,11 @@ class UserController extends mfBaseController
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') $this->postData = json_decode(file_get_contents('php://input'), true);
|
||||
}
|
||||
|
||||
private function canManageUsers(): bool
|
||||
{
|
||||
return in_array($this->me->id, self::ALLOWED_USER_MANAGER_IDS);
|
||||
}
|
||||
|
||||
protected function indexAction($request)
|
||||
{
|
||||
if (!$this->isAdmin()) {
|
||||
@@ -32,6 +40,7 @@ class UserController extends mfBaseController
|
||||
|
||||
Helper::renderVue($this, "User", "Benutzer", [
|
||||
"IS_ADMIN" => $this->me->isAdmin(),
|
||||
"CAN_MANAGE_USERS" => $this->canManageUsers(),
|
||||
"USERS" => array_map(fn($user) => [
|
||||
"username" => $user->username,
|
||||
"name" => $user->name,
|
||||
@@ -53,6 +62,7 @@ class UserController extends mfBaseController
|
||||
|
||||
protected function formAction() {
|
||||
if (!$this->isAdmin()) $this->redirect("Dashboard");
|
||||
if (!$this->canManageUsers()) $this->redirect("User");
|
||||
|
||||
$id = $this->request->id;
|
||||
$user = ($id && is_numeric($id) && $id > 0) ? new User($id) : new User();
|
||||
@@ -178,6 +188,7 @@ class UserController extends mfBaseController
|
||||
|
||||
protected function generateApikeyAction($request) {
|
||||
if (!$this->isAdmin()) $this->redirect("Dashboard");
|
||||
if (!$this->canManageUsers()) $this->redirect("User");
|
||||
|
||||
$id = $request['id'];
|
||||
if (!is_numeric($id) || $id < 1) {
|
||||
@@ -207,6 +218,11 @@ class UserController extends mfBaseController
|
||||
unset($r->address_id);
|
||||
}
|
||||
|
||||
// Only allowed users can create/edit other users
|
||||
if ($this->isAdmin() && !$this->canManageUsers()) {
|
||||
self::redirect('User');
|
||||
}
|
||||
|
||||
if (!$id && !$r->username) self::redirect('User');
|
||||
|
||||
$user = new User($id);
|
||||
@@ -569,7 +585,7 @@ class UserController extends mfBaseController
|
||||
}
|
||||
|
||||
protected function impersonateAction() {
|
||||
if(!$this->me->isAdmin() || $this->me->address_id != 1) {
|
||||
if(!$this->me->isAdmin() || $this->me->address_id != 1 || !$this->canManageUsers()) {
|
||||
header("HTTP/1.1 403 Forbidden");
|
||||
exit;
|
||||
}
|
||||
@@ -590,6 +606,10 @@ class UserController extends mfBaseController
|
||||
|
||||
protected function sendLoginEmailAction()
|
||||
{
|
||||
if (!$this->canManageUsers()) {
|
||||
self::sendError("Keine Berechtigung.");
|
||||
}
|
||||
|
||||
$id = $this->request->id;
|
||||
if (!$id || !is_numeric($id)) {
|
||||
self::sendError("Benutzer-ID fehlt oder ist ungültig.");
|
||||
|
||||
@@ -3,14 +3,14 @@ Vue.component("User", {
|
||||
<div>
|
||||
<tt-card>
|
||||
<tt-table :data="window['TT_CONFIG']['USERS']" :config="UserTableConfig">
|
||||
<template v-slot:top-buttons>
|
||||
<template v-slot:top-buttons v-if="canManageUsers">
|
||||
<tt-button @click="window.location = window['TT_CONFIG']['ADD_URL']"
|
||||
additional-class="btn-primary"
|
||||
text="Benutzer hinzufügen"
|
||||
icon="fas fa-plus"/>
|
||||
</template>
|
||||
|
||||
<template v-slot:actions="{ row: user }">
|
||||
<template v-slot:actions="{ row: user }" v-if="canManageUsers">
|
||||
<div class="d-flex justify-content-center" style="gap: 4px">
|
||||
<tt-button @click="window.location = window['TT_CONFIG']['EDIT_URL'] + '?id=' + user.id"
|
||||
additional-class="btn-outline-primary"
|
||||
@@ -49,11 +49,14 @@ Vue.component("User", {
|
||||
showSendMailModal: false,
|
||||
selectedUserForMail: null,
|
||||
isSendingMail: false,
|
||||
UserTableConfig: {
|
||||
key: "UserTable",
|
||||
tableHeader: "Benutzer",
|
||||
defaultPageSize: 25,
|
||||
headers: [{text: "Username", key: "username", class: "text-center", sortable: false, priority: 20},
|
||||
}),
|
||||
computed: {
|
||||
canManageUsers() {
|
||||
return window['TT_CONFIG']['CAN_MANAGE_USERS'] === true;
|
||||
},
|
||||
UserTableConfig() {
|
||||
const headers = [
|
||||
{text: "Username", key: "username", class: "text-center", sortable: false, priority: 20},
|
||||
{text: "Name", key: "name", class: "text-center", sortable: false, priority: 18},
|
||||
{text: "Firma", key: "address", class: "text-center", priority: 19},
|
||||
{text: "E-Mail", key: "email", priority: 14},
|
||||
@@ -79,9 +82,18 @@ Vue.component("User", {
|
||||
filterOptions: [{value: "1", text: "Ist Aktiv", icon: "fa-regular fa-circle-check text-success"},
|
||||
{value: "0", text: "Ist nicht aktiv", icon: "fa-regular fa-circle-xmark text-danger"}],
|
||||
},
|
||||
{text: "Aktionen", key: "actions", class: "text-center", sortable: false, priority: 21, filter: false}]
|
||||
];
|
||||
if (this.canManageUsers) {
|
||||
headers.push({text: "Aktionen", key: "actions", class: "text-center", sortable: false, priority: 21, filter: false});
|
||||
}
|
||||
return {
|
||||
key: "UserTable",
|
||||
tableHeader: "Benutzer",
|
||||
defaultPageSize: 25,
|
||||
headers: headers
|
||||
};
|
||||
}
|
||||
}),
|
||||
},
|
||||
methods: {
|
||||
openSendMailModal(user) {
|
||||
this.selectedUserForMail = user;
|
||||
|
||||
Reference in New Issue
Block a user