restricted user management to a couple of users
This commit is contained in:
Luca Haid
@@ -12,6 +12,9 @@ class UserController extends mfBaseController
|
|||||||
{
|
{
|
||||||
private $me;
|
private $me;
|
||||||
|
|
||||||
|
// User IDs allowed to manage (add/edit/delete) users
|
||||||
|
private const ALLOWED_USER_MANAGER_IDS = [2, 5, 9, 6, 89, 145, 24];
|
||||||
|
|
||||||
protected function init($request = null)
|
protected function init($request = null)
|
||||||
{
|
{
|
||||||
$this->needlogin = true;
|
$this->needlogin = true;
|
||||||
@@ -24,6 +27,11 @@ class UserController extends mfBaseController
|
|||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') $this->postData = json_decode(file_get_contents('php://input'), true);
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') $this->postData = json_decode(file_get_contents('php://input'), true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function canManageUsers(): bool
|
||||||
|
{
|
||||||
|
return in_array($this->me->id, self::ALLOWED_USER_MANAGER_IDS);
|
||||||
|
}
|
||||||
|
|
||||||
protected function indexAction($request)
|
protected function indexAction($request)
|
||||||
{
|
{
|
||||||
if (!$this->isAdmin()) {
|
if (!$this->isAdmin()) {
|
||||||
@@ -32,6 +40,7 @@ class UserController extends mfBaseController
|
|||||||
|
|
||||||
Helper::renderVue($this, "User", "Benutzer", [
|
Helper::renderVue($this, "User", "Benutzer", [
|
||||||
"IS_ADMIN" => $this->me->isAdmin(),
|
"IS_ADMIN" => $this->me->isAdmin(),
|
||||||
|
"CAN_MANAGE_USERS" => $this->canManageUsers(),
|
||||||
"USERS" => array_map(fn($user) => [
|
"USERS" => array_map(fn($user) => [
|
||||||
"username" => $user->username,
|
"username" => $user->username,
|
||||||
"name" => $user->name,
|
"name" => $user->name,
|
||||||
@@ -53,6 +62,7 @@ class UserController extends mfBaseController
|
|||||||
|
|
||||||
protected function formAction() {
|
protected function formAction() {
|
||||||
if (!$this->isAdmin()) $this->redirect("Dashboard");
|
if (!$this->isAdmin()) $this->redirect("Dashboard");
|
||||||
|
if (!$this->canManageUsers()) $this->redirect("User");
|
||||||
|
|
||||||
$id = $this->request->id;
|
$id = $this->request->id;
|
||||||
$user = ($id && is_numeric($id) && $id > 0) ? new User($id) : new User();
|
$user = ($id && is_numeric($id) && $id > 0) ? new User($id) : new User();
|
||||||
@@ -178,6 +188,7 @@ class UserController extends mfBaseController
|
|||||||
|
|
||||||
protected function generateApikeyAction($request) {
|
protected function generateApikeyAction($request) {
|
||||||
if (!$this->isAdmin()) $this->redirect("Dashboard");
|
if (!$this->isAdmin()) $this->redirect("Dashboard");
|
||||||
|
if (!$this->canManageUsers()) $this->redirect("User");
|
||||||
|
|
||||||
$id = $request['id'];
|
$id = $request['id'];
|
||||||
if (!is_numeric($id) || $id < 1) {
|
if (!is_numeric($id) || $id < 1) {
|
||||||
@@ -207,6 +218,11 @@ class UserController extends mfBaseController
|
|||||||
unset($r->address_id);
|
unset($r->address_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Only allowed users can create/edit other users
|
||||||
|
if ($this->isAdmin() && !$this->canManageUsers()) {
|
||||||
|
self::redirect('User');
|
||||||
|
}
|
||||||
|
|
||||||
if (!$id && !$r->username) self::redirect('User');
|
if (!$id && !$r->username) self::redirect('User');
|
||||||
|
|
||||||
$user = new User($id);
|
$user = new User($id);
|
||||||
@@ -569,7 +585,7 @@ class UserController extends mfBaseController
|
|||||||
}
|
}
|
||||||
|
|
||||||
protected function impersonateAction() {
|
protected function impersonateAction() {
|
||||||
if(!$this->me->isAdmin() || $this->me->address_id != 1) {
|
if(!$this->me->isAdmin() || $this->me->address_id != 1 || !$this->canManageUsers()) {
|
||||||
header("HTTP/1.1 403 Forbidden");
|
header("HTTP/1.1 403 Forbidden");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
@@ -590,6 +606,10 @@ class UserController extends mfBaseController
|
|||||||
|
|
||||||
protected function sendLoginEmailAction()
|
protected function sendLoginEmailAction()
|
||||||
{
|
{
|
||||||
|
if (!$this->canManageUsers()) {
|
||||||
|
self::sendError("Keine Berechtigung.");
|
||||||
|
}
|
||||||
|
|
||||||
$id = $this->request->id;
|
$id = $this->request->id;
|
||||||
if (!$id || !is_numeric($id)) {
|
if (!$id || !is_numeric($id)) {
|
||||||
self::sendError("Benutzer-ID fehlt oder ist ungültig.");
|
self::sendError("Benutzer-ID fehlt oder ist ungültig.");
|
||||||
|
|||||||
@@ -3,14 +3,14 @@ Vue.component("User", {
|
|||||||
<div>
|
<div>
|
||||||
<tt-card>
|
<tt-card>
|
||||||
<tt-table :data="window['TT_CONFIG']['USERS']" :config="UserTableConfig">
|
<tt-table :data="window['TT_CONFIG']['USERS']" :config="UserTableConfig">
|
||||||
<template v-slot:top-buttons>
|
<template v-slot:top-buttons v-if="canManageUsers">
|
||||||
<tt-button @click="window.location = window['TT_CONFIG']['ADD_URL']"
|
<tt-button @click="window.location = window['TT_CONFIG']['ADD_URL']"
|
||||||
additional-class="btn-primary"
|
additional-class="btn-primary"
|
||||||
text="Benutzer hinzufügen"
|
text="Benutzer hinzufügen"
|
||||||
icon="fas fa-plus"/>
|
icon="fas fa-plus"/>
|
||||||
</template>
|
</template>
|
||||||
|
|
||||||
<template v-slot:actions="{ row: user }">
|
<template v-slot:actions="{ row: user }" v-if="canManageUsers">
|
||||||
<div class="d-flex justify-content-center" style="gap: 4px">
|
<div class="d-flex justify-content-center" style="gap: 4px">
|
||||||
<tt-button @click="window.location = window['TT_CONFIG']['EDIT_URL'] + '?id=' + user.id"
|
<tt-button @click="window.location = window['TT_CONFIG']['EDIT_URL'] + '?id=' + user.id"
|
||||||
additional-class="btn-outline-primary"
|
additional-class="btn-outline-primary"
|
||||||
@@ -49,11 +49,14 @@ Vue.component("User", {
|
|||||||
showSendMailModal: false,
|
showSendMailModal: false,
|
||||||
selectedUserForMail: null,
|
selectedUserForMail: null,
|
||||||
isSendingMail: false,
|
isSendingMail: false,
|
||||||
UserTableConfig: {
|
}),
|
||||||
key: "UserTable",
|
computed: {
|
||||||
tableHeader: "Benutzer",
|
canManageUsers() {
|
||||||
defaultPageSize: 25,
|
return window['TT_CONFIG']['CAN_MANAGE_USERS'] === true;
|
||||||
headers: [{text: "Username", key: "username", class: "text-center", sortable: false, priority: 20},
|
},
|
||||||
|
UserTableConfig() {
|
||||||
|
const headers = [
|
||||||
|
{text: "Username", key: "username", class: "text-center", sortable: false, priority: 20},
|
||||||
{text: "Name", key: "name", class: "text-center", sortable: false, priority: 18},
|
{text: "Name", key: "name", class: "text-center", sortable: false, priority: 18},
|
||||||
{text: "Firma", key: "address", class: "text-center", priority: 19},
|
{text: "Firma", key: "address", class: "text-center", priority: 19},
|
||||||
{text: "E-Mail", key: "email", priority: 14},
|
{text: "E-Mail", key: "email", priority: 14},
|
||||||
@@ -79,9 +82,18 @@ Vue.component("User", {
|
|||||||
filterOptions: [{value: "1", text: "Ist Aktiv", icon: "fa-regular fa-circle-check text-success"},
|
filterOptions: [{value: "1", text: "Ist Aktiv", icon: "fa-regular fa-circle-check text-success"},
|
||||||
{value: "0", text: "Ist nicht aktiv", icon: "fa-regular fa-circle-xmark text-danger"}],
|
{value: "0", text: "Ist nicht aktiv", icon: "fa-regular fa-circle-xmark text-danger"}],
|
||||||
},
|
},
|
||||||
{text: "Aktionen", key: "actions", class: "text-center", sortable: false, priority: 21, filter: false}]
|
];
|
||||||
|
if (this.canManageUsers) {
|
||||||
|
headers.push({text: "Aktionen", key: "actions", class: "text-center", sortable: false, priority: 21, filter: false});
|
||||||
}
|
}
|
||||||
}),
|
return {
|
||||||
|
key: "UserTable",
|
||||||
|
tableHeader: "Benutzer",
|
||||||
|
defaultPageSize: 25,
|
||||||
|
headers: headers
|
||||||
|
};
|
||||||
|
}
|
||||||
|
},
|
||||||
methods: {
|
methods: {
|
||||||
openSendMailModal(user) {
|
openSendMailModal(user) {
|
||||||
this.selectedUserForMail = user;
|
this.selectedUserForMail = user;
|
||||||
|
|||||||
Reference in New Issue
Block a user