needlogin = true; $me = new User(); $me->loadMe(true); $this->me = $me; $this->layout()->set("me", $me); if (!$me->isAdmin()) { // all users can call non-action methods if ($this->action != "" || $request != null) { $this->redirect("Dashboard"); } } } protected function indexAction($request) { if (!$this->isAdmin()) { throw new Exception("Forbidden", 403); } Helper::renderVue($this, "User", "Benutzer", [ "IS_ADMIN" => $this->me->isAdmin(), "USERS" => array_map(fn($user) => [ "username" => $user->username, "name" => $user->name, "address" => ($user->address->company) ? $user->address->company : $user->address->getFullName(), "email" => $user->email, "mobile" => $user->mobile, "twofactor" => [1 => 'Mail', 2 => 'SMS'][$user->twofactor] ?? 'N/A', "isAdmin" => $user->isAdmin(), "isTechnician" => $user->is("Technician"), "isActive" => $user->active, "id" => $user->id ], UserModel::getAll()), "ADD_URL" => self::getUrl("User", "add"), "EDIT_URL" => self::getUrl("User", "edit"), "IMPERSONATE_URL" => self::getUrl("User", "impersonate"), ]); } protected function addAction($request) { if (!$this->isAdmin()) { throw new Exception("Forbidden", 403); } $this->layout()->setTemplate('User/Form'); $roles = TT_NETWORK_ROLES_WITH_OWNER; $roles[] = "systemowner"; $addresses = AddressModel::search(["addresstype" => $roles]); $this->layout()->set("addresses", $addresses); if ($this->request->address_id) { $this->layout()->set("address_id", $this->request->address_id); } } protected function editAction($request) { if (!$this->isAdmin()) { throw new Exception("Forbidden", 403); } $this->layout()->setTemplate('User/Form'); $id = $request['id']; if (!is_numeric($id) || $id <= 0) { throw new Exception("User $id not found", 604); } $user = new User($id); $this->layout()->set('user', $user); $addresses = AddressModel::getAll(); $this->layout()->set("addresses", $addresses); } protected function generateApikeyAction($request) { if (!$this->isAdmin()) { $this->redirect("Dashboard"); } $id = $request['id']; if (!is_numeric($id) || $id < 1) { $this->layout()->setFlash("User nicht gefunden.", "error"); $this->redirect("User"); } $user = new User($id); if (!$user->id) { $this->layout()->setFlash("User nicht gefunden.", "error"); $this->redirect("User"); } $user->apikey = $user->createApiKey(); $user->save(); $this->layout()->setFlash("API Key erfolgreich generiert.", "success"); $this->redirect("User", "edit", ['id' => $id]); } protected function profileAction($request) { } protected function saveAction() { $r = $this->request; $id = $r->id; if (!$this->isAdmin()) { $id = $this->me->id; $request['username'] = $this->me->username; unset($r->address_id); } if (!$id && !$r->username) { self::redirect('User'); } $user = new User($id); // check if new user already exits if ($this->isAdmin() && !$r->id) { $tu = new User(); $tu->loadByUsername($r->username); if ($tu->id) { $this->layout()->setFlash("Benutzer mit diesem Benutzername bereits vorhanden!", "error"); $this->redirect("User"); } } $user->active = $r->active === "true" ? 1 : 0; if (!$user->permissions) { $user->permissions = new WorkerPermission(); } if ($r->username) { $user->username = $r->username; } if ($r->name) { $user->name = $r->name; } if ($r->email) { $user->email = $r->email; } if ($r->mobile) { $user->mobile = $r->mobile; } else { $user->mobile = NULL; } if ($this->isAdmin()) { if ($r->address_id) { $user->address_id = intval($r->address_id); //var_dump($user);exit; $address = new Address($user->address_id); if (!$address->id) { throw new Exception("Unbekannte Firma/Person"); } } else { $user->address_id = null; } // 2fa required if($r->twofactorrequired == "true") { $user->twofactorrequired = 1; } else { $user->twofactorrequired = 0; } } if ($r->password) { if ($r->password === $r->password2) { $user->password = mfLoginController::generatePasswordHash($r->password); } else { $this->layout()->setFlash("Passwörter stimmen nicht überein!", "error"); } } $user->edit_by = $this->me->id; if (!$id) { $user->create_by = $this->me->id; } $id = $user->save(); if ($this->isAdmin()) { if ($r->admin == "true" || $user->id == 1) { $user->permissions->admin = "true"; } else { $user->permissions->admin = "false"; } if ($r->employee == "true") { $user->permissions->employee = "true"; } else { $user->permissions->employee = "false"; } if ($r->technician == "true") { $user->permissions->technician = "true"; } else { $user->permissions->technician = "false"; } if ($r->preorderfront == "true") { $user->permissions->preorderfront = "true"; } else { $user->permissions->preorderfront = "false"; } if ($r->preorderlogistics == "true") { $user->permissions->preorderlogistics = "true"; } else { $user->permissions->preorderlogistics = "false"; } if ($r->preorderaddressreporting == "true") { $user->permissions->preorderaddressreporting = "true"; } else { $user->permissions->preorderaddressreporting = "false"; } if ($r->preorderreadonly == "true") { $user->permissions->preorderreadonly = "true"; } else { $user->permissions->preorderreadonly = "false"; } // set can permissions $user->permissions->canBuilding = "false"; $user->permissions->canPipework = "false"; $user->permissions->canLinework = "false"; $user->permissions->canPatching = "false"; $user->permissions->canFilestore = "false"; $user->permissions->canCpeprovisioning = "false"; $user->permissions->canCpeshipping = "false"; $user->permissions->canVoipnumbering = "false"; $user->permissions->canPreorder = "false"; $user->permissions->canPreorderpricing = "false"; $user->permissions->canPreorderpricingReadonly = "false"; $user->permissions->canPreorderbilling = "false"; $user->permissions->canPreorderbillingReadonly = "false"; $user->permissions->canOrder = "false"; $user->permissions->canBilling = "false"; $user->permissions->canFibu = "false"; $user->permissions->canStatistics = "false"; $user->permissions->canWarehouseAdmin = "false"; $user->permissions->canWarehouseEShop = "false"; $user->permissions->canWarehouseUser = "false"; $user->permissions->canADBExtended = "false"; $user->permissions->canAssetAdmin = "false"; $user->permissions->canRMLAdmin = "false"; if($r->get("can") && is_array($r->can)) { foreach($r->can as $key => $can) { //var_dump($key . "=> ".$can); if($can) { $user->permissions->{"can$key"} = "true"; } } } $user->permissions->save(); // save networks $pn = $user->getFlag("preorder_networks"); if (is_array($r->preorder_networks) && count($r->preorder_networks)) { $pn->value(json_encode($r->preorder_networks)); $pn->save(); $user->permissions->canPreorder = "true"; $user->permissions->save(); } else { $pn->delete(); } $constructionConsentProjects = $user->getFlag("constructionConsent_projects"); if (is_array($r->constructionconsent_projects) && count($r->constructionconsent_projects)) { $constructionConsentProjects->value(json_encode($r->constructionconsent_projects)); $constructionConsentProjects->save(); } else { $constructionConsentProjects->delete(); } // employee number $enum = new WorkerFlag($user->id, "employee_number"); if($r->employee_number && $user->permissions->employee == "true") { $enum->value($r->employee_number); $enum->save(); } else { $enum->delete(); } // workerflag for project_api_key $pak = new WorkerFlag($user->id, "project_api_key"); if($r->project_api_key) { $pak->value($r->project_api_key); $pak->save(); } else { $pak->delete(); } // vodia identity data $vid = new WorkerFlag($user->id, "vodia_identity_domain"); if($r->vodia_identity_domain) { $vid->value($r->vodia_identity_domain); $vid->save(); } else { $vid->delete(); } $viu = new WorkerFlag($user->id, "vodia_identity_username"); if($r->vodia_identity_username) { $viu->value($r->vodia_identity_username); $viu->save(); } else { $viu->delete(); } $vdi = new WorkerFlag($user->id, "vodia_identity_default"); if($r->vodia_identity_default) { $vdi->value($r->vodia_identity_default); $vdi->save(); } else { $vdi->delete(); } } $this->layout()->setFlash("Benutzer gespeichert.", "success"); self::redirect('User'); } protected function deleteAction($request) { $this->layout()->setFlash("nope"); $this->redirect("User"); if (!$this->isAdmin()) { $this->redirect("Dashboard"); } $id = $request['id']; if (!is_numeric($id) || $id <= 0) { throw new Exception("User $id not found", 604); } $user = new User($id); if ($user->id == $id) { $user->delete(); } self::redirect("User"); } protected function pwchangeAction($request) { $me = new User(); $me->loadMe(); $pw1 = $request['password']; $pw2 = $request['password2']; if (!$pw1 == $pw2) { throw new Exception("Passwords don't match! Password change aborted."); } if (strlen($pw1) < 8) { throw new Exception("Passwords must be 8 characters minimum!"); } if ($pw1 == "12345678" || $pw1 == "123456789" || $pw1 == "password" || $pw1 == "passwort") { throw new Exception("Be a little more creative with your password please..."); } $me->password = mfLoginController::generatePasswordHash($pw1); $me->save(); $this->redirect("Dashboard"); } public function getUsers() { $users = array(); $res = $this->db()->select(MFUSERTABLE, '*', '1=1 ORDER BY username'); if ($this->db()->num_rows($res)) { while ($data = $this->db()->fetch_object($res)) { $users[$data->id] = new User($data); } } return $users; } private function isAdmin() { $me = new User(); $this->layout->set("me", $me); $me->loadMe(); return $me->isAdmin(); } protected function apiAction() { $do = $this->request->do; $data = []; $me = new User(); $me->loadMe(); $return = false; switch($do) { case "sse": $me->is(["Admin"]) && $return = $this->startSuperexpertApi(); break; case "ese": $me->is(["Admin"]) && $return = $this->extendSuperexpertApi(); break; case "endse": $me->is(["Admin"]) && $return = $this->endSuperexpertApi(); break; case "getVodiaIdentity": $return = $this->getVodiaIdentityApi(); break; case "setVodiaIdentity": $return = $this->setVodiaIdentityApi(); break; case "getVodiaCall": $return = $this->getVodiaCallApi(); break; default: $return = false; } if(!is_array($return) || !count($return)) { $data = ["status" => "error"]; $this->returnJson($data); } $data['status'] = "OK"; $data['result'] = $return; $this->returnJson($data); } private function getVodiaIdentityApi() { if(!ENABLE_VODIA_IDENTITY_SWITCHER) { return ["enabled" => false]; } $me = new User(); $me->loadMe(); $vodia = new Vodia_Api(VODIA_API_URL, VODIA_API_ADMIN_USER, VODIA_API_ADMIN_PASS); $domain = $me->getFlag("vodia_identity_domain")->value(); $username = $me->getFlag("vodia_identity_username")->value(); $default = $me->getFlag("vodia_identity_default")->value(); if(!$domain || !$username || !$default) { return ["enabled" => false]; } $current = $vodia->getUsersetting($domain, $username, "ani"); if($current) { if(str_replace(" ", "", $current) == str_replace(" ", "", $default)) { $current = $default; } } else { $current = $default; } return [ "enabled" => true, "domain" => $domain, "username" => $username, "default" => $default, "default_number" => str_replace(" ", "", $default), "current" => $current, "identities" => VODIA_OUTBOUND_IDENTITIES, ]; } private function setVodiaIdentityApi() { if(!ENABLE_VODIA_IDENTITY_SWITCHER) { return ["enabled" => false]; } $number = $this->request->number; if(!$number) { return false; } // expects number to start with + if(!substr($number, 0, 1) == "+") { return false; } $me = new User(); $me->loadMe(); $domain = $me->getFlag("vodia_identity_domain")->value(); $username = $me->getFlag("vodia_identity_username")->value(); if(!$domain || !$username) { return ["enabled" => false]; } $vodia = new Vodia_Api(VODIA_API_URL, VODIA_API_ADMIN_USER, VODIA_API_ADMIN_PASS); if(!$vodia->setUsersettings($domain, $username, ["ani" => $number])) { return false; } return ["enabled" => true, "number" => $number]; } private function getVodiaCallApi() { if(!ENABLE_VODIA_IDENTITY_SWITCHER) { return ["enabled" => false]; } $domain = $this->me->getFlag("vodia_identity_domain")->value(); $username = $this->me->getFlag("vodia_identity_username")->value(); if(!$domain || !$username) { return ["enabled" => false]; } $vodia = new Vodia_Api(VODIA_API_URL, VODIA_API_ADMIN_USER, VODIA_API_ADMIN_PASS); $calls = $vodia->getActiveCalls($domain, $username); if(!$calls) { return ["enabled" => true, "calls" => []]; } $from = null; foreach($calls as $call) { if(isset($call['from'])) { $from = $call['from']; if(preg_match('/]+)>/', $from, $m)) { $from = $m[1]; } else { $from = str_replace('"', '', $from); } break; // only return the first call's from number } } return ["enabled" => true, "number" => $from]; } private function startSuperexpertApi() { $me = new User(); $me->loadMe(); if($me->superexpertEnabled() ) { // superexpert mode started already return false; } $me->superexpertStart(1800); return ["valid_to" => $me->getFlag("superexpert_lock_date")->value()]; } private function extendSuperexpertApi() { $me = new User(); $me->loadMe(); if(!$me->superexpertEnabled() ) { // superexpert mode must be started already $this->log->debug("se not started"); return false; } $this->log->debug("ese"); $me->superexpertExtend(1800); return ["valid_to" => $me->getFlag("superexpert_lock_date")->value()]; } private function endSuperexpertApi() { $me = new User(); $me->loadMe(); if($me->superexpertEnabled() ) { $me->superexpertStop(); } return ["valid_to" => null]; } protected function getByIdAction() { $id = $this->request->id; $user = new User($id); $this->returnJson($user->toArray()); } protected function impersonateAction() { if(!$this->me->isAdmin() || $this->me->address_id != 1) { header("HTTP/1.1 403 Forbidden"); exit; } if($this->request->unimpersonate) { unset($_SESSION[MFAPPNAME.'_impersonate']); $this->redirect("User"); } if(!$this->request->username || strlen($this->request->username) < 3) { header("HTTP/1.1 500 Internal Server Error"); exit; } $_SESSION[MFAPPNAME.'_impersonate'] = $this->request->username; $this->redirect("Dashboard"); } }