Action.php 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375
  1. <?php
  2. /**
  3. * This file is part of the ForkBB <https://github.com/forkbb>.
  4. *
  5. * @copyright (c) Visman <mio.visman@yandex.ru, https://github.com/MioVisman>
  6. * @license The MIT License (MIT)
  7. */
  8. declare(strict_types=1);
  9. namespace ForkBB\Models\Pages\Admin\Users;
  10. use ForkBB\Core\Validator;
  11. use ForkBB\Models\Page;
  12. use ForkBB\Models\Pages\Admin\Users;
  13. use SensitiveParameter;
  14. use RuntimeException;
  15. use function \ForkBB\__;
  16. class Action extends Users
  17. {
  18. /**
  19. * Возвращает список имен пользователей
  20. */
  21. protected function nameList(array $users): array
  22. {
  23. $result = [];
  24. foreach ($users as $user) {
  25. $result[] = $user->username;
  26. }
  27. \sort($result, \SORT_STRING | \SORT_FLAG_CASE);
  28. return $result;
  29. }
  30. /**
  31. * Подготавливает данные для шаблона(ов) действия
  32. */
  33. public function view(array $args, string $method): Page
  34. {
  35. if (isset($args['token'])) {
  36. if (! $this->c->Csrf->verify($args['token'], 'AdminUsersAction', $args)) {
  37. return $this->c->Message->message($this->c->Csrf->getError());
  38. }
  39. $profile = true;
  40. } else {
  41. $profile = false;
  42. }
  43. $error = false;
  44. switch ($args['action']) {
  45. /*
  46. case self::ACTION_BAN:
  47. if (! $this->c->userRules->banUsers) {
  48. $error = true;
  49. }
  50. break;
  51. */
  52. case self::ACTION_DEL:
  53. if (! $this->c->userRules->deleteUsers) {
  54. $error = true;
  55. }
  56. break;
  57. case self::ACTION_CHG:
  58. if (
  59. $profile
  60. && ! $this->c->userRules->canChangeGroup($this->c->users->load((int) $args['ids']), true)
  61. ) {
  62. $error = true;
  63. } elseif (
  64. ! $profile
  65. && ! $this->c->userRules->changeGroup
  66. ) {
  67. $error = true;
  68. }
  69. break;
  70. default:
  71. $error = true;
  72. }
  73. if ($error) {
  74. return $this->c->Message->message('Bad request');
  75. }
  76. $ids = $this->checkSelected(\explode('-', $args['ids']), $args['action'], $profile);
  77. if (false === $ids) {
  78. $message = $this->c->Message->message('Action not available');
  79. $message->fIswev = $this->fIswev; // тут идет дополнение, а не замена
  80. return $message;
  81. }
  82. $this->userList = $this->c->users->loadByIds($ids);
  83. switch ($args['action']) {
  84. /*
  85. case self::ACTION_BAN:
  86. return $this->ban($args, $method);
  87. */
  88. case self::ACTION_DEL:
  89. return $this->delete($args, $method);
  90. case self::ACTION_CHG:
  91. return $this->change($args, $method, $profile);
  92. default:
  93. throw new RuntimeException("The action {$args['action']} is unavailable");
  94. }
  95. }
  96. /**
  97. * Удаляет пользователей
  98. */
  99. protected function delete(array $args, string $method): Page
  100. {
  101. if ('POST' === $method) {
  102. $v = $this->c->Validator->reset()
  103. ->addRules([
  104. 'token' => 'token:AdminUsersAction',
  105. 'confirm' => 'required|integer|in:0,1',
  106. 'delete_posts' => 'required|integer|in:0,1',
  107. 'delete' => 'required|string',
  108. ])->addAliases([
  109. ])->addArguments([
  110. 'token' => $args,
  111. ]);
  112. if (
  113. ! $v->validation($_POST)
  114. || 1 !== $v->confirm
  115. ) {
  116. return $this->c->Redirect->page('AdminUsers')->message('No confirm redirect');
  117. }
  118. if (1 === $v->delete_posts) {
  119. foreach ($this->userList as $user) {
  120. $user->__deleteAllPost = true;
  121. }
  122. }
  123. $this->c->users->delete(...$this->userList);
  124. $this->c->forums->reset();
  125. return $this->c->Redirect->page('AdminUsers')->message('Users delete redirect');
  126. }
  127. $this->nameTpl = 'admin/form';
  128. $this->classForm = ['delete-users'];
  129. $this->titleForm = 'Deleting users';
  130. $this->aCrumbs[] = [$this->c->Router->link('AdminUsersAction', $args), 'Deleting users'];
  131. $this->form = $this->formDelete($args);
  132. return $this;
  133. }
  134. /**
  135. * Создает массив данных для формы удаления пользователей
  136. */
  137. protected function formDelete(array $args): array
  138. {
  139. $yn = [1 => __('Yes'), 0 => __('No')];
  140. $names = \implode(', ', $this->nameList($this->userList));
  141. $form = [
  142. 'action' => $this->c->Router->link('AdminUsersAction', $args),
  143. 'hidden' => [
  144. 'token' => $this->c->Csrf->create('AdminUsersAction', $args),
  145. ],
  146. 'sets' => [
  147. 'options' => [
  148. 'fields' => [
  149. 'confirm' => [
  150. 'type' => 'radio',
  151. 'value' => 0,
  152. 'values' => $yn,
  153. 'caption' => 'Delete users',
  154. 'help' => ['Confirm delete info', $names],
  155. ],
  156. 'delete_posts' => [
  157. 'type' => 'radio',
  158. 'value' => 0,
  159. 'values' => $yn,
  160. 'caption' => 'Delete posts',
  161. ],
  162. ],
  163. ],
  164. 'info2' => [
  165. 'info' => [
  166. [
  167. 'value' => __('Delete warning'),
  168. 'html' => true,
  169. ],
  170. ],
  171. ],
  172. ],
  173. 'btns' => [
  174. 'delete' => [
  175. 'type' => 'submit',
  176. 'value' => __('Delete users'),
  177. ],
  178. 'cancel' => [
  179. 'type' => 'btn',
  180. 'value' => __('Cancel'),
  181. 'link' => $this->c->Router->link('AdminUsers'),
  182. ],
  183. ],
  184. ];
  185. return $form;
  186. }
  187. /**
  188. * Возвращает список групп доступных для замены
  189. */
  190. protected function groupListForChange(bool $profile): array
  191. {
  192. $list = [];
  193. foreach ($this->c->groups->getList() as $id => $group) {
  194. $list[$id] = $group->g_title;
  195. }
  196. unset($list[FORK_GROUP_GUEST]);
  197. if (! $profile) {
  198. unset($list[FORK_GROUP_ADMIN]);
  199. } elseif (! $this->user->isAdmin) {
  200. $list = [FORK_GROUP_MEMBER => $list[FORK_GROUP_MEMBER]];
  201. }
  202. return $list;
  203. }
  204. /**
  205. * Изменяет группу пользователей
  206. */
  207. protected function change(array $args, string $method, bool $profile): Page
  208. {
  209. $rulePass = 'absent';
  210. if ($profile) {
  211. $user = $this->c->users->load((int) $args['ids']);
  212. $link = $this->c->Router->link(
  213. 'EditUserProfile',
  214. [
  215. 'id' => $user->id,
  216. ]
  217. );
  218. if (
  219. $user->isAdmin
  220. || $user->id === $this->user->id
  221. ) {
  222. $rulePass = 'required|string:trim|max:100000|check_password';
  223. }
  224. } else {
  225. $link = $this->c->Router->link('AdminUsers');
  226. }
  227. if ('POST' === $method) {
  228. $v = $this->c->Validator->reset()
  229. ->addValidators([
  230. 'check_password' => [$this, 'vCheckPassword'],
  231. ])->addRules([
  232. 'token' => 'token:AdminUsersAction',
  233. 'new_group' => 'required|integer|in:' . \implode(',', \array_keys($this->groupListForChange($profile))),
  234. 'confirm' => 'required|integer|in:0,1',
  235. 'password' => $rulePass,
  236. 'move' => 'required|string',
  237. ])->addAliases([
  238. ])->addArguments([
  239. 'token' => $args,
  240. ]);
  241. $redirect = $this->c->Redirect;
  242. if ($v->validation($_POST)) {
  243. if (1 !== $v->confirm) {
  244. return $redirect->url($link)->message('No confirm redirect');
  245. }
  246. $this->c->users->changeGroup($v->new_group, ...$this->userList);
  247. $this->c->forums->reset();
  248. if ($profile) {
  249. if ($this->c->ProfileRules->setUser($user)->editProfile) {
  250. $redirect->url($link);
  251. } else {
  252. $redirect->page('User', ['id' => $user->id, 'name' => $user->username]);
  253. }
  254. } else {
  255. $redirect->page('AdminUsers');
  256. }
  257. return $redirect->message('Users move redirect');
  258. }
  259. $this->fIswev = $v->getErrors();
  260. }
  261. $this->nameTpl = 'admin/form';
  262. $this->classForm = ['change-group'];
  263. $this->titleForm = 'Change user group';
  264. $this->aCrumbs[] = [$this->c->Router->link('AdminUsersAction', $args), 'Change user group'];
  265. $this->form = $this->formChange($args, $profile, $link, 'absent' !== $rulePass);
  266. return $this;
  267. }
  268. /**
  269. * Проверяет пароль на совпадение с текущим пользователем
  270. */
  271. public function vCheckPassword(
  272. Validator $v,
  273. #[SensitiveParameter]
  274. string $password
  275. ): string {
  276. if (! \password_verify($password, $this->user->password)) {
  277. $v->addError('Invalid passphrase');
  278. }
  279. return $password;
  280. }
  281. /**
  282. * Создает массив данных для формы изменения группы пользователей
  283. */
  284. protected function formChange(array $args, bool $profile, string $linkCancel, bool $checkPass): array
  285. {
  286. $yn = [1 => __('Yes'), 0 => __('No')];
  287. $names = \implode(', ', $this->nameList($this->userList));
  288. $form = [
  289. 'action' => $this->c->Router->link('AdminUsersAction', $args),
  290. 'hidden' => [
  291. 'token' => $this->c->Csrf->create('AdminUsersAction', $args),
  292. ],
  293. 'sets' => [
  294. 'options' => [
  295. 'fields' => [
  296. 'new_group' => [
  297. 'type' => 'select',
  298. 'options' => $this->groupListForChange($profile),
  299. 'value' => $this->c->config->i_default_user_group,
  300. 'caption' => 'New group label',
  301. 'help' => ['New group help', $names],
  302. ],
  303. 'confirm' => [
  304. 'type' => 'radio',
  305. 'value' => 0,
  306. 'values' => $yn,
  307. 'caption' => 'Move users',
  308. ],
  309. ],
  310. ],
  311. ],
  312. 'btns' => [
  313. 'move' => [
  314. 'type' => 'submit',
  315. 'value' => __('Move users'),
  316. ],
  317. 'cancel' => [
  318. 'type' => 'btn',
  319. 'value' => __('Cancel'),
  320. 'link' => $linkCancel,
  321. ],
  322. ],
  323. ];
  324. if ($checkPass) {
  325. $form['sets']['options']['fields']['password'] = [
  326. 'type' => 'password',
  327. 'caption' => 'Your passphrase',
  328. 'required' => true,
  329. ];
  330. }
  331. return $form;
  332. }
  333. }