From 914a64b120059b8dc330a6ae2ebca8300dac16eb Mon Sep 17 00:00:00 2001
From: Kevin Chabowski <kevin@kch42.de>
Date: Sat, 3 Dec 2011 13:57:48 +0100
Subject: User management added to backend.

---
 ratatoeskr/backend.php                             | 217 ++++++++++++++++++++-
 ratatoeskr/cms_style/layout.css                    |   5 +
 .../src/systemtemplates/backend_login.html         |   4 +-
 .../templates/src/systemtemplates/master.html      |   2 +-
 ratatoeskr/templates/src/systemtemplates/user.html |  41 ++++
 .../templates/src/systemtemplates/users.html       |  89 +++++++++
 ratatoeskr/translations/en.php                     |  29 ++-
 7 files changed, 378 insertions(+), 9 deletions(-)
 create mode 100644 ratatoeskr/templates/src/systemtemplates/user.html
 create mode 100644 ratatoeskr/templates/src/systemtemplates/users.html

(limited to 'ratatoeskr')

diff --git a/ratatoeskr/backend.php b/ratatoeskr/backend.php
index 0aeafc4..2efe00c 100644
--- a/ratatoeskr/backend.php
+++ b/ratatoeskr/backend.php
@@ -103,7 +103,7 @@ $backend_subactions = url_action_subactions(array(
 			}
 			catch(DoesNotExistError $e)
 			{
-				unset($_SESSION["uid"]);
+				unset($_SESSION["ratatoeskr_uid"]);
 			}
 		}
 		load_language();
@@ -127,7 +127,7 @@ $backend_subactions = url_action_subactions(array(
 				$_SESSION["ratatoeskr_uid"]    = $user->get_id();
 				$_SESSION["ratatoeskr_pwhash"] = $user->pwhash;
 				$data["user"] = $user;
-				$ste->vars["user"] = array("name" => $user->username, "lang" => $user->language);
+				$ste->vars["user"] = array("id" => $user->get_id(), "name" => $user->username, "lang" => $user->language);
 			}
 			catch(Exception $e)
 			{
@@ -1321,7 +1321,218 @@ $backend_subactions = url_action_subactions(array(
 			);}, $ratatoeskr_settings["languages"]);
 			
 			echo $ste->exectemplate("systemtemplates/settings.html");
-		}
+		},
+		"users" => url_action_subactions(array(
+			"_index" => function(&$data, $url_now, &$url_next)
+			{
+				global $ste, $translation, $languages, $rel_path_to_root, $ratatoeskr_settings, $textprocessors;
+			
+				$url_next = array();
+			
+				$ste->vars["section"]   = "admin";
+				$ste->vars["submenu"]   = "users";
+				$ste->vars["pagetitle"] = $translation["menu_users_groups"];
+			
+				/* Add a new group? */
+				if(isset($_POST["new_group"]))
+				{
+					if(empty($_POST["group_name"]))
+						$ste->vars["error"] = $translation["empty_group_name"];
+					else
+					{
+						try
+						{
+							Group::by_name($_POST["group_name"]);
+							$ste->vars["error"] = $translation["group_already_exists"];
+						}
+						catch(DoesNotExistError $e)
+						{
+							$group = Group::create($_POST["group_name"]);
+							$ste->vars["success"] = $translation["successfully_created_group"];
+						}
+					}
+				}
+			
+				/* Add a new user? */
+				if(isset($_POST["new_user"]))
+				{
+					if(empty($_POST["username"]))
+						$ste->vars["error"] = $translation["empty_username"];
+					else
+					{
+						try
+						{
+							User::by_name($_POST["username"]);
+							$ste->vars["error"] = $translation["user_already_exists"];
+						}
+						catch(DoesNotExistError $e)
+						{
+							$group = User::create($_POST["username"], PasswordHash::create($_POST["initial_password"]));
+							$ste->vars["success"] = $translation["successfully_created_user"];
+						}
+					}
+				}
+			
+				/* Delete groups? */
+				if(isset($_POST["delete_groups"]) and ($_POST["really_delete"] == "yes") and (!empty($_POST["groups_multiselect"])))
+				{
+					$deleted = 0;
+					foreach($_POST["groups_multiselect"] as $gid)
+					{
+						try
+						{
+							$group = Group::by_id($gid);
+							if($group->name == "admins")
+							{
+								$ste->vars["error"] = $translation["cannot_delete_admin_group"];
+							}
+							else
+							{
+								$group->delete();
+								++$deleted;
+							}
+						}
+						catch(DoesNotExistError $e)
+						{
+							continue;
+						}
+					}
+					if($deleted > 0)
+						$ste->vars["success"] = $translation["successfully_deleted_groups"];
+				}
+			
+				/* Delete users? */
+				if(isset($_POST["delete_users"]) and ($_POST["really_delete"] == "yes") and (!empty($_POST["users_multiselect"])))
+				{
+					$deleted = 0;
+					foreach($_POST["users_multiselect"] as $uid)
+					{
+						if($uid == $data["user"]->get_id())
+							$ste->vars["error"] = $translation["cannot_delete_yourself"];
+						else
+						{
+							try
+							{
+								$user = User::by_id($uid);
+								$user->delete();
+								++$deleted;
+							}
+							catch(DoesNotExistError $e)
+							{
+								continue;
+							}
+						}
+					}
+					if($deleted > 0)
+						$ste->vars["success"] = $translation["successfully_deleted_users"];
+				}
+			
+				/* Get all groups */
+				$ste->vars["groups"] = array_map(function($g) { return array(
+					"id"   => $g->get_id(),
+					"name" => $g->name
+				); }, Group::all());
+			
+				/* Get all users */
+				$ste->vars["users"] = array_map(function($u) { return array(
+					"id"       => $u->get_id(),
+					"name"     => $u->username,
+					"memberof" => array_map(function($g) { return $g->name; }, $u->get_groups()),
+					"fullname" => $u->fullname,
+					"mail"     => $u->mail
+				); }, User::all());
+			
+				echo $ste->exectemplate("systemtemplates/users.html");
+			},
+			"u" => function(&$data, $url_now, &$url_next)
+			{
+				global $ste, $translation, $languages, $rel_path_to_root, $admin_grp;
+				
+				try
+				{
+					$user = User::by_id($url_next[0]);
+				}
+				catch(DoesNotExistError $e)
+				{
+					throw new NotFoundError();
+				}
+				
+				$url_next = array();
+				
+				$ste->vars["section"]   = "admin";
+				$ste->vars["submenu"]   = "users";
+				$ste->vars["pagetitle"] = $user->username;
+				
+				/* Modify data? */
+				if(isset($_POST["change_data"]))
+				{
+					$user->fullname = $_POST["fullname"];
+					$user->mail     = $_POST["mail"];
+					
+					$current_groups = array_map(function($g) { return $g->get_id(); }, $user->get_groups());
+					$new_groups     = empty($_POST[groups_multiselect]) ? array() : $_POST["groups_multiselect"];
+					$groups_exclude = array_diff($current_groups, $new_groups);
+					$groups_include = array_diff($new_groups, $current_groups);
+					
+					foreach($groups_exclude as $gid)
+					{
+						try
+						{
+							$g = Group::by_id($gid);
+							$g->exclude_user($user);
+						}
+						catch(DoesNotExistError $e)
+						{
+							continue;
+						}
+					}
+					
+					foreach($groups_include as $gid)
+					{
+						try
+						{
+							$g = Group::by_id($gid);
+							$g->include_user($user);
+						}
+						catch(DoesNotExistError $e)
+						{
+							continue;
+						}
+					}
+					
+					$user->save();
+					
+					$ste->vars["success"] = $translation["successfully_modified_user"];
+				}
+				
+				/* New Password? */
+				if(isset($_POST["new_password"]))
+				{
+					$pwhash = PasswordHash::create($_POST["password"]);
+					$user->pwhash = $pwhash;
+					if($user->get_id() == $data["user"]->get_id())
+						$_SESSION["ratatoeskr_pwhash"] = $pwhash;
+					$user->save();
+					
+					$ste->vars["success"] = $translation["successfully_set_new_password"];
+				}
+				
+				/* Put data to STE */
+				$ste->vars["u"] = array(
+					"id"       => $user->get_id(),
+					"name"     => $user->username,
+					"fullname" => $user->fullname,
+					"mail"     => $user->mail
+				);
+				$ste->vars["groups"] = array_map(function($g) use ($user) { return array(
+					"id"     => $g->get_id(),
+					"name"   => $g->name,
+					"member" => $user->member_of($g)
+				); }, Group::all());
+				
+				echo $ste->exectemplate("systemtemplates/user.html");
+			}
+		))
 	))
 ));
 
diff --git a/ratatoeskr/cms_style/layout.css b/ratatoeskr/cms_style/layout.css
index 766323d..a0d7e61 100644
--- a/ratatoeskr/cms_style/layout.css
+++ b/ratatoeskr/cms_style/layout.css
@@ -245,3 +245,8 @@ table.listtab tbody tr:hover {
 textarea.codeedit {
 	font-family: monospace;
 }
+
+ul.bulletfree {
+	list-style: none;
+	padding-left: 0mm;
+}
diff --git a/ratatoeskr/templates/src/systemtemplates/backend_login.html b/ratatoeskr/templates/src/systemtemplates/backend_login.html
index 73c2710..742dae8 100755
--- a/ratatoeskr/templates/src/systemtemplates/backend_login.html
+++ b/ratatoeskr/templates/src/systemtemplates/backend_login.html
@@ -22,8 +22,8 @@
 				</ste:then>
 			</ste:if>
 			<form action="$rel_path_to_root/backend/login" method="POST" accept-charset="utf-8">
-				<p><ste:escape><ste:capitalize><ste:get_translation for="username" raw="y" /></ste:capitalize></ste:escape>: <input type="text" name="user" /></p>
-				<p><ste:escape><ste:capitalize><ste:get_translation for="password" raw="y" /></ste:capitalize></ste:escape>: <input type="password" name="password" /></p>
+				<p><ste:get_translation for="username" />: <input type="text" name="user" /></p>
+				<p><ste:get_translation for="password" />: <input type="password" name="password" /></p>
 				<p class="loginbtn"><input type="submit" value="<ste:get_translation for='login_form_button' />" /></p>
 			</form>
 		</div>
diff --git a/ratatoeskr/templates/src/systemtemplates/master.html b/ratatoeskr/templates/src/systemtemplates/master.html
index 99c8e35..b73f3b3 100755
--- a/ratatoeskr/templates/src/systemtemplates/master.html
+++ b/ratatoeskr/templates/src/systemtemplates/master.html
@@ -12,7 +12,7 @@
 	<div id="bar_top">
 		<span class="branding"><strong>Ratatöskr</strong>::Noctilucent clouds (v. 0.1)</span>
 		<span class="user">
-			<a href="$rel_path_to_root/backend/admin/users/_self">$user[name]</a> | <a href="$rel_path_to_root/backend/logout"><ste:get_translation for="logout" /></a>
+			<a href="$rel_path_to_root/backend/admin/users/u/$user[id]">$user[name]</a> | <a href="$rel_path_to_root/backend/logout"><ste:get_translation for="logout" /></a>
 		</span>
 	</div>
 	<div id="maincontainer">
diff --git a/ratatoeskr/templates/src/systemtemplates/user.html b/ratatoeskr/templates/src/systemtemplates/user.html
new file mode 100644
index 0000000..8bdce8b
--- /dev/null
+++ b/ratatoeskr/templates/src/systemtemplates/user.html
@@ -0,0 +1,41 @@
+<ste:comment>This template looks very boring/ugly, too much empty space, should be fixed some day...</ste:comment>
+<ste:load name="master.html" />
+<ste:block name="content">
+	<ste:if>$error
+		<ste:then>
+			<div class="error"><ste:escape>$error</ste:escape></div>
+		</ste:then>
+	</ste:if>
+	<ste:if>$success
+		<ste:then>
+			<div class="success"><ste:escape>$success</ste:escape></div>
+		</ste:then>
+	</ste:if>
+	
+	<form action="$rel_path_to_root/backend/admin/users/u/$u[id]" method="POST" accept-charset="UTF-8">
+		<p>
+			<strong><ste:get_translation for="fullname" />:</strong><br />
+			<input type="text" name="fullname" value="<ste:escape>$u[fullname]</ste:escape>" />
+		</p>
+		<p>
+			<strong><ste:get_translation for="mail_address" />:</strong><br />
+			<input type="text" name="mail" value="$u[mail]" />
+		</p>
+		<p><strong><ste:get_translation for="member_of_groups" />:</strong></p>
+		<ul class="bulletfree">
+			<ste:foreach array="groups" value="group">
+				<li>
+					<input type="checkbox" name="groups_multiselect[]" value="$group[id]" ?{$group[member]|checked="checked" |}/> <ste:escape>$group[name]</ste:escape>
+				</li>
+			</ste:foreach>
+		</ul>
+		<p><input type="submit" name="change_data" /></p>
+		
+		<h2><ste:get_translation for="new_password" /></h2>
+		<p>
+			<strong><ste:get_translation for="password" />:</strong><br />
+			<input type="password" name="password" />
+		</p>
+		<p><input type="submit" name="new_password" /></p>
+	</form>
+</ste:block>
diff --git a/ratatoeskr/templates/src/systemtemplates/users.html b/ratatoeskr/templates/src/systemtemplates/users.html
new file mode 100644
index 0000000..ade4f34
--- /dev/null
+++ b/ratatoeskr/templates/src/systemtemplates/users.html
@@ -0,0 +1,89 @@
+<ste:load name="master.html" />
+<ste:block name="content">
+	<ste:if>$error
+		<ste:then>
+			<div class="error"><ste:escape>$error</ste:escape></div>
+		</ste:then>
+	</ste:if>
+	<ste:if>$success
+		<ste:then>
+			<div class="success"><ste:escape>$success</ste:escape></div>
+		</ste:then>
+	</ste:if>
+	
+	<div class="dualcolumns">
+		<div class="column_left">
+			<form action="$rel_path_to_root/backend/admin/users" method="POST" accept-charset="UTF-8">
+				<h2><ste:get_translation for="new_group" /></h2>
+				<strong><ste:get_translation for="groupname" />:</strong><br />
+				<input type="text" name="group_name" class="fullwidth" /><br />
+				<input type="submit" name="new_group" />
+				
+				<h2><ste:get_translation for="new_user" /></h2>
+				<strong><ste:get_translation for="username" />:</strong><br />
+				<input type="text" name="username" class="fullwidth" /><br />
+				<strong><ste:get_translation for="initial_password" />:</strong><br />
+				<input type="password" name="initial_password" class="fullwidth" /><br />
+				<input type="submit" name="new_user" />
+			</form>
+		</div>
+		<div class="column_main">
+			<form action="$rel_path_to_root/backend/admin/users" method="POST" accept-charset="UTF-8">
+				<h2><ste:get_translation for="groups" /></h2>
+				<table class="listtab fullwidth">
+					<thead>
+						<tr>
+							<th style="width: 3ex">&nbsp;</th>
+							<th><ste:get_translation for="groupname" /></th>
+						</tr>
+					</thead>
+					<tbody>
+						<ste:foreach array="groups" value="group">
+							<tr>
+								<td><input type="checkbox" name="groups_multiselect[]" value="$group[id]" /></td>
+								<td><ste:escape>$group[name]</ste:escape></td>
+							</tr>
+						</ste:foreach>
+					</tbody>
+				</table>
+				<div>
+					<input type="submit" name="delete_groups" value="<ste:get_translation for='delete' />" /><select name="really_delete"><option value="no" selected="selected"><ste:get_translation for="no" /></option><option value="yes"><ste:get_translation for="yes" /></option></select>
+				</div>
+			</form>
+			
+			<form action="$rel_path_to_root/backend/admin/users" method="POST" accept-charset="UTF-8">
+				<h2><ste:get_translation for="users" /></h2>
+				<table class="listtab fullwidth">
+					<thead>
+						<tr>
+							<th style="width: 3ex">&nbsp;</th>
+							<th><ste:get_translation for="username" /></th>
+							<th><ste:get_translation for="member_of_groups" /></th>
+							<th><ste:get_translation for="fullname"/></th>
+							<th><ste:get_translation for="mail_address" /></th>
+						</tr>
+					</thead>
+					<tbody>
+						<ste:foreach array="users" value="user_x">
+							<tr>
+								<td><input type="checkbox" name="users_multiselect[]" value="$user_x[id]" /></td>
+								<td><a href="$rel_path_to_root/backend/admin/users/u/$user_x[id]"><ste:escape>$user_x[name]</ste:escape></a></td>
+								<td>
+									<ste:foreach array="user_x[memberof]" value="group" counter="i">
+										?{~{$i|eq|0}||, }<ste:escape>$group</ste:escape>
+									</ste:foreach>
+								</td>
+								<td><ste:escape>$user_x[fullname]</ste:escape></td>
+								<td><ste:escape>$user_x[mail]</ste:escape></td>
+							</tr>
+						</ste:foreach>
+					</tbody>
+				</table>
+				<div>
+					<input type="submit" name="delete_users" value="<ste:get_translation for='delete' />" /><select name="really_delete"><option value="no" selected="selected"><ste:get_translation for="no" /></option><option value="yes"><ste:get_translation for="yes" /></option></select>
+				</div>
+			</form>
+		</div>
+	</div>
+	<div class="dualcolumns_stop"></div>
+</ste:block>
diff --git a/ratatoeskr/translations/en.php b/ratatoeskr/translations/en.php
index 5c6bd5c..80b9806 100644
--- a/ratatoeskr/translations/en.php
+++ b/ratatoeskr/translations/en.php
@@ -1,8 +1,8 @@
 <?php
 
 $translation = array(
-	"username" => "username",
-	"password" => "password",
+	"username" => "Username",
+	"password" => "Password",
 	"login_form_header" => "Login",
 	"login_form_button" => "Login",
 	"login_background_image" => "Background image: <a href=\"[[URL]]\">[[FILENAME]]</a> by [[AUTHOR]]. License: [[LICENSE]]",
@@ -178,7 +178,30 @@ $translation = array(
 	"cannot_delete_default_language" => "Can not delete default language.",
 	"language_successfully_deleted" => "Language successfully deleted.",
 	"successfully_set_default_language" => "Successfully set default language.",
-	"language_successfully_added" => "Language successfully added."
+	"language_successfully_added" => "Language successfully added.",
+	"new_user" => "New user",
+	"initial_password" => "Initial password",
+	"new_group" => "New Group",
+	"groupname" => "Group name",
+	"users" => "Users",
+	"groups" => "Groups",
+	"group" => "Group",
+	"member_of_groups" => "Member of these groups",
+	"cannot_delete_admin_group" => "Can not delete admin group.",
+	"successfully_deleted_groups" => "Successfully deleted groups.",
+	"empty_group_name" => "Can not create group: Empty group name.",
+	"group_already_exists" => "Group already exists.",
+	"successfully_created_group" => "Successfully created group.",
+	"empty_username" => "Can not create user: Empty username.",
+	"user_already_exists" => "User already exists.",
+	"successfully_created_user" => "Successfully created user.",
+	"cannot_delete_yourself" => "You can not delete yourself.",
+	"successfully_deleted_users" => "Successfully deleted users.",
+	"fullname" => "Full name",
+	"mail_address" => "Mail Address",
+	"new_password" => "New password",
+	"successfully_modified_user" => "Successfully modified user.",
+	"successfully_set_new_password" => "Successfully set new password."
 );
 
 ?>
-- 
cgit v1.2.3-54-g00ecf