2022-09-13 13:14:49 +00:00
|
|
|
<?php
|
|
|
|
namespace Misuzu;
|
|
|
|
|
2023-07-22 15:02:41 +00:00
|
|
|
use RuntimeException;
|
2023-01-02 23:48:04 +00:00
|
|
|
use Index\Colour\Colour;
|
2024-10-05 14:39:43 +00:00
|
|
|
use Index\Colour\ColourRgb;
|
2023-08-30 22:37:21 +00:00
|
|
|
use Misuzu\Perm;
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2024-12-02 02:28:08 +00:00
|
|
|
if(!isset($msz) || !($msz instanceof \Misuzu\MisuzuContext))
|
|
|
|
die('Script must be called through the Misuzu route dispatcher.');
|
|
|
|
|
2024-11-30 04:09:29 +00:00
|
|
|
$viewerPerms = $msz->authInfo->getPerms('user');
|
2023-08-31 15:59:53 +00:00
|
|
|
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
|
|
|
|
Template::throwError(403);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2023-12-02 02:57:46 +00:00
|
|
|
$roleInfo = null;
|
2023-07-27 23:26:05 +00:00
|
|
|
|
|
|
|
if(filter_has_var(INPUT_GET, 'r')) {
|
|
|
|
$roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
|
|
|
try {
|
2023-07-27 23:26:05 +00:00
|
|
|
$isNew = false;
|
2024-11-30 04:09:29 +00:00
|
|
|
$roleInfo = $msz->usersCtx->roles->getRole($roleId);
|
2023-07-22 15:02:41 +00:00
|
|
|
} catch(RuntimeException $ex) {
|
2023-08-31 15:59:53 +00:00
|
|
|
Template::throwError(404);
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
2023-07-27 23:26:05 +00:00
|
|
|
} else $isNew = true;
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2024-11-30 04:09:29 +00:00
|
|
|
$currentUser = $msz->authInfo->userInfo;
|
2023-08-30 22:37:21 +00:00
|
|
|
$canEditPerms = $viewerPerms->check(Perm::U_PERMS_MANAGE);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2024-11-30 04:09:29 +00:00
|
|
|
$permsInfos = $roleInfo === null ? null : $msz->perms->getPermissionInfo(roleInfo: $roleInfo, categoryNames: Perm::INFO_FOR_ROLE);
|
2023-08-30 22:37:21 +00:00
|
|
|
$permsLists = Perm::createList(Perm::LISTS_FOR_ROLE);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
|
2024-11-30 04:09:29 +00:00
|
|
|
$userRank = $msz->usersCtx->users->getUserRank($currentUser);
|
2023-08-02 22:12:47 +00:00
|
|
|
|
2024-11-30 04:09:29 +00:00
|
|
|
if(!$isNew && !$currentUser->super && $roleInfo->rank >= $userRank) {
|
2023-07-27 23:26:05 +00:00
|
|
|
echo 'You aren\'t allowed to edit this role.';
|
|
|
|
break;
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
2024-09-16 21:44:37 +00:00
|
|
|
$roleString = (string)filter_input(INPUT_POST, 'ur_string');
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleName = (string)filter_input(INPUT_POST, 'ur_name');
|
|
|
|
$roleHide = !empty($_POST['ur_hidden']);
|
|
|
|
$roleLeavable = !empty($_POST['ur_leavable']);
|
|
|
|
$roleRank = (int)filter_input(INPUT_POST, 'ur_rank', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
$roleTitle = (string)filter_input(INPUT_POST, 'ur_title');
|
|
|
|
$roleDesc = (string)filter_input(INPUT_POST, 'ur_desc');
|
|
|
|
$colourInherit = !empty($_POST['ur_col_inherit']);
|
|
|
|
$colourRed = (int)filter_input(INPUT_POST, 'ur_col_red', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
$colourGreen = (int)filter_input(INPUT_POST, 'ur_col_green', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
$colourBlue = (int)filter_input(INPUT_POST, 'ur_col_blue', FILTER_SANITIZE_NUMBER_INT);
|
|
|
|
|
|
|
|
Template::set([
|
2024-09-16 21:44:37 +00:00
|
|
|
'role_ur_string' => $roleString,
|
2023-07-27 23:26:05 +00:00
|
|
|
'role_ur_name' => $roleName,
|
|
|
|
'role_ur_hidden' => $roleHide,
|
|
|
|
'role_ur_leavable' => $roleLeavable,
|
|
|
|
'role_ur_rank' => $roleRank,
|
|
|
|
'role_ur_title' => $roleTitle,
|
|
|
|
'role_ur_desc' => $roleDesc,
|
|
|
|
'role_ur_col_inherit' => $colourInherit,
|
|
|
|
'role_ur_col_red' => $colourRed,
|
|
|
|
'role_ur_col_green' => $colourGreen,
|
|
|
|
'role_ur_col_blue' => $colourBlue,
|
|
|
|
]);
|
|
|
|
|
2024-11-30 04:09:29 +00:00
|
|
|
if(!$currentUser->super && $roleRank >= $userRank) {
|
2023-07-27 23:26:05 +00:00
|
|
|
echo 'You aren\'t allowed to make a role with equal rank to your own.';
|
|
|
|
break;
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleNameLength = mb_strlen($roleName);
|
|
|
|
if($roleNameLength < 1 || $roleNameLength > 100) {
|
|
|
|
echo 'Provided role name is either too long or too short.';
|
|
|
|
break;
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
if($roleRank < 1 || $roleRank > 100) {
|
|
|
|
echo 'Role rank may not be less than 1 or more than 100.';
|
|
|
|
break;
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleColour = $colourInherit
|
|
|
|
? Colour::none()
|
2024-10-05 14:39:43 +00:00
|
|
|
: new ColourRgb($colourRed, $colourGreen, $colourBlue);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
if(mb_strlen($roleDesc) > 1000) {
|
|
|
|
echo 'Description may not be longer than 1000 characters.';
|
|
|
|
break;
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
if(mb_strlen($roleTitle) > 64) {
|
|
|
|
echo 'Role title may not be longer than 64 characters.';
|
|
|
|
break;
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
2024-09-16 21:44:37 +00:00
|
|
|
if(strlen($roleString) > 20) {
|
|
|
|
echo 'Role string may not be longer than 20 characters.';
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if(strlen($roleString) > 1 && !ctype_alpha($roleString[0])) {
|
|
|
|
echo 'Role string most start with an alphabetical character.';
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
if($isNew) {
|
2024-11-30 04:09:29 +00:00
|
|
|
$roleInfo = $msz->usersCtx->roles->createRole(
|
2024-09-16 21:44:37 +00:00
|
|
|
$roleName,
|
|
|
|
$roleRank,
|
|
|
|
$roleColour,
|
|
|
|
string: $roleString,
|
|
|
|
title: $roleTitle,
|
|
|
|
description: $roleDesc,
|
|
|
|
hidden: $roleHide,
|
|
|
|
leavable: $roleLeavable
|
|
|
|
);
|
2023-07-27 23:26:05 +00:00
|
|
|
} else {
|
2024-11-30 04:09:29 +00:00
|
|
|
if($roleName === $roleInfo->name)
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleName = null;
|
2024-11-30 04:09:29 +00:00
|
|
|
if($roleString === $roleInfo->string)
|
2024-09-16 21:44:37 +00:00
|
|
|
$roleString = null;
|
2024-11-30 04:09:29 +00:00
|
|
|
if($roleHide === $roleInfo->hidden)
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleHide = null;
|
2024-11-30 04:09:29 +00:00
|
|
|
if($roleLeavable === $roleInfo->leavable)
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleLeavable = null;
|
2024-11-30 04:09:29 +00:00
|
|
|
if($roleRank === $roleInfo->rank)
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleRank = null;
|
2024-11-30 04:09:29 +00:00
|
|
|
if($roleTitle === $roleInfo->title)
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleTitle = null;
|
2024-11-30 04:09:29 +00:00
|
|
|
if($roleDesc === $roleInfo->description)
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleDesc = null;
|
|
|
|
// local genius did not implement colour comparison
|
2024-11-30 04:09:29 +00:00
|
|
|
if((string)$roleColour === (string)$roleInfo->colour)
|
2023-07-27 23:26:05 +00:00
|
|
|
$roleColour = null;
|
|
|
|
|
2024-11-30 04:09:29 +00:00
|
|
|
$msz->usersCtx->roles->updateRole(
|
2024-09-16 21:44:37 +00:00
|
|
|
$roleInfo,
|
|
|
|
string: $roleString,
|
|
|
|
name: $roleName,
|
|
|
|
rank: $roleRank,
|
|
|
|
colour: $roleColour,
|
|
|
|
title: $roleTitle,
|
|
|
|
description: $roleDesc,
|
|
|
|
hidden: $roleHide,
|
|
|
|
leavable: $roleLeavable
|
|
|
|
);
|
2023-07-27 23:26:05 +00:00
|
|
|
}
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2023-07-27 23:26:05 +00:00
|
|
|
$msz->createAuditLog(
|
|
|
|
$isNew ? 'ROLE_CREATE' : 'ROLE_UPDATE',
|
2024-11-30 04:09:29 +00:00
|
|
|
[$roleInfo->id]
|
2023-07-27 23:26:05 +00:00
|
|
|
);
|
2022-09-13 13:14:49 +00:00
|
|
|
|
2023-08-30 22:37:21 +00:00
|
|
|
if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) {
|
|
|
|
$permsApply = Perm::convertSubmission(
|
|
|
|
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
|
|
|
|
Perm::INFO_FOR_ROLE
|
|
|
|
);
|
|
|
|
|
|
|
|
foreach($permsApply as $categoryName => $values)
|
2024-11-30 04:09:29 +00:00
|
|
|
$msz->perms->setPermissions($categoryName, $values['allow'], $values['deny'], roleInfo: $roleInfo);
|
2023-08-30 22:37:21 +00:00
|
|
|
|
2023-08-30 23:56:30 +00:00
|
|
|
// could target all users with the role but ech
|
2024-11-30 04:09:29 +00:00
|
|
|
$msz->config->setBoolean('perms.needsRecalc', true);
|
2022-09-13 13:14:49 +00:00
|
|
|
}
|
|
|
|
|
2024-11-30 04:09:29 +00:00
|
|
|
Tools::redirect($msz->urls->format('manage-role', ['role' => $roleInfo->id]));
|
2022-09-13 13:14:49 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
Template::render('manage.users.role', [
|
2023-07-27 23:26:05 +00:00
|
|
|
'role_new' => $isNew,
|
2022-09-13 13:14:49 +00:00
|
|
|
'role_info' => $roleInfo ?? null,
|
2023-08-30 22:37:21 +00:00
|
|
|
'can_edit_perms' => $canEditPerms,
|
|
|
|
'perms_lists' => $permsLists,
|
|
|
|
'perms_infos' => $permsInfos,
|
2022-09-13 13:14:49 +00:00
|
|
|
]);
|