misuzu/public-legacy/manage/users/role.php

147 lines
5 KiB
PHP

<?php
namespace Misuzu;
use RuntimeException;
use Index\Colour\Colour;
use Index\Colour\ColourRGB;
use Misuzu\Perm;
$viewerPerms = $msz->getAuthInfo()->getPerms('user');
if(!$viewerPerms->check(Perm::U_ROLES_MANAGE))
Template::throwError(403);
$usersCtx = $msz->getUsersContext();
$users = $usersCtx->getUsers();
$roles = $usersCtx->getRoles();
$perms = $msz->getPerms();
if(filter_has_var(INPUT_GET, 'r')) {
$roleId = (string)filter_input(INPUT_GET, 'r', FILTER_SANITIZE_NUMBER_INT);
try {
$isNew = false;
$roleInfo = $roles->getRole($roleId);
} catch(RuntimeException $ex) {
Template::throwError(404);
}
} else $isNew = true;
$currentUser = $msz->getActiveUser();
$canEditPerms = $viewerPerms->check(Perm::U_PERMS_MANAGE);
$permsInfos = $perms->getPermissionInfo(roleInfo: $roleInfo, categoryNames: Perm::INFO_FOR_ROLE);
$permsLists = Perm::createList(Perm::LISTS_FOR_ROLE);
while($_SERVER['REQUEST_METHOD'] === 'POST' && CSRF::validateRequest()) {
$userRank = $users->getUserRank($currentUser);
if(!$isNew && !$currentUser->isSuperUser() && $roleInfo->getRank() >= $userRank) {
echo 'You aren\'t allowed to edit this role.';
break;
}
$roleName = (string)filter_input(INPUT_POST, 'ur_name');
$roleHide = !empty($_POST['ur_hidden']);
$roleLeavable = !empty($_POST['ur_leavable']);
$roleRank = (int)filter_input(INPUT_POST, 'ur_rank', FILTER_SANITIZE_NUMBER_INT);
$roleTitle = (string)filter_input(INPUT_POST, 'ur_title');
$roleDesc = (string)filter_input(INPUT_POST, 'ur_desc');
$colourInherit = !empty($_POST['ur_col_inherit']);
$colourRed = (int)filter_input(INPUT_POST, 'ur_col_red', FILTER_SANITIZE_NUMBER_INT);
$colourGreen = (int)filter_input(INPUT_POST, 'ur_col_green', FILTER_SANITIZE_NUMBER_INT);
$colourBlue = (int)filter_input(INPUT_POST, 'ur_col_blue', FILTER_SANITIZE_NUMBER_INT);
Template::set([
'role_ur_name' => $roleName,
'role_ur_hidden' => $roleHide,
'role_ur_leavable' => $roleLeavable,
'role_ur_rank' => $roleRank,
'role_ur_title' => $roleTitle,
'role_ur_desc' => $roleDesc,
'role_ur_col_inherit' => $colourInherit,
'role_ur_col_red' => $colourRed,
'role_ur_col_green' => $colourGreen,
'role_ur_col_blue' => $colourBlue,
]);
if(!$currentUser->isSuperUser() && $roleRank >= $userRank) {
echo 'You aren\'t allowed to make a role with equal rank to your own.';
break;
}
$roleNameLength = mb_strlen($roleName);
if($roleNameLength < 1 || $roleNameLength > 100) {
echo 'Provided role name is either too long or too short.';
break;
}
if($roleRank < 1 || $roleRank > 100) {
echo 'Role rank may not be less than 1 or more than 100.';
break;
}
$roleColour = $colourInherit
? Colour::none()
: new ColourRGB($colourRed, $colourGreen, $colourBlue);
if(mb_strlen($roleDesc) > 1000) {
echo 'Description may not be longer than 1000 characters.';
break;
}
if(mb_strlen($roleTitle) > 64) {
echo 'Role title may not be longer than 64 characters.';
break;
}
if($isNew) {
$roleInfo = $roles->createRole($roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);
} else {
if($roleName === $roleInfo->getName())
$roleName = null;
if($roleHide === $roleInfo->isHidden())
$roleHide = null;
if($roleLeavable === $roleInfo->isLeavable())
$roleLeavable = null;
if($roleRank === $roleInfo->getRank())
$roleRank = null;
if($roleTitle === $roleInfo->getTitle())
$roleTitle = null;
if($roleDesc === $roleInfo->getDescription())
$roleDesc = null;
// local genius did not implement colour comparison
if((string)$roleColour === (string)$roleInfo->getColour())
$roleColour = null;
$roles->updateRole($roleInfo, $roleName, $roleRank, $roleColour, $roleTitle, $roleDesc, $roleHide, $roleLeavable);
}
$msz->createAuditLog(
$isNew ? 'ROLE_CREATE' : 'ROLE_UPDATE',
[$roleInfo->getId()]
);
if($canEditPerms && filter_has_var(INPUT_POST, 'perms')) {
$permsApply = Perm::convertSubmission(
filter_input(INPUT_POST, 'perms', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY),
Perm::INFO_FOR_ROLE
);
foreach($permsApply as $categoryName => $values)
$perms->setPermissions($categoryName, $values['allow'], $values['deny'], roleInfo: $roleInfo);
// could target all users with the role but ech
$msz->getConfig()->setBoolean('perms.needsRecalc', true);
}
url_redirect('manage-role', ['role' => $roleInfo->getId()]);
return;
}
Template::render('manage.users.role', [
'role_new' => $isNew,
'role_info' => $roleInfo ?? null,
'can_edit_perms' => $canEditPerms,
'perms_lists' => $permsLists,
'perms_infos' => $permsInfos,
]);