]>
Commit | Line | Data |
---|---|---|
9063386f TC |
1 | package BSE::AdminSiteUsers; |
2 | use strict; | |
2076966c | 3 | use base qw(BSE::UI::AdminDispatch BSE::UI::SiteuserCommon); |
9063386f | 4 | use BSE::Util::Tags qw(tag_error_img tag_hash); |
3f9c8a96 | 5 | use BSE::Util::HTML qw(:default popup_menu); |
b7cadc84 | 6 | use BSE::TB::SiteUsers; |
9063386f | 7 | use BSE::Util::Iterate; |
505456b1 | 8 | use BSE::Util::DynSort qw(sorter tag_sorthelp); |
9063386f | 9 | use BSE::Util::SQL qw/now_datetime/; |
220c179a | 10 | use BSE::SubscriptionTypes; |
00dd8d82 | 11 | use BSE::CfgInfo qw(custom_class); |
efcc5a30 | 12 | use constant SITEUSER_GROUP_SECT => 'BSE Siteuser groups validation'; |
4d764c34 | 13 | use BSE::Template; |
32696f84 | 14 | use DevHelp::Date qw(dh_parse_date_sql dh_parse_time_sql); |
9063386f | 15 | |
b7cadc84 | 16 | our $VERSION = "1.015"; |
cb7fd78d | 17 | |
9063386f TC |
18 | my %actions = |
19 | ( | |
2076966c TC |
20 | list => 'bse_members_user_list', |
21 | edit => 'bse_members_user_edit', | |
22 | save => 'bse_members_user_edit', | |
23 | addform => 'bse_members_user_add', | |
24 | add => 'bse_members_user_add', | |
a0edb02e TC |
25 | deleteform => 'bse_members_user_delete', |
26 | delete => 'bse_members_user_delete', | |
2076966c | 27 | view => 'bse_members_user_view', |
74b3689a | 28 | unlock => 'bse_members_user_unlock', |
2076966c TC |
29 | grouplist => 'bse_members_group_list', |
30 | addgroupform => 'bse_members_group_add', | |
31 | addgroup => 'bse_members_group_add', | |
32 | editgroup => 'bse_members_group_edit', | |
33 | savegroup => 'bse_members_group_edit', | |
34 | deletegroupform => 'bse_members_group_delete', | |
35 | deletegroup => 'bse_members_group_delete', | |
36 | groupmemberform => 'bse_members_user_edit', | |
37 | savegroupmembers => 'bse_members_user_edit', | |
6555857d | 38 | confirm => 'bse_members_confirm', |
32696f84 TC |
39 | adduserfile => 'bse_members_user_add_file', |
40 | adduserfileform => 'bse_members_user_add_file', | |
41 | edituserfile => 'bse_members_user_edit_file', | |
42 | saveuserfile => 'bse_members_user_edit_file', | |
43 | deluserfileform => 'bse_members_user_del_file', | |
44 | deluserfile => 'bse_members_user_del_file', | |
45 | ||
46 | addgroupfile => 'bse_members_group_add_file', | |
47 | addgroupfileform => 'bse_members_group_add_file', | |
48 | editgroupfile => 'bse_members_group_edit_file', | |
49 | savegroupfile => 'bse_members_group_edit_file', | |
50 | delgroupfileform => 'bse_members_group_del_file', | |
51 | delgroupfile => 'bse_members_group_del_file', | |
52 | fileaccesslog => 'bse_members_file_log', | |
9063386f TC |
53 | ); |
54 | ||
829c9ed9 | 55 | my @donttouch = qw(id userId password email confirmed confirmSecret waitingForConfirmation flags affiliate_name previousLogon); # flags is saved separately |
9063386f TC |
56 | my %donttouch = map { $_, $_ } @donttouch; |
57 | ||
2076966c | 58 | sub default_action { 'list' } |
9063386f | 59 | |
2076966c TC |
60 | sub actions { |
61 | \%actions | |
62 | } | |
9063386f | 63 | |
2076966c TC |
64 | sub rights { |
65 | \%actions | |
9063386f TC |
66 | } |
67 | ||
d49f56a6 TC |
68 | sub flags { |
69 | my ($cfg) = @_; | |
70 | ||
71 | my %flags = $cfg->entriesCS('site user flags'); | |
72 | ||
73 | my @valid = grep /^\w+$/, keys %flags; | |
74 | ||
75 | return map +{ id => $_, desc => $flags{$_} }, | |
76 | sort { lc($flags{$a}) cmp lc($flags{$b}) } @valid; | |
77 | } | |
78 | ||
758a29cd TC |
79 | my %nosearch = map { $_ => 1 } qw/id password confirmSecret/; |
80 | ||
9063386f TC |
81 | sub req_list { |
82 | my ($class, $req, $msg) = @_; | |
83 | ||
84 | my $cgi = $req->cgi; | |
495114d1 TC |
85 | $msg = $req->message($msg); |
86 | ||
b7cadc84 | 87 | my @users = BSE::TB::SiteUsers->all; |
758a29cd TC |
88 | my $id = $cgi->param('id'); |
89 | defined $id or $id = ''; | |
511df710 TC |
90 | my $search_done = 0; |
91 | my %search_fields; | |
758a29cd | 92 | if ($id =~ /^\d+$/) { |
511df710 | 93 | $search_fields{id} = $id; |
758a29cd | 94 | @users = grep $_->{id} == $id, @users; |
511df710 | 95 | ++$search_done; |
758a29cd TC |
96 | } |
97 | else { | |
98 | my %fields; | |
b7cadc84 | 99 | my @cols = grep !$nosearch{$_}, BSE::TB::SiteUser->columns; |
758a29cd TC |
100 | for my $col (@cols, 'name') { |
101 | my $value = $cgi->param($col); | |
102 | if (defined $value && $value =~ /\S/) { | |
103 | $fields{$col} = $value; | |
104 | } | |
105 | } | |
106 | if (keys %fields) { | |
511df710 TC |
107 | %search_fields = %fields; |
108 | ++$search_done; | |
758a29cd TC |
109 | my $name = delete $fields{name}; |
110 | if (defined $name) { | |
111 | @users = grep "$_->{name1} $_->{name2}" =~ /\Q$name/i, @users; | |
112 | } | |
113 | for my $col (keys %fields) { | |
114 | my $value_re = qr/\Q$fields{$col}/i; | |
115 | @users = grep $_->{$col} =~ /$value_re/, @users; | |
116 | } | |
117 | } | |
118 | } | |
9063386f | 119 | my ($sortby, $reverse) = |
505456b1 | 120 | sorter(data=>\@users, cgi=>$cgi, sortby=>'userId', session=>$req->session, |
00dd8d82 | 121 | name=>'siteusers', fields=> { id => {numeric => 1 } }); |
74b3689a | 122 | my $it = BSE::Util::Iterate::Objects->new; |
511df710 TC |
123 | |
124 | my $search_param = | |
125 | join('&', map { "$_=".escape_uri($search_fields{$_}) } keys %search_fields); | |
a0edb02e | 126 | |
74b3689a TC |
127 | $req->set_variable(siteusers => \@users); |
128 | ||
9063386f TC |
129 | my %acts; |
130 | %acts = | |
131 | ( | |
d5a6b1ee | 132 | $req->admin_tags, |
9063386f TC |
133 | message => $msg, |
134 | $it->make_paged_iterator('siteuser', 'siteusers', \@users, undef, | |
505456b1 TC |
135 | $cgi, undef, 'pp=20', $req->session, |
136 | 'siteusers'), | |
9063386f TC |
137 | sortby=>$sortby, |
138 | reverse=>$reverse, | |
139 | sorthelp => [ \&tag_sorthelp, $sortby, $reverse ], | |
511df710 TC |
140 | ifSearchDone => $search_done, |
141 | search_param => $search_param, | |
9063386f TC |
142 | ); |
143 | ||
758a29cd | 144 | return $req->dyn_response('admin/users/list', \%acts); |
9063386f TC |
145 | } |
146 | ||
147 | sub tag_if_required { | |
148 | my ($cfg, $args) = @_; | |
149 | ||
150 | return $cfg->entryBool('site users', "require_$args", 0); | |
151 | } | |
152 | ||
d49f56a6 TC |
153 | sub iter_flags { |
154 | my ($cfg) = @_; | |
155 | ||
156 | flags($cfg); | |
157 | } | |
158 | ||
159 | sub tag_if_flag_set { | |
160 | my ($flags, $arg, $acts, $funcname, $templater) = @_; | |
161 | ||
162 | my @args = DevHelp::Tags->get_parms($arg, $acts, $templater); | |
163 | @args or return; | |
164 | ||
165 | return index($flags, $args[0]) >= 0; | |
166 | } | |
167 | ||
220c179a TC |
168 | sub tag_if_subscribed_register { |
169 | my ($cgi, $cfg, $subs, $rsub_index) = @_; | |
170 | ||
171 | return 0 if $$rsub_index < 0 or $$rsub_index >= @$subs; | |
172 | my $sub = $subs->[$$rsub_index]; | |
173 | if ($cgi->param('checkedsubs')) { | |
174 | my @checked = $cgi->param('subscription'); | |
175 | return grep($sub->{id} == $_, @checked) != 0; | |
176 | } | |
177 | else { | |
178 | my $def = $cfg->entryBool('site users', 'subscribe_all', 0); | |
179 | ||
180 | return $cfg->entryBool('site users', "subscribe_$sub->{id}", $def); | |
181 | } | |
182 | } | |
183 | ||
184 | sub tag_if_subscribed { | |
185 | my ($cgi, $subs, $rsub_index, $usersubs) = @_; | |
186 | ||
187 | $$rsub_index >= 0 && $$rsub_index < @$subs | |
188 | or return; | |
189 | ||
190 | my $sub = $subs->[$$rsub_index]; | |
191 | if ($cgi->param('checkedsubs')) { | |
192 | my @checked = $cgi->param('subscription'); | |
193 | return grep($sub->{id} == $_, @checked) != 0; | |
194 | } | |
195 | ||
196 | $usersubs->{$sub->{id}}; | |
197 | } | |
198 | ||
6a8a205a TC |
199 | sub iter_orders { |
200 | my ($siteuser) = @_; | |
201 | ||
202 | return $siteuser->orders; | |
203 | } | |
204 | ||
efcc5a30 TC |
205 | sub iter_groups { |
206 | require BSE::TB::SiteUserGroups; | |
207 | ||
208 | BSE::TB::SiteUserGroups->all; | |
209 | } | |
210 | ||
211 | sub tag_ifUserMember { | |
212 | my ($user, $rgroup) = @_; | |
213 | ||
214 | $$rgroup or return 0; | |
215 | ||
216 | $user->is_member_of($$rgroup); | |
217 | } | |
218 | ||
9063386f TC |
219 | sub req_edit { |
220 | my ($class, $req, $msg, $errors) = @_; | |
221 | ||
2076966c TC |
222 | $class->_display_user($req, $msg, $errors, 'admin/users/edit'); |
223 | } | |
224 | ||
a0edb02e TC |
225 | sub req_deleteform { |
226 | my ($class, $req, $msg, $errors) = @_; | |
227 | ||
228 | $class->_display_user($req, $msg, $errors, 'admin/users/delete'); | |
229 | } | |
230 | ||
2076966c TC |
231 | sub req_view { |
232 | my ($class, $req, $msg, $errors) = @_; | |
233 | ||
234 | $class->_display_user($req, $msg, $errors, 'admin/users/view'); | |
235 | } | |
236 | ||
237 | sub _display_user { | |
238 | my ($class, $req, $msg, $errors, $template) = @_; | |
239 | ||
9063386f TC |
240 | my $cgi = $req->cgi; |
241 | my $id = $cgi->param('id'); | |
49cca15d TC |
242 | my $userId = $cgi->param('userId'); |
243 | my $siteuser; | |
244 | if (defined $id) { | |
b7cadc84 | 245 | $siteuser = BSE::TB::SiteUsers->getByPkey($id) |
49cca15d TC |
246 | or return $class->req_list($req, "No site user id '$id' found"); |
247 | } | |
248 | elsif (defined $userId) { | |
b7cadc84 | 249 | ($siteuser) = BSE::TB::SiteUsers->getBy(userId => $userId) |
49cca15d TC |
250 | or return $class->req_list($req, "No site user logon '$userId' found"); |
251 | } | |
252 | else { | |
253 | return $class->req_list($req, "No site user id supplied"); | |
254 | } | |
9063386f | 255 | |
d49f56a6 TC |
256 | my $it = BSE::Util::Iterate->new; |
257 | ||
74b3689a TC |
258 | $msg = $req->message($msg || $errors); |
259 | ||
260 | $req->set_variable(siteuser => $siteuser); | |
9063386f | 261 | |
32696f84 TC |
262 | require BSE::TB::OwnedFiles; |
263 | my @file_cats = BSE::TB::OwnedFiles->categories($req->cfg); | |
264 | my %subbed = map { $_ => 1 } $siteuser->subscribed_file_categories; | |
265 | for my $cat (@file_cats) { | |
266 | $cat->{subscribed} = exists $subbed{$cat->{id}} ? 1 : 0; | |
267 | } | |
268 | ||
220c179a TC |
269 | my @subs = grep $_->{visible}, BSE::SubscriptionTypes->all; |
270 | my $sub_index; | |
271 | require BSE::SubscribedUsers; | |
272 | my @usersubs = BSE::SubscribedUsers->getBy(userId=>$siteuser->{id}); | |
273 | my %usersubs = map { $_->{subId}, $_ } @usersubs; | |
efcc5a30 | 274 | my $current_group; |
32696f84 | 275 | my $current_file; |
9063386f TC |
276 | my %acts; |
277 | %acts = | |
278 | ( | |
32696f84 | 279 | $req->admin_tags, |
9063386f TC |
280 | message => $msg, |
281 | siteuser => [ \&tag_hash, $siteuser ], | |
282 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
283 | ifRequired => [ \&tag_if_required, $req->cfg ], | |
d49f56a6 TC |
284 | $it->make_iterator([ \&iter_flags, $req->cfg], 'flag', 'flags'), |
285 | ifFlagSet => [ \&tag_if_flag_set, $siteuser->{flags} ], | |
220c179a TC |
286 | $it->make_iterator(undef, 'subscription', 'subscriptions', \@subs, |
287 | \$sub_index), | |
288 | ifSubscribed => | |
289 | [ \&tag_if_subscribed, $cgi, \@subs, \$sub_index, \%usersubs ], | |
6a8a205a TC |
290 | $it->make_iterator([ \&iter_orders, $siteuser ], |
291 | 'userorder', 'userorders' ), | |
3c32512d | 292 | $class->_edit_tags($siteuser, $req->cfg), |
efcc5a30 TC |
293 | $it->make_iterator(\&iter_groups, 'group', 'groups', |
294 | undef, undef, undef, \$current_group), | |
295 | ifMember => [ \&tag_ifUserMember, $siteuser, \$current_group ], | |
2076966c TC |
296 | $it->make_iterator([ \&iter_seminar_bookings, $siteuser], |
297 | 'booking', 'bookings'), | |
32696f84 TC |
298 | $it->make |
299 | ( | |
300 | code => [ files => $siteuser ], | |
301 | single => "userfile", | |
302 | plural => "userfiles", | |
303 | store => \$current_file, | |
304 | ), | |
305 | userfile_category => [ tag_userfile_category => $class, $req, \$current_file ], | |
306 | $it->make | |
307 | ( | |
308 | data => \@file_cats, | |
309 | single => "filecat", | |
310 | plural => "filecats" | |
311 | ), | |
9063386f TC |
312 | ); |
313 | ||
4d764c34 | 314 | return $req->dyn_response($template, \%acts); |
9063386f TC |
315 | } |
316 | ||
32696f84 TC |
317 | sub tag_userfile_category { |
318 | my ($self, $req, $rfile) = @_; | |
319 | ||
320 | my ($current) = $req->cgi->param("category"); | |
321 | unless (defined $current) { | |
322 | if ($rfile && $$rfile) { | |
323 | $current = $$rfile->category; | |
324 | } | |
325 | } | |
326 | defined $current | |
327 | or $current = ""; | |
328 | ||
329 | require BSE::TB::OwnedFiles; | |
330 | my @all = BSE::TB::OwnedFiles->categories($req->cfg); | |
331 | return popup_menu | |
332 | ( | |
333 | -name => "category", | |
334 | -default => $current, | |
335 | -values => [ map $_->{id}, @all ], | |
336 | -labels => { map { $_->{id} => $_->{name} } @all }, | |
337 | ); | |
338 | } | |
339 | ||
2076966c TC |
340 | sub iter_seminar_bookings { |
341 | my ($siteuser) = @_; | |
342 | ||
343 | return $siteuser->seminar_bookings_detail; | |
344 | } | |
345 | ||
9063386f TC |
346 | sub req_save { |
347 | my ($class, $req) = @_; | |
348 | ||
349 | my $cgi = $req->cgi; | |
350 | my $cfg = $req->cfg; | |
351 | ||
352 | my $id = $cgi->param('id'); | |
353 | $id && $id =~ /^\d+$/ | |
354 | or return $class->req_list($req, "No user id supplied"); | |
355 | ||
b7cadc84 | 356 | my $user = BSE::TB::SiteUsers->getByPkey($id) |
9063386f TC |
357 | or return $class->req_list($req, "No user $id found"); |
358 | ||
359 | my %errors; | |
360 | my $nopassword = $req->cfg->entry('site users', 'nopassword', 0); | |
b7cadc84 | 361 | my @cols = grep !$donttouch{$_}, BSE::TB::SiteUser->columns; |
288ef5b8 TC |
362 | my $custom = custom_class($cfg); |
363 | my @required = $custom->siteuser_edit_required($req, $user); | |
364 | for my $col (@required) { | |
9063386f | 365 | my $value = $cgi->param($col); |
288ef5b8 TC |
366 | if (defined $value && $value eq '') { |
367 | my $disp = $cfg->entry('site users', "display_$col", "\u$col"); | |
368 | $errors{$col} = "$disp is a required field"; | |
9063386f TC |
369 | } |
370 | } | |
371 | ||
372 | my $saveemail; | |
373 | my $email = $cgi->param('email'); | |
6aa67dd9 | 374 | $email =~ s/^\s+|\s+$//g; |
288ef5b8 TC |
375 | if (defined $email && $email ne $user->{email} && $email ne '') { |
376 | if ($email !~ /.\@./) { | |
505456b1 TC |
377 | $errors{email} = "Email is invalid"; |
378 | } | |
379 | unless ($errors{email}) { | |
380 | if ($nopassword) { | |
381 | my $conf_email = $cgi->param('confirmemail'); | |
6aa67dd9 | 382 | $conf_email =~ s/^\s+|\s+$//g; |
505456b1 TC |
383 | if ($conf_email) { |
384 | if ($conf_email eq $email) { | |
b7cadc84 | 385 | my $other = BSE::TB::SiteUsers->getBy(userId=>$email); |
505456b1 TC |
386 | if ($other) { |
387 | $errors{email} = "That email address is already in use"; | |
388 | } | |
389 | else { | |
390 | ++$saveemail; | |
391 | } | |
9063386f TC |
392 | } |
393 | else { | |
505456b1 TC |
394 | $errors{confirmemail} = |
395 | "Confirmation email address doesn't match email address"; | |
9063386f | 396 | } |
505456b1 | 397 | } |
9063386f | 398 | else { |
505456b1 | 399 | $errors{confirmemail} = "Please enter a confirmation email address"; |
9063386f TC |
400 | } |
401 | } | |
402 | else { | |
505456b1 | 403 | ++$saveemail; |
9063386f TC |
404 | } |
405 | } | |
505456b1 | 406 | unless ($errors{email}) { |
b7cadc84 | 407 | my $checkemail = BSE::TB::SiteUser->generic_email($email); |
505456b1 TC |
408 | require BSE::EmailBlacklist; |
409 | my $blackentry = BSE::EmailBlacklist->getEntry($checkemail); | |
410 | if ($blackentry) { | |
411 | $errors{email} = "Email $email is blacklisted: $blackentry->{why}"; | |
412 | } | |
9063386f TC |
413 | } |
414 | } | |
415 | ||
416 | my $newpass; | |
417 | unless ($nopassword) { | |
418 | $newpass = $cgi->param('password'); | |
419 | my $confirm = $cgi->param('confirm_password'); | |
420 | ||
421 | if (defined $newpass && length $newpass) { | |
77f53961 | 422 | my @errors; |
b7cadc84 AO |
423 | my %other = map { $_ => $user->$_() } BSE::TB::SiteUser->password_check_fields; |
424 | if (!BSE::TB::SiteUser->check_password_rules | |
77f53961 TC |
425 | ( |
426 | password => $newpass, | |
427 | username => $user->userId, | |
428 | other => \%other, | |
429 | errors => \@errors, | |
430 | )) { | |
431 | $errors{password} = \@errors; | |
9063386f TC |
432 | } |
433 | elsif (!defined $confirm || length $confirm == 0) { | |
434 | $errors{confirm_password} = "Please enter a confirmation password"; | |
435 | } | |
436 | elsif ($newpass ne $confirm) { | |
437 | $errors{confirm_password} = "The confirmation password is different from the password"; | |
438 | } | |
439 | } | |
440 | } | |
441 | ||
dfdeb4fe | 442 | my $aff_name = $cgi->param('affiliate_name'); |
3c32512d TC |
443 | $aff_name = _validate_affiliate_name($req, $aff_name, \%errors, $user); |
444 | ||
445 | $class->_save_images($req->cfg, $req->cgi, $user, \%errors); | |
dfdeb4fe | 446 | |
0f09d542 TC |
447 | if ($cfg->entry('custom', 'admin_saveopts') && |
448 | $custom->can("admin_siteuser_saveopts_validate")) { | |
449 | $custom->admin_siteuser_saveopts_validate($user, $req, \%errors); | |
450 | } | |
451 | ||
9063386f TC |
452 | keys %errors |
453 | and return $class->req_edit($req, undef, \%errors); | |
454 | ||
455 | my $newemail; | |
456 | if ($saveemail && $email ne $user->{email}) { | |
457 | $user->{confirmed} = 0; | |
458 | $user->{confirmSecret} = ''; | |
459 | $user->{email} = $email; | |
460 | $user->{userId} = $email if $nopassword; | |
461 | ++$newemail; | |
462 | } | |
5899bc52 TC |
463 | if (!$nopassword && $newpass) { |
464 | $user->changepw($newpass, $req->user || "U"); | |
465 | } | |
9063386f | 466 | |
dfdeb4fe TC |
467 | $user->{affiliate_name} = $aff_name if defined $aff_name; |
468 | ||
9063386f TC |
469 | for my $col (@cols) { |
470 | my $value = $cgi->param($col); | |
471 | if (defined $value) { | |
472 | $user->{$col} = $value; | |
473 | } | |
474 | } | |
475 | ||
0f09d542 TC |
476 | if ($cfg->entry('custom', 'admin_saveopts')) { |
477 | $custom->admin_siteuser_saveopts($user, $req); | |
478 | } | |
479 | ||
d49f56a6 TC |
480 | my @flags = flags($cfg); |
481 | my %flags = map { $_->{id} => 1 } @flags; | |
482 | $user->{flags} = join('', grep exists $flags{$_}, $cgi->param('flags')) | |
483 | if $cgi->param('saveFlags'); | |
484 | ||
9063386f TC |
485 | $user->{textOnlyMail} = 0 |
486 | if $cgi->param('saveTextOnlyMail') && !defined $cgi->param('textOnlyMail'); | |
9063386f TC |
487 | $user->{disabled} = 0 |
488 | if $cgi->param('saveDisabled') && !defined $cgi->param('disabled'); | |
489 | $user->save; | |
490 | ||
efcc5a30 TC |
491 | # save group membership |
492 | my @save_ids = $cgi->param('set_group_id'); | |
493 | if (@save_ids) { | |
494 | my %member_of = map { $_ => 1 } $user->group_ids; | |
495 | my %new_ids = map { $_ => 1 } $cgi->param('group_id'); | |
496 | require BSE::TB::SiteUserGroups; | |
497 | my %all_groups = map { $_->{id} => $_ } BSE::TB::SiteUserGroups->all; | |
498 | ||
499 | for my $id (@save_ids) { | |
500 | my $group = $all_groups{$id} | |
501 | or next; | |
502 | if ($member_of{$id} and !$new_ids{$id}) { | |
503 | $group->remove_member($user->{id}); | |
ad34a019 TC |
504 | $custom->can('group_remove_member') |
505 | and $custom->group_remove_member($group, $user->{id}, $cfg); | |
efcc5a30 TC |
506 | } |
507 | elsif (!$member_of{$id} and $new_ids{$id}) { | |
508 | $group->add_member($user->{id}); | |
ad34a019 TC |
509 | $custom->can('group_add_member') |
510 | and $custom->group_add_member($group, $user->{id}, $cfg); | |
efcc5a30 TC |
511 | } |
512 | } | |
513 | } | |
514 | ||
220c179a TC |
515 | if ($cgi->param('checkedsubs')) { |
516 | $class->save_subs($req, $user); | |
517 | } | |
518 | ||
32696f84 TC |
519 | if ($cgi->param('save_file_subs')) { |
520 | my @new_subs = $cgi->param("file_subscriptions"); | |
521 | $user->set_subscribed_file_categories($cfg, @new_subs); | |
522 | } | |
523 | ||
505456b1 | 524 | $custom->siteusers_changed($cfg); |
ad34a019 TC |
525 | $custom->can('siteuser_edit') |
526 | and $custom->siteuser_edit($user, 'admin', $cfg); | |
505456b1 TC |
527 | |
528 | my @msgs; | |
9063386f TC |
529 | |
530 | my $sent_ok = 1; # no error handling if true | |
531 | my $code; | |
532 | my $msg; | |
533 | if ($nopassword) { | |
534 | $sent_ok = $user->send_conf_request($req->cgi, $req->cfg, \$code, \$msg) | |
535 | if $newemail; | |
536 | } | |
537 | else { | |
538 | my @subs = $user->subscriptions; | |
220c179a | 539 | if (@subs && !$user->{confirmed}) { |
9063386f TC |
540 | $sent_ok = $user->send_conf_request($req->cgi, $req->cfg, \$code, \$msg); |
541 | } | |
542 | } | |
543 | ||
544 | unless ($sent_ok) { | |
545 | if ($code eq 'blacklist') { | |
546 | push @msgs, "Could not send confirmation: Email address blacklisted: $msg"; | |
547 | } | |
548 | elsif ($code eq 'mail') { | |
549 | push @msgs, "Could not send confirmation: Error sending email: $msg"; | |
550 | } | |
551 | else { | |
552 | push @msgs, "Could not send confirmation: $msg"; | |
553 | } | |
554 | } | |
555 | ||
556 | my $r = $cgi->param('r'); | |
495114d1 | 557 | $req->flash("msg:bse/admin/siteusers/usersaved", [ $user ]); |
9063386f | 558 | unless ($r) { |
495114d1 | 559 | $r = $req->cfg->admin_url2('siteusers', 'list'); |
9063386f TC |
560 | } |
561 | $r .= "&m=".escape_uri($_) for @msgs; | |
562 | ||
563 | return BSE::Template->get_refresh($r, $req->cfg); | |
564 | } | |
565 | ||
a0edb02e TC |
566 | sub req_delete { |
567 | my ($class, $req) = @_; | |
568 | ||
569 | my $cgi = $req->cgi; | |
570 | my $cfg = $req->cfg; | |
571 | ||
572 | $req->check_csrf("admin_siteuser_delete") | |
573 | or return $class->csrf_error($req, "admin_siteuser_delete", "Delete Member"); | |
574 | ||
575 | my $id = $cgi->param('id'); | |
576 | $id && $id =~ /^\d+$/ | |
577 | or return $class->req_list($req, "No user id supplied"); | |
578 | ||
b7cadc84 | 579 | my $user = BSE::TB::SiteUsers->getByPkey($id) |
a0edb02e TC |
580 | or return $class->req_list($req, "No user $id found"); |
581 | ||
ac1f5536 TC |
582 | $req->audit |
583 | ( | |
584 | component => "members::delete", | |
585 | object => $user, | |
87a74ac9 | 586 | level => "notice", |
68d44fe0 | 587 | msg => "Site User '" . $user->userId . "' deleted", |
ac1f5536 | 588 | ); |
a0edb02e | 589 | |
495114d1 | 590 | my $logon = $user->userId; |
a0edb02e TC |
591 | |
592 | $user->remove($req->cfg); | |
593 | ||
495114d1 | 594 | $req->flash("msg:bse/admin/siteusers/userdeleted", [ $logon ]); |
a0edb02e TC |
595 | my $r = $cgi->param('r'); |
596 | unless ($r) { | |
495114d1 | 597 | $r = $req->cfg->admin_url2('siteusers', 'list'); |
a0edb02e | 598 | } |
a0edb02e TC |
599 | |
600 | return $req->get_refresh($r); | |
601 | } | |
602 | ||
9063386f TC |
603 | sub req_addform { |
604 | my ($class, $req, $msg, $errors) = @_; | |
605 | ||
606 | my $cgi = $req->cgi; | |
607 | ||
04329a85 | 608 | $msg = $req->message($msg || $errors); |
9063386f | 609 | |
220c179a TC |
610 | my $it = BSE::Util::Iterate->new; |
611 | ||
612 | my @subs = grep $_->{visible}, BSE::SubscriptionTypes->all; | |
613 | my $sub_index; | |
9063386f TC |
614 | my %acts; |
615 | %acts = | |
616 | ( | |
d5a6b1ee | 617 | $req->admin_tags, |
9063386f TC |
618 | message => $msg, |
619 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
620 | ifRequired => [ \&tag_if_required, $req->cfg ], | |
220c179a TC |
621 | $it->make_iterator([ \&iter_flags, $req->cfg], 'flag', 'flags'), |
622 | ifFlagSet => 0, | |
623 | $it->make_iterator(undef, 'subscription', 'subscriptions', \@subs, | |
624 | \$sub_index), | |
625 | ifSubscribed => | |
626 | [ \&tag_if_subscribed_register, $cgi, $req->cfg, \@subs, \$sub_index ], | |
9063386f TC |
627 | ); |
628 | ||
4d764c34 | 629 | return $req->dyn_response('admin/users/add', \%acts); |
9063386f TC |
630 | } |
631 | ||
632 | sub req_add { | |
633 | my ($class, $req) = @_; | |
634 | ||
635 | my $cgi = $req->cgi; | |
636 | my $cfg = $req->cfg; | |
637 | ||
638 | my %user; | |
b7cadc84 | 639 | my @cols = BSE::TB::SiteUser->columns; |
9063386f | 640 | shift @cols; |
9063386f | 641 | |
288ef5b8 TC |
642 | my $custom = custom_class($cfg); |
643 | my @required = $custom->siteuser_add_required($req); | |
644 | ||
9063386f TC |
645 | my $nopassword = $cfg->entryBool('site users', 'nopassword', 0); |
646 | my %errors; | |
647 | my $email = $cgi->param('email'); | |
6aa67dd9 | 648 | $email =~ s/^\s+|\s+$//g; |
4c4d3c3f | 649 | if (!defined $email) { # required check done later |
9063386f TC |
650 | $email = ''; # prevent undefined value warnings later |
651 | } | |
652 | elsif ($email !~ /.\@./) { | |
653 | $errors{email} = "Please enter a valid email address"; | |
654 | } | |
655 | if ($nopassword) { | |
656 | my $confemail = $cgi->param('confirmemail'); | |
657 | if (!defined $confemail or !length $confemail) { | |
658 | $errors{confirmemail} = "Please enter a confirmation email address"; | |
659 | } | |
660 | elsif ($email ne $confemail) { | |
661 | $errors{confirmemail} = "Confirmation email should match the Email Address"; | |
662 | } | |
b7cadc84 | 663 | my $user = BSE::TB::SiteUsers->getBy(userId=>$email); |
9063386f TC |
664 | if ($user) { |
665 | $errors{email} = "Sorry, email $email already exists as a user"; | |
666 | } | |
667 | $user{userId} = $email; | |
668 | $user{password} = ''; | |
669 | } | |
670 | else { | |
9063386f TC |
671 | my $userid = $cgi->param('userId'); |
672 | if (!defined $userid || length $userid == 0) { | |
673 | $errors{userId} = "Please enter a userid"; | |
674 | } | |
675 | my $pass = $cgi->param('password'); | |
77f53961 | 676 | $pass =~ s/\A\s+//, $pass =~ s/\s+\z// if defined $pass; |
9063386f | 677 | my $pass2 = $cgi->param('confirm_password'); |
77f53961 TC |
678 | $pass2 =~ s/\A\s+//, $pass2 =~ s/\s+\z// if defined $pass2; |
679 | my %other = map { $_ => scalar $cgi->param($_) } | |
b7cadc84 | 680 | BSE::TB::SiteUser->password_check_fields; |
77f53961 | 681 | my @errors; |
9063386f TC |
682 | if (!defined $pass || length $pass == 0) { |
683 | $errors{password} = "Please enter a password"; | |
684 | } | |
b7cadc84 | 685 | elsif (!BSE::TB::SiteUser->check_password_rules |
77f53961 TC |
686 | ( |
687 | password => $pass, | |
688 | username => $userid, | |
689 | other => \%other, | |
690 | errors => \@errors, | |
691 | )) { | |
692 | $errors{password} = \@errors; | |
9063386f TC |
693 | } |
694 | elsif (!defined $pass2 || length $pass2 == 0) { | |
695 | $errors{confirm_password} = "Please enter a confirmation password"; | |
696 | } | |
697 | elsif ($pass ne $pass2) { | |
698 | $errors{confirm_password} = | |
699 | "The confirmation password is different from the password"; | |
700 | } | |
b7cadc84 | 701 | my $user = BSE::TB::SiteUsers->getBy(userId=>$userid); |
9063386f TC |
702 | if ($user) { |
703 | # give the user a suggestion | |
704 | my $workuser = $userid; | |
705 | $workuser =~ s/\d+$//; | |
706 | my $suffix = 1; | |
707 | for my $suffix (1..100) { | |
b7cadc84 | 708 | unless (BSE::TB::SiteUsers->getBy(userId=>"$workuser$suffix")) { |
9063386f TC |
709 | $cgi->param(userid=>"$workuser$suffix"); |
710 | last; | |
711 | } | |
712 | } | |
713 | $errors{userId} = "Sorry, user $userid already exists"; | |
714 | } | |
715 | $user{userId} = $userid; | |
716 | $user{password} = $pass; | |
717 | } | |
718 | ||
719 | unless ($errors{email}) { | |
b7cadc84 | 720 | my $checkemail = BSE::TB::SiteUser->generic_email($email); |
9063386f TC |
721 | require 'BSE/EmailBlacklist.pm'; |
722 | my $blackentry = BSE::EmailBlacklist->getEntry($checkemail); | |
723 | if ($blackentry) { | |
724 | $errors{email} = "Email $email is blacklisted: $blackentry->{why}"; | |
725 | } | |
726 | } | |
727 | ||
728 | my @mod_cols = grep !$donttouch{$_}, @cols; | |
729 | for my $col (@mod_cols) { | |
730 | my $value = $cgi->param($col); | |
731 | if ($cfg->entryBool('site users', "require_$col")) { | |
732 | unless (defined $value && $value ne '') { | |
733 | my $disp = $cfg->entry('site users', "display_$col", "\u$col"); | |
734 | ||
735 | $errors{$col} = "$disp is a required field"; | |
736 | } | |
737 | } | |
738 | if (defined $value) { | |
739 | $user{$col} = $value; | |
740 | } | |
741 | } | |
3c32512d TC |
742 | |
743 | my $aff_name = $cgi->param('affiliate_name'); | |
744 | $aff_name = _validate_affiliate_name($req, $aff_name, \%errors); | |
745 | defined $aff_name or $aff_name = ''; | |
746 | ||
9063386f TC |
747 | if (keys %errors) { |
748 | return $class->req_addform($req, undef, \%errors); | |
749 | } | |
750 | ||
751 | $user{email} = $email; | |
3c32512d | 752 | $user{affiliate_name} = $aff_name; |
9063386f TC |
753 | if ($nopassword) { |
754 | use BSE::Util::Secure qw/make_secret/; | |
755 | $user{password} = make_secret($cfg); | |
756 | } | |
d49f56a6 TC |
757 | my @flags = flags($cfg); |
758 | my %flags = map { $_->{id} => 1 } @flags; | |
759 | $user{flags} = join('', grep exists $flags{$_}, $cgi->param('flags')); | |
9063386f TC |
760 | |
761 | my $user; | |
762 | eval { | |
b7cadc84 | 763 | $user = BSE::TB::SiteUsers->make(%user); |
9063386f TC |
764 | }; |
765 | if ($user) { | |
220c179a | 766 | my $subs = $class->save_subs($req, $user); |
45408d74 TC |
767 | |
768 | $req->audit | |
769 | ( | |
770 | actor => $req->user || "U", | |
771 | object => $user, | |
772 | component => "members::add", | |
68d44fe0 | 773 | msg => "Site User '" . $user->userId . "' created", |
87a74ac9 | 774 | level => "notice", |
45408d74 TC |
775 | ); |
776 | ||
495114d1 TC |
777 | $req->flash("msg:bse/admin/siteusers/usercreated", [ $user ]); |
778 | ||
9063386f TC |
779 | my $msg; |
780 | if ($nopassword) { | |
781 | my $code; | |
782 | my $sent_ok = $user->send_conf_request($cgi, $cfg, \$code, \$msg); | |
783 | } | |
220c179a TC |
784 | else { |
785 | if ($subs) { | |
786 | my $code; | |
787 | my $sent_ok = $user->send_conf_request($cgi, $cfg, \$code, \$msg); | |
788 | } | |
f197f061 TC |
789 | else { |
790 | if ($cfg->entry | |
791 | ('site users', 'notify_register_customer_admin', | |
792 | $cfg->entry('site users', 'notify_register_customer'))) { | |
793 | $user->send_registration_notify | |
794 | ( | |
795 | remote_addr => $req->ip_address | |
796 | ); | |
797 | } | |
798 | } | |
220c179a | 799 | } |
505456b1 | 800 | |
505456b1 | 801 | $custom->siteusers_changed($cfg); |
ad34a019 TC |
802 | $custom->can('siteuser_add') |
803 | and $custom->siteuser_add($user, 'admin', $cfg); | |
505456b1 | 804 | |
9063386f TC |
805 | my $r = $cgi->param('r'); |
806 | unless ($r) { | |
495114d1 | 807 | $r = $req->cfg->admin_url2('siteusers', 'list'); |
9063386f | 808 | } |
e3d242f7 | 809 | $r .= "&m=".escape_uri($msg) if $msg; |
9063386f TC |
810 | return BSE::Template->get_refresh($r, $cfg); |
811 | } | |
812 | else { | |
b27af108 | 813 | $class->req_addform($req, "Database error $@"); |
9063386f TC |
814 | } |
815 | } | |
816 | ||
220c179a TC |
817 | sub save_subs { |
818 | my ($class, $req, $user) = @_; | |
819 | ||
820 | my @subs = grep $_->{visible}, BSE::SubscriptionTypes->all; | |
821 | my %subs = map { $_->{id} => $_ } @subs; | |
822 | my @subids = $req->cgi->param('subscription'); | |
823 | $user->removeSubscriptions; | |
824 | require BSE::SubscribedUsers; | |
825 | my @cols = BSE::SubscribedUser->columns; | |
826 | shift @cols; | |
827 | my $found = 0; | |
828 | for my $id (@subids) { | |
829 | if ($subs{$id}) { | |
830 | my %usersub; | |
831 | $usersub{subId} = $id; | |
832 | $usersub{userId} = $user->{id}; | |
833 | ||
834 | BSE::SubscribedUsers->add(@usersub{@cols}); | |
835 | ++$found; | |
836 | } | |
837 | } | |
838 | ||
839 | $found; | |
840 | } | |
841 | ||
74b3689a TC |
842 | sub req_unlock { |
843 | my ($class, $req) = @_; | |
844 | ||
845 | my $cgi = $req->cgi; | |
846 | my $cfg = $req->cfg; | |
847 | ||
848 | my $id = $cgi->param('id'); | |
849 | $id && $id =~ /^\d+$/ | |
850 | or return $class->req_list($req, "No user id supplied"); | |
851 | ||
b7cadc84 | 852 | my $user = BSE::TB::SiteUsers->getByPkey($id) |
74b3689a TC |
853 | or return $class->req_list($req, "No user $id found"); |
854 | ||
855 | $user->unlock(request => $req); | |
856 | $req->flash_notice("msg:bse/user/unlocked", [ $user ]); | |
857 | ||
858 | my $uri = $cgi->param("r") || $cfg->admin_url2("siteusers", "list"); | |
859 | ||
860 | return $req->get_refresh($uri); | |
861 | } | |
862 | ||
3c32512d TC |
863 | sub _validate_affiliate_name { |
864 | my ($req, $aff_name, $errors, $user) = @_; | |
865 | ||
866 | my $display = $req->cfg->entry('site users', 'display_affiliate_name', | |
867 | "Affiliate name"); | |
868 | my $required = $req->cfg->entry('site users', 'require_affiliate_name', 0); | |
869 | ||
870 | if (defined $aff_name) { | |
871 | $aff_name =~ s/^\s+|\s+$//g; | |
872 | if (length $aff_name) { | |
873 | if ($aff_name =~ /^\w+$/) { | |
b7cadc84 | 874 | my $other = BSE::TB::SiteUsers->getBy(affiliate_name => $aff_name); |
3c32512d TC |
875 | if ($other && (!$user || $other->{id} != $user->{id})) { |
876 | $errors->{affiliate_name} = "$display $aff_name is already in use"; | |
877 | } | |
878 | else { | |
879 | return $aff_name; | |
880 | } | |
881 | } | |
882 | else { | |
883 | $errors->{affiliate_name} = "invalid $display, no spaces or special characters are allowed"; | |
884 | } | |
885 | } | |
886 | elsif ($required) { | |
887 | $errors->{affiliate_name} = "$display is a required field"; | |
888 | } | |
889 | else { | |
890 | return ''; | |
891 | } | |
892 | } | |
893 | ||
894 | # always required if making a new user | |
895 | if (!$errors->{affiliate_name} && $required && !$user) { | |
896 | $errors->{affiliate_name} = "$display is a required field"; | |
897 | } | |
898 | ||
899 | return; | |
900 | } | |
220c179a | 901 | |
efcc5a30 TC |
902 | sub _get_group { |
903 | my ($req, $msg) = @_; | |
904 | ||
905 | my $id = $req->cgi->param('id'); | |
32696f84 | 906 | defined $id && $id =~ /^-?\d+$/ |
efcc5a30 | 907 | or do { $$msg = "Missing or invalid group id"; return }; |
32696f84 TC |
908 | |
909 | my $group; | |
efcc5a30 | 910 | require BSE::TB::SiteUserGroups; |
32696f84 TC |
911 | if ($id < 0) { |
912 | $group = BSE::TB::SiteUserGroups->getQueryGroup($req->cfg, $id); | |
913 | } | |
914 | else { | |
915 | $group = BSE::TB::SiteUserGroups->getByPkey($id); | |
916 | } | |
efcc5a30 TC |
917 | $group |
918 | or do { $$msg = "Unknown group id"; return }; | |
919 | ||
920 | $group; | |
921 | } | |
922 | ||
923 | sub req_grouplist { | |
924 | my ($class, $req, $errors) = @_; | |
925 | ||
926 | require BSE::TB::SiteUserGroups; | |
32696f84 | 927 | my @groups = BSE::TB::SiteUserGroups->admin_and_query_groups($req->cfg); |
efcc5a30 TC |
928 | |
929 | my $msg = $req->message($errors); | |
930 | ||
931 | my $it = BSE::Util::Iterate->new; | |
932 | my %acts; | |
933 | %acts = | |
934 | ( | |
d5a6b1ee | 935 | $req->admin_tags, |
efcc5a30 TC |
936 | msg=>$msg, |
937 | message=>$msg, | |
938 | $it->make_iterator(undef, 'group', 'groups', \@groups), | |
939 | ); | |
940 | ||
4d764c34 | 941 | return $req->dyn_response('admin/users/grouplist', \%acts); |
efcc5a30 TC |
942 | } |
943 | ||
944 | sub req_addgroupform { | |
945 | my ($class, $req, $errors) = @_; | |
946 | ||
947 | my $msg = $req->message($errors); | |
948 | ||
949 | my %acts; | |
950 | %acts = | |
951 | ( | |
d5a6b1ee | 952 | $req->admin_tags, |
efcc5a30 TC |
953 | msg=>$msg, |
954 | message=>$msg, | |
495114d1 | 955 | ifError => 1, |
efcc5a30 TC |
956 | error_img => [ \&tag_error_img, $req->cfg, $errors ], |
957 | ); | |
958 | ||
4d764c34 | 959 | return $req->dyn_response('admin/users/groupadd', \%acts); |
efcc5a30 TC |
960 | } |
961 | ||
962 | sub req_addgroup { | |
963 | my ($class, $req) = @_; | |
964 | ||
965 | require BSE::TB::SiteUserGroups; | |
966 | my %fields = BSE::TB::SiteUserGroup->valid_fields; | |
967 | my %rules = BSE::TB::SiteUserGroup->valid_rules; | |
968 | ||
969 | my %errors; | |
970 | $req->validate(errors=>\%errors, | |
971 | fields=>\%fields, | |
972 | rules=>\%rules, | |
495114d1 | 973 | section=>SITEUSER_GROUP_SECT); |
c2096d67 TC |
974 | my $cgi = $req->cgi; |
975 | my $name = $cgi->param('name'); | |
495114d1 TC |
976 | unless ($errors{name}) { |
977 | my ($other) = BSE::TB::SiteUserGroups->getBy(name => $name); | |
978 | $other and $errors{name} = "Group '$name' already exists"; | |
979 | } | |
980 | keys %errors | |
981 | and return $class->req_addgroupform($req, \%errors); | |
982 | ||
efcc5a30 TC |
983 | my $group = BSE::TB::SiteUserGroups->add($name); |
984 | ||
495114d1 | 985 | $req->flash("msg:bse/admin/siteusers/groupcreated", [ $group ]); |
c2096d67 TC |
986 | my $r = $cgi->param('r'); |
987 | unless ($r) { | |
495114d1 | 988 | $r = $req->cfg->admin_url2('siteusers', "grouplist"); |
c2096d67 TC |
989 | } |
990 | return BSE::Template->get_refresh($r, $req->cfg); | |
efcc5a30 TC |
991 | } |
992 | ||
993 | sub req_editgroup { | |
994 | my ($class, $req, $errors) = @_; | |
995 | ||
996 | return $class->_common_group($req, $errors, 'admin/users/groupedit'); | |
997 | } | |
998 | ||
999 | sub req_savegroup { | |
1000 | my ($class, $req) = @_; | |
1001 | ||
1002 | my $msg; | |
1003 | my $group = _get_group($req, \$msg) | |
1004 | or return $class->req_grouplist($req, { id => $msg }); | |
1005 | ||
1006 | my %fields = BSE::TB::SiteUserGroup->valid_fields; | |
1007 | my %rules = BSE::TB::SiteUserGroup->valid_rules; | |
1008 | ||
1009 | my %errors; | |
1010 | $req->validate(errors=>\%errors, | |
1011 | fields=>\%fields, | |
1012 | rules=>\%rules, | |
1013 | section=>SITEUSER_GROUP_SECT) | |
1014 | or return $class->req_editgroup($req, \%errors); | |
c2096d67 TC |
1015 | |
1016 | my $cgi = $req->cgi; | |
1017 | $group->{name} = $cgi->param('name'); | |
efcc5a30 TC |
1018 | $group->save; |
1019 | ||
495114d1 | 1020 | $req->flash("msg:bse/admin/siteusers/groupsaved", [ $group ]); |
c2096d67 TC |
1021 | my $r = $cgi->param('r'); |
1022 | unless ($r) { | |
495114d1 | 1023 | $r = $req->cfg->admin_url2('siteusers', 'grouplist'); |
c2096d67 TC |
1024 | } |
1025 | return BSE::Template->get_refresh($r, $req->cfg); | |
efcc5a30 TC |
1026 | } |
1027 | ||
1028 | sub _common_group { | |
1029 | my ($class, $req, $errors, $template) = @_; | |
1030 | ||
1031 | my $msg; | |
1032 | my $group = _get_group($req, \$msg) | |
1033 | or return $class->req_grouplist($req, { id=> $msg }); | |
1034 | ||
1035 | $msg = $req->message($errors); | |
32696f84 TC |
1036 | my $it = BSE::Util::Iterate->new; |
1037 | my $current_file; | |
efcc5a30 TC |
1038 | my %acts; |
1039 | %acts = | |
1040 | ( | |
d5a6b1ee | 1041 | $req->admin_tags, |
efcc5a30 TC |
1042 | msg=>$msg, |
1043 | message=>$msg, | |
1044 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
1045 | group => [ \&tag_hash, $group ], | |
32696f84 TC |
1046 | $it->make |
1047 | ( | |
1048 | code => [ files => $group ], | |
1049 | single => "groupfile", | |
1050 | plural => "groupfiles", | |
1051 | store => \$current_file, | |
1052 | ), | |
efcc5a30 TC |
1053 | ); |
1054 | ||
4d764c34 | 1055 | return $req->dyn_response($template, \%acts); |
efcc5a30 TC |
1056 | } |
1057 | ||
1058 | sub req_deletegroupform { | |
1059 | my ($class, $req, $errors) = @_; | |
1060 | ||
1061 | return $class->_common_group($req, $errors, 'admin/users/groupdelete'); | |
1062 | } | |
1063 | ||
1064 | sub req_deletegroup { | |
1065 | my ($class, $req) = @_; | |
1066 | ||
1067 | my $msg; | |
1068 | my $group = _get_group($req, \$msg) | |
1069 | or return $class->req_grouplist($req, { id=>$msg }); | |
1070 | ||
495114d1 | 1071 | my $name = $group->name; |
efcc5a30 TC |
1072 | $group->remove; |
1073 | ||
c2096d67 | 1074 | my $r = $req->cgi->param('r'); |
495114d1 | 1075 | $req->flash("msg:bse/admin/siteusers/groupdeleted", [ $name ]); |
c2096d67 | 1076 | unless ($r) { |
495114d1 | 1077 | $r = $req->cfg->admin_url2('siteusers', "grouplist"); |
c2096d67 TC |
1078 | } |
1079 | return BSE::Template->get_refresh($r, $req->cfg); | |
efcc5a30 TC |
1080 | } |
1081 | ||
1082 | sub tag_ifMember { | |
1083 | my ($ruser, $members) = @_; | |
1084 | ||
1085 | $$ruser or return 0; | |
1086 | exists $members->{$$ruser->{id}}; | |
1087 | } | |
1088 | ||
1089 | sub req_groupmemberform { | |
1090 | my ($class, $req, $errors) = @_; | |
1091 | ||
1092 | my $msg; | |
1093 | my $group = _get_group($req, \$msg) | |
1094 | or return $class->req_grouplist($req, { id=>$msg }); | |
1095 | ||
1096 | $msg = $req->message($errors); | |
1097 | ||
1098 | my %members = map { $_=> 1 } $group->member_ids; | |
b7cadc84 | 1099 | my @siteusers = BSE::TB::SiteUsers->all; |
efcc5a30 TC |
1100 | |
1101 | my $user; | |
1102 | ||
1103 | my $it = BSE::Util::Iterate->new; | |
1104 | my %acts; | |
1105 | %acts = | |
1106 | ( | |
d5a6b1ee | 1107 | $req->admin_tags, |
efcc5a30 TC |
1108 | msg=>$msg, |
1109 | message=>$msg, | |
1110 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
1111 | group => [ \&tag_hash, $group ], | |
1112 | $it->make_iterator(undef, 'siteuser', 'siteusers', \@siteusers, | |
1113 | undef, undef, \$user), | |
1114 | ifMember => [ \&tag_ifMember, \$user, \%members ], | |
1115 | ); | |
1116 | ||
4d764c34 | 1117 | return $req->dyn_response('admin/users/groupmembers', \%acts); |
efcc5a30 TC |
1118 | } |
1119 | ||
1120 | sub req_savegroupmembers { | |
1121 | my ($class, $req) = @_; | |
1122 | ||
1123 | my $msg; | |
1124 | my $group = _get_group($req, \$msg) | |
1125 | or return $class->req_grouplist($req, { id=>$msg }); | |
1126 | ||
1127 | my $cgi = $req->cgi; | |
1128 | my %current_ids = map { $_ => 1 } $group->member_ids; | |
1129 | my @to_be_set = $cgi->param('set_is_member'); | |
1130 | my %set_ids = map { $_ => 1 } $cgi->param('is_member'); | |
b7cadc84 | 1131 | my %all_ids = map { $_ => 1 } BSE::TB::SiteUsers->all_ids; |
efcc5a30 | 1132 | |
ad34a019 TC |
1133 | my $custom = custom_class($req->cfg); |
1134 | ||
efcc5a30 TC |
1135 | for my $id (@to_be_set) { |
1136 | next unless $all_ids{$id}; | |
1137 | ||
1138 | if ($set_ids{$id} && !$current_ids{$id}) { | |
1139 | $group->add_member($id); | |
ad34a019 TC |
1140 | $custom->can('group_add_member') |
1141 | and $custom->group_add_member($group, $id, $req->cfg); | |
efcc5a30 TC |
1142 | } |
1143 | elsif (!$set_ids{$id} && $current_ids{$id}) { | |
1144 | $group->remove_member($id); | |
ad34a019 TC |
1145 | $custom->can('group_remove_member') |
1146 | and $custom->group_remove_member($group, $id, $req->cfg); | |
efcc5a30 TC |
1147 | } |
1148 | } | |
1149 | ||
495114d1 | 1150 | $req->flash("msg:bse/admin/siteusers/membershipsaved", [ $group ]); |
c2096d67 TC |
1151 | my $r = $cgi->param('r'); |
1152 | unless ($r) { | |
495114d1 | 1153 | $r = $req->cfg->admin_url2('siteusers', 'grouplist'); |
c2096d67 TC |
1154 | } |
1155 | return BSE::Template->get_refresh($r, $req->cfg); | |
efcc5a30 TC |
1156 | } |
1157 | ||
6555857d TC |
1158 | sub req_confirm { |
1159 | my ($class, $req) = @_; | |
1160 | ||
1161 | $ENV{REMOTE_USER} || $req->getuser | |
1162 | or return $class->error($req, | |
1163 | { error => "You must be authenticated to use this function. Either enable access control or setup .htpasswd." }); | |
1164 | ||
1165 | my $cgi = $req->cgi; | |
1166 | my $id = $cgi->param('id'); | |
1167 | defined $id | |
1168 | or return $class->req_list($req, "No site user id supplied"); | |
b7cadc84 | 1169 | my $siteuser = BSE::TB::SiteUsers->getByPkey($id) |
6555857d TC |
1170 | or return $class->req_list($req, "No such site user found"); |
1171 | ||
1172 | $siteuser->{confirmed} = 1; | |
1173 | $siteuser->save; | |
1174 | ||
495114d1 | 1175 | $req->flash("msg:bse/admin/siteusers/confirmed", [ $siteuser ]); |
6555857d TC |
1176 | my $r = $cgi->param('r'); |
1177 | unless ($r) { | |
495114d1 | 1178 | $r = $req->cfg->admin_url2('siteusers', 'list'); |
6555857d TC |
1179 | } |
1180 | ||
1181 | return BSE::Template->get_refresh($r, $req->cfg); | |
1182 | } | |
1183 | ||
32696f84 TC |
1184 | my %file_fields = |
1185 | ( | |
1186 | content_type => | |
1187 | { | |
1188 | description => "Content type", | |
1189 | rules => "dh_one_line", | |
1190 | }, | |
1191 | category => | |
1192 | { | |
1193 | description => "Category", | |
1194 | rules => "dh_one_line", | |
1195 | }, | |
1196 | modwhen_date => | |
1197 | { | |
1198 | description => "Last Modified date", | |
1199 | rules => "date", | |
6450bbad | 1200 | required_if => "modwhen_time", |
32696f84 TC |
1201 | }, |
1202 | modwhen_time => | |
1203 | { | |
1204 | description => "Last Modified time", | |
1205 | rules => "time", | |
1206 | required_if => "modwhen_date", | |
1207 | }, | |
1208 | title => | |
1209 | { | |
1210 | description => "Title", | |
1211 | rules => "dh_one_line", | |
1212 | }, | |
1213 | body => | |
1214 | { | |
1215 | description => "Body", | |
1216 | }, | |
1217 | ); | |
1218 | ||
1219 | my %save_file_fields = | |
1220 | ( | |
1221 | content_type => | |
1222 | { | |
1223 | description => "Content type", | |
1224 | rules => "dh_one_line", | |
1225 | }, | |
1226 | category => | |
1227 | { | |
1228 | description => "Category", | |
1229 | rules => "dh_one_line", | |
1230 | }, | |
1231 | modwhen_date => | |
1232 | { | |
1233 | description => "Last Modified date", | |
1234 | rules => "date", | |
6450bbad | 1235 | required => 1, |
32696f84 TC |
1236 | }, |
1237 | modwhen_time => | |
1238 | { | |
1239 | description => "Last Modified time", | |
1240 | rules => "time", | |
1241 | required => 1, | |
1242 | }, | |
1243 | title => | |
1244 | { | |
1245 | description => "Title", | |
1246 | rules => "dh_one_line", | |
1247 | required => 1, | |
1248 | }, | |
1249 | body => | |
1250 | { | |
1251 | description => "Body", | |
1252 | }, | |
1253 | ); | |
1254 | ||
1255 | sub req_adduserfileform { | |
1256 | my ($self, $req, $errors) = @_; | |
1257 | ||
1258 | my $msg; | |
1259 | my $siteuser = _get_user($req, \$msg) | |
1260 | or return $self->req_list($req, $msg); | |
1261 | ||
4ae3f7d7 TC |
1262 | $msg = $req->message($errors); |
1263 | ||
32696f84 TC |
1264 | my %acts = |
1265 | ( | |
1266 | $req->admin_tags, | |
1267 | message => $msg, | |
1268 | siteuser => [ \&tag_hash, $siteuser ], | |
1269 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
4ae3f7d7 | 1270 | ifError => 1, |
32696f84 TC |
1271 | userfile_category => [ tag_userfile_category => $self, $req, undef ], |
1272 | ); | |
1273 | ||
1274 | return $req->dyn_response("admin/users/add_user_file", \%acts); | |
1275 | } | |
1276 | ||
1277 | sub req_adduserfile { | |
1278 | my ($self, $req) = @_; | |
1279 | ||
1280 | my $msg; | |
1281 | my $user = _get_user($req, \$msg) | |
1282 | or return $self->req_list($req, $msg); | |
1283 | ||
1284 | my $cgi = $req->cgi; | |
1285 | ||
1286 | $req->check_csrf("admin_user_add_file") | |
1287 | or return $self->csrf_error($req, "admin_user_add_file", "Add Member File"); | |
1288 | ||
1289 | my %errors; | |
1290 | $req->validate(fields => \%file_fields, | |
1291 | errors => \%errors); | |
1292 | ||
1293 | my $file = $cgi->param("file"); | |
1294 | my $file_fh = $cgi->upload("file"); | |
1295 | unless ($file) { | |
1296 | $errors{file} = "Please select a file"; | |
1297 | } | |
1298 | if ($file && -z $file) { | |
1299 | $errors{file} = "File is empty"; | |
1300 | } | |
1301 | if (!$errors{$file} && !$file_fh) { | |
1302 | $errors{file} = "Something is wrong with the upload form or your file wasn't found"; | |
1303 | } | |
1304 | ||
1305 | keys %errors | |
4ae3f7d7 | 1306 | and return $self->req_adduserfileform($req, \%errors); |
32696f84 TC |
1307 | |
1308 | require BSE::API; | |
1309 | BSE::API->import("bse_add_owned_file"); | |
1310 | ||
1311 | my %file; | |
1312 | $file{file} = $file_fh; | |
1313 | for my $field (qw/content_type category title body/) { | |
1314 | my ($value) = $cgi->param($field); | |
1315 | defined $value or $value = ""; | |
1316 | $file{$field} = $value; | |
1317 | } | |
1318 | $file{download} = $cgi->param('download') ? 1 : 0; | |
1319 | my $mod_date = $cgi->param("modwhen_date"); | |
1320 | my $mod_time = $cgi->param("modwhen_time"); | |
1321 | if ($mod_date && $mod_time) { | |
1322 | $file{modwhen} = dh_parse_date_sql($mod_date) . " " | |
1323 | . dh_parse_time_sql($mod_time); | |
1324 | } | |
1325 | $file{display_name} = $file . ""; | |
1326 | my $upload_info = $cgi->uploadInfo($file); | |
1327 | # some content types come through strangely | |
1328 | # if (!$file{content_type} && $upload_info->{"Content-Type"}) { | |
1329 | # $file{content_type} = $upload_info->{"Content-Type"} | |
1330 | # } | |
1331 | for my $key (keys %$upload_info) { | |
1332 | print STDERR "uploadinfo: $key: $upload_info->{$key}\n"; | |
1333 | } | |
1334 | local $SIG{__DIE__}; | |
1335 | my $owned_file = eval { bse_add_owned_file($req->cfg, $user, %file) }; | |
1336 | unless ($owned_file) { | |
1337 | $errors{file} = $@; | |
1338 | return $self->req_edit($req, undef, \%errors); | |
1339 | } | |
1340 | ||
1341 | my $r = $cgi->param('r'); | |
495114d1 | 1342 | $req->flash("msg:bse/admin/siteusers/userfilecreated", [ $user, $owned_file ]); |
32696f84 | 1343 | unless ($r) { |
495114d1 | 1344 | $r = $req->cfg->admin_url2('siteusers', 'edit', { _t => "files", id => $user->id }); |
32696f84 TC |
1345 | } |
1346 | ||
1347 | return BSE::Template->get_refresh($r, $req->cfg); | |
1348 | } | |
1349 | ||
1350 | sub _get_user_file { | |
1351 | my ($req, $user, $msg) = @_; | |
1352 | ||
1353 | my $file_id = $req->cgi->param("file_id"); | |
1354 | unless (defined $file_id && $file_id =~ /^\d+$/) { | |
1355 | $$msg = "Missing or invalid file id"; | |
1356 | return; | |
1357 | } | |
1358 | require BSE::TB::OwnedFiles; | |
1359 | my ($file) = BSE::TB::OwnedFiles->getBy | |
1360 | ( | |
1361 | owner_type => $user->file_owner_type, | |
1362 | owner_id => $user->id, | |
1363 | id => $file_id | |
1364 | ); | |
1365 | unless ($file) { | |
1366 | $$msg = "No such file found"; | |
1367 | return; | |
1368 | } | |
1369 | ||
1370 | return $file; | |
1371 | } | |
1372 | ||
1373 | sub _show_userfile { | |
1374 | my ($self, $req, $template, $siteuser, $file, $errors) = @_; | |
1375 | ||
1376 | my $message = $req->message($errors); | |
1377 | ||
1378 | my %acts = | |
1379 | ( | |
1380 | $req->admin_tags, | |
1381 | userfile => [ \&tag_hash, $file ], | |
1382 | message => $message, | |
1383 | siteuser => [ \&tag_hash, $siteuser ], | |
1384 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
1385 | userfile_category => [ tag_userfile_category => $self, $req, \$file ], | |
1386 | ); | |
1387 | ||
1388 | return $req->dyn_response($template, \%acts); | |
1389 | } | |
1390 | ||
1391 | sub req_edituserfile { | |
1392 | my ($self, $req, $errors) = @_; | |
1393 | ||
1394 | my $msg; | |
1395 | my $siteuser = _get_user($req, \$msg) | |
1396 | or return $self->req_list($req, $msg); | |
1397 | ||
1398 | my $file = _get_user_file($req, $siteuser, \$msg) | |
1399 | or return $self->req_list($req, $msg); | |
1400 | ||
1401 | return $self->_show_userfile($req, "admin/users/edit_user_file", $siteuser, $file, $errors); | |
1402 | } | |
1403 | ||
1404 | sub req_deluserfileform { | |
1405 | my ($self, $req, $errors) = @_; | |
1406 | ||
1407 | my $msg; | |
1408 | my $siteuser = _get_user($req, \$msg) | |
1409 | or return $self->req_list($req, $msg); | |
1410 | ||
1411 | my $file = _get_user_file($req, $siteuser, \$msg) | |
1412 | or return $self->req_list($req, $msg); | |
1413 | ||
1414 | return $self->_show_userfile($req, "admin/users/delete_user_file", $siteuser, $file, $errors); | |
1415 | } | |
1416 | ||
1417 | sub req_saveuserfile { | |
1418 | my ($self, $req) = @_; | |
1419 | ||
1420 | $req->check_csrf("admin_user_edit_file") | |
1421 | or return $self->csrf_error($req, "admin_user_edit_file", "Edit Member File"); | |
1422 | ||
1423 | my $msg; | |
1424 | my $siteuser = _get_user($req, \$msg) | |
1425 | or return $self->req_list($req, $msg); | |
1426 | ||
1427 | my $file = _get_user_file($req, $siteuser, \$msg) | |
1428 | or return $self->req_list($req, $msg); | |
1429 | ||
1430 | my %errors; | |
1431 | $req->validate(fields => \%file_fields, | |
1432 | errors => \%errors); | |
1433 | ||
1434 | my %changes; | |
1435 | my $cgi = $req->cgi; | |
1436 | my $new_file = $cgi->param("file"); | |
1437 | my $new_fh = $cgi->upload("file"); | |
1438 | ||
1439 | if ($new_file) { | |
1440 | if (!$new_fh) { | |
1441 | $errors{file} = "Something is wrong with the upload form or your file wasn't found"; | |
1442 | } | |
1443 | } | |
1444 | unless ($errors{file}) { | |
1445 | -z $new_file | |
1446 | and $errors{file} = "File is empty"; | |
1447 | } | |
1448 | ||
1449 | keys %errors | |
1450 | and return $self->req_edituserfile($req, \%errors); | |
1451 | ||
1452 | for my $field (qw/content_type category title body/) { | |
1453 | my ($value) = $cgi->param($field); | |
1454 | defined $value | |
1455 | and $changes{$field} = $value; | |
1456 | } | |
1457 | if ($new_file && $new_fh) { | |
1458 | $changes{file} = $new_fh; | |
1459 | $changes{display_name} = $new_file; | |
1460 | my $upload_info = $cgi->uploadInfo($new_file); | |
1461 | # some content types come through strangely | |
1462 | # if (!$changes{content_type} && $upload_info->{"Content-Type"}) { | |
1463 | # $changes{content_type} = $upload_info->{"Content-Type"} | |
1464 | # } | |
1465 | } | |
1466 | if (defined $changes{content_type} && !$changes{content_type} =~ /\S/) { | |
1467 | $errors{content_type} = "Content type must be set"; | |
1468 | } | |
1469 | $changes{download} = $cgi->param('download') ? 1 : 0; | |
1470 | my $mod_date = $cgi->param("modwhen_date"); | |
1471 | my $mod_time = $cgi->param("modwhen_time"); | |
1472 | if ($mod_date && $mod_time) { | |
1473 | $changes{modwhen} = dh_parse_date_sql($mod_date) . " " | |
1474 | . dh_parse_time_sql($mod_time); | |
1475 | } | |
1476 | ||
1477 | require BSE::API; | |
1478 | BSE::API->import("bse_replace_owned_file"); | |
1479 | my $good = eval { bse_replace_owned_file($req->cfg, $file, %changes); }; | |
1480 | ||
1481 | $good | |
1482 | or return $self->req_edituserfile($req, { _ => $@ }); | |
1483 | ||
495114d1 | 1484 | $req->flash("msg:bse/admin/siteusers/userfilesaved", [ $siteuser, $file ]); |
32696f84 TC |
1485 | my $r = $cgi->param('r'); |
1486 | unless ($r) { | |
495114d1 | 1487 | $r = $req->cfg->admin_url2('siteusers', 'edit', { _t => "files", id => $siteuser->id }); |
32696f84 TC |
1488 | } |
1489 | ||
1490 | return BSE::Template->get_refresh($r, $req->cfg); | |
1491 | } | |
1492 | ||
1493 | sub req_deluserfile { | |
1494 | my ($self, $req) = @_; | |
1495 | ||
1496 | $req->check_csrf("admin_user_del_file") | |
1497 | or return $self->csrf_error($req, "admin_user_del_file", "Delete Member File"); | |
1498 | ||
1499 | my $msg; | |
1500 | my $siteuser = _get_user($req, \$msg) | |
1501 | or return $self->req_list($req, $msg); | |
1502 | ||
1503 | my $file = _get_user_file($req, $siteuser, \$msg) | |
1504 | or return $self->req_list($req, $msg); | |
1505 | ||
495114d1 | 1506 | my $display_name = $file->display_name; |
32696f84 TC |
1507 | require BSE::API; |
1508 | BSE::API->import("bse_delete_owned_file"); | |
1509 | my $good = eval { bse_delete_owned_file($req->cfg, $file); }; | |
1510 | ||
1511 | $good | |
1512 | or return $self->req_deluserfileform($req, { _ => $@ }); | |
1513 | ||
495114d1 | 1514 | $req->flash("msg:bse/admin/siteusers/userfiledeleted", [ $siteuser, $display_name ]); |
32696f84 TC |
1515 | my $r = $req->cgi->param('r'); |
1516 | unless ($r) { | |
495114d1 | 1517 | $r = $req->cfg->admin_url2('siteusers', 'edit', { _t => "files", id => $siteuser->id }); |
32696f84 TC |
1518 | } |
1519 | ||
1520 | return BSE::Template->get_refresh($r, $req->cfg); | |
1521 | } | |
1522 | ||
1523 | sub req_addgroupfileform { | |
1524 | my ($self, $req, $errors) = @_; | |
1525 | ||
1526 | my $msg; | |
1527 | my $group = _get_group($req, \$msg) | |
1528 | or return $self->req_list($req, $msg); | |
1529 | ||
4ae3f7d7 TC |
1530 | $msg = $req->message($errors); |
1531 | ||
32696f84 TC |
1532 | my %acts = |
1533 | ( | |
1534 | $req->admin_tags, | |
1535 | message => $msg, | |
1536 | group => [ \&tag_hash, $group ], | |
1537 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
4ae3f7d7 | 1538 | ifError => 1, |
32696f84 TC |
1539 | userfile_category => [ tag_userfile_category => $self, $req, undef ], |
1540 | ); | |
1541 | ||
1542 | return $req->dyn_response("admin/users/add_group_file", \%acts); | |
1543 | } | |
1544 | ||
1545 | sub req_addgroupfile { | |
1546 | my ($self, $req) = @_; | |
1547 | ||
1548 | my $msg; | |
1549 | my $group = _get_group($req, \$msg) | |
1550 | or return $self->req_list($req, $msg); | |
1551 | ||
1552 | my $cgi = $req->cgi; | |
1553 | ||
1554 | $req->check_csrf("admin_group_add_file") | |
1555 | or return $self->csrf_error($req, "admin_group_add_file", "Add Member File"); | |
1556 | ||
1557 | my %errors; | |
1558 | $req->validate(fields => \%file_fields, | |
1559 | errors => \%errors); | |
1560 | ||
1561 | my $file = $cgi->param("file"); | |
1562 | my $file_fh = $cgi->upload("file"); | |
1563 | unless ($file) { | |
1564 | $errors{file} = "Please select a file"; | |
1565 | } | |
1566 | if ($file && -z $file) { | |
1567 | $errors{file} = "File is empty"; | |
1568 | } | |
1569 | if (!$errors{$file} && !$file_fh) { | |
1570 | $errors{file} = "Something is wrong with the upload form or your file wasn't found"; | |
1571 | } | |
1572 | ||
1573 | keys %errors | |
4ae3f7d7 | 1574 | and return $self->req_addgroupfileform($req, \%errors); |
32696f84 TC |
1575 | |
1576 | require BSE::API; | |
1577 | BSE::API->import("bse_add_owned_file"); | |
1578 | ||
1579 | my %file; | |
1580 | $file{file} = $file_fh; | |
1581 | for my $field (qw/content_type category title body/) { | |
1582 | my ($value) = $cgi->param($field); | |
1583 | defined $value or $value = ""; | |
1584 | $file{$field} = $value; | |
1585 | } | |
1586 | $file{download} = $cgi->param('download') ? 1 : 0; | |
1587 | my $mod_date = $cgi->param("modwhen_date"); | |
1588 | my $mod_time = $cgi->param("modwhen_time"); | |
1589 | if ($mod_date && $mod_time) { | |
1590 | $file{modwhen} = dh_parse_date_sql($mod_date) . " " | |
1591 | . dh_parse_time_sql($mod_time); | |
1592 | } | |
1593 | $file{display_name} = $file . ""; | |
1594 | my $upload_info = $cgi->uploadInfo($file); | |
1595 | # some content types come through strangely | |
1596 | # if (!$file{content_type} && $upload_info->{"Content-Type"}) { | |
1597 | # $file{content_type} = $upload_info->{"Content-Type"} | |
1598 | # } | |
1599 | for my $key (keys %$upload_info) { | |
1600 | print STDERR "uploadinfo: $key: $upload_info->{$key}\n"; | |
1601 | } | |
1602 | local $SIG{__DIE__}; | |
1603 | my $owned_file = eval { bse_add_owned_file($req->cfg, $group, %file) }; | |
1604 | unless ($owned_file) { | |
1605 | $errors{file} = $@; | |
1606 | return $self->req_edit($req, undef, \%errors); | |
1607 | } | |
1608 | ||
1609 | my $r = $cgi->param('r'); | |
495114d1 | 1610 | $req->flash("msg:bse/admin/siteusers/groupfilecreated", [ $group, $owned_file ]); |
32696f84 | 1611 | unless ($r) { |
495114d1 | 1612 | $r = $req->cfg->admin_url2('siteusers', 'editgroup', { _t => "files", id => $group->id }); |
32696f84 TC |
1613 | } |
1614 | ||
1615 | return BSE::Template->get_refresh($r, $req->cfg); | |
1616 | } | |
1617 | ||
1618 | sub _get_group_file { | |
1619 | my ($req, $group, $msg) = @_; | |
1620 | ||
1621 | my $file_id = $req->cgi->param("file_id"); | |
1622 | unless (defined $file_id && $file_id =~ /^\d+$/) { | |
1623 | $$msg = "Missing or invalid file id"; | |
1624 | return; | |
1625 | } | |
1626 | require BSE::TB::OwnedFiles; | |
1627 | my ($file) = BSE::TB::OwnedFiles->getBy | |
1628 | ( | |
1629 | owner_type => $group->file_owner_type, | |
1630 | owner_id => $group->id, | |
1631 | id => $file_id | |
1632 | ); | |
1633 | unless ($file) { | |
1634 | $$msg = "No such file found"; | |
1635 | return; | |
1636 | } | |
1637 | ||
1638 | return $file; | |
1639 | } | |
1640 | ||
1641 | sub _show_groupfile { | |
1642 | my ($self, $req, $template, $group, $file, $errors) = @_; | |
1643 | ||
1644 | my $message = $req->message($errors); | |
1645 | ||
1646 | my %acts = | |
1647 | ( | |
1648 | $req->admin_tags, | |
1649 | groupfile => [ \&tag_hash, $file ], | |
1650 | message => $message, | |
1651 | group => [ \&tag_hash, $group ], | |
1652 | error_img => [ \&tag_error_img, $req->cfg, $errors ], | |
1653 | userfile_category => [ tag_userfile_category => $self, $req, \$file ], | |
1654 | ); | |
1655 | ||
1656 | return $req->dyn_response($template, \%acts); | |
1657 | } | |
1658 | ||
1659 | sub req_editgroupfile { | |
1660 | my ($self, $req, $errors) = @_; | |
1661 | ||
1662 | my $msg; | |
1663 | my $group = _get_group($req, \$msg) | |
1664 | or return $self->req_list($req, $msg); | |
1665 | ||
1666 | my $file = _get_group_file($req, $group, \$msg) | |
1667 | or return $self->req_list($req, $msg); | |
1668 | ||
1669 | return $self->_show_groupfile($req, "admin/users/edit_group_file", $group, $file, $errors); | |
1670 | } | |
1671 | ||
1672 | sub req_delgroupfileform { | |
1673 | my ($self, $req, $errors) = @_; | |
1674 | ||
1675 | my $msg; | |
1676 | my $group = _get_group($req, \$msg) | |
1677 | or return $self->req_list($req, $msg); | |
1678 | ||
1679 | my $file = _get_group_file($req, $group, \$msg) | |
1680 | or return $self->req_list($req, $msg); | |
1681 | ||
1682 | return $self->_show_groupfile($req, "admin/users/delete_group_file", $group, $file, $errors); | |
1683 | } | |
1684 | ||
1685 | sub req_savegroupfile { | |
1686 | my ($self, $req) = @_; | |
1687 | ||
1688 | $req->check_csrf("admin_group_edit_file") | |
1689 | or return $self->csrf_error($req, "admin_group_edit_file", "Edit Member File"); | |
1690 | ||
1691 | my $msg; | |
1692 | my $group = _get_group($req, \$msg) | |
1693 | or return $self->req_list($req, $msg); | |
1694 | ||
1695 | my $file = _get_group_file($req, $group, \$msg) | |
1696 | or return $self->req_list($req, $msg); | |
1697 | ||
1698 | my %errors; | |
1699 | $req->validate(fields => \%file_fields, | |
1700 | errors => \%errors); | |
1701 | ||
1702 | my %changes; | |
1703 | my $cgi = $req->cgi; | |
1704 | my $new_file = $cgi->param("file"); | |
1705 | my $new_fh = $cgi->upload("file"); | |
1706 | ||
1707 | if ($new_file) { | |
1708 | if (!$new_fh) { | |
1709 | $errors{file} = "Something is wrong with the upload form or your file wasn't found"; | |
1710 | } | |
1711 | } | |
1712 | unless ($errors{file}) { | |
1713 | -z $new_file | |
1714 | and $errors{file} = "File is empty"; | |
1715 | } | |
1716 | ||
1717 | keys %errors | |
1718 | and return $self->req_editgroupfile($req, \%errors); | |
1719 | ||
1720 | for my $field (qw/content_type category title body/) { | |
1721 | my ($value) = $cgi->param($field); | |
1722 | defined $value | |
1723 | and $changes{$field} = $value; | |
1724 | } | |
1725 | if ($new_file && $new_fh) { | |
1726 | $changes{file} = $new_fh; | |
1727 | $changes{display_name} = $new_file; | |
1728 | my $upload_info = $cgi->uploadInfo($new_file); | |
1729 | # some content types come through strangely | |
1730 | # if (!$changes{content_type} && $upload_info->{"Content-Type"}) { | |
1731 | # $changes{content_type} = $upload_info->{"Content-Type"} | |
1732 | # } | |
1733 | } | |
1734 | if (defined $changes{content_type} && !$changes{content_type} =~ /\S/) { | |
1735 | $errors{content_type} = "Content type must be set"; | |
1736 | } | |
1737 | $changes{download} = $cgi->param('download') ? 1 : 0; | |
1738 | my $mod_date = $cgi->param("modwhen_date"); | |
1739 | my $mod_time = $cgi->param("modwhen_time"); | |
1740 | if ($mod_date && $mod_time) { | |
1741 | $changes{modwhen} = dh_parse_date_sql($mod_date) . " " | |
1742 | . dh_parse_time_sql($mod_time); | |
1743 | } | |
1744 | ||
1745 | require BSE::API; | |
1746 | BSE::API->import("bse_replace_owned_file"); | |
1747 | my $good = eval { bse_replace_owned_file($req->cfg, $file, %changes); }; | |
1748 | ||
1749 | $good | |
1750 | or return $self->req_editgroupfile($req, { _ => $@ }); | |
1751 | ||
495114d1 | 1752 | $req->flash("msg:bse/admin/siteusers/groupfilesaved", [ $group, $file ]); |
32696f84 TC |
1753 | my $r = $cgi->param('r'); |
1754 | unless ($r) { | |
495114d1 | 1755 | $r = $req->cfg->admin_url2('siteusers', 'editgroup', { _t => "files", id => $group->id }); |
32696f84 TC |
1756 | } |
1757 | ||
1758 | return BSE::Template->get_refresh($r, $req->cfg); | |
1759 | } | |
1760 | ||
1761 | sub req_delgroupfile { | |
1762 | my ($self, $req) = @_; | |
1763 | ||
1764 | $req->check_csrf("admin_group_del_file") | |
1765 | or return $self->csrf_error($req, "admin_group_del_file", "Delete Member File"); | |
1766 | ||
1767 | my $msg; | |
1768 | my $group = _get_group($req, \$msg) | |
1769 | or return $self->req_list($req, $msg); | |
1770 | ||
1771 | my $file = _get_group_file($req, $group, \$msg) | |
1772 | or return $self->req_list($req, $msg); | |
1773 | ||
495114d1 TC |
1774 | my $display_name = $file->display_name; |
1775 | ||
32696f84 TC |
1776 | require BSE::API; |
1777 | BSE::API->import("bse_delete_owned_file"); | |
1778 | my $good = eval { bse_delete_owned_file($req->cfg, $file); }; | |
1779 | ||
1780 | $good | |
1781 | or return $self->req_delgroupfileform($req, { _ => $@ }); | |
1782 | ||
495114d1 | 1783 | $req->flash("msg:bse/admin/siteusers/groupfiledeleted", [ $group, $display_name ]); |
32696f84 TC |
1784 | my $r = $req->cgi->param('r'); |
1785 | unless ($r) { | |
495114d1 | 1786 | $r = $req->cfg->admin_url2('siteusers', 'editgroup', { _t => "files", id => $group->id }); |
32696f84 TC |
1787 | } |
1788 | ||
1789 | return BSE::Template->get_refresh($r, $req->cfg); | |
1790 | } | |
1791 | ||
1792 | sub _get_user { | |
1793 | my ($req, $msg) = @_; | |
1794 | ||
1795 | my $id = $req->cgi->param('id'); | |
1796 | defined $id && $id =~ /^\d+$/ | |
1797 | or do { $$msg = "Missing or invalid user id"; return }; | |
1798 | require BSE::TB::SiteUserGroups; | |
b7cadc84 | 1799 | my $group = BSE::TB::SiteUsers->getByPkey($id); |
32696f84 TC |
1800 | $group |
1801 | or do { $$msg = "Unknown user id"; return }; | |
1802 | ||
1803 | $group; | |
1804 | } | |
1805 | ||
1806 | sub csrf_error { | |
1807 | my ($self, $req, $name, $description) = @_; | |
1808 | ||
1809 | my %errors; | |
1810 | my $msg = $req->csrf_error; | |
1811 | $errors{_csrfp} = $msg; | |
1812 | return $self->req_list($req, "$description: $msg ($name)"); | |
1813 | } | |
1814 | ||
1815 | sub tag_page_args { | |
1816 | my ($self, $page_args, $args) = @_; | |
1817 | ||
1818 | my %args = %$page_args; | |
1819 | if ($args) { | |
1820 | delete @args{split ' ', $args}; | |
1821 | } | |
1822 | ||
1823 | return join "&", map { "$_=" . escape_uri($args{$_}) } keys %args; | |
1824 | } | |
1825 | ||
1826 | sub tag_page_argsh { | |
1827 | my ($self, $page_args, $args) = @_; | |
1828 | ||
1829 | my %args = %$page_args; | |
1830 | if ($args) { | |
1831 | delete @args{split ' ', $args}; | |
1832 | } | |
1833 | ||
1834 | return join "", map | |
1835 | { | |
1836 | my $value = escape_html($args{$_}); | |
1837 | qq(<input type="hidden" name="$_" value="$value" />); | |
1838 | } keys %args; | |
1839 | } | |
1840 | ||
1841 | sub tag_fileaccess_user { | |
1842 | my ($rcurrent, $cache) = @_; | |
1843 | ||
1844 | $$rcurrent | |
1845 | or return ''; | |
1846 | my $id = $$rcurrent->siteuser_id; | |
1847 | exists $cache->{$id} | |
b7cadc84 | 1848 | or $cache->{$id} = BSE::TB::SiteUsers->getByPkey($id); |
32696f84 TC |
1849 | |
1850 | $cache->{$id} | |
1851 | or return "** No user $id"; | |
1852 | ||
1853 | return escape_html($cache->{$id}->userId); | |
1854 | } | |
1855 | ||
1856 | sub tag_ifFileuser { | |
1857 | my ($rcurrent, $cache) = @_; | |
1858 | ||
1859 | $$rcurrent | |
1860 | or return ''; | |
1861 | my $id = $$rcurrent->siteuser_id; | |
1862 | exists $cache->{$id} | |
b7cadc84 | 1863 | or $cache->{$id} = BSE::TB::SiteUsers->getByPkey($id); |
32696f84 TC |
1864 | |
1865 | return defined $cache->{$id}; | |
1866 | } | |
1867 | ||
1868 | sub _find_file_owner { | |
1869 | my ($owner_type, $owner_id, $cfg, $cache) = @_; | |
1870 | ||
1871 | require BSE::TB::SiteUserGroups; | |
1872 | my $owner; | |
b7cadc84 AO |
1873 | if ($owner_type eq BSE::TB::SiteUser->file_owner_type) { |
1874 | if ($cache->{$owner_id} ||= BSE::TB::SiteUsers->getByPkey($owner_id)) { | |
32696f84 TC |
1875 | $owner = $cache->{$owner_id}->data_only; |
1876 | $owner->{desc} = "User: " . $owner->{userId}; | |
1877 | } | |
1878 | else { | |
1879 | return; | |
1880 | } | |
1881 | } | |
1882 | elsif ($owner_type eq BSE::TB::SiteUserGroup->file_owner_type) { | |
1883 | my $group; | |
1884 | if ($owner_id < 0) { | |
1885 | $group = BSE::TB::SiteUserGroups->getQueryGroup($cfg, $owner_id); | |
1886 | } | |
1887 | else { | |
1888 | $group = BSE::TB::SiteUserGroups->getByPkey($owner_id); | |
1889 | } | |
1890 | $group | |
1891 | or return; | |
1892 | $owner = $group->data_only; | |
1893 | $owner->{desc} = "Group: " . $group->{name}; | |
1894 | } | |
1895 | else { | |
1896 | print STDERR "** Unknown file owner type $owner_type\n"; | |
1897 | return; | |
1898 | } | |
1899 | ||
1900 | return $owner; | |
1901 | } | |
1902 | ||
1903 | sub tag_fileowner { | |
1904 | my ($rcurrent, $cache, $cfg, $args) = @_; | |
1905 | ||
1906 | $$rcurrent or return ""; | |
1907 | ||
1908 | my $owner = _find_file_owner($$rcurrent->{owner_type}, $$rcurrent->{owner_id}, $cfg, $cache) | |
1909 | or return "Unknown"; | |
1910 | ||
1911 | return tag_hash($owner, $args); | |
1912 | } | |
1913 | ||
1914 | sub tag_filecat { | |
1915 | my ($rcurrent, $cats) = @_; | |
1916 | ||
1917 | $$rcurrent | |
1918 | or return ''; | |
1919 | ||
1920 | $cats->{$$rcurrent->{category}}; | |
1921 | } | |
1922 | ||
1923 | sub req_fileaccesslog { | |
1924 | my ($self, $req) = @_; | |
1925 | ||
1926 | my @filters; | |
1927 | my $cgi = $req->cgi; | |
1928 | my %page_args; | |
1929 | my $file_id = $cgi->param("file_id"); | |
1930 | my $file; | |
1931 | if ($file_id && $file_id =~ /^\d+$/) { | |
1932 | require BSE::TB::OwnedFiles; | |
1933 | $file = BSE::TB::OwnedFiles->getByPkey($file_id); | |
1934 | if ($file) { | |
1935 | push @filters, [ '=', file_id => $file_id ]; | |
1936 | $page_args{file_id} = $file_id; | |
1937 | } | |
1938 | } | |
1939 | my $siteuser_id = $cgi->param('siteuser_id'); | |
1940 | my $user; | |
1941 | if ($siteuser_id && $siteuser_id =~ /^\d+$/) { | |
b7cadc84 | 1942 | $user = BSE::TB::SiteUsers->getByPkey($siteuser_id); |
32696f84 TC |
1943 | if ($user) { |
1944 | push @filters, [ '=', siteuser_id => $siteuser_id ]; | |
1945 | $page_args{siteuser_id} = $siteuser_id; | |
1946 | } | |
1947 | } | |
1948 | my $owner_id = $cgi->param("owner_id"); | |
1949 | my $owner_type = $cgi->param("owner_type") || "U"; | |
1950 | my $owner; | |
1951 | my $owner_desc = ''; | |
1952 | my %user_cache; | |
1953 | if (defined $owner_id) { | |
1954 | push @filters, | |
1955 | ( | |
1956 | [ '=', owner_id => $owner_id ], | |
1957 | [ '=', owner_type => $owner_type ], | |
1958 | ); | |
1959 | $owner = _find_file_owner($owner_type, $owner_id, $req->cfg, \%user_cache); | |
1960 | if ($owner) { | |
1961 | $owner_desc = $owner->{desc}; | |
1962 | } | |
1963 | if ($owner) { | |
1964 | $page_args{owner_type} = $owner_type; | |
1965 | $page_args{owner_id} = $owner_id; | |
1966 | } | |
1967 | } | |
1968 | ||
1969 | require BSE::TB::OwnedFiles; | |
1970 | my %categories = map { $_->{id} => escape_html($_->{name}) } | |
1971 | BSE::TB::OwnedFiles->categories($req->cfg); | |
1972 | ||
1973 | my $category_id = $cgi->param("category"); | |
1974 | my $category; | |
1975 | if (defined $category_id && $categories{$category_id}) { | |
1976 | $category = $categories{$category_id}; | |
1977 | push @filters, | |
1978 | [ "=", category => $category_id ]; | |
1979 | $page_args{category} = $category_id; | |
1980 | } | |
1981 | use POSIX qw(strftime); | |
1982 | my %errors; | |
1983 | my $from = $cgi->param("from") || strftime("%d/%m/%Y", localtime(time()-30*86400)); | |
1984 | my $to = $cgi->param("to") || strftime("%d/%m/%Y", localtime); | |
1985 | my $from_sql = dh_parse_date_sql($from) | |
1986 | or $errors{from_sql} = "Invalid from date"; | |
1987 | my $to_sql = dh_parse_date_sql($to) | |
1988 | or $errors{to_sql} = "Invalid to date"; | |
1989 | ||
1990 | require BSE::TB::FileAccessLog; | |
1991 | my @entries; | |
1992 | unless (keys %errors) { | |
3334157f | 1993 | push @filters, [ between => when_at => $from_sql, "$to_sql 23:59:59" ]; |
32696f84 TC |
1994 | $cgi->param(from => $from); |
1995 | $cgi->param(to => $to); | |
1996 | $page_args{from} = $from; | |
1997 | $page_args{to} = $to; | |
1998 | @entries = map $_->{id}, BSE::TB::FileAccessLog->query | |
1999 | ( | |
2000 | [ qw/id/ ], | |
2001 | \@filters, | |
2002 | { | |
2003 | order => 'when_at desc' | |
2004 | }, | |
2005 | ); | |
2006 | } | |
2007 | ||
2008 | my $it = BSE::Util::Iterate->new; | |
2009 | my $current_access; | |
2010 | my %acts = | |
2011 | ( | |
2012 | $req->admin_tags, | |
2013 | $it->make_paged | |
2014 | ( | |
2015 | data => \@entries, | |
2016 | fetch => [ getByPkey => 'BSE::TB::FileAccessLog' ], | |
2017 | cgi => $req->cgi, | |
2018 | single => "fileaccess", | |
2019 | plural => "fileaccesses", | |
2020 | store => \$current_access, | |
2021 | name => "fileaccesses", | |
2022 | session => $req->session, | |
2023 | perpage_parm => "pp=100", | |
2024 | ), | |
2025 | ifOwner => defined $owner, | |
2026 | owner => [ \&tag_hash, $owner ], | |
2027 | owner_type => (defined $owner_type ? $owner_type : ''), | |
2028 | owner_desc => escape_html($owner_desc), | |
2029 | ifSiteuser => defined $user, | |
2030 | siteuser => [ \&tag_hash, $user ], | |
2031 | ifFile => defined $file, | |
2032 | file => [ \&tag_hash, $file ], | |
2033 | page_args => [ tag_page_args => $self, \%page_args ], | |
2034 | page_argsh => [ tag_page_argsh => $self, \%page_args ], | |
2035 | user => [ \&tag_fileaccess_user, \$current_access, \%user_cache ], | |
2036 | ifFileuser => [ \&tag_ifFileuser, \$current_access, \%user_cache ], | |
2037 | fileowner => [ \&tag_fileowner, \$current_access, \%user_cache, $req->cfg ], | |
2038 | filecat => [ \&tag_filecat, \$current_access, \%categories ], | |
2039 | error_img =>[ \&tag_error_img, $req->cfg, \%errors ], | |
2040 | ifCategory => $category, | |
2041 | category => escape_html($category), | |
2042 | ); | |
2043 | ||
2044 | return $req->dyn_response("admin/users/fileaccess", \%acts); | |
2045 | } | |
2046 | ||
9063386f | 2047 | 1; |