2018-04-05 16:23:55 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace Operations;
|
|
|
|
|
|
|
|
require '../vendor/autoload.php';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This class provides functions for retrieving and modifying users.
|
|
|
|
*/
|
|
|
|
class Users
|
|
|
|
{
|
|
|
|
/** @var \Monolog\Logger */
|
|
|
|
private $logger;
|
|
|
|
|
|
|
|
/** @var \PDO */
|
|
|
|
private $db;
|
|
|
|
|
|
|
|
/** @var \Slim\Container */
|
|
|
|
private $c;
|
|
|
|
|
|
|
|
public function __construct(\Slim\Container $c)
|
|
|
|
{
|
|
|
|
$this->logger = $c->logger;
|
|
|
|
$this->db = $c->db;
|
|
|
|
$this->c = $c;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get a list of users according to filter criteria
|
|
|
|
*
|
|
|
|
* @param $pi PageInfo object, which is also updated with total page number
|
|
|
|
* @param $nameQuery Search query, may be null
|
|
|
|
* @param $type Type of the user, comma separated, null for no filter
|
|
|
|
* @param $sorting Sort string in format 'field-asc,field2-desc', null for default
|
|
|
|
*
|
|
|
|
* @return array Array with matching users
|
|
|
|
*/
|
|
|
|
public function getUsers(\Utils\PagingInfo &$pi, ? string $nameQuery, ? string $type, ? string $sorting) : array
|
|
|
|
{
|
|
|
|
$config = $this->c['config']['authentication'];
|
|
|
|
|
|
|
|
$this->db->beginTransaction();
|
|
|
|
|
|
|
|
$nameQuery = $nameQuery !== null ? '%' . $nameQuery . '%' : '%';
|
|
|
|
|
|
|
|
//Count elements
|
|
|
|
if ($pi->pageSize === null) {
|
|
|
|
$pi->totalPages = 1;
|
|
|
|
} else {
|
|
|
|
$query = $this->db->prepare('
|
|
|
|
SELECT COUNT(*) AS total
|
|
|
|
FROM users U
|
|
|
|
WHERE (U.name LIKE :nameQuery) AND
|
|
|
|
(U.type IN ' . \Services\Database::makeSetString($this->db, $type) . ' OR :noTypeFilter)
|
|
|
|
');
|
|
|
|
|
|
|
|
$query->bindValue(':nameQuery', $nameQuery, \PDO::PARAM_STR);
|
|
|
|
$query->bindValue(':noTypeFilter', intval($type === null), \PDO::PARAM_INT);
|
|
|
|
|
|
|
|
$query->execute();
|
|
|
|
$record = $query->fetch();
|
|
|
|
|
|
|
|
$pi->totalPages = ceil($record['total'] / $pi->pageSize);
|
|
|
|
}
|
|
|
|
|
|
|
|
//Query and return result
|
|
|
|
$ordStr = \Services\Database::makeSortingString($sorting, [
|
|
|
|
'id' => 'U.id',
|
|
|
|
'name' => 'U.name',
|
|
|
|
'type' => 'U.type'
|
|
|
|
]);
|
|
|
|
$pageStr = \Services\Database::makePagingString($pi);
|
|
|
|
|
|
|
|
$query = $this->db->prepare('
|
|
|
|
SELECT id, name, type, backend
|
|
|
|
FROM users U
|
|
|
|
WHERE (U.name LIKE :nameQuery) AND
|
|
|
|
(U.type IN ' . \Services\Database::makeSetString($this->db, $type) . ' OR :noTypeFilter)'
|
|
|
|
. $ordStr . $pageStr);
|
|
|
|
|
|
|
|
$query->bindValue(':nameQuery', $nameQuery, \PDO::PARAM_STR);
|
|
|
|
$query->bindValue(':noTypeFilter', intval($type === null), \PDO::PARAM_INT);
|
|
|
|
|
|
|
|
$query->execute();
|
|
|
|
|
|
|
|
$data = $query->fetchAll();
|
|
|
|
|
|
|
|
$this->db->commit();
|
|
|
|
|
|
|
|
$dataTransformed = array_map(
|
|
|
|
function ($item) use ($config) {
|
|
|
|
if (!array_key_exists($item['backend'], $config)) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
if (!array_key_exists('prefix', $config[$item['backend']])) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
$prefix = $config[$item['backend']]['prefix'];
|
|
|
|
|
|
|
|
if ($prefix === 'default') {
|
|
|
|
$name = $item['name'];
|
|
|
|
} else {
|
|
|
|
$name = $prefix . '/' . $item['name'];
|
|
|
|
}
|
|
|
|
|
|
|
|
return [
|
|
|
|
'id' => intval($item['id']),
|
|
|
|
'name' => $name,
|
|
|
|
'type' => $item['type'],
|
|
|
|
'native' => $item['backend'] === 'native'
|
|
|
|
];
|
|
|
|
},
|
|
|
|
$data
|
|
|
|
);
|
|
|
|
|
|
|
|
return array_filter($dataTransformed, function ($v) {
|
|
|
|
return $v !== null;
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2018-04-06 09:48:17 +02:00
|
|
|
* Add new user
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
|
|
|
* @param $name Name of the new zone
|
|
|
|
* @param $type Type of the new zone
|
2018-04-06 09:48:17 +02:00
|
|
|
* @param $password Password for the new user
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @return array New user entry
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @throws AlreadyExistenException it the user exists already
|
2018-04-05 16:23:55 +02:00
|
|
|
*/
|
2018-04-06 09:48:17 +02:00
|
|
|
public function addUser(string $name, string $type, string $password) : array
|
2018-04-05 16:23:55 +02:00
|
|
|
{
|
2018-04-06 09:48:17 +02:00
|
|
|
if (!in_array($type, ['admin', 'user'])) {
|
2018-04-05 16:23:55 +02:00
|
|
|
throw new \Exceptions\SemanticException();
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->db->beginTransaction();
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$query = $this->db->prepare('SELECT id FROM users WHERE name=:name AND backend=\'native\'');
|
|
|
|
$query->bindValue(':name', $name, \PDO::PARAM_STR);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
|
|
|
|
|
|
|
$record = $query->fetch();
|
|
|
|
|
|
|
|
if ($record !== false) { // Domain already exists
|
|
|
|
$this->db->rollBack();
|
|
|
|
throw new \Exceptions\AlreadyExistentException();
|
|
|
|
}
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
2018-04-05 16:23:55 +02:00
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$query = $this->db->prepare('INSERT INTO users (name, backend, type, password) VALUES(:name, \'native\', :type, :password)');
|
|
|
|
$query->bindValue(':name', $name, \PDO::PARAM_STR);
|
|
|
|
$query->bindValue(':type', $type, \PDO::PARAM_STR);
|
|
|
|
$query->bindValue(':password', $passwordHash, \PDO::PARAM_STR);
|
|
|
|
$query->execute();
|
2018-04-05 16:23:55 +02:00
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$query = $this->db->prepare('SELECT id,name,type FROM users WHERE name=:name AND backend=\'native\'');
|
|
|
|
$query->bindValue(':name', $name, \PDO::PARAM_STR);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
|
|
|
|
|
|
|
$record = $query->fetch();
|
2018-04-06 09:48:17 +02:00
|
|
|
$record['id'] = intval($record['id']);
|
2018-04-05 16:23:55 +02:00
|
|
|
|
|
|
|
$this->db->commit();
|
|
|
|
|
|
|
|
return $record;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2018-04-06 09:48:17 +02:00
|
|
|
* Delete user
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @param $id Id of the user to delete
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @throws NotFoundException if user does not exist
|
2018-04-05 16:23:55 +02:00
|
|
|
*/
|
|
|
|
public function deleteDomain(int $id) : void
|
|
|
|
{
|
|
|
|
$this->db->beginTransaction();
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$query = $this->db->prepare('SELECT id FROM users WHERE id=:id');
|
|
|
|
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
if ($query->fetch() === false) { //User does not exist
|
2018-04-05 16:23:55 +02:00
|
|
|
$this->db->rollBack();
|
|
|
|
throw new \Exceptions\NotFoundException();
|
|
|
|
}
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$query = $this->db->prepare('DELETE FROM permissions WHERE user_id=:id');
|
|
|
|
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$query = $this->db->prepare('DELETE FROM users WHERE id=:id');
|
|
|
|
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
|
|
|
|
|
|
|
$this->db->commit();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2018-04-06 09:48:17 +02:00
|
|
|
* Get user
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @param $id Id of the user to get
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @return array User data
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @throws NotFoundException if user does not exist
|
2018-04-05 16:23:55 +02:00
|
|
|
*/
|
2018-04-06 09:48:17 +02:00
|
|
|
public function getUser(int $id) : array
|
2018-04-05 16:23:55 +02:00
|
|
|
{
|
2018-04-06 09:48:17 +02:00
|
|
|
$config = $this->c['config']['authentication'];
|
|
|
|
|
|
|
|
$query = $this->db->prepare('SELECT id,name,type,backend FROM users WHERE id=:id');
|
|
|
|
$query->bindValue(':id', $id, \PDO::PARAM_INT);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
|
|
|
|
|
|
|
$record = $query->fetch();
|
|
|
|
|
|
|
|
if ($record === false) {
|
|
|
|
throw new \Exceptions\NotFoundException();
|
|
|
|
}
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
if (!array_key_exists($record['backend'], $config)) {
|
|
|
|
throw new \Exceptions\NotFoundException();
|
|
|
|
}
|
|
|
|
if (!array_key_exists('prefix', $config[$record['backend']])) {
|
|
|
|
throw new \Exceptions\NotFoundException();
|
2018-04-05 16:23:55 +02:00
|
|
|
}
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$prefix = $config[$record['backend']]['prefix'];
|
|
|
|
|
|
|
|
if ($prefix === 'default') {
|
|
|
|
$name = $record['name'];
|
|
|
|
} else {
|
|
|
|
$name = $prefix . '/' . $record['name'];
|
|
|
|
}
|
|
|
|
|
|
|
|
return [
|
|
|
|
'id' => intval($record['id']),
|
|
|
|
'name' => $name,
|
|
|
|
'type' => $record['type'],
|
|
|
|
'native' => $record['backend'] === 'native'
|
|
|
|
];
|
2018-04-05 16:23:55 +02:00
|
|
|
}
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
/** Update user
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* If params are null do not change. If user is not native, name and password are ignored.
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @param $userId User to update
|
|
|
|
* @param $name New name
|
|
|
|
* @param $type New type
|
|
|
|
* @param $password New password
|
2018-04-05 16:23:55 +02:00
|
|
|
*
|
2018-04-06 09:48:17 +02:00
|
|
|
* @return void
|
|
|
|
*
|
|
|
|
* @throws NotFoundException The given record does not exist
|
|
|
|
* @throws AlreadyExistentException The given record name does already exist
|
2018-04-05 16:23:55 +02:00
|
|
|
*/
|
2018-04-06 09:48:17 +02:00
|
|
|
public function updateUser(int $userId, ? string $name, ? string $type, ? string $password)
|
2018-04-05 16:23:55 +02:00
|
|
|
{
|
2018-04-06 09:48:17 +02:00
|
|
|
$this->db->beginTransaction();
|
|
|
|
|
|
|
|
$query = $this->db->prepare('SELECT id,name,type,backend,password FROM users WHERE id=:userId');
|
|
|
|
$query->bindValue(':userId', $userId);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
2018-04-06 09:48:17 +02:00
|
|
|
|
2018-04-05 16:23:55 +02:00
|
|
|
$record = $query->fetch();
|
|
|
|
|
|
|
|
if ($record === false) {
|
2018-04-06 09:48:17 +02:00
|
|
|
$this->db->rollBack();
|
2018-04-05 16:23:55 +02:00
|
|
|
throw new \Exceptions\NotFoundException();
|
|
|
|
}
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
if ($record['backend'] !== 'native') {
|
|
|
|
$name = null;
|
|
|
|
$password = null;
|
|
|
|
}
|
2018-04-05 16:23:55 +02:00
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
if ($record['backend'] === 'native' && $name !== null) {
|
2019-12-25 18:17:44 +01:00
|
|
|
//Check if user with new name already exists
|
2018-04-06 09:48:17 +02:00
|
|
|
$query = $this->db->prepare('SELECT id FROM users WHERE name=:name AND backend=\'native\'');
|
|
|
|
$query->bindValue(':name', $name);
|
|
|
|
$query->execute();
|
2019-12-25 18:17:44 +01:00
|
|
|
$recordTest = $query->fetch();
|
|
|
|
if ($recordTest !== false && intval($recordTest['id']) !== $userId) {
|
2018-04-06 09:48:17 +02:00
|
|
|
throw new \Exceptions\AlreadyExistentException();
|
|
|
|
}
|
2018-04-05 16:23:55 +02:00
|
|
|
}
|
|
|
|
|
2018-04-06 09:48:17 +02:00
|
|
|
$name = $name === null ? $record['name'] : $name;
|
|
|
|
$type = $type === null ? $record['type'] : $type;
|
|
|
|
$password = $password === null ? $record['password'] : password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
|
|
|
|
$query = $this->db->prepare('UPDATE users SET name=:name,type=:type,password=:password WHERE id=:userId');
|
|
|
|
$query->bindValue(':userId', $userId);
|
|
|
|
$query->bindValue(':name', $name);
|
|
|
|
$query->bindValue(':type', $type);
|
|
|
|
$query->bindValue(':password', $password);
|
2018-04-05 16:23:55 +02:00
|
|
|
$query->execute();
|
2018-04-06 09:48:17 +02:00
|
|
|
|
|
|
|
$this->db->commit();
|
2018-04-05 16:23:55 +02:00
|
|
|
}
|
|
|
|
}
|