diff options
| author |  Alexis Degrugillier <aledeg@users.noreply.github.com>
| 2020-01-06 20:28:04 +0100 |
|---|---|---|
| committer |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2020-01-06 20:28:04 +0100 |
| commit | 3c099c78537020eae3b6fe060fbe86088e996c83 (patch) | |
| tree | 647ee7313f609577f98b8477e814f2e7743c06f7 /app/Controllers/userController.php | |
| parent | d455783a63e77c3abce76b85f68c51338c1b81d1 (diff) | |
Add an admin flag on users (#2709)
Now FRSS supports more than one admin. Admins have the same rights as
the default user. Admins can promote or demote other users. The default
user is considered as an admin even if it does not have the admin flag
enabled.
See #2096
Diffstat (limited to 'app/Controllers/userController.php')
| -rw-r--r-- | app/Controllers/userController.php | 68 |
1 files changed, 60 insertions, 8 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 7d3c010c4..b5725e6b5 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -175,12 +175,22 @@ class FreshRSS_user_Controller extends Minz_ActionController { if (Minz_Request::isPost()) { $action = Minz_Request::param('action'); - if ('delete' === $action) { - $this->deleteAction(); - } elseif ('update' === $action) { - $this->updateAction(); - } elseif ('purge' === $action) { - $this->purgeAction(); + switch ($action) { + case 'delete': + $this->deleteAction(); + break; + case 'update': + $this->updateAction(); + break; + case 'purge': + $this->purgeAction(); + break; + case 'promote': + $this->promoteAction(); + break; + case 'demote': + $this->demoteAction(); + break; } } @@ -273,7 +283,6 @@ class FreshRSS_user_Controller extends Minz_ActionController { $new_user_name = Minz_Request::param('new_user_name'); $email = Minz_Request::param('new_user_email', ''); $passwordPlain = Minz_Request::param('new_user_passwordPlain', '', true); - $new_user_language = Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language); $tos_enabled = file_exists(join_path(DATA_PATH, 'tos.html')); $accept_tos = Minz_Request::param('accept_tos', false); @@ -299,7 +308,10 @@ class FreshRSS_user_Controller extends Minz_ActionController { ); } - $ok = self::createUser($new_user_name, $email, $passwordPlain, array('language' => $new_user_language)); + $ok = self::createUser($new_user_name, $email, $passwordPlain, array( + 'language' => Minz_Request::param('new_user_language', FreshRSS_Context::$user_conf->language), + 'is_admin' => Minz_Request::paramBoolean('new_user_is_admin'), + )); Minz_Request::_param('new_user_passwordPlain'); //Discard plain-text password ASAP $_POST['new_user_passwordPlain'] = ''; invalidateHttpCache(); @@ -516,6 +528,44 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Request::forward($redirect_url, true); } + public function promoteAction() { + $this->switchAdminAction(true); + } + + public function demoteAction() { + $this->switchAdminAction(false); + } + + private function switchAdminAction($isAdmin) { + if (!FreshRSS_Auth::hasAccess('admin')) { + Minz_Error::error(403); + } + + if (!Minz_Request::isPost()) { + Minz_Error::error(403); + } + + $username = Minz_Request::param('username'); + if (!FreshRSS_UserDAO::exists($username)) { + Minz_Error::error(404); + } + + if (null === $userConfig = get_user_configuration($username)) { + Minz_Error::error(500); + } + + $userConfig->_param('is_admin', $isAdmin); + + $ok = $userConfig->save(); + + if ($ok) { + Minz_Request::good(_t('feedback.user.updated', $username), array('c' => 'user', 'a' => 'manage')); + } else { + Minz_Request::bad(_t('feedback.user.updated.error', $username), + array('c' => 'user', 'a' => 'manage')); + } + } + public function detailsAction() { if (!FreshRSS_Auth::hasAccess('admin')) { Minz_Error::error(403); @@ -526,6 +576,7 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Error::error(404); } + $this->view->isDefaultUser = $username === FreshRSS_Context::$system_conf->default_user; $this->view->username = $username; $this->view->details = $this->retrieveUserDetails($username); } @@ -543,6 +594,7 @@ class FreshRSS_user_Controller extends Minz_ActionController { 'database_size' => $databaseDAO->size(), 'language' => $userConfiguration->language, 'mail_login' => $userConfiguration->mail_login, + 'is_admin' => $userConfiguration->is_admin, ); } } |