diff options
author | Thomas Steur <thomas.steur@gmail.com> | 2014-01-23 00:21:15 +0400 |
---|---|---|
committer | Thomas Steur <thomas.steur@gmail.com> | 2014-01-23 00:21:15 +0400 |
commit | e4b425b9757abc94749dae6d37884a18a3be3919 (patch) | |
tree | f0bb3f1aa0036db42ba1370bff847125dcf74268 | |
parent | 9033092d7f51bf60ed0c2d04638da7f66cca3b1c (diff) |
refs #4564 #2589 added possibility to define multiple superusers
-rw-r--r-- | plugins/Login/Auth.php | 27 | ||||
-rw-r--r-- | plugins/UsersManager/API.php | 20 | ||||
-rw-r--r-- | plugins/UsersManager/Controller.php | 12 | ||||
-rw-r--r-- | plugins/UsersManager/javascripts/usersManager.js | 50 | ||||
-rw-r--r-- | plugins/UsersManager/templates/index.twig | 39 |
5 files changed, 134 insertions, 14 deletions
diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php index fa5f2af076..0a2ce9e009 100644 --- a/plugins/Login/Auth.php +++ b/plugins/Login/Auth.php @@ -56,14 +56,16 @@ class Auth implements \Piwik\Auth return new AuthResult(AuthResult::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth); } - $login = Db::fetchOne( - 'SELECT login + $user = Db::fetchRow( + 'SELECT login,superuser_access FROM ' . Common::prefixTable('user') . ' WHERE token_auth = ?', array($this->token_auth) ); - if (!empty($login)) { - return new AuthResult(AuthResult::SUCCESS, $login, $this->token_auth); + if (!empty($user['login'])) { + $code = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; + + return new AuthResult($code, $user['login'], $this->token_auth); } } else if (!empty($this->login)) { if ($this->login === $rootLogin @@ -75,18 +77,21 @@ class Auth implements \Piwik\Auth } $login = $this->login; - $userToken = Db::fetchOne( - 'SELECT token_auth + $user = Db::fetchRow( + 'SELECT token_auth, superuser_access FROM ' . Common::prefixTable('user') . ' WHERE login = ?', array($login) ); - if (!empty($userToken) - && (($this->getHashTokenAuth($login, $userToken) === $this->token_auth) - || $userToken === $this->token_auth) + + if (!empty($user['token_auth']) + && (($this->getHashTokenAuth($login, $user['token_auth']) === $this->token_auth) + || $user['token_auth'] === $this->token_auth) ) { - $this->setTokenAuth($userToken); - return new AuthResult(AuthResult::SUCCESS, $login, $userToken); + $this->setTokenAuth($user['token_auth']); + $code = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; + + return new AuthResult($code, $login, $user['token_auth']); } } diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php index c7c11f1ddb..d77c9741d6 100644 --- a/plugins/UsersManager/API.php +++ b/plugins/UsersManager/API.php @@ -406,6 +406,22 @@ class API extends \Piwik\Plugin\API Piwik::postEvent('UsersManager.addUser.end', array($userLogin)); } + public function setSuperUserAccess($userLogin, $hasSuperUserAccess) + { + Piwik::checkUserIsSuperUser(); + $this->checkUserIsNotAnonymous($userLogin); + + $this->deleteUserAccess($userLogin); + + $db = Db::get(); + $db->update(Common::prefixTable("user"), + array( + 'superuser_access' => $hasSuperUserAccess + ), + "login = '$userLogin'" + ); + } + /** * Updates a user in the database. * Only login and password are required (case when we update the password). @@ -419,7 +435,7 @@ class API extends \Piwik\Plugin\API { Piwik::checkUserIsSuperUserOrTheUser($userLogin); $this->checkUserIsNotAnonymous($userLogin); - $this->checkUserIsNotSuperUser($userLogin); + // $this->checkUserIsNotSuperUser($userLogin); $userInfo = $this->getUser($userLogin); if (empty($password)) { @@ -454,7 +470,7 @@ class API extends \Piwik\Plugin\API 'password' => $password, 'alias' => $alias, 'email' => $email, - 'token_auth' => $token_auth, + 'token_auth' => $token_auth ), "login = '$userLogin'" ); diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php index 9a0db083b9..ebd6ab8c21 100644 --- a/plugins/UsersManager/Controller.php +++ b/plugins/UsersManager/Controller.php @@ -86,10 +86,22 @@ class Controller extends \Piwik\Plugin\ControllerAdmin $usersAliasByLogin[$user['login']] = $user['alias']; } } + + $superUsers = array(); + if (Piwik::isUserHasSomeAdminAccess()) { + $users = APIUsersManager::getInstance()->getUsers(); + foreach ($users as $user) { + if ($user['superuser_access']) { + $superUsers[] = $user['login']; + } + } + } + $view->anonymousHasViewAccess = $this->hasAnonymousUserViewAccess($usersAccessByWebsite); $view->idSiteSelected = $idSiteSelected; $view->defaultReportSiteName = $defaultReportSiteName; $view->users = $users; + $view->superUserLogins = $superUsers; $view->usersAliasByLogin = $usersAliasByLogin; $view->usersCount = count($users) - 1; $view->usersAccessByWebsite = $usersAccessByWebsite; diff --git a/plugins/UsersManager/javascripts/usersManager.js b/plugins/UsersManager/javascripts/usersManager.js index c9606ffea0..6b1ad85a36 100644 --- a/plugins/UsersManager/javascripts/usersManager.js +++ b/plugins/UsersManager/javascripts/usersManager.js @@ -98,6 +98,38 @@ function launchAjaxRequest(self, successCallback) { ); } +function updateSuperUserAccess(login, isSuperUser, successCallback) +{ + var parameters = {}; + parameters.userLogin = login; + parameters.hasSuperUserAccess = isSuperUser; + + var ajaxHandler = new ajaxHelper(); + ajaxHandler.addParams({ + module: 'API', + format: 'json', + method: 'UsersManager.setSuperUserAccess' + }, 'GET'); + ajaxHandler.addParams(parameters, 'POST'); + ajaxHandler.setCallback(function () { + successCallback(); + + var UI = require('piwik/UI'); + var notification = new UI.Notification(); + notification.show(_pk_translate('General_Done'), { + placeat: '#superUserAccessUpdated', + context: 'success', + noclear: true, + type: 'toast', + style: {display: 'inline-block', marginTop: '10px'}, + id: 'usersManagerSuperUserAccessUpdated' + }); + }); + ajaxHandler.setLoadingElement('#ajaxErrorSuperUsersManagement'); + ajaxHandler.setErrorElement('#ajaxErrorSuperUsersManagement'); + ajaxHandler.send(true); +} + function bindUpdateAccess() { var self = this; // callback called when the ajax request Update the user permissions is successful @@ -233,9 +265,25 @@ $(document).ready(function () { }); }); - $('.updateAccess') + $('#access .updateAccess') .click(bindUpdateAccess); + $('#superUserAccess .accessGranted').click(function () { + var login = $(this).parents('td').attr('login'); + updateSuperUserAccess(login, 0, function () { + $('#superUserAccess .accessGranted').hide(); + $('#superUserAccess .updateAccess').show(); + }); + }); + + $('#superUserAccess .updateAccess').click(function () { + var login = $(this).parents('td').attr('login'); + updateSuperUserAccess(login, 1, function () { + $('#superUserAccess .updateAccess').hide(); + $('#superUserAccess .accessGranted').show(); + }); + }); + // when a site is selected, reload the page w/o showing the ajax loading element $('#usersManagerSiteSelect').bind('piwik:siteSelected', function (e, site) { if (site.id != piwik.idSite) { diff --git a/plugins/UsersManager/templates/index.twig b/plugins/UsersManager/templates/index.twig index 6f1c6477f5..7be1fd343b 100644 --- a/plugins/UsersManager/templates/index.twig +++ b/plugins/UsersManager/templates/index.twig @@ -51,6 +51,10 @@ <tr> <td id='login'>{{ login }}</td> <td>{{ usersAliasByLogin[login]|raw }}</td> + + {% if access == 'superuser' %} + <td colspan="3"><span title="{{ 'Remove_SuperUser_Permission_To_ChangePermission'|translate }}">{{ 'Installation_SuperUser'|translate }}</span></td> + {% else %} <td id='noaccess'>{% if access=='noaccess' and idSiteSelected != 'all' %}{{ accesValid }}{% else %}{{ accesInvalid }}{% endif %} </td> <td id='view'>{% if access == 'view' and idSiteSelected != 'all' %}{{ accesValid }}{% else %}{{ accesInvalid }}{% endif %} </td> <td id='admin'> @@ -60,6 +64,7 @@ {% if access == 'admin' and idSiteSelected != 'all' %}{{ accesValid }}{% else %}{{ accesInvalid }}{% endif %} {% endif %} </td> + {% endif %} </tr> {% endfor %} </tbody> @@ -133,5 +138,39 @@ </table> <div class="addrow"><img src='plugins/UsersManager/images/add.png'/> {{ 'UsersManager_AddUser'|translate }}</div> </div> + + + <h2>{{ 'Super_User_Management'|translate }}</h2> + <p>{{ 'Super_User_Management_MainDescription'|translate }}</p> + + {{ ajax.errorDiv('ajaxErrorSuperUsersManagement') }} + {{ ajax.loadingDiv('ajaxLoadingSuperUsersManagement') }} + + <table class="entityTable dataTable" id="superUserAccess" style="display:inline-table;width:400px;"> + <thead> + <tr> + <th class='first'>{{ 'UsersManager_User'|translate }}</th> + <th>{{ 'UsersManager_Alias'|translate }}</th> + <th>{{ 'Installation_SuperUser'|translate }}</th> + </tr> + </thead> + + <tbody> + {% for login,alias in usersAliasByLogin if login != 'anonymous' %} + <tr> + <td id='login'>{{ login }}</td> + <td>{{ alias|raw }}</td> + <td id='superuser' login="{{ login|e('html_attr') }}"> + <img src='plugins/UsersManager/images/ok.png' class='accessGranted' {% if not (login in superUserLogins) %}style="display:none"{% endif %} /> + <img src='plugins/UsersManager/images/no-access.png' class='updateAccess' {% if login in superUserLogins %}style="display:none"{% endif %} /> + + </td> + </tr> + {% endfor %} + </tbody> + </table> + + <div id="superUserAccessUpdated" style="vertical-align:top;"></div> + {% endif %} {% endblock %} |