Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins
diff options
context:
space:
mode:
authorThomas Steur <thomas.steur@gmail.com>2014-01-23 00:21:15 +0400
committerThomas Steur <thomas.steur@gmail.com>2014-01-23 00:21:15 +0400
commite4b425b9757abc94749dae6d37884a18a3be3919 (patch)
treef0bb3f1aa0036db42ba1370bff847125dcf74268 /plugins
parent9033092d7f51bf60ed0c2d04638da7f66cca3b1c (diff)
refs #4564 #2589 added possibility to define multiple superusers
Diffstat (limited to 'plugins')
-rw-r--r--plugins/Login/Auth.php27
-rw-r--r--plugins/UsersManager/API.php20
-rw-r--r--plugins/UsersManager/Controller.php12
-rw-r--r--plugins/UsersManager/javascripts/usersManager.js50
-rw-r--r--plugins/UsersManager/templates/index.twig39
5 files changed, 134 insertions, 14 deletions
diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php
index fa5f2af076..0a2ce9e009 100644
--- a/plugins/Login/Auth.php
+++ b/plugins/Login/Auth.php
@@ -56,14 +56,16 @@ class Auth implements \Piwik\Auth
return new AuthResult(AuthResult::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth);
}
- $login = Db::fetchOne(
- 'SELECT login
+ $user = Db::fetchRow(
+ 'SELECT login,superuser_access
FROM ' . Common::prefixTable('user') . '
WHERE token_auth = ?',
array($this->token_auth)
);
- if (!empty($login)) {
- return new AuthResult(AuthResult::SUCCESS, $login, $this->token_auth);
+ if (!empty($user['login'])) {
+ $code = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
+
+ return new AuthResult($code, $user['login'], $this->token_auth);
}
} else if (!empty($this->login)) {
if ($this->login === $rootLogin
@@ -75,18 +77,21 @@ class Auth implements \Piwik\Auth
}
$login = $this->login;
- $userToken = Db::fetchOne(
- 'SELECT token_auth
+ $user = Db::fetchRow(
+ 'SELECT token_auth, superuser_access
FROM ' . Common::prefixTable('user') . '
WHERE login = ?',
array($login)
);
- if (!empty($userToken)
- && (($this->getHashTokenAuth($login, $userToken) === $this->token_auth)
- || $userToken === $this->token_auth)
+
+ if (!empty($user['token_auth'])
+ && (($this->getHashTokenAuth($login, $user['token_auth']) === $this->token_auth)
+ || $user['token_auth'] === $this->token_auth)
) {
- $this->setTokenAuth($userToken);
- return new AuthResult(AuthResult::SUCCESS, $login, $userToken);
+ $this->setTokenAuth($user['token_auth']);
+ $code = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
+
+ return new AuthResult($code, $login, $user['token_auth']);
}
}
diff --git a/plugins/UsersManager/API.php b/plugins/UsersManager/API.php
index c7c11f1ddb..d77c9741d6 100644
--- a/plugins/UsersManager/API.php
+++ b/plugins/UsersManager/API.php
@@ -406,6 +406,22 @@ class API extends \Piwik\Plugin\API
Piwik::postEvent('UsersManager.addUser.end', array($userLogin));
}
+ public function setSuperUserAccess($userLogin, $hasSuperUserAccess)
+ {
+ Piwik::checkUserIsSuperUser();
+ $this->checkUserIsNotAnonymous($userLogin);
+
+ $this->deleteUserAccess($userLogin);
+
+ $db = Db::get();
+ $db->update(Common::prefixTable("user"),
+ array(
+ 'superuser_access' => $hasSuperUserAccess
+ ),
+ "login = '$userLogin'"
+ );
+ }
+
/**
* Updates a user in the database.
* Only login and password are required (case when we update the password).
@@ -419,7 +435,7 @@ class API extends \Piwik\Plugin\API
{
Piwik::checkUserIsSuperUserOrTheUser($userLogin);
$this->checkUserIsNotAnonymous($userLogin);
- $this->checkUserIsNotSuperUser($userLogin);
+ // $this->checkUserIsNotSuperUser($userLogin);
$userInfo = $this->getUser($userLogin);
if (empty($password)) {
@@ -454,7 +470,7 @@ class API extends \Piwik\Plugin\API
'password' => $password,
'alias' => $alias,
'email' => $email,
- 'token_auth' => $token_auth,
+ 'token_auth' => $token_auth
),
"login = '$userLogin'"
);
diff --git a/plugins/UsersManager/Controller.php b/plugins/UsersManager/Controller.php
index 9a0db083b9..ebd6ab8c21 100644
--- a/plugins/UsersManager/Controller.php
+++ b/plugins/UsersManager/Controller.php
@@ -86,10 +86,22 @@ class Controller extends \Piwik\Plugin\ControllerAdmin
$usersAliasByLogin[$user['login']] = $user['alias'];
}
}
+
+ $superUsers = array();
+ if (Piwik::isUserHasSomeAdminAccess()) {
+ $users = APIUsersManager::getInstance()->getUsers();
+ foreach ($users as $user) {
+ if ($user['superuser_access']) {
+ $superUsers[] = $user['login'];
+ }
+ }
+ }
+
$view->anonymousHasViewAccess = $this->hasAnonymousUserViewAccess($usersAccessByWebsite);
$view->idSiteSelected = $idSiteSelected;
$view->defaultReportSiteName = $defaultReportSiteName;
$view->users = $users;
+ $view->superUserLogins = $superUsers;
$view->usersAliasByLogin = $usersAliasByLogin;
$view->usersCount = count($users) - 1;
$view->usersAccessByWebsite = $usersAccessByWebsite;
diff --git a/plugins/UsersManager/javascripts/usersManager.js b/plugins/UsersManager/javascripts/usersManager.js
index c9606ffea0..6b1ad85a36 100644
--- a/plugins/UsersManager/javascripts/usersManager.js
+++ b/plugins/UsersManager/javascripts/usersManager.js
@@ -98,6 +98,38 @@ function launchAjaxRequest(self, successCallback) {
);
}
+function updateSuperUserAccess(login, isSuperUser, successCallback)
+{
+ var parameters = {};
+ parameters.userLogin = login;
+ parameters.hasSuperUserAccess = isSuperUser;
+
+ var ajaxHandler = new ajaxHelper();
+ ajaxHandler.addParams({
+ module: 'API',
+ format: 'json',
+ method: 'UsersManager.setSuperUserAccess'
+ }, 'GET');
+ ajaxHandler.addParams(parameters, 'POST');
+ ajaxHandler.setCallback(function () {
+ successCallback();
+
+ var UI = require('piwik/UI');
+ var notification = new UI.Notification();
+ notification.show(_pk_translate('General_Done'), {
+ placeat: '#superUserAccessUpdated',
+ context: 'success',
+ noclear: true,
+ type: 'toast',
+ style: {display: 'inline-block', marginTop: '10px'},
+ id: 'usersManagerSuperUserAccessUpdated'
+ });
+ });
+ ajaxHandler.setLoadingElement('#ajaxErrorSuperUsersManagement');
+ ajaxHandler.setErrorElement('#ajaxErrorSuperUsersManagement');
+ ajaxHandler.send(true);
+}
+
function bindUpdateAccess() {
var self = this;
// callback called when the ajax request Update the user permissions is successful
@@ -233,9 +265,25 @@ $(document).ready(function () {
});
});
- $('.updateAccess')
+ $('#access .updateAccess')
.click(bindUpdateAccess);
+ $('#superUserAccess .accessGranted').click(function () {
+ var login = $(this).parents('td').attr('login');
+ updateSuperUserAccess(login, 0, function () {
+ $('#superUserAccess .accessGranted').hide();
+ $('#superUserAccess .updateAccess').show();
+ });
+ });
+
+ $('#superUserAccess .updateAccess').click(function () {
+ var login = $(this).parents('td').attr('login');
+ updateSuperUserAccess(login, 1, function () {
+ $('#superUserAccess .updateAccess').hide();
+ $('#superUserAccess .accessGranted').show();
+ });
+ });
+
// when a site is selected, reload the page w/o showing the ajax loading element
$('#usersManagerSiteSelect').bind('piwik:siteSelected', function (e, site) {
if (site.id != piwik.idSite) {
diff --git a/plugins/UsersManager/templates/index.twig b/plugins/UsersManager/templates/index.twig
index 6f1c6477f5..7be1fd343b 100644
--- a/plugins/UsersManager/templates/index.twig
+++ b/plugins/UsersManager/templates/index.twig
@@ -51,6 +51,10 @@
<tr>
<td id='login'>{{ login }}</td>
<td>{{ usersAliasByLogin[login]|raw }}</td>
+
+ {% if access == 'superuser' %}
+ <td colspan="3"><span title="{{ 'Remove_SuperUser_Permission_To_ChangePermission'|translate }}">{{ 'Installation_SuperUser'|translate }}</span></td>
+ {% else %}
<td id='noaccess'>{% if access=='noaccess' and idSiteSelected != 'all' %}{{ accesValid }}{% else %}{{ accesInvalid }}{% endif %}&nbsp;</td>
<td id='view'>{% if access == 'view' and idSiteSelected != 'all' %}{{ accesValid }}{% else %}{{ accesInvalid }}{% endif %}&nbsp;</td>
<td id='admin'>
@@ -60,6 +64,7 @@
{% if access == 'admin' and idSiteSelected != 'all' %}{{ accesValid }}{% else %}{{ accesInvalid }}{% endif %}&nbsp;
{% endif %}
</td>
+ {% endif %}
</tr>
{% endfor %}
</tbody>
@@ -133,5 +138,39 @@
</table>
<div class="addrow"><img src='plugins/UsersManager/images/add.png'/> {{ 'UsersManager_AddUser'|translate }}</div>
</div>
+
+
+ <h2>{{ 'Super_User_Management'|translate }}</h2>
+ <p>{{ 'Super_User_Management_MainDescription'|translate }}</p>
+
+ {{ ajax.errorDiv('ajaxErrorSuperUsersManagement') }}
+ {{ ajax.loadingDiv('ajaxLoadingSuperUsersManagement') }}
+
+ <table class="entityTable dataTable" id="superUserAccess" style="display:inline-table;width:400px;">
+ <thead>
+ <tr>
+ <th class='first'>{{ 'UsersManager_User'|translate }}</th>
+ <th>{{ 'UsersManager_Alias'|translate }}</th>
+ <th>{{ 'Installation_SuperUser'|translate }}</th>
+ </tr>
+ </thead>
+
+ <tbody>
+ {% for login,alias in usersAliasByLogin if login != 'anonymous' %}
+ <tr>
+ <td id='login'>{{ login }}</td>
+ <td>{{ alias|raw }}</td>
+ <td id='superuser' login="{{ login|e('html_attr') }}">
+ <img src='plugins/UsersManager/images/ok.png' class='accessGranted' {% if not (login in superUserLogins) %}style="display:none"{% endif %} />
+ <img src='plugins/UsersManager/images/no-access.png' class='updateAccess' {% if login in superUserLogins %}style="display:none"{% endif %} />
+ &nbsp;
+ </td>
+ </tr>
+ {% endfor %}
+ </tbody>
+ </table>
+
+ <div id="superUserAccessUpdated" style="vertical-align:top;"></div>
+
{% endif %}
{% endblock %}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 14:19:02 +0300