1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?php
/**
* Matomo - free/libre analytics platform
*
* @link https://matomo.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\UsersManager\Sql;
use Piwik\Access;
use Piwik\Common;
use Piwik\Piwik;
class UserTableFilter
{
/**
* @var string
*/
private $filterByRole;
/**
* @var int
*/
private $filterByRoleSite;
/**
* @var string
*/
private $filterSearch;
/**
* @var string[]
*/
private $logins;
public function __construct($filterByRole, $filterByRoleSite, $filterSearch, $logins = null)
{
$this->filterByRole = $filterByRole;
$this->filterByRoleSite = $filterByRoleSite;
$this->filterSearch = $filterSearch;
$this->logins = $logins;
if (isset($this->filterByRole) && !isset($this->filterByRoleSite)) {
throw new \InvalidArgumentException("filtering by role is only supported for a single site");
}
// can only filter by superuser if current user is a superuser
if ($this->filterByRole == 'superuser'
&& !Piwik::hasUserSuperUserAccess()
) {
$this->filterByRole = null;
}
}
public function getJoins($userTable)
{
$result = "LEFT JOIN " . Common::prefixTable('access') . " a ON $userTable.login = a.login AND (a.idsite IS NULL OR a.idsite = ?)";
$bind = [$this->filterByRoleSite];
return [$result, $bind];
}
public function getWhere()
{
$conditions = [];
$bind = [];
if ($this->filterByRole) {
list($filterByRoleSql, $filterByRoleBind) = $this->getAccessSelectSqlCondition();
$conditions[] = $filterByRoleSql;
$bind = array_merge($bind, $filterByRoleBind);
}
if ($this->filterSearch) {
$conditions[] = '(u.login LIKE ? OR u.email LIKE ?)';
$bind = array_merge($bind, ['%' . $this->filterSearch . '%', '%' . $this->filterSearch . '%']);
}
if ($this->logins !== null) {
$logins = array_map('json_encode', $this->logins);
$conditions[] = 'u.login IN (' . implode(',', $logins) . ')';
}
$result = implode(' AND ', $conditions);
if (!empty($result)) {
$result = 'WHERE ' . $result;
}
return [$result, $bind];
}
private function getAccessSelectSqlCondition()
{
$sql = '';
$bind = [];
switch ($this->filterByRole) {
case 'noaccess':
$sql = "(a.access IS NULL AND u.superuser_access <> 1)";
break;
case 'some':
$sql = "(a.access IS NOT NULL OR u.superuser_access = 1)";
break;
case 'superuser':
$sql = "u.superuser_access = 1";
break;
default:
$sql = "a.access = ?";
$bind[] = $this->filterByRole;
break;
}
return [$sql, $bind];
}
}
|
