admin.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387
  1. <?php
  2. namespace Controller;
  3. class Admin extends \Controller {
  4. protected $_userId;
  5. public function __construct() {
  6. $this->_userId = $this->_requireAdmin();
  7. \Base::instance()->set("menuitem", "admin");
  8. }
  9. public function index($f3) {
  10. $f3->set("title", "Administration");
  11. $f3->set("menuitem", "admin");
  12. if($f3->get("POST.action") == "clearcache") {
  13. \Cache::instance()->reset();
  14. $f3->set("success", "Cache cleared successfully.");
  15. }
  16. $db = $f3->get("db.instance");
  17. // Gather some stats
  18. $result = $db->exec("SELECT COUNT(id) AS `count` FROM user WHERE deleted_date IS NULL AND role != 'group'");
  19. $f3->set("count_user", $result[0]["count"]);
  20. $result = $db->exec("SELECT COUNT(id) AS `count` FROM issue WHERE deleted_date IS NULL");
  21. $f3->set("count_issue", $result[0]["count"]);
  22. $result = $db->exec("SELECT COUNT(id) AS `count` FROM issue_update");
  23. $f3->set("count_issue_update", $result[0]["count"]);
  24. $result = $db->exec("SELECT COUNT(id) AS `count` FROM issue_comment");
  25. $f3->set("count_issue_comment", $result[0]["count"]);
  26. $result = $db->exec("SELECT value as version FROM config WHERE attribute = 'version'");
  27. $f3->set("version", $result[0]["version"]);
  28. if($f3->get("CACHE") == "apc") {
  29. $f3->set("apc_stats", apc_cache_info("user", true));
  30. }
  31. $this->_render("admin/index.html");
  32. }
  33. public function plugins($f3) {
  34. $f3->set("title", "Plugins");
  35. $this->_render("admin/plugins.html");
  36. }
  37. public function plugin_single($f3, $params) {
  38. $plugins = $f3->get("plugins");
  39. if($plugin = $plugins[$params["id"]]) {
  40. $f3->set("title", $plugin->_package());
  41. $f3->set("plugin", $plugin);
  42. $this->_render("admin/plugins/single.html");
  43. } else {
  44. $f3->error(404);
  45. }
  46. }
  47. public function users($f3) {
  48. $f3->set("title", "Manage Users");
  49. $users = new \Model\User();
  50. $f3->set("users", $users->find("deleted_date IS NULL AND role != 'group'"));
  51. $this->_render("admin/users.html");
  52. }
  53. public function user_edit($f3, $params) {
  54. $f3->set("title", "Edit User");
  55. $user = new \Model\User();
  56. $user->load($params["id"]);
  57. if($user->id) {
  58. $f3->set("title", "Edit User");
  59. $f3->set("this_user", $user);
  60. $this->_render("admin/users/edit.html");
  61. } else {
  62. $f3->error(404, "User does not exist.");
  63. }
  64. }
  65. public function user_new($f3) {
  66. $f3->set("title", "New User");
  67. $f3->set("rand_color", sprintf("#%02X%02X%02X", mt_rand(0, 0xFF), mt_rand(0, 0xFF), mt_rand(0, 0xFF)));
  68. $this->_render("admin/users/edit.html");
  69. }
  70. public function user_save($f3) {
  71. $security = \Helper\Security::instance();
  72. $user = new \Model\User;
  73. // Load current user if set, otherwise validate fields for new user
  74. if($user_id = $f3->get("POST.user_id")) {
  75. $f3->set("title", "Edit User");
  76. $user->load($user_id);
  77. $f3->set("this_user", $user);
  78. } else {
  79. $f3->set("title", "New User");
  80. // Verify a password is being set
  81. if(!$f3->get("POST.password")) {
  82. $f3->set("error", "User already exists with this username");
  83. $this->_render("admin/users/edit.html");
  84. return;
  85. }
  86. // Check for existing users with same info
  87. $user->load(array("username = ?", $f3->get("POST.username")));
  88. if($user->id) {
  89. $f3->set("error", "User already exists with this username");
  90. $this->_render("admin/users/edit.html");
  91. return;
  92. }
  93. $user->load(array("email = ?", $f3->get("POST.email")));
  94. if($user->id) {
  95. $f3->set("error", "User already exists with this email address");
  96. $this->_render("admin/users/edit.html");
  97. return;
  98. }
  99. // Set new user fields
  100. $user->api_key = $security->salt_sha1();
  101. $user->created_date = $this->now();
  102. }
  103. // Validate password if being set
  104. if($f3->get("POST.password")) {
  105. if($f3->get("POST.password") != $f3->get("POST.password_confirm")) {
  106. $f3->set("error", "Passwords do not match");
  107. $this->_render("admin/users/edit.html");
  108. return;
  109. }
  110. if(strlen($f3->get("POST.password")) < 6) {
  111. $f3->set("error", "Passwords must be at least 6 characters");
  112. $this->_render("admin/users/edit.html");
  113. return;
  114. }
  115. // Check if giving user temporary or permanent password
  116. if($f3->get("POST.temporary_password")) {
  117. $user->salt = null;
  118. $user->password = $security->hash($f3->get("POST.password"), "");
  119. } else {
  120. $user->salt = $security->salt();
  121. $user->password = $security->hash($f3->get("POST.password"), $user->salt);
  122. }
  123. }
  124. // Set basic fields
  125. $user->username = $f3->get("POST.username");
  126. $user->email = $f3->get("POST.email");
  127. $user->name = $f3->get("POST.name");
  128. $user->rank = $f3->get("POST.rank");
  129. $user->role = $user->rank < 4 ? 'user' : 'admin';
  130. $user->task_color = ltrim($f3->get("POST.task_color"), "#");
  131. // Save user
  132. $user->save();
  133. $f3->reroute("/admin/users#" . $user->id);
  134. }
  135. public function user_delete($f3, $params) {
  136. $user = new \Model\User();
  137. $user->load($params["id"]);
  138. $user->delete();
  139. if($f3->get("AJAX")) {
  140. $this->_printJson(array("deleted" => 1));
  141. } else {
  142. $f3->reroute("/admin/users");
  143. }
  144. }
  145. public function groups($f3) {
  146. $f3->set("title", "Manage Groups");
  147. $group = new \Model\User();
  148. $groups = $group->find("deleted_date IS NULL AND role = 'group'");
  149. $group_array = array();
  150. $db = $f3->get("db.instance");
  151. foreach($groups as $g) {
  152. $db->exec("SELECT g.id FROM user_group g JOIN user u ON g.user_id = u.id WHERE g.group_id = ? AND u.deleted_date IS NULL", $g["id"]);
  153. $count = $db->count();
  154. $group_array[] = array(
  155. "id" => $g["id"],
  156. "name" => $g["name"],
  157. "task_color" => $g["task_color"],
  158. "count" => $count
  159. );
  160. }
  161. $f3->set("groups", $group_array);
  162. $this->_render("admin/groups.html");
  163. }
  164. public function group_new($f3) {
  165. $f3->set("title", "New Group");
  166. if($f3->get("POST")) {
  167. $group = new \Model\User();
  168. $group->name = $f3->get("POST.name");
  169. $group->username = \Web::instance()->slug($group->name);
  170. $group->role = "group";
  171. $group->task_color = sprintf("%02X%02X%02X", mt_rand(0, 0xFF), mt_rand(0, 0xFF), mt_rand(0, 0xFF));
  172. $group->created_date = $this->now();
  173. $group->save();
  174. $f3->reroute("/admin/groups");
  175. } else {
  176. $f3->error(405);
  177. }
  178. }
  179. public function group_edit($f3, $params) {
  180. $f3->set("title", "Edit Group");
  181. $group = new \Model\User();
  182. $group->load(array("id = ? AND deleted_date IS NULL AND role = 'group'", $params["id"]));
  183. $f3->set("group", $group);
  184. $members = new \Model\Custom("user_group_user");
  185. $f3->set("members", $members->find(array("group_id = ? AND deleted_date IS NULL", $group->id)));
  186. $users = new \Model\User();
  187. $f3->set("users", $users->find("deleted_date IS NULL AND role != 'group'", array("order" => "name ASC")));
  188. $this->_render("admin/groups/edit.html");
  189. }
  190. public function group_delete($f3, $params) {
  191. $group = new \Model\User();
  192. $group->load($params["id"]);
  193. $group->delete();
  194. if($f3->get("AJAX")) {
  195. $this->_printJson(array("deleted" => 1) + $group->cast());
  196. } else {
  197. $f3->reroute("/admin/groups");
  198. }
  199. }
  200. public function group_ajax($f3) {
  201. if(!$f3->get("AJAX")) {
  202. $f3->error(400);
  203. }
  204. $group = new \Model\User();
  205. $group->load(array("id = ? AND deleted_date IS NULL AND role = 'group'", $f3->get("POST.group_id")));
  206. if(!$group->id) {
  207. $f3->error(404);
  208. return;
  209. }
  210. switch($f3->get('POST.action')) {
  211. case "add_member":
  212. foreach($f3->get("POST.user") as $user_id) {
  213. $user_group = new \Model\User\Group();
  214. $user_group->load(array("user_id = ? AND group_id = ?", $user_id, $f3->get("POST.group_id")));
  215. if(!$user_group->id) {
  216. $user_group->group_id = $f3->get("POST.group_id");
  217. $user_group->user_id = $user_id;
  218. $user_group->save();
  219. } else {
  220. // user already in group
  221. }
  222. }
  223. break;
  224. case "remove_member":
  225. $user_group = new \Model\User\Group();
  226. $user_group->load(array("user_id = ? AND group_id = ?", $f3->get("POST.user_id"), $f3->get("POST.group_id")));
  227. $user_group->delete();
  228. $this->_printJson(array("deleted" => 1));
  229. break;
  230. case "change_title":
  231. $group->name = trim($f3->get("POST.name"));
  232. $group->username = \Web::instance()->slug($group->name);
  233. $group->save();
  234. $this->_printJson(array("changed" => 1));
  235. break;
  236. }
  237. }
  238. public function group_setmanager($f3, $params) {
  239. $db = $f3->get("db.instance");
  240. $group = new \Model\User();
  241. $group->load(array("id = ? AND deleted_date IS NULL AND role = 'group'", $params["id"]));
  242. if(!$group->id) {
  243. $f3->error(404);
  244. return;
  245. }
  246. // Remove Manager status from all members and set manager status on specified user
  247. $db->exec("UPDATE user_group SET manager = 0 WHERE group_id = ?", $group->id);
  248. $db->exec("UPDATE user_group SET manager = 1 WHERE id = ?", $params["user_group_id"]);
  249. $f3->reroute("/admin/groups/" . $group->id);
  250. }
  251. public function sprints($f3) {
  252. $f3->set("title", "Manage Sprints");
  253. $sprints = new \Model\Sprint();
  254. $f3->set("sprints", $sprints->find());
  255. $this->_render("admin/sprints.html");
  256. }
  257. public function sprint_new($f3) {
  258. $f3->set("title", "New Sprint");
  259. if($post = $f3->get("POST")) {
  260. if(empty($post["start_date"]) || empty($post["end_date"])) {
  261. $f3->set("error", "Start and end date are required");
  262. $this->_render("admin/sprints/new.html");
  263. return;
  264. }
  265. $start = strtotime($post["start_date"]);
  266. $end = strtotime($post["end_date"]);
  267. if($end <= $start) {
  268. $f3->set("error", "End date must be after start date");
  269. $this->_render("admin/sprints/new.html");
  270. return;
  271. }
  272. $sprint = new \Model\Sprint();
  273. $sprint->name = trim($post["name"]);
  274. $sprint->start_date = date("Y-m-d", $start);
  275. $sprint->end_date = date("Y-m-d", $end);
  276. $sprint->save();
  277. $f3->reroute("/admin/sprints");
  278. return;
  279. }
  280. $this->_render("admin/sprints/new.html");
  281. }
  282. public function sprint_edit($f3, $params) {
  283. $f3->set("title", "Edit Sprint");
  284. $sprint = new \Model\Sprint;
  285. $sprint->load($params["id"]);
  286. if(!$sprint->id) {
  287. $f3->error(404);
  288. return;
  289. }
  290. if($post = $f3->get("POST")) {
  291. if(empty($post["start_date"]) || empty($post["end_date"])) {
  292. $f3->set("error", "Start and end date are required");
  293. $this->_render("admin/sprints/edit.html");
  294. return;
  295. }
  296. $start = strtotime($post["start_date"]);
  297. $end = strtotime($post["end_date"]);
  298. if($end <= $start) {
  299. $f3->set("error", "End date must be after start date");
  300. $this->_render("admin/sprints/edit.html");
  301. return;
  302. }
  303. $sprint->name = trim($post["name"]);
  304. $sprint->start_date = date("Y-m-d", $start);
  305. $sprint->end_date = date("Y-m-d", $end);
  306. $sprint->save();
  307. $f3->reroute("/admin/sprints");
  308. return;
  309. }
  310. $f3->set("sprint", $sprint);
  311. $this->_render("admin/sprints/edit.html");
  312. }
  313. }