admin.php 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487
  1. <?php
  2. namespace Controller;
  3. class Admin extends \Controller {
  4. protected $_userId;
  5. public function __construct() {
  6. $this->_userId = $this->_requireAdmin();
  7. \Base::instance()->set("menuitem", "admin");
  8. }
  9. public function index($f3) {
  10. $f3->set("title", $f3->get("dict.administration"));
  11. $f3->set("menuitem", "admin");
  12. if($f3->get("POST.action") == "clearcache") {
  13. \Cache::instance()->reset();
  14. $f3->set("success", "Cache cleared successfully.");
  15. }
  16. $db = $f3->get("db.instance");
  17. // Gather some stats
  18. $result = $db->exec("SELECT COUNT(id) AS `count` FROM user WHERE deleted_date IS NULL AND role != 'group'");
  19. $f3->set("count_user", $result[0]["count"]);
  20. $result = $db->exec("SELECT COUNT(id) AS `count` FROM issue WHERE deleted_date IS NULL");
  21. $f3->set("count_issue", $result[0]["count"]);
  22. $result = $db->exec("SELECT COUNT(id) AS `count` FROM issue_update");
  23. $f3->set("count_issue_update", $result[0]["count"]);
  24. $result = $db->exec("SELECT COUNT(id) AS `count` FROM issue_comment");
  25. $f3->set("count_issue_comment", $result[0]["count"]);
  26. $result = $db->exec("SELECT value as version FROM config WHERE attribute = 'version'");
  27. $f3->set("version", $result[0]["version"]);
  28. if($f3->get("CACHE") == "apc") {
  29. $f3->set("apc_stats", apc_cache_info("user", true));
  30. }
  31. $this->_render("admin/index.html");
  32. }
  33. public function config($f3) {
  34. $f3->set("title", $f3->get("dict.configuration"));
  35. $this->_render("admin/config.html");
  36. }
  37. public function config_post_saveattribute($f3) {
  38. $attribute = str_replace("-", ".", $f3->get("POST.attribute"));
  39. $value = $f3->get("POST.value");
  40. $response = array("error" => null);
  41. if(!$attribute) {
  42. $response["error"] = "No attribute specified.";
  43. $this->_printJson($response);
  44. return;
  45. }
  46. $config = new \Model\Config;
  47. $config->load(array("attribute = ?", $attribute));
  48. $config->attribute = $attribute;
  49. switch($attribute) {
  50. case "site-name":
  51. if(trim($value)) {
  52. $config->value = $value;
  53. $config->save();
  54. } else {
  55. $response["error"] = "Site name cannot be empty.";
  56. }
  57. break;
  58. case "site-timezone":
  59. if(in_array($value, timezone_identifiers_list())) {
  60. $config->value = $value;
  61. $config->save();
  62. } else {
  63. $response["error"] = "Timezone is invalid.";
  64. }
  65. break;
  66. default:
  67. $config->value = $value;
  68. $config->save();
  69. }
  70. if(!$response["error"]) {
  71. $repsonse["attribute"] = $attribute;
  72. $repsonse["value"] = $value;
  73. }
  74. $this->_printJson($response);
  75. }
  76. public function plugins($f3) {
  77. $f3->set("title", $f3->get("dict.plugins"));
  78. $this->_render("admin/plugins.html");
  79. }
  80. public function plugin_single($f3, $params) {
  81. $this->_userId = $this->_requireAdmin(5);
  82. $plugins = $f3->get("plugins");
  83. if($plugin = $plugins[$params["id"]]) {
  84. $f3->set("title", $plugin->_package());
  85. $f3->set("plugin", $plugin);
  86. $this->_render("admin/plugins/single.html");
  87. } else {
  88. $f3->error(404);
  89. }
  90. }
  91. public function users($f3) {
  92. $f3->set("title", $f3->get("dict.users"));
  93. $users = new \Model\User();
  94. $f3->set("users", $users->find("deleted_date IS NULL AND role != 'group'"));
  95. $f3->set("select_users", $users->find("deleted_date IS NULL AND role != 'group'", array("order" => "name ASC")));
  96. $this->_render("admin/users.html");
  97. }
  98. public function deleted_users($f3) {
  99. $f3->set("title", $f3->get("dict.users"));
  100. $users = new \Model\User();
  101. $f3->set("users", $users->find("deleted_date IS NOT NULL AND role != 'group'"));
  102. $this->_render("admin/users/deleted.html");
  103. }
  104. public function user_edit($f3, $params) {
  105. $f3->set("title", $f3->get("dict.edit_user"));
  106. $user = new \Model\User();
  107. $user->load($params["id"]);
  108. if($user->id) {
  109. if($user->rank > $f3->get("user.rank")) {
  110. $f3->error(403, "You are not authorized to edit this user.");
  111. return;
  112. }
  113. $f3->set("this_user", $user);
  114. $this->_render("admin/users/edit.html");
  115. } else {
  116. $f3->error(404, "User does not exist.");
  117. }
  118. }
  119. public function user_new($f3) {
  120. $f3->set("title", $f3->get("dict.new_user"));
  121. $f3->set("rand_color", sprintf("#%02X%02X%02X", mt_rand(0, 0xFF), mt_rand(0, 0xFF), mt_rand(0, 0xFF)));
  122. $this->_render("admin/users/edit.html");
  123. }
  124. public function user_save($f3) {
  125. $security = \Helper\Security::instance();
  126. $user = new \Model\User;
  127. // Load current user if set, otherwise validate fields for new user
  128. if($user_id = $f3->get("POST.user_id")) {
  129. $f3->set("title", $f3->get("dict.edit_user"));
  130. $user->load($user_id);
  131. $f3->set("this_user", $user);
  132. } else {
  133. $f3->set("title", $f3->get("dict.new_user"));
  134. // Verify a password is being set
  135. if(!$f3->get("POST.password")) {
  136. $f3->set("error", "User already exists with this username");
  137. $this->_render("admin/users/edit.html");
  138. return;
  139. }
  140. // Check for existing users with same info
  141. $user->load(array("username = ?", $f3->get("POST.username")));
  142. if($user->id) {
  143. $f3->set("error", "User already exists with this username");
  144. $this->_render("admin/users/edit.html");
  145. return;
  146. }
  147. $user->load(array("email = ?", $f3->get("POST.email")));
  148. if($user->id) {
  149. $f3->set("error", "User already exists with this email address");
  150. $this->_render("admin/users/edit.html");
  151. return;
  152. }
  153. // Set new user fields
  154. $user->api_key = $security->salt_sha1();
  155. $user->created_date = $this->now();
  156. }
  157. // Validate password if being set
  158. if($f3->get("POST.password")) {
  159. if($f3->get("POST.password") != $f3->get("POST.password_confirm")) {
  160. $f3->set("error", "Passwords do not match");
  161. $this->_render("admin/users/edit.html");
  162. return;
  163. }
  164. $min = $f3->get("security.min_pass_len");
  165. if(strlen($f3->get("POST.password")) < $min) {
  166. $f3->set("error", "Passwords must be at least {$min} characters");
  167. $this->_render("admin/users/edit.html");
  168. return;
  169. }
  170. // Check if giving user temporary or permanent password
  171. if($f3->get("POST.temporary_password")) {
  172. $user->salt = null;
  173. $user->password = $security->hash($f3->get("POST.password"), "");
  174. } else {
  175. $user->salt = $security->salt();
  176. $user->password = $security->hash($f3->get("POST.password"), $user->salt);
  177. }
  178. }
  179. // Set basic fields
  180. $user->username = $f3->get("POST.username");
  181. $user->email = $f3->get("POST.email");
  182. $user->name = $f3->get("POST.name");
  183. if($user->id != $f3->get("user.id")) {
  184. // Don't allow user to change own rank
  185. $user->rank = $f3->get("POST.rank");
  186. }
  187. $user->role = $user->rank < 4 ? 'user' : 'admin';
  188. $user->task_color = ltrim($f3->get("POST.task_color"), "#");
  189. // Save user
  190. $user->save();
  191. $f3->reroute("/admin/users#" . $user->id);
  192. }
  193. public function user_delete($f3, $params) {
  194. $user = new \Model\User();
  195. $user->load($params["id"]);
  196. if(!$user->id) {
  197. $f3->reroute("/admin/users");
  198. return;
  199. }
  200. // Reassign issues if requested
  201. if($f3->get("POST.reassign")) {
  202. switch ($f3->get("POST.reassign")) {
  203. case "unassign":
  204. $user->reassignIssues(null);
  205. break;
  206. case "to-user":
  207. $user->reassignIssues($f3->get("POST.reassign-to"));
  208. break;
  209. }
  210. }
  211. $user->delete();
  212. if($f3->get("AJAX")) {
  213. $this->_printJson(array("deleted" => 1));
  214. } else {
  215. $f3->reroute("/admin/users");
  216. }
  217. }
  218. public function user_undelete($f3, $params) {
  219. $user = new \Model\User();
  220. $user->load($params["id"]);
  221. if(!$user->id) {
  222. $f3->reroute("/admin/users");
  223. return;
  224. }
  225. $user->deleted_date = null;
  226. $user->save();
  227. if($f3->get("AJAX")) {
  228. $this->_printJson(array("deleted" => 1));
  229. } else {
  230. $f3->reroute("/admin/users");
  231. }
  232. }
  233. public function groups($f3) {
  234. $f3->set("title", $f3->get("dict.groups"));
  235. $group = new \Model\User();
  236. $groups = $group->find("deleted_date IS NULL AND role = 'group'");
  237. $group_array = array();
  238. $db = $f3->get("db.instance");
  239. foreach($groups as $g) {
  240. $db->exec("SELECT g.id FROM user_group g JOIN user u ON g.user_id = u.id WHERE g.group_id = ? AND u.deleted_date IS NULL", $g["id"]);
  241. $count = $db->count();
  242. $group_array[] = array(
  243. "id" => $g["id"],
  244. "name" => $g["name"],
  245. "task_color" => $g["task_color"],
  246. "count" => $count
  247. );
  248. }
  249. $f3->set("groups", $group_array);
  250. $this->_render("admin/groups.html");
  251. }
  252. public function group_new($f3) {
  253. $f3->set("title", $f3->get("dict.groups"));
  254. if($f3->get("POST")) {
  255. $group = new \Model\User();
  256. $group->name = $f3->get("POST.name");
  257. $group->username = \Web::instance()->slug($group->name);
  258. $group->role = "group";
  259. $group->task_color = sprintf("%02X%02X%02X", mt_rand(0, 0xFF), mt_rand(0, 0xFF), mt_rand(0, 0xFF));
  260. $group->created_date = $this->now();
  261. $group->save();
  262. $f3->reroute("/admin/groups");
  263. } else {
  264. $f3->error(405);
  265. }
  266. }
  267. public function group_edit($f3, $params) {
  268. $f3->set("title", $f3->get("dict.groups"));
  269. $group = new \Model\User();
  270. $group->load(array("id = ? AND deleted_date IS NULL AND role = 'group'", $params["id"]));
  271. $f3->set("group", $group);
  272. $members = new \Model\Custom("user_group_user");
  273. $f3->set("members", $members->find(array("group_id = ? AND deleted_date IS NULL", $group->id)));
  274. $users = new \Model\User();
  275. $f3->set("users", $users->find("deleted_date IS NULL AND role != 'group'", array("order" => "name ASC")));
  276. $this->_render("admin/groups/edit.html");
  277. }
  278. public function group_delete($f3, $params) {
  279. $group = new \Model\User();
  280. $group->load($params["id"]);
  281. $group->delete();
  282. if($f3->get("AJAX")) {
  283. $this->_printJson(array("deleted" => 1) + $group->cast());
  284. } else {
  285. $f3->reroute("/admin/groups");
  286. }
  287. }
  288. public function group_ajax($f3) {
  289. if(!$f3->get("AJAX")) {
  290. $f3->error(400);
  291. }
  292. $group = new \Model\User();
  293. $group->load(array("id = ? AND deleted_date IS NULL AND role = 'group'", $f3->get("POST.group_id")));
  294. if(!$group->id) {
  295. $f3->error(404);
  296. return;
  297. }
  298. switch($f3->get('POST.action')) {
  299. case "add_member":
  300. foreach($f3->get("POST.user") as $user_id) {
  301. $user_group = new \Model\User\Group();
  302. $user_group->load(array("user_id = ? AND group_id = ?", $user_id, $f3->get("POST.group_id")));
  303. if(!$user_group->id) {
  304. $user_group->group_id = $f3->get("POST.group_id");
  305. $user_group->user_id = $user_id;
  306. $user_group->save();
  307. } else {
  308. // user already in group
  309. }
  310. }
  311. break;
  312. case "remove_member":
  313. $user_group = new \Model\User\Group();
  314. $user_group->load(array("user_id = ? AND group_id = ?", $f3->get("POST.user_id"), $f3->get("POST.group_id")));
  315. $user_group->delete();
  316. $this->_printJson(array("deleted" => 1));
  317. break;
  318. case "change_title":
  319. $group->name = trim($f3->get("POST.name"));
  320. $group->username = \Web::instance()->slug($group->name);
  321. $group->save();
  322. $this->_printJson(array("changed" => 1));
  323. break;
  324. }
  325. }
  326. public function group_setmanager($f3, $params) {
  327. $db = $f3->get("db.instance");
  328. $group = new \Model\User();
  329. $group->load(array("id = ? AND deleted_date IS NULL AND role = 'group'", $params["id"]));
  330. if(!$group->id) {
  331. $f3->error(404);
  332. return;
  333. }
  334. // Remove Manager status from all members and set manager status on specified user
  335. $db->exec("UPDATE user_group SET manager = 0 WHERE group_id = ?", $group->id);
  336. $db->exec("UPDATE user_group SET manager = 1 WHERE id = ?", $params["user_group_id"]);
  337. $f3->reroute("/admin/groups/" . $group->id);
  338. }
  339. public function sprints($f3) {
  340. $f3->set("title", $f3->get("dict.sprints"));
  341. $sprints = new \Model\Sprint();
  342. $f3->set("sprints", $sprints->find());
  343. $this->_render("admin/sprints.html");
  344. }
  345. public function sprint_new($f3) {
  346. $f3->set("title", $f3->get("dict.sprints"));
  347. if($post = $f3->get("POST")) {
  348. if(empty($post["start_date"]) || empty($post["end_date"])) {
  349. $f3->set("error", "Start and end date are required");
  350. $this->_render("admin/sprints/new.html");
  351. return;
  352. }
  353. $start = strtotime($post["start_date"]);
  354. $end = strtotime($post["end_date"]);
  355. if($end <= $start) {
  356. $f3->set("error", "End date must be after start date");
  357. $this->_render("admin/sprints/new.html");
  358. return;
  359. }
  360. $sprint = new \Model\Sprint();
  361. $sprint->name = trim($post["name"]);
  362. $sprint->start_date = date("Y-m-d", $start);
  363. $sprint->end_date = date("Y-m-d", $end);
  364. $sprint->save();
  365. $f3->reroute("/admin/sprints");
  366. return;
  367. }
  368. $this->_render("admin/sprints/new.html");
  369. }
  370. public function sprint_edit($f3, $params) {
  371. $f3->set("title", $f3->get("dict.sprints"));
  372. $sprint = new \Model\Sprint;
  373. $sprint->load($params["id"]);
  374. if(!$sprint->id) {
  375. $f3->error(404);
  376. return;
  377. }
  378. if($post = $f3->get("POST")) {
  379. if(empty($post["start_date"]) || empty($post["end_date"])) {
  380. $f3->set("error", "Start and end date are required");
  381. $this->_render("admin/sprints/edit.html");
  382. return;
  383. }
  384. $start = strtotime($post["start_date"]);
  385. $end = strtotime($post["end_date"]);
  386. if($end <= $start) {
  387. $f3->set("error", "End date must be after start date");
  388. $this->_render("admin/sprints/edit.html");
  389. return;
  390. }
  391. $sprint->name = trim($post["name"]);
  392. $sprint->start_date = date("Y-m-d", $start);
  393. $sprint->end_date = date("Y-m-d", $end);
  394. $sprint->save();
  395. $f3->reroute("/admin/sprints");
  396. return;
  397. }
  398. $f3->set("sprint", $sprint);
  399. $this->_render("admin/sprints/edit.html");
  400. }
  401. }