Skip to content
Snippets Groups Projects
Verified Commit e1ab1a5d authored by Damien's avatar Damien
Browse files

FEAT #11645 TIME 0:45 Send account activation notification on demand

parent aa63d173
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
rest/index.php
+ 1
0
View file @ e1ab1a5d
...@@ -431,6 +431,7 @@ $app->delete('/users/{id}/signatures/{signatureId}', \User\controllers\UserContr ...@@ -431,6 +431,7 @@ $app->delete('/users/{id}/signatures/{signatureId}', \User\controllers\UserContr
$app->post('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':setRedirectedBaskets'); $app->post('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':setRedirectedBaskets');
$app->delete('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':deleteRedirectedBasket'); $app->delete('/users/{id}/redirectedBaskets', \User\controllers\UserController::class . ':deleteRedirectedBasket');
$app->put('/users/{id}/baskets', \User\controllers\UserController::class . ':updateBasketsDisplay'); $app->put('/users/{id}/baskets', \User\controllers\UserController::class . ':updateBasketsDisplay');
$app->put('/users/{id}/accountCreationNotification', \User\controllers\UserController::class . ':sendAccountActivationNotification');
$app->post('/password', \User\controllers\UserController::class . ':forgotPassword'); $app->post('/password', \User\controllers\UserController::class . ':forgotPassword');
$app->put('/password', \User\controllers\UserController::class . ':passwordInitialization'); $app->put('/password', \User\controllers\UserController::class . ':passwordInitialization');
......
src/app/user/controllers/UserController.php
+ 53
45
View file @ e1ab1a5d
...@@ -170,7 +170,7 @@ class UserController ...@@ -170,7 +170,7 @@ class UserController
]); ]);
if ($loggingMethod['id'] == 'standard') { if ($loggingMethod['id'] == 'standard') {
AuthenticationController::sendUserCreationNotification(['userId' => $existingUser['id'], 'userEmail' => $existingUser['mail']]); AuthenticationController::sendAccountActivationNotification(['userId' => $existingUser['id'], 'userEmail' => $existingUser['mail']]);
} }
return $response->withJson(['id' => $existingUser['id']]); return $response->withJson(['id' => $existingUser['id']]);
...@@ -198,7 +198,7 @@ class UserController ...@@ -198,7 +198,7 @@ class UserController
} }
if ($loggingMethod['id'] == 'standard') { if ($loggingMethod['id'] == 'standard') {
AuthenticationController::sendUserCreationNotification(['userId' => $id, 'userEmail' => $data['mail']]); AuthenticationController::sendAccountActivationNotification(['userId' => $id, 'userEmail' => $data['mail']]);
} }
HistoryController::add([ HistoryController::add([
...@@ -1443,56 +1443,64 @@ class UserController ...@@ -1443,56 +1443,64 @@ class UserController
]); ]);
} }
public function hasUsersRights(array $aArgs) public function sendAccountActivationNotification(Request $request, Response $response, array $args)
{ {
$error = [ $control = $this->hasUsersRights(['id' => $args['id']]);
'status' => 200, if (!empty($control['error'])) {
'error' => '' return $response->withStatus($control['status'])->withJson(['errors' => $control['error']]);
]; }
if (!is_numeric($aArgs['id'])) { $loggingMethod = CoreConfigModel::getLoggingMethod();
$error['status'] = 400; if ($loggingMethod['id'] != 'standard') {
$error['error'] = 'id must be an integer'; return $response->withStatus($control['status'])->withJson(['errors' => $control['error']]);
} else { }
$user = UserModel::getById(['id' => $aArgs['id'], 'select' => ['user_id']]);
if (empty($user['user_id'])) { $user = UserModel::getById(['id' => $args['id'], 'select' => ['mail']]);
$error['status'] = 400;
$error['error'] = 'User not found'; AuthenticationController::sendAccountActivationNotification(['userId' => $args['id'], 'userEmail' => $user['mail']]);
} else {
if (empty($aArgs['himself']) || $GLOBALS['userId'] != $user['user_id']) { return $response->withStatus(204);
if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_users', 'userId' => $GLOBALS['id']])) { }
$error['status'] = 403;
$error['error'] = 'Service forbidden'; public function hasUsersRights(array $args)
} {
if ($GLOBALS['userId'] != 'superadmin') { if (!is_numeric($args['id'])) {
$entities = EntityModel::getAllEntitiesByUserId(['userId' => $GLOBALS['userId']]); return ['status' => 400, 'error' => 'id must be an integer'];
$users = UserEntityModel::getWithUsers([ }
'select' => ['users.id'],
'where' => ['users_entities.entity_id in (?)', 'status != ?'], $user = UserModel::getById(['id' => $args['id'], 'select' => ['user_id']]);
'data' => [$entities, 'DEL'] if (empty($user['user_id'])) {
]); return ['status' => 400, 'error' => 'User not found'];
$usersNoEntities = UserEntityModel::getUsersWithoutEntities(['select' => ['id']]); }
$users = array_merge($users, $usersNoEntities);
$allowed = false; if (empty($args['himself']) || $GLOBALS['userId'] != $user['user_id']) {
foreach ($users as $value) { if (!PrivilegeController::hasPrivilege(['privilegeId' => 'admin_users', 'userId' => $GLOBALS['id']])) {
if ($value['id'] == $aArgs['id']) { return ['status' => 403, 'error' => 'Service forbidden'];
$allowed = true; }
} if ($GLOBALS['userId'] != 'superadmin') {
} $entities = EntityModel::getAllEntitiesByUserId(['userId' => $GLOBALS['userId']]);
if (!$allowed) { $users = UserEntityModel::getWithUsers([
$error['status'] = 403; 'select' => ['users.id'],
$error['error'] = 'UserId out of perimeter'; 'where' => ['users_entities.entity_id in (?)', 'status != ?'],
} 'data' => [$entities, 'DEL']
]);
$usersNoEntities = UserEntityModel::getUsersWithoutEntities(['select' => ['id']]);
$users = array_merge($users, $usersNoEntities);
$allowed = false;
foreach ($users as $value) {
if ($value['id'] == $args['id']) {
$allowed = true;
} }
} elseif ($aArgs['delete'] && $GLOBALS['userId'] == $user['user_id']) { }
$error['status'] = 403; if (!$allowed) {
$error['error'] = 'Can not delete yourself'; return ['status' => 403, 'error' => 'UserId out of perimeter'];
} }
} }
} elseif ($args['delete'] && $GLOBALS['userId'] == $user['user_id']) {
return ['status' => 403, 'error' => 'Can not delete yourself'];
} }
return true;
return $error;
} }
private function checkNeededParameters(array $aArgs) private function checkNeededParameters(array $aArgs)
......
src/core/controllers/AuthenticationController.php
+ 1
1
View file @ e1ab1a5d
...@@ -141,7 +141,7 @@ class AuthenticationController ...@@ -141,7 +141,7 @@ class AuthenticationController
return $jwt; return $jwt;
} }
public static function sendUserCreationNotification(array $args) public static function sendAccountActivationNotification(array $args)
{ {
$resetToken = AuthenticationController::getResetJWT(['id' => $args['userId'], 'expirationTime' => 1209600]); // 14 days $resetToken = AuthenticationController::getResetJWT(['id' => $args['userId'], 'expirationTime' => 1209600]); // 14 days
UserModel::update(['set' => ['reset_token' => $resetToken], 'where' => ['id = ?'], 'data' => [$args['userId']]]); UserModel::update(['set' => ['reset_token' => $resetToken], 'where' => ['id = ?'], 'data' => [$args['userId']]]);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment