Commit 79480f37 authored by Quentin Ribac's avatar Quentin Ribac
Browse files

FEAT #17436 TIME 0:45 permissions in POST/users; groups field in PUT/users/{id}

parent 996664a9
......@@ -273,39 +273,52 @@ class GroupController
return $response->withStatus(204);
}
public function addUser(Request $request, Response $response, array $aArgs)
public function addUser(Request $request, Response $response, array $args)
{
if (!PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_groups']) && !PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_users'])) {
$hasGroupPrivilege = PrivilegeController::hasPrivilege(['userId' => $GLOBALS['id'], 'privilege' => 'manage_groups']);
$hasUserPrivilege = false;
$manageableGroups = array_column(UserController::getManageableGroups(['userId' => $GLOBALS['id']]), 'id');
$targetUserGroups = UserGroupModel::get([
'select' => ['group_id'],
'where' => ['user_id = ?'],
'data' => [$args['userId']]
]);
$targetUserGroups = array_column($targetUserGroups, 'group_id');
if (in_array($args['id'], $manageableGroups) && in_array($args['id'], $targetUserGroups)) {
$hasUserPrivilege = true;
}
if (!$hasGroupPrivilege && !$hasUserPrivilege) {
return $response->withStatus(403)->withJson(['errors' => 'Privilege forbidden']);
}
$body = $request->getParsedBody();
if (!Validator::intVal()->notEmpty()->validate($aArgs['id'])) {
if (!Validator::intVal()->notEmpty()->validate($args['id'])) {
return $response->withStatus(400)->withJson(['errors' => 'Id must be an integer']);
} elseif (!Validator::intVal()->notEmpty()->validate($body['userId'])) {
return $response->withStatus(400)->withJson(['errors' => 'userId must be an integer']);
}
$group = GroupModel::getById(['id' => $aArgs['id']]);
$group = GroupModel::getById(['id' => $args['id']]);
$user = UserModel::getById(['id' => $body['userId'], 'select' => ['firstname', 'lastname']]);
if (empty($group)) {
return $response->withStatus(400)->withJson(['errors' => 'Group not found']);
} elseif (empty($user)) {
return $response->withStatus(400)->withJson(['errors' => 'User not found']);
} elseif (UserGroupModel::hasGroup(['groupId' => $aArgs['id'], 'userId' => $body['userId']])) {
} elseif (UserGroupModel::hasGroup(['groupId' => $args['id'], 'userId' => $body['userId']])) {
return $response->withStatus(400)->withJson(['errors' => 'This user already has this group']);
}
UserGroupModel::addUser([
'groupId' => $aArgs['id'],
'groupId' => $args['id'],
'userId' => $body['userId']
]);
HistoryController::add([
'code' => 'OK',
'objectType' => 'groups',
'objectId' => $aArgs['id'],
'objectId' => $args['id'],
'type' => 'MODIFICATION',
'message' => "{userAddedToGroup} : {$user['firstname']} {$user['lastname']}"
]);
......
......@@ -225,6 +225,8 @@ class UserController
return $response->withStatus(400)->withJson(['errors' => 'Body email is empty or not a valid email']);
} elseif (!empty($body['x509Fingerprint']) && !Validator::stringType()->validate($body['x509Fingerprint'])) {
return $response->withStatus(400)->withJson(['errors' => 'Body x509Fingerprint is not a string']);
} elseif (!Validator::arrayType()->each(Validator::intType())->validate($body['groups'])) {
return $response->withStatus(400)->withJson(['errors' => 'Body groups is not an array of integers']);
}
$user = UserModel::getById(['id' => $args['id'], 'select' => [1]]);
......@@ -286,6 +288,8 @@ class UserController
'data' => [$args['id']]
]);
UserGroupModel::setUserGroups(['userId' => $args['id'], 'groups' => $body['groups']]);
HistoryController::add([
'code' => 'OK',
'objectType' => 'users',
......
......@@ -117,4 +117,30 @@ class UserGroupModel
return true;
}
public static function setUserGroups(array $args) {
ValidatorModel::notEmpty($args, ['userId']);
ValidatorModel::intVal($args, ['userId']);
ValidatorModel::arrayType($args, ['groups']);
$currentGroups = UserGroupModel::get([
'select' => ['group_id'],
'where' => ['user_id = ?'],
'data' => [$args['userId']]
]);
$currentGroups = array_column($currentGroups, 'group_id');
foreach ($currentGroups as $key => $currentGroup) {
if (!in_array($currentGroup, $args['groups'])) {
UserGroupModel::removeUser(['userId' => $args['userId'], 'groupId' => $currentGroup]);
unset($currentGroups[$key]);
}
}
foreach ($args['groups'] as $newGroup) {
if (!in_array($newGroup, $currentGroups)) {
UserGroupModel::addUser(['userId' => $args['userId'], 'groupId' => $newGroup]);
}
}
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment