nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-18 01:31:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Validating user/collection names. Updating fullname/displayname.

Browse Source
This commit is contained in:
Andrew McMillan 2010-03-04 01:41:11 +13:00
parent 78f5026b30
commit 1959c30eed
2 changed files with 76 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
inc/ui/collection-edit.php
View File

@ -4,8 +4,10 @@
$editor = new Editor(translate('Collection'), 'collection'); $editor = new Editor(translate('Collection'), 'collection');
param_to_global('id', 'int', 'old_id', 'collection_id' ); param_to_global('id', 'int', 'old_id', 'collection_id' );
param_to_global('user_no', 'int' ); param_to_global('user_no', 'int' );
param_to_global('principal_id', 'int' );
param_to_global('collection_name', '{^.+$}' ); param_to_global('collection_name', '{^.+$}' );
if ( isset($user_no) ) $usr = GetUserByID($user_no); if ( isset($user_no) ) $usr = getUserByID($user_no);
if ( isset($principal_id) ) $usr = getPrincipalByID($principal_id);
$editor->SetLookup( 'timezone', 'SELECT \'\', \'*** Unknown ***\' UNION SELECT tz_id, tz_locn FROM time_zone WHERE tz_id = tz_locn AND length(tz_spec) > 100 ORDER BY 1' ); $editor->SetLookup( 'timezone', 'SELECT \'\', \'*** Unknown ***\' UNION SELECT tz_id, tz_locn FROM time_zone WHERE tz_id = tz_locn AND length(tz_spec) > 100 ORDER BY 1' );
$editor->SetLookup( 'schedule_transp', 'SELECT \'opaque\', \'Opaque\' UNION SELECT \'transp\', \'Transparent\'' ); $editor->SetLookup( 'schedule_transp', 'SELECT \'opaque\', \'Opaque\' UNION SELECT \'transp\', \'Transparent\'' );
@ -36,22 +38,29 @@ $params = array(
'scan_depth' => $c->permission_scan_depth 'scan_depth' => $c->permission_scan_depth
); );
$is_update = ( $_POST['_editor_action'][$editor->Id] == 'update' ); $is_update = ( $_POST['_editor_action'][$editor->Id] == 'update' );
if ( isset($collection_name) ) $collection_name = str_replace( '/', '', $collection_name); if ( isset($collection_name) ) $collection_name = trim(str_replace( '/', '', $collection_name));
if ( !$is_update && isset($collection_name) && isset($user_no) && is_object($usr) ) { if ( !$is_update && isset($collection_name) && $collection_name != '' && is_object($usr) ) {
$_POST['dav_name'] = sprintf('/%s/%s/', $usr->username, rawurlencode($collection_name) ); $_POST['dav_name'] = sprintf('/%s/%s/', $usr->username, $collection_name );
$_POST['parent_container'] = sprintf('/%s/', $usr->username ); $_POST['parent_container'] = sprintf('/%s/', $usr->username );
$params['collection_path'] = $_POST['dav_name']; $params['collection_path'] = $_POST['dav_name'];
$privsql = 'SELECT path_privs( :session_principal, :collection_path, :scan_depth) AS priv'; $privsql = 'SELECT path_privs( :session_principal, :collection_path, :scan_depth) AS priv';
} }
else { else if ( $id > 0 ) {
$params['collection_id'] = $id; $params['collection_id'] = $id;
$privsql = 'SELECT path_privs( :session_principal, dav_name, :scan_depth) AS priv FROM collection WHERE collection_id = :collection_id'; $privsql = 'SELECT path_privs( :session_principal, dav_name, :scan_depth) AS priv FROM collection WHERE collection_id = :collection_id';
} }
else {
if ( $editor->IsSubmit() && !$is_update && isset($collection_name) && $collection_name == '' ) {
$c->messages[] = i18n('The collection name may not be blank.');
}
}
$privqry = new AwlQuery( $privsql, $params ); if ( isset($privsql) ) {
$privqry->Exec('admin-collection-edit'); $privqry = new AwlQuery( $privsql, $params );
$permissions = $privqry->Fetch(); $privqry->Exec('admin-collection-edit');
$can_write_collection = ($session->AllowedTo('Admin') || ($permissions->priv & privilege_to_bits('DAV::bind')) ); $permissions = $privqry->Fetch();
$can_write_collection = ($session->AllowedTo('Admin') || ($permissions->priv & privilege_to_bits('DAV::bind')) );
}
dbg_error_log("ERROR", "Can write collection: %s", ($can_write_collection? 'yes' : 'no') ); dbg_error_log("ERROR", "Can write collection: %s", ($can_write_collection? 'yes' : 'no') );
@ -177,7 +186,7 @@ $privileges_set .= '</div>';
$prompt_collection_id = translate('Collection ID'); $prompt_collection_id = translate('Collection ID');
$value_id = ( $editor->Available() ? '##collection_id.hidden####collection_id.value##' : translate('New Collection')); $value_id = ( $editor->Available() ? '##collection_id.hidden####collection_id.value##' : translate('New Collection'));
$prompt_dav_name = translate('DAV Path'); $prompt_dav_name = translate('DAV Path');
$value_dav_name = ( $editor->Available() ? '##dav_name.value##' : '/##user_no.hidden####username.value##/ ##collection_name.input.30##' ); $value_dav_name = $c->base_url.'/caldav.php'. ( $editor->Available() ? '##dav_name.value##' : '/##user_no.hidden####username.value##/ ##collection_name.input.30##' );
$prompt_load_file = translate('Load From File'); $prompt_load_file = translate('Load From File');
$prompt_displayname = translate('Displayname'); $prompt_displayname = translate('Displayname');
$prompt_public = translate('Publicly Readable'); $prompt_public = translate('Publicly Readable');
@ -286,11 +295,12 @@ label.privilege {
margin:0.2em 1em 0.2em 0.1em; margin:0.2em 1em 0.2em 0.1em;
padding:0 0.2em; padding:0 0.2em;
line-height:1.6em; line-height:1.6em;
font-size: 87%;
} }
</style> </style>
<table> <table>
<tr> <th class="right">$prompt_collection_id:</th> <td class="left">$value_id</td> </tr> <tr> <th class="right">$prompt_collection_id:</th> <td class="left">$value_id</td> </tr>
<tr> <th class="right">$prompt_dav_name:</th> <td class="left">$c->base_name/caldav.php$value_dav_name</td> </tr> <tr> <th class="right">$prompt_dav_name:</th> <td class="left">$value_dav_name</td> </tr>
<tr> <th class="right">$prompt_load_file:</th> <td class="left">##ics_file.file.60##</td> </tr> <tr> <th class="right">$prompt_load_file:</th> <td class="left">##ics_file.file.60##</td> </tr>
<tr> <th class="right">$prompt_displayname:</th> <td class="left">##dav_displayname.input.50##</td> </tr> <tr> <th class="right">$prompt_displayname:</th> <td class="left">##dav_displayname.input.50##</td> </tr>
<tr> <th class="right">$prompt_public:</th> <td class="left">##publicly_readable.checkbox##</td> </tr> <tr> <th class="right">$prompt_public:</th> <td class="left">##publicly_readable.checkbox##</td> </tr>

66
inc/ui/principal-edit.php
View File

@ -7,6 +7,7 @@ $editor->SetLookup( 'date_format_type', "SELECT 'E', 'European' UNION SELECT 'U'
$editor->SetLookup( 'type_id', 'SELECT principal_type_id, principal_type_desc FROM principal_type ORDER BY principal_type_id' ); $editor->SetLookup( 'type_id', 'SELECT principal_type_id, principal_type_desc FROM principal_type ORDER BY principal_type_id' );
$editor->SetLookup( 'locale', 'SELECT \'\', \''.translate("*** Default Locale ***").'\' UNION SELECT locale, locale_name_locale FROM supported_locales ORDER BY 1 ASC' ); $editor->SetLookup( 'locale', 'SELECT \'\', \''.translate("*** Default Locale ***").'\' UNION SELECT locale, locale_name_locale FROM supported_locales ORDER BY 1 ASC' );
$editor->AddAttribute( 'locale', 'title', translate("The preferred language for this person.") ); $editor->AddAttribute( 'locale', 'title', translate("The preferred language for this person.") );
$editor->AddAttribute( 'fullname', 'title', translate("The full name for this person, group or other type of principal.") );
param_to_global('id', 'int', 'old_id', 'principal_id' ); param_to_global('id', 'int', 'old_id', 'principal_id' );
$editor->SetWhere( 'principal_id='.$id ); $editor->SetWhere( 'principal_id='.$id );
@ -85,10 +86,30 @@ if ( isset($_GET['subaction']) ) {
$can_write_principal = ($session->AllowedTo('Admin') || $session->principal_id == $id ); $can_write_principal = ($session->AllowedTo('Admin') || $session->principal_id == $id );
$post_values = false;
if ( isset($_POST['xxxxusername']) ) {
$_POST['xxxxusername'] = trim(str_replace('/', '', $_POST['xxxxusername']));
if ( $_POST['xxxxusername'] == '' ) {
$c->messages[] = i18n("The username must not be blank, and may not contain a slash");
$can_write_principal = false;
}
};
if ( isset($_POST['fullname']) && trim($_POST['fullname']) == '' ) {
$c->messages[] = i18n("The full name must not be blank.");
$can_write_principal = false;
};
if ( isset($_POST['email']) && trim($_POST['email']) == '' ) {
$c->messages[] = i18n("The email address really should not be blank.");
}
$pwstars = '@@@@@@@@@@'; $pwstars = '@@@@@@@@@@';
if ( $can_write_principal && $editor->IsSubmit() ) { if ( $can_write_principal && $editor->IsSubmit() ) {
$editor->WhereNewRecord( "principal_id=(SELECT CURRVAL('dav_id_seq'))" ); $editor->WhereNewRecord( "principal_id=(SELECT CURRVAL('dav_id_seq'))" );
if ( ! $session->AllowedTo('Admin') ) unset($_POST['admin_role']); if ( ! $session->AllowedTo('Admin') ) {
unset($_POST['admin_role']);
unset($_POST['user_active']);
}
unset($_POST['password']); unset($_POST['password']);
if ( $_POST['newpass1'] != '' && $_POST['newpass1'] != $pwstars ) { if ( $_POST['newpass1'] != '' && $_POST['newpass1'] != $pwstars ) {
if ( $_POST['newpass1'] == $_POST['newpass2'] ) { if ( $_POST['newpass1'] == $_POST['newpass2'] ) {
@ -98,6 +119,9 @@ if ( $can_write_principal && $editor->IsSubmit() ) {
$c->messages[] = "Password not updated. The supplied passwords do not match."; $c->messages[] = "Password not updated. The supplied passwords do not match.";
} }
} }
if ( isset($_POST['fullname']) && !isset($_POST['displayname']) ) {
$_POST['displayname'] = $_POST['fullname'];
}
if ( isset($_POST['default_privileges']) ) { if ( isset($_POST['default_privileges']) ) {
$privilege_bitpos = array_flip($privilege_names); $privilege_bitpos = array_flip($privilege_names);
$priv_names = array_keys($_POST['default_privileges']); $priv_names = array_keys($_POST['default_privileges']);
@ -133,6 +157,9 @@ if ( $can_write_principal && $editor->IsSubmit() ) {
} }
else { else {
$editor->GetRecord(); $editor->GetRecord();
if ( $editor->IsSubmit() ) {
$post_values = true;
}
} }
if ( $editor->Available() ) { if ( $editor->Available() ) {
$c->page_title = $editor->Title(translate('Principal').': '.$editor->Value('fullname')); $c->page_title = $editor->Title(translate('Principal').': '.$editor->Value('fullname'));
@ -142,9 +169,23 @@ else {
$privs = decbin(privilege_to_bits($c->default_privileges)); $privs = decbin(privilege_to_bits($c->default_privileges));
$editor->Assign('default_privileges', $privs); $editor->Assign('default_privileges', $privs);
$editor->Assign('user_active', 't'); $editor->Assign('user_active', 't');
foreach( $c->template_usr AS $k => $v ) {
$editor->Assign($k, $v);
}
}
if ( $post_values ) {
$editor->PostToValues();
if ( isset($_POST['default_privileges']) ) {
$privilege_bitpos = array_flip($privilege_names);
$priv_names = array_keys($_POST['default_privileges']);
$privs = privilege_to_bits($priv_names);
$_POST['default_privileges'] = sprintf('%024s',decbin($privs));
$editor->Assign('default_privileges', $_POST['default_privileges']);
}
} }
$privilege_xlate = array( $privilege_xlate = array(
'all' => translate('All privileges'),
'read' => translate('Read'), 'read' => translate('Read'),
'write-properties' => translate('Write Metadata'), 'write-properties' => translate('Write Metadata'),
'write-content' => translate('Write Data'), 'write-content' => translate('Write Data'),
@ -199,10 +240,12 @@ for( $i=0; $i<count($privilege_names); $i++ ) {
$privileges_set .= '</div>'; $privileges_set .= '</div>';
$prompt_principal_id = translate('Principal ID'); $prompt_principal_id = translate('Principal ID');
$value_id = ( $editor->Available() ? '##principal_id.hidden####principal_id.value##' : translate('New Principal'));
$prompt_username = translate('Username'); $prompt_username = translate('Username');
$prompt_password_1 = translate('Change Password'); $prompt_password_1 = translate('Change Password');
$prompt_password_1 = translate('Confirm Password'); $prompt_password_1 = translate('Confirm Password');
$prompt_fullname = translate('Fullname'); $prompt_fullname = translate('Fullname');
$prompt_displayname = translate('Display Name');
$prompt_email = translate('Email Address'); $prompt_email = translate('Email Address');
$prompt_date_format = translate('Date Format Style'); $prompt_date_format = translate('Date Format Style');
$prompt_admin = translate('Administrator'); $prompt_admin = translate('Administrator');
@ -274,23 +317,24 @@ label.privilege {
margin:0.2em 1em 0.2em 0.1em; margin:0.2em 1em 0.2em 0.1em;
padding:0 0.2em; padding:0 0.2em;
line-height:1.6em; line-height:1.6em;
font-size:87%;
} }
</style> </style>
<table> <table>
<tr> <th class="right">$prompt_principal_id:</th><td class="left"> <tr> <th class="right">$prompt_principal_id:</th><td class="left">
<table width="100%" class="form_inner"><tr> <table width="100%" class="form_inner"><tr>
<td>##principal_id.value##</td> <td>$value_id</td>
<td align="right">$delete_principal_button</td> <td align="right">$delete_principal_button</td>
</tr></table> </tr></table>
</td></tr> </td></tr>
<tr> <th class="right">$prompt_username:</th> <td class="left">##xxxxusername.input.50##</td> </tr> <tr> <th class="right">$prompt_username:</th> <td class="left">##xxxxusername.input.50##</td> </tr>
<tr> <th class="right">$prompt_password_1:</th> <td class="left">##newpass1.password.$pwstars##</td> </tr> <tr> <th class="right">$prompt_password_1:</th> <td class="left">##newpass1.password.$pwstars##</td> </tr>
<tr> <th class="right">$prompt_password_1:</th> <td class="left">##newpass2.password.$pwstars##</td> </tr> <tr> <th class="right">$prompt_password_1:</th> <td class="left">##newpass2.password.$pwstars##</td> </tr>
<tr> <th class="right">$prompt_fullname:</th> <td class="left">##fullname.input.50##</td> </tr> <tr> <th class="right">$prompt_fullname:</th> <td class="left">##fullname.input.50##</td> </tr>
<tr> <th class="right">$prompt_email:</th> <td class="left">##email.input.50##</td> </tr> <tr> <th class="right">$prompt_email:</th> <td class="left">##email.input.50##</td> </tr>
<tr> <th class="right">$prompt_locale:</th> <td class="left">##locale.select##</td> </tr> <tr> <th class="right">$prompt_locale:</th> <td class="left">##locale.select##</td> </tr>
<tr> <th class="right">$prompt_date_format:</th> <td class="left">##date_format_type.select##</td> </tr> <tr> <th class="right">$prompt_date_format:</th> <td class="left">##date_format_type.select##</td> </tr>
<tr> <th class="right">$prompt_type:</th> <td class="left">##type_id.select##</td> </tr> <tr> <th class="right">$prompt_type:</th> <td class="left">##type_id.select##</td> </tr>
$admin_row_entry $admin_row_entry
<tr> <th class="right">$prompt_privileges:</th><td class="left"> <tr> <th class="right">$prompt_privileges:</th><td class="left">
<input type="button" value="$btn_all" class="submit" title="$btn_all_title" onclick="toggle_privileges('default_privileges', 'all', 'editor_1');"> <input type="button" value="$btn_all" class="submit" title="$btn_all_title" onclick="toggle_privileges('default_privileges', 'all', 'editor_1');">
@ -356,7 +400,7 @@ if ( isset($id) ) {
if ( $editor->Value('type_id') == 3 ) { if ( $editor->Value('type_id') == 3 ) {
$grouprow = new Editor("Group Members", "group_member"); $grouprow = new Editor("Group Members", "group_member");
$grouprow->SetLookup( 'member_id', 'SELECT principal_id, displayname FROM dav_principal WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.')'); $grouprow->SetLookup( 'member_id', 'SELECT principal_id, coalesce(displayname,fullname,username) FROM dav_principal WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.')');
$grouprow->SetSubmitName( 'savegrouprow' ); $grouprow->SetSubmitName( 'savegrouprow' );
if ( $can_write_principal ) { if ( $can_write_principal ) {
@ -446,7 +490,7 @@ EOTEMPLATE;
if ( isset($_GET['edit_grant']) ) { if ( isset($_GET['edit_grant']) ) {
$edit_grant_clause = ' AND to_principal != '.intval($_GET['edit_grant']); $edit_grant_clause = ' AND to_principal != '.intval($_GET['edit_grant']);
} }
$grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE principal_id NOT IN (SELECT to_principal FROM grants WHERE by_principal = '.$id.$edit_grant_clause.')' ); $grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE principal_id NOT IN (SELECT to_principal FROM grants WHERE by_principal = '.$id.$edit_grant_clause.') ORDER BY fullname' );
if ( $can_write_principal ) { if ( $can_write_principal ) {
if ( $grantrow->IsSubmit() ) { if ( $grantrow->IsSubmit() ) {
if ( $grantrow->IsUpdate() ) if ( $grantrow->IsUpdate() )