Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
require confirmation on enable and disable user links
  • Loading branch information
lachlan-00 committed Sep 6, 2021
1 parent 0a8ae19 commit bcdd8bb
Show file tree
Hide file tree
Showing 7 changed files with 208 additions and 29 deletions.
1 change: 1 addition & 0 deletions docs/CHANGELOG.md
Expand Up @@ -6,6 +6,7 @@

* Split search items in WebUI into optgroup categories
* Add en_AU as a locale
* Require confirmation on enable/disable user links

### Changed

Expand Down
4 changes: 4 additions & 0 deletions public/admin/users.php
Expand Up @@ -25,6 +25,8 @@

use Ampache\Module\Application\Admin\User\AddUserAction;
use Ampache\Module\Application\Admin\User\ConfirmDeleteAction;
use Ampache\Module\Application\Admin\User\ConfirmDisableAction;
use Ampache\Module\Application\Admin\User\ConfirmEnableAction;
use Ampache\Module\Application\Admin\User\DeleteAction;
use Ampache\Module\Application\Admin\User\DeleteAvatarAction;
use Ampache\Module\Application\Admin\User\DisableAction;
Expand Down Expand Up @@ -64,7 +66,9 @@
ConfirmDeleteAction::REQUEST_KEY => ConfirmDeleteAction::class,
ShowEditAction::REQUEST_KEY => ShowEditAction::class,
DisableAction::REQUEST_KEY => DisableAction::class,
ConfirmDisableAction::REQUEST_KEY => ConfirmDisableAction::class,
EnableAction::REQUEST_KEY => EnableAction::class,
ConfirmEnableAction::REQUEST_KEY => ConfirmEnableAction::class,
AddUserAction::REQUEST_KEY => AddUserAction::class,
UpdateUserAction::REQUEST_KEY => UpdateUserAction::class,
],
Expand Down
1 change: 0 additions & 1 deletion src/Module/Application/Admin/User/ConfirmDeleteAction.php
Expand Up @@ -81,7 +81,6 @@ protected function handle(ServerRequestInterface $request): ?ResponseInterface
);
}


$this->ui->showQueryStats();
$this->ui->showFooter();

Expand Down
94 changes: 94 additions & 0 deletions src/Module/Application/Admin/User/ConfirmDisableAction.php
@@ -0,0 +1,94 @@
<?php
/*
* vim:set softtabstop=4 shiftwidth=4 expandtab:
*
* LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
* Copyright 2001 - 2020 Ampache.org
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/

declare(strict_types=0);

namespace Ampache\Module\Application\Admin\User;

use Ampache\Config\ConfigContainerInterface;
use Ampache\Config\ConfigurationKeyEnum;
use Ampache\Module\User\UserStateTogglerInterface;
use Ampache\Repository\Model\ModelFactoryInterface;
use Ampache\Module\Application\Exception\AccessDeniedException;
use Ampache\Module\System\Core;
use Ampache\Module\Util\UiInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

final class ConfirmDisableAction extends AbstractUserAction
{
public const REQUEST_KEY = 'confirm_disable';

private UiInterface $ui;

private ModelFactoryInterface $modelFactory;

private ConfigContainerInterface $configContainer;

private UserStateTogglerInterface $userStateToggler;

public function __construct(
UiInterface $ui,
ModelFactoryInterface $modelFactory,
ConfigContainerInterface $configContainer,
UserStateTogglerInterface $userStateToggler
) {
$this->ui = $ui;
$this->modelFactory = $modelFactory;
$this->configContainer = $configContainer;
$this->userStateToggler = $userStateToggler;
}

protected function handle(ServerRequestInterface $request): ?ResponseInterface
{
if ($this->configContainer->isFeatureEnabled(ConfigurationKeyEnum::DEMO_MODE) === true) {
return null;
}

if (!Core::form_verify('disable_user')) {
throw new AccessDeniedException();
}
$this->ui->showHeader();

$user = $this->modelFactory->createUser((int) Core::get_request('user_id'));

if ($this->userStateToggler->disable($user) === true) {
$this->ui->showConfirmation(
T_('No Problem'),
/* HINT: Username and fullname together: Username (fullname) */
sprintf(T_('%s (%s) has been disabled'), $user->username, $user->fullname),
'admin/users.php'
);
} else {
$this->ui->showConfirmation(
T_('There Was a Problem'),
T_('You need at least one active Administrator account'),
'admin/users.php'
);
}

$this->ui->showQueryStats();
$this->ui->showFooter();

return null;
}
}
88 changes: 88 additions & 0 deletions src/Module/Application/Admin/User/ConfirmEnableAction.php
@@ -0,0 +1,88 @@
<?php
/*
* vim:set softtabstop=4 shiftwidth=4 expandtab:
*
* LICENSE: GNU Affero General Public License, version 3 (AGPL-3.0-or-later)
* Copyright 2001 - 2020 Ampache.org
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/

declare(strict_types=0);

namespace Ampache\Module\Application\Admin\User;

use Ampache\Config\ConfigContainerInterface;
use Ampache\Config\ConfigurationKeyEnum;
use Ampache\Module\User\UserStateTogglerInterface;
use Ampache\Repository\Model\ModelFactoryInterface;
use Ampache\Module\Application\Exception\AccessDeniedException;
use Ampache\Module\System\Core;
use Ampache\Module\Util\UiInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;

final class ConfirmEnableAction extends AbstractUserAction
{
public const REQUEST_KEY = 'confirm_enable';

private UiInterface $ui;

private ModelFactoryInterface $modelFactory;

private ConfigContainerInterface $configContainer;

private UserStateTogglerInterface $userStateToggler;

public function __construct(
UiInterface $ui,
ModelFactoryInterface $modelFactory,
ConfigContainerInterface $configContainer,
UserStateTogglerInterface $userStateToggler
) {
$this->ui = $ui;
$this->modelFactory = $modelFactory;
$this->configContainer = $configContainer;
$this->userStateToggler = $userStateToggler;
}

protected function handle(ServerRequestInterface $request): ?ResponseInterface
{
if ($this->configContainer->isFeatureEnabled(ConfigurationKeyEnum::DEMO_MODE) === true) {
return null;
}

if (!Core::form_verify('enable_user')) {
throw new AccessDeniedException();
}
$this->ui->showHeader();

$user = $this->modelFactory->createUser((int) Core::get_request('user_id'));

$this->userStateToggler->enable($user);

$this->ui->showConfirmation(
T_('No Problem'),
/* HINT: Username and fullname together: Username (fullname) */
sprintf(T_('%s (%s) has been enabled'), $user->username, $user->fullname),
'admin/users.php'
);

$this->ui->showQueryStats();
$this->ui->showFooter();

return null;
}
}
33 changes: 12 additions & 21 deletions src/Module/Application/Admin/User/DisableAction.php
Expand Up @@ -25,7 +25,6 @@
namespace Ampache\Module\Application\Admin\User;

use Ampache\Repository\Model\ModelFactoryInterface;
use Ampache\Module\User\UserStateTogglerInterface;
use Ampache\Module\Util\UiInterface;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
Expand All @@ -38,38 +37,30 @@ final class DisableAction extends AbstractUserAction

private ModelFactoryInterface $modelFactory;

private UserStateTogglerInterface $userStateToggler;

public function __construct(
UiInterface $ui,
ModelFactoryInterface $modelFactory,
UserStateTogglerInterface $userStateToggler
ModelFactoryInterface $modelFactory
) {
$this->ui = $ui;
$this->modelFactory = $modelFactory;
$this->userStateToggler = $userStateToggler;
}

protected function handle(ServerRequestInterface $request): ?ResponseInterface
{
$this->ui->showHeader();

$user = $this->modelFactory->createUser((int) $request->getQueryParams()['user_id'] ?? 0);

if ($this->userStateToggler->disable($user) === true) {
$this->ui->showConfirmation(
T_('No Problem'),
/* HINT: Username and fullname together: Username (fullname) */
sprintf(T_('%s (%s) has been disabled'), $user->username, $user->fullname),
'admin/users.php'
);
} else {
$this->ui->showConfirmation(
T_('There Was a Problem'),
T_('You need at least one active Administrator account'),
'admin/users.php'
);
}
$this->ui->showConfirmation(
T_('Are You Sure?'),
/* HINT: User Fullname */
sprintf(T_('This will disable the user "%s"'), $user->fullname),
sprintf(
'admin/users.php?action=confirm_disable&amp;user_id=%s',
$user->id
),
1,
'disable_user'
);

$this->ui->showQueryStats();
$this->ui->showFooter();
Expand Down
16 changes: 9 additions & 7 deletions src/Module/Application/Admin/User/EnableAction.php
Expand Up @@ -60,14 +60,16 @@ protected function handle(ServerRequestInterface $request): ?ResponseInterface
$this->ui->showHeader();

$user = $this->modelFactory->createUser((int) $request->getQueryParams()['user_id'] ?? 0);

$this->userStateToggler->enable($user);

$this->ui->showConfirmation(
T_('No Problem'),
/* HINT: Username and fullname together: Username (fullname) */
sprintf(T_('%s (%s) has been enabled'), $user->username, $user->fullname),
'admin/users.php'
T_('Are You Sure?'),
/* HINT: User Fullname */
sprintf(T_('This will enable the user "%s"'), $user->fullname),
sprintf(
'admin/users.php?action=confirm_enable&amp;user_id=%s',
$user->id
),
1,
'enable_user'
);

$this->ui->showQueryStats();
Expand Down

0 comments on commit bcdd8bb

Please sign in to comment.