You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
105 lines
3.3 KiB
105 lines
3.3 KiB
2 years ago
|
<?php
|
||
|
|
||
|
declare(strict_types=1);
|
||
|
|
||
|
namespace PhpMyAdmin\Controllers\Server;
|
||
|
|
||
|
use PhpMyAdmin\CheckUserPrivileges;
|
||
|
use PhpMyAdmin\ConfigStorage\Features\ConfigurableMenusFeature;
|
||
|
use PhpMyAdmin\ConfigStorage\Relation;
|
||
|
use PhpMyAdmin\Controllers\AbstractController;
|
||
|
use PhpMyAdmin\DatabaseInterface;
|
||
|
use PhpMyAdmin\ResponseRenderer;
|
||
|
use PhpMyAdmin\Template;
|
||
|
use PhpMyAdmin\Util;
|
||
|
|
||
|
use function __;
|
||
|
use function sprintf;
|
||
|
use function strlen;
|
||
|
|
||
|
final class UserGroupsFormController extends AbstractController
|
||
|
{
|
||
|
/** @var Relation */
|
||
|
private $relation;
|
||
|
|
||
|
/** @var DatabaseInterface */
|
||
|
private $dbi;
|
||
|
|
||
|
public function __construct(
|
||
|
ResponseRenderer $response,
|
||
|
Template $template,
|
||
|
Relation $relation,
|
||
|
DatabaseInterface $dbi
|
||
|
) {
|
||
|
parent::__construct($response, $template);
|
||
|
$this->relation = $relation;
|
||
|
$this->dbi = $dbi;
|
||
|
}
|
||
|
|
||
|
public function __invoke(): void
|
||
|
{
|
||
|
$this->response->setAjax(true);
|
||
|
|
||
|
if (! isset($_GET['username']) || strlen((string) $_GET['username']) === 0) {
|
||
|
$this->response->setRequestStatus(false);
|
||
|
$this->response->setHttpResponseCode(400);
|
||
|
$this->response->addJSON('message', __('Missing parameter:') . ' username');
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
$username = $_GET['username'];
|
||
|
|
||
|
$checkUserPrivileges = new CheckUserPrivileges($this->dbi);
|
||
|
$checkUserPrivileges->getPrivileges();
|
||
|
|
||
|
$configurableMenusFeature = $this->relation->getRelationParameters()->configurableMenusFeature;
|
||
|
if ($configurableMenusFeature === null) {
|
||
|
$this->response->setRequestStatus(false);
|
||
|
$this->response->setHttpResponseCode(400);
|
||
|
$this->response->addJSON('message', __('User groups management is not enabled.'));
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
$form = $this->getHtmlToChooseUserGroup($username, $configurableMenusFeature);
|
||
|
|
||
|
$this->response->addJSON('message', $form);
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Displays a dropdown to select the user group with menu items configured to each of them.
|
||
|
*/
|
||
|
private function getHtmlToChooseUserGroup(
|
||
|
string $username,
|
||
|
ConfigurableMenusFeature $configurableMenusFeature
|
||
|
): string {
|
||
|
$groupTable = Util::backquote($configurableMenusFeature->database)
|
||
|
. '.' . Util::backquote($configurableMenusFeature->userGroups);
|
||
|
$userTable = Util::backquote($configurableMenusFeature->database)
|
||
|
. '.' . Util::backquote($configurableMenusFeature->users);
|
||
|
|
||
|
$sqlQuery = sprintf(
|
||
|
'SELECT `usergroup` FROM %s WHERE `username` = \'%s\'',
|
||
|
$userTable,
|
||
|
$this->dbi->escapeString($username)
|
||
|
);
|
||
|
$userGroup = $this->dbi->fetchValue($sqlQuery, 0, DatabaseInterface::CONNECT_CONTROL);
|
||
|
|
||
|
$allUserGroups = [];
|
||
|
$sqlQuery = 'SELECT DISTINCT `usergroup` FROM ' . $groupTable;
|
||
|
$result = $this->dbi->tryQueryAsControlUser($sqlQuery);
|
||
|
if ($result) {
|
||
|
while ($row = $result->fetchRow()) {
|
||
|
$allUserGroups[$row[0]] = $row[0];
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return $this->template->render('server/privileges/choose_user_group', [
|
||
|
'all_user_groups' => $allUserGroups,
|
||
|
'user_group' => $userGroup,
|
||
|
'params' => ['username' => $username],
|
||
|
]);
|
||
|
}
|
||
|
}
|