Allow to set user admin status in dialog

This commit is contained in:
Bartek Fabiszewski 2020-02-18 17:42:40 +01:00
parent aa9d507d12
commit e6ab7d61f1
9 changed files with 202 additions and 34 deletions

View File

@ -50,6 +50,20 @@ class UserTest extends UloggerDatabaseTestCase {
$this->assertFalse($userInvalid->setPass($newPass), "Setting pass for nonexistant user should fail");
}
public function testSetAdmin() {
$this->addTestUser($this->testUser);
$this->assertEquals(1, $this->getConnection()->getRowCount('users'), "Wrong row count");
$user = new uUser($this->testUser);
$this->assertFalse((bool) $this->pdoGetColumn("SELECT admin FROM users"), "User should not be admin");
$this->assertFalse($user->isAdmin, "User should not be admin");
$user->setAdmin(true);
$this->assertTrue((bool) $this->pdoGetColumn("SELECT admin FROM users"), "User should be admin");
$this->assertTrue($user->isAdmin, "User should be admin");
$user->setAdmin(false);
$this->assertFalse((bool) $this->pdoGetColumn("SELECT admin FROM users"), "User should not be admin");
$this->assertFalse($user->isAdmin, "User should not be admin");
}
public function testGetAll() {
$this->addTestUser($this->testUser);
$this->addTestUser($this->testUser2);

View File

@ -126,6 +126,27 @@
return $ret;
}
/**
* Set user admin status
*
* @param bool $isAdmin True if is admin
* @return bool True on success, false otherwise
*/
public function setAdmin($isAdmin) {
$ret = false;
try {
$query = "UPDATE " . self::db()->table('users') . " SET admin = ? WHERE login = ?";
$stmt = self::db()->prepare($query);
$stmt->execute([ $isAdmin, $this->login ]);
$ret = true;
$this->isAdmin = $isAdmin;
} catch (PDOException $e) {
// TODO: handle exception
syslog(LOG_ERR, $e->getMessage());
}
return $ret;
}
/**
* Set user password
*

View File

@ -149,6 +149,10 @@
return self::requestString($name, $default, INPUT_GET);
}
public static function postBool($name, $default = NULL) {
return self::requestValue($name, $default, INPUT_POST, FILTER_VALIDATE_BOOLEAN);
}
public static function getBool($name, $default = NULL) {
return self::requestValue($name, $default, INPUT_GET, FILTER_VALIDATE_BOOLEAN);
}

View File

@ -31,14 +31,16 @@ export default class uUser extends uListItem {
/**
* @param {number} id
* @param {string} login
* @param {boolean=} isAdmin
*/
constructor(id, login) {
constructor(id, login, isAdmin = null) {
super();
if (!Number.isSafeInteger(id) || id <= 0) {
throw new Error('Invalid argument for user constructor');
}
this.id = id;
this.login = login;
this.isAdmin = isAdmin;
this.listItem(id, login);
}
@ -65,7 +67,7 @@ export default class uUser extends uListItem {
return uAjax.get('utils/getusers.php').then((_users) => {
const users = [];
for (const user of _users) {
users.push(new uUser(user.id, user.login));
users.push(new uUser(user.id, user.login, user.isAdmin));
}
return users;
});
@ -101,8 +103,8 @@ export default class uUser extends uListItem {
}
/**
* @param {string} password
* @param {string=} oldPassword Needed when changing own password
* @param {string} password New password
* @param {string} oldPassword Current password
* @return {Promise<void, Error>}
*/
setPassword(password, oldPassword) {
@ -113,4 +115,23 @@ export default class uUser extends uListItem {
oldpass: oldPassword
});
}
/**
* @param {boolean} isAdmin
* @param {string|null} password
* @return {Promise<void, Error>}
*/
modify(isAdmin, password = null) {
const data = {
action: 'update',
login: this.login,
admin: isAdmin
};
if (password) {
data.pass = password;
}
return uUser.update(data)
.then(() => { this.isAdmin = isAdmin; });
}
}

View File

@ -33,18 +33,22 @@ export default class UserDialogModel extends ViewModel {
super({
onUserDelete: null,
onUserUpdate: null,
onPassChange: null,
onUserAdd: null,
onCancel: null,
passVisibility: false,
login: null,
password: null,
password2: null,
oldPassword: null
oldPassword: null,
admin: false
});
this.user = viewModel.state.currentUser;
this.type = type;
this.userVM = viewModel;
this.model.onUserDelete = () => this.onUserDelete();
this.model.onUserUpdate = () => this.onUserUpdate();
this.model.onPassChange = () => this.onPassChange();
this.model.onUserAdd = () => this.onUserAdd();
this.model.onCancel = () => this.onCancel();
}
@ -54,6 +58,14 @@ export default class UserDialogModel extends ViewModel {
this.dialog = new uDialog(html);
this.dialog.show();
this.bindAll(this.dialog.element);
const passInput = this.getBoundElement('passInput');
this.onChanged('passVisibility', () => {
if (passInput.style.display === 'none') {
passInput.style.display = 'block';
} else {
passInput.style.display = 'none';
}
});
}
onUserDelete() {
@ -67,8 +79,16 @@ export default class UserDialogModel extends ViewModel {
onUserUpdate() {
if (this.validate()) {
const user = this.type === 'pass' ? auth.user : this.user;
user.setPassword(this.model.password, this.model.oldPassword)
const password = this.model.passVisibility ? this.model.password : null;
this.user.modify(this.model.admin, password)
.then(() => this.dialog.destroy())
.catch((e) => { uUtils.error(e, `${$._('actionfailure')}\n${e.message}`); });
}
}
onPassChange() {
if (this.validate()) {
auth.user.setPassword(this.model.password, this.model.oldPassword)
.then(() => this.dialog.destroy())
.catch((e) => { uUtils.error(e, `${$._('actionfailure')}\n${e.message}`); });
}
@ -76,7 +96,7 @@ export default class UserDialogModel extends ViewModel {
onUserAdd() {
if (this.validate()) {
uUser.add(this.model.login, this.model.password).then((user) => {
uUser.add(this.model.login, this.model.password, this.model.admin).then((user) => {
this.userVM.onUserAdded(user);
this.dialog.destroy();
}).catch((e) => { uUtils.error(e, `${$._('actionfailure')}\n${e.message}`); });
@ -103,17 +123,19 @@ export default class UserDialogModel extends ViewModel {
return false;
}
}
if (!this.model.password || !this.model.password2) {
alert($._('allrequired'));
return false;
}
if (this.model.password !== this.model.password2) {
alert($._('passnotmatch'));
return false;
}
if (!config.passRegex.test(this.model.password)) {
alert($._('passlenmin') + '\n' + $._('passrules'));
return false;
if (this.type === 'pass' || this.model.passVisibility) {
if (!this.model.password || !this.model.password2) {
alert($._('allrequired'));
return false;
}
if (this.model.password !== this.model.password2) {
alert($._('passnotmatch'));
return false;
}
if (!config.passRegex.test(this.model.password)) {
alert($._('passlenmin') + '\n' + $._('passrules'));
return false;
}
}
return true;
}
@ -134,20 +156,28 @@ export default class UserDialogModel extends ViewModel {
fields = `<label><b>${$._('password')}</b></label>
<input type="password" placeholder="${$._('passwordenter')}" name="password" data-bind="password" required>
<label><b>${$._('passwordrepeat')}</b></label>
<input type="password" placeholder="${$._('passwordenter')}" name="password2" data-bind="password2" required>`;
<input type="password" placeholder="${$._('passwordenter')}" name="password2" data-bind="password2" required>
<label><b>${$._('admin')}</b></label>
<input type="checkbox" name="admin" data-bind="admin">`;
break;
case 'edit':
observer = 'onUserUpdate';
deleteButton = `<div class="red-button button-resolve"><b><a data-bind="onUserDelete">${$._('deluser')}</a></b></div>
<div>${$._('editinguser', `<b>${uUtils.htmlEncode(this.user.login)}</b>`)}</div>
<div style="clear: both; padding-bottom: 1em;"></div>`;
fields = `<label><b>${$._('password')}</b></label>
<input type="password" placeholder="${$._('passwordenter')}" name="password" data-bind="password" required>
<label><b>${$._('passwordrepeat')}</b></label>
<input type="password" placeholder="${$._('passwordenter')}" name="password2" data-bind="password2" required>`;
fields = `<label><b>${$._('changepass')}</b></label>
<input type="checkbox" name="changepass" data-bind="passVisibility"><br>
<div style="display: none;" data-bind="passInput">
<label><b>${$._('password')}</b></label>
<input type="password" placeholder="${$._('passwordenter')}" name="password" data-bind="password" required>
<label><b>${$._('passwordrepeat')}</b></label>
<input type="password" placeholder="${$._('passwordenter')}" name="password2" data-bind="password2" required>
</div>
<label><b>${$._('admin')}</b></label>
<input type="checkbox" name="admin" data-bind="admin" ${this.user.isAdmin ? 'checked' : ''}>`;
break;
case 'pass':
observer = 'onUserUpdate';
observer = 'onPassChange';
fields = `<label><b>${$._('oldpassword')}</b></label>
<input type="password" placeholder="${$._('passwordenter')}" name="old-password" data-bind="oldPassword" required>
<label><b>${$._('newpassword')}</b></label>

View File

@ -46,6 +46,8 @@ describe('UserDialogModel tests', () => {
dm.user = new uUser(1, 'testUser');
spyOn(dm.user, 'delete').and.returnValue(Promise.resolve());
spyOn(dm.user, 'setPassword').and.returnValue(Promise.resolve());
spyOn(dm.user, 'modify').and.callThrough();
spyOn(uUser, 'update').and.returnValue(Promise.resolve());
spyOn(auth.user, 'setPassword').and.returnValue(Promise.resolve());
spyOn(uUser, 'add').and.returnValue(Promise.resolve(newUser));
spyOn(config.passRegex, 'test').and.returnValue(true);
@ -92,7 +94,7 @@ describe('UserDialogModel tests', () => {
dm.init();
// then
expect(document.querySelector('#modal')).toBeInstanceOf(HTMLDivElement);
expect(dm.dialog.element.querySelector("[data-bind='onUserUpdate']")).toBeInstanceOf(HTMLButtonElement);
expect(dm.dialog.element.querySelector("[data-bind='onPassChange']")).toBeInstanceOf(HTMLButtonElement);
expect(dm.dialog.element.querySelector("[data-bind='onUserDelete']")).toBe(null);
});
@ -135,16 +137,67 @@ describe('UserDialogModel tests', () => {
dm.type = 'edit';
dm.init();
const button = dm.dialog.element.querySelector("[data-bind='onUserUpdate']");
const passVisibility = dm.dialog.element.querySelector("[data-bind='passVisibility']");
const passEl = dm.dialog.element.querySelector("[data-bind='password']");
const newPassword = 'newpass';
// when
passVisibility.checked = true;
passVisibility.dispatchEvent(new Event('change'));
passEl.value = newPassword;
passEl.dispatchEvent(new Event('change'));
button.click();
// then
setTimeout(() => {
expect(dm.user.setPassword).toHaveBeenCalledTimes(1);
expect(dm.user.setPassword).toHaveBeenCalledWith(newPassword, null);
expect(dm.user.modify).toHaveBeenCalledTimes(1);
expect(dm.user.modify).toHaveBeenCalledWith(dm.model.admin, newPassword);
expect(document.querySelector('#modal')).toBe(null);
done();
}, 100);
});
it('should toggle password input fields visibility on user edit form', (done) => {
// given
dm.type = 'edit';
dm.init();
const passInput = dm.getBoundElement('passInput');
const passVisibility = dm.dialog.element.querySelector("[data-bind='passVisibility']");
expect(passInput.style.display).toBe('none');
// when
passVisibility.checked = true;
passVisibility.dispatchEvent(new Event('change'));
// then
setTimeout(() => {
expect(passInput.style.display).toBe('block');
// when
passVisibility.checked = false;
passVisibility.dispatchEvent(new Event('change'));
// then
setTimeout(() => {
expect(passInput.style.display).toBe('none');
done();
}, 100);
done();
}, 100);
});
it('should update user admin status and hide edit dialog on positive button clicked', (done) => {
// given
spyOn(dm, 'validate').and.returnValue(true);
dm.type = 'edit';
dm.init();
const button = dm.dialog.element.querySelector("[data-bind='onUserUpdate']");
const adminEl = dm.dialog.element.querySelector("[data-bind='admin']");
const isAdmin = true;
// when
adminEl.checked = isAdmin;
adminEl.dispatchEvent(new Event('change'));
button.click();
// then
setTimeout(() => {
expect(dm.user.modify).toHaveBeenCalledTimes(1);
expect(dm.user.modify).toHaveBeenCalledWith(isAdmin, null);
expect(dm.user.isAdmin).toBeTrue();
expect(document.querySelector('#modal')).toBe(null);
done();
}, 100);
@ -155,7 +208,7 @@ describe('UserDialogModel tests', () => {
spyOn(dm, 'validate').and.returnValue(true);
dm.type = 'pass';
dm.init();
const button = dm.dialog.element.querySelector("[data-bind='onUserUpdate']");
const button = dm.dialog.element.querySelector("[data-bind='onPassChange']");
const passEl = dm.dialog.element.querySelector("[data-bind='password']");
const passOldEl = dm.dialog.element.querySelector("[data-bind='oldPassword']");
const newPassword = 'newpass';
@ -194,7 +247,7 @@ describe('UserDialogModel tests', () => {
// then
setTimeout(() => {
expect(uUser.add).toHaveBeenCalledTimes(1);
expect(uUser.add).toHaveBeenCalledWith(newUser.login, newPassword);
expect(uUser.add).toHaveBeenCalledWith(newUser.login, newPassword, false);
expect(mockVM.onUserAdded).toHaveBeenCalledWith(newUser);
expect(document.querySelector('#modal')).toBe(null);
done();
@ -257,6 +310,7 @@ describe('UserDialogModel tests', () => {
it('should return false on add user dialog passwords not match', () => {
// given
dm.model.login = 'test';
dm.model.passVisibility = true;
dm.model.password = 'password';
dm.model.password2 = 'password2';
// when
@ -266,10 +320,24 @@ describe('UserDialogModel tests', () => {
expect(window.alert).toHaveBeenCalledTimes(1);
});
it('should return true and ignore passwords on add user dialog passwords hidden', () => {
// given
dm.model.login = 'test';
dm.model.passVisibility = false;
dm.model.password = 'password';
dm.model.password2 = 'password2';
// when
const result = dm.validate();
// then
expect(result).toBe(true);
expect(window.alert).toHaveBeenCalledTimes(0);
});
it('should test password regex on dialog validate', () => {
// given
const password = 'password';
dm.model.login = 'test';
dm.model.passVisibility = true;
dm.model.password = password;
dm.model.password2 = password;
// when

View File

@ -82,6 +82,7 @@ $lang["units"] = "Units";
$lang["metric"] = "Metric";
$lang["imperial"] = "Imperial/US";
$lang["nautical"] = "Nautical";
$lang["admin"] = "Administrator";
$lang["adminmenu"] = "Administration";
$lang["passwordrepeat"] = "Repeat password";
$lang["passwordenter"] = "Enter password";

View File

@ -35,7 +35,9 @@ if ($usersArr === false) {
$result = [ "error" => true ];
} else if (!empty($usersArr)) {
foreach ($usersArr as $user) {
$result[] = [ "id" => $user->id, "login" => $user->login ];
// only load admin status on admin user request
$isAdmin = $auth->isAdmin() ? $user->isAdmin : null;
$result[] = [ "id" => $user->id, "login" => $user->login, "isAdmin" => $isAdmin ];
}
}
header("Content-type: application/json");

View File

@ -27,6 +27,7 @@
$action = uUtils::postString('action');
$login = uUtils::postString('login');
$pass = uUtils::postPass('pass');
$admin = uUtils::postBool('admin', false);
$lang = (new uLang(uConfig::$lang))->getStrings();
@ -34,6 +35,10 @@
uUtils::exitWithError($lang["servererror"]);
}
if ($admin && !$auth->isAdmin()) {
uUtils::exitWithError($lang["notauthorized"]);
}
$aUser = new uUser($login);
$data = NULL;
@ -42,7 +47,7 @@
if ($aUser->isValid) {
uUtils::exitWithError($lang["userexists"]);
}
if (empty($pass) || ($userId = uUser::add($login, $pass)) === false) {
if (empty($pass) || ($userId = uUser::add($login, $pass, $admin)) === false) {
uUtils::exitWithError($lang["servererror"]);
} else {
$data = [ 'id' => $userId ];
@ -50,8 +55,10 @@
break;
case 'update':
// update password
if (empty($pass) || $aUser->setPass($pass) === false) {
if ($aUser->setAdmin($admin) === false) {
uUtils::exitWithError($lang["servererror"]);
}
if (!empty($pass) && $aUser->setPass($pass) === false) {
uUtils::exitWithError($lang["servererror"]);
}
break;