User Groups fix + frontend

2024-05-04 11:18:28 +02:00
parent 91520dd26c
commit e7283310f0
7 changed files with 150 additions and 37 deletions
--- a/Core/API/GroupsAPI.class.php
+++ b/Core/API/GroupsAPI.class.php
@@ -54,11 +54,16 @@ namespace Core\API {
 namespace Core\API\Groups {

  use Core\API\GroupsAPI;
+  use Core\API\Parameter\ArrayType;
  use Core\API\Parameter\Parameter;
  use Core\API\Parameter\RegexType;
+  use Core\API\Parameter\StringType;
  use Core\API\Traits\Pagination;
  use Core\Driver\SQL\Column\Column;
  use Core\Driver\SQL\Condition\Compare;
+  use Core\Driver\SQL\Condition\CondIn;
+  use Core\Driver\SQL\Condition\CondLike;
+  use Core\Driver\SQL\Condition\CondNot;
  use Core\Driver\SQL\Expression\Alias;
  use Core\Driver\SQL\Expression\Count;
  use Core\Driver\SQL\Join\InnerJoin;
@@ -118,6 +123,48 @@ namespace Core\API\Groups {
    }
  }

+  class Search extends GroupsAPI {
+    public function __construct(Context $context, bool $externalCall = false) {
+      parent::__construct($context, $externalCall, [
+        "query" => new StringType("query", -1, true, NULL),
+        "exclude" => new ArrayType("exclude", Parameter::TYPE_INT, true, true, [])
+      ]);
+    }
+
+    protected function _execute(): bool {
+      $sql = $this->context->getSQL();
+      $query = $this->getParam("query");
+      $exclude = array_unique($this->getParam("exclude"));
+
+      $groupsQuery = Group::createBuilder($sql, false)
+        ->limit(5);
+
+      if (!empty($query)) {
+        $groupsQuery->where(new CondLike(new Column("name"), "%$query%"));
+      }
+
+      if (!empty($exclude)) {
+        $groupsQuery->where(new CondNot(new CondIn(new Column("id"), $exclude)));
+      }
+
+      $groups = Group::findBy($groupsQuery);
+      if ($groups === false) {
+        return $this->createError($sql->getLastError());
+      }
+
+      $this->result["groups"] = $groups;
+      return true;
+    }
+
+    public static function getDescription(): string {
+      return "Returns a list of groups matching the search criteria";
+    }
+
+    public static function getDefaultPermittedGroups(): array {
+      return [Group::ADMIN, Group::SUPPORT];
+    }
+  }
+
  class Get extends GroupsAPI {
    public function __construct(Context $context, bool $externalCall = false) {
      parent::__construct($context, $externalCall, [
--- a/Core/API/UserAPI.class.php
+++ b/Core/API/UserAPI.class.php
@@ -885,6 +885,7 @@ namespace Core\API\User {
          return $this->createError("User not found");
        }

+        $columnsToUpdate = [];
        $username = $this->getParam("username");
        $fullName = $this->getParam("fullName");
        $email = $this->getParam("email");
@@ -892,10 +893,8 @@ namespace Core\API\User {
        $groups = $this->getParam("groups");
        $confirmed = $this->getParam("confirmed");
        $active = $this->getParam("active");
-
        $email = (!is_null($email) && empty($email)) ? null : $email;

-        $groupIds = array();
        if (!is_null($groups)) {
          $groupIds = array_unique($groups);
          if ($id === $currentUser->getId() && !in_array(Group::ADMIN, $groupIds)) {
@@ -910,6 +909,9 @@ namespace Core\API\User {
              return $this->createError("Group with id=$groupId does not exist.");
            }
          }
+
+          $user->groups = $groupIds;
+          $columnsToUpdate[] = "groups";
        }

        // Check for duplicate username, email
@@ -922,7 +924,6 @@ namespace Core\API\User {
          }
        }

-        $columnsToUpdate = [];
        if ($usernameChanged) {
          $user->name = $username;
          $columnsToUpdate[] = "name";
@@ -961,18 +962,11 @@ namespace Core\API\User {
          }
        }

-        if (empty($columnsToUpdate) || $user->save($sql, $columnsToUpdate)) {
-
-          $deleteQuery = $sql->delete("UserGroup")->whereEq("user_id", $id);
-          $insertQuery = $sql->insert("UserGroup", array("user_id", "group_id"));
-
-          foreach ($groupIds as $groupId) {
-            $insertQuery->addRow($id, $groupId);
-          }
-
-          $this->success = ($deleteQuery->execute() !== FALSE) && (empty($groupIds) || $insertQuery->execute() !== FALSE);
+        if (!empty($columnsToUpdate)) {
+          $this->success = $user->save($sql, $columnsToUpdate, in_array("groups", $columnsToUpdate)) !== FALSE;
          $this->lastError = $sql->getLastError();
        }
+
      } else {
        return $this->createError("Error fetching user details: " . $sql->getLastError());
      }
@@ -1402,7 +1396,7 @@ namespace Core\API\User {
      }

      $oldPfp = $currentUser->getProfilePicture();
-      if ($oldPfp) {
+      if ($oldPfp && preg_match("/[a-fA-F0-9-]+\.(jpg|jpeg|png|gif)/", $oldPfp)) {
        $path = "$uploadDir/$oldPfp";
        if (is_file($path)) {
          @unlink($path);
@@ -1446,9 +1440,11 @@ namespace Core\API\User {
        return $this->createError("Error updating user details: " . $sql->getLastError());
      }

-      $path = WEBROOT . "/img/uploads/user/$userId/$pfp";
-      if (is_file($path)) {
-        @unlink($path);
+      if (preg_match("/[a-fA-F0-9-]+\.(jpg|jpeg|png|gif)/", $pfp)) {
+        $path = WEBROOT . "/img/uploads/user/$userId/$pfp";
+        if (is_file($path)) {
+          @unlink($path);
+        }
      }

      return $this->success;
--- a/Core/Localization/de_DE/account.php
+++ b/Core/Localization/de_DE/account.php
@@ -57,6 +57,15 @@ return [
  "no_members" => "Keine Mitglieder in dieser Gruppe",
  "user_list_placeholder" => "Keine Benutzer zum Anzeigen",

+  # user edit page
+  "edit_user" => "Benutzer bearbeiten",
+  "new_user" => "Neuer Benutzer",
+  "send_invite" => "Einladung versenden",
+  "get_user_error" => "Fehler beim Holen des Benutzers",
+  "invite_user_error" => "Fehler beim Versenden der Einladung",
+  "create_user_error" => "Fehler beim Erstellen des Benutzers",
+  "save_user_error" => "Fehler beim Speichern des Benutzers",
+
  # profile picture
  "remove_picture" => "Profilbild entfernen",
  "remove_picture_text" => "Möchten Sie wirklich Ihr aktuelles Profilbild entfernen?",
@@ -74,6 +83,7 @@ return [
  "update_group_error" => "Error beim Aktualisieren der Gruppe",
  "delete_group_error" => "Error beim Löschen der Gruppe",
  "search_users_error" => "Fehler beim Suchen des Benutzers",
+  "search_groups_error" => "Fehler beim Suchen der Gruppen",
  "delete_group_title" => "Gruppe löschen",
  "delete_group_text" => "Möchten Sie diese Gruppe wirklich löschen? Dies kann nicht rückgängig gemacht werden.",
  "remove_group_member_title" => "Mitglied entfernen",
--- a/Core/Localization/en_US/account.php
+++ b/Core/Localization/en_US/account.php
@@ -59,6 +59,15 @@ return [
  "edit_profile" => "Edit Profile",
  "user_list_placeholder" => "No users to display",

+  # user edit page
+  "edit_user" => "Edit User",
+  "new_user" => "New User",
+  "send_invite" => "Send Invitation",
+  "get_user_error" => "Error fetching user",
+  "invite_user_error" => "Error sending invitation",
+  "create_user_error" => "Error creating user",
+  "save_user_error" => "Error saving user",
+
  # profile picture
  "remove_picture" => "Remove profile picture",
  "remove_picture_text" => "Do you really want to remove your current profile picture?",
@@ -76,6 +85,7 @@ return [
  "update_group_error" => "Error updating group",
  "delete_group_error" => "Error deleting group",
  "search_users_error" => "Error searching users",
+  "search_groups_error" => "Error searching groups",
  "delete_group_title" => "Delete Group",
  "delete_group_text" => "Do you really want to delete this group? This action cannot be undone.",
  "remove_group_member_title" => "Remove member",