package WebGUI::Operation::User;
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2006 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#-------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#-------------------------------------------------------------------
use strict qw(vars subs);
use Tie::CPHash;
use Tie::IxHash;
use WebGUI::AdminConsole;
use WebGUI::Group;
use WebGUI::Form;
use WebGUI::Form::DynamicField;
use WebGUI::HTMLForm;
use WebGUI::International;
use WebGUI::Operation::Auth;
use WebGUI::Paginator;
use WebGUI::SQL;
use WebGUI::TabForm;
use WebGUI::User;
use WebGUI::Utility;
=head1 NAME
Package WebGUI::Operation::User
=head1 DESCRIPTION
Operation for creating, deleting, editing and many other user related functions.
=cut
#-------------------------------------------------------------------
=head2 _submenu ( $session, $workarea [, $title, $help] )
Internal utility routine for setting up the Admin Console for User functions.
=head3 $workarea
The form and information to display to the administrator using the function.
=head3 $title
Internationalized title for the Admin Console, looked up in the WebGUI namespace if it exists.
=head3 $help
Help topic. If set, then a Help icon will be displayed as a link to that topic.
=cut
sub _submenu {
my $session = shift;
my $workarea = shift;
my $title = shift;
my $i18n = WebGUI::International->new($session);
$title = $i18n->get($title) if ($title);
my $help = shift;
my $ac = WebGUI::AdminConsole->new($session,"users");
if ($help) {
$ac->setHelp($help);
}
if ($session->user->isInGroup(11)) {
$ac->addSubmenuItem($session->url->page("op=editUser;uid=new"), $i18n->get(169));
}
if ($session->user->isInGroup(3)) {
unless ($session->form->process("op") eq "listUsers"
|| $session->form->process("op") eq "deleteUserConfirm"
|| $session->stow->get("editUser_UID") eq "new") {
$ac->addSubmenuItem($session->url->page("op=editUser;uid=".$session->stow->get("editUser_UID")), $i18n->get(457));
$ac->addSubmenuItem($session->url->page('op=becomeUser;uid='.$session->stow->get("editUser_UID")), $i18n->get(751));
$ac->addSubmenuItem($session->url->page('op=deleteUser;uid='.$session->stow->get("editUser_UID")), $i18n->get(750));
if ($session->setting->get("useKarma")) {
$ac->addSubmenuItem($session->url->page("op=editUserKarma;uid=".$session->stow->get("editUser_UID")), $i18n->get(555));
}
}
$ac->addSubmenuItem($session->url->page("op=listUsers"), $i18n->get(456));
}
$session->stow->delete("editUser_UID");
return $ac->render($workarea, $title);
}
=head2 doUserSearch ( $session, $op, $returnPaginator, $userFilter )
Subroutine that actually performs the SQL search for users.
=head3 $op
The name of the calling operation, passed so that pagination links work correctly.
=head3 $returnPaginator
A boolean. If true, a paginator object is returned. Otherwise, a WebGUI::SQL
statement handler is returned.
=head3 $userFilter
Array reference, used to screen out user names via a SQL "not in ()" clause.
=cut
#-------------------------------------------------------------------
sub doUserSearch {
my $session = shift;
my $op = shift;
my $returnPaginator = shift;
my $userFilter = shift;
push(@{$userFilter},0);
my $selectedStatus;
if ($session->scratch->get("userSearchStatus")) {
$selectedStatus = "status='".$session->scratch->get("userSearchStatus")."'";
} else {
$selectedStatus = "status like '%'";
}
my $keyword = $session->scratch->get("userSearchKeyword");
if ($session->scratch->get("userSearchModifier") eq "startsWith") {
$keyword .= "%";
} elsif ($session->scratch->get("userSearchModifier") eq "contains") {
$keyword = "%".$keyword."%";
} else {
$keyword = "%".$keyword;
}
$keyword = $session->db->quote($keyword);
my $sql = "select users.userId, users.username, users.status, users.dateCreated, users.lastUpdated,
email.fieldData as email from users
left join userProfileData email on users.userId=email.userId and email.fieldName='email'
left join userProfileData useralias on users.userId=useralias.userId and useralias.fieldName='alias'
where $selectedStatus and (users.username like ".$keyword." or useralias.fieldData like ".$keyword." or email.fieldData like ".$keyword.")
and users.userId not in (".$session->db->quoteAndJoin($userFilter).") order by users.username";
if ($returnPaginator) {
my $p = WebGUI::Paginator->new($session,$session->url->page("op=".$op));
$p->setDataByQuery($sql);
return $p;
} else {
my $sth = $session->db->read($sql);
return $sth;
}
}
#-------------------------------------------------------------------
=head2 doUserSearchForm ( session, op, params, noStatus )
Form front-end and display for searching for users.
=head3 $op
The name of the calling operation, passed so that pagination links work correctly.
=head3 $params
Hashref. A set of key,value pairs that will be hidden in the user search form.
=head3 noStatus
Don't display the status filter.
=cut
sub getUserSearchForm {
my $session = shift;
my $op = shift;
my $params = shift;
my $noStatus = shift;
$session->scratch->set("userSearchKeyword",$session->form->process("keyword"));
$session->scratch->set("userSearchStatus",$session->form->process("status"));
$session->scratch->set("userSearchModifier",$session->form->process("modifier"));
my $i18n = WebGUI::International->new($session);
my $output = ''
.WebGUI::Form::formHeader($session,)
.WebGUI::Form::hidden($session,
name => "op",
value => $op
);
foreach my $key (keys %{$params}) {
$output .= WebGUI::Form::hidden($session,
name=>$key,
value=>$params->{$key}
);
}
$output .= WebGUI::Form::hidden($session,
-name=>"doit",
-value=>1
)
.WebGUI::Form::selectBox($session,
-name=>"modifier",
-value=>($session->scratch->get("userSearchModifier") || "contains"),
-options=>{
startsWith=>$i18n->get("starts with"),
contains=>$i18n->get("contains"),
endsWith=>$i18n->get("ends with")
}
)
.WebGUI::Form::text($session,
-name=>"keyword",
-value=>$session->scratch->get("userSearchKeyword"),
-size=>15
);
if ($noStatus) {
$output .= WebGUI::Form::hidden($session,
name => "status",
value => "Active"
);
} else {
$output .= WebGUI::Form::selectBox($session,
-name => "status",
-value => ($session->scratch->get("userSearchStatus") || "users.status like '%'"),
-options=> {
"" => $i18n->get(821),
Active => $i18n->get(817),
Deactivated => $i18n->get(818),
Selfdestructed => $i18n->get(819)
}
);
}
$output .= WebGUI::Form::submit($session,value=>$i18n->get(170))
.WebGUI::Form::formFooter($session,);
$output .= '
';
return $output;
}
#-------------------------------------------------------------------
=head2 www_becomeUser ( )
Allows an administrator to assume another user.
=cut
sub www_becomeUser {
my $session = shift;
return $session->privilege->adminOnly() unless ($session->user->isInGroup(3));
return unless WebGUI::User->validUserId($session, $session->form->process("uid"));
$session->var->end($session->var->get("sessionId"));
$session->user({userId=>$session->form->process("uid")});
return "";
}
#-------------------------------------------------------------------
=head2 www_deleteUser ( )
Confirmation form for deleting a user. Only Admins are allowed to
delete users. The WebGUI uses Visitor and Admin may not be deleted.
If the Admin confirms, then www_deleteUserConfirm is called. The UID
of the user to delete is expected in a URL param names 'uid'.
=cut
sub www_deleteUser {
my $session = shift;
my ($output);
return $session->privilege->adminOnly() unless ($session->user->isInGroup(3));
my $i18n = WebGUI::International->new($session);
if ($session->form->process("uid") eq '1' || $session->form->process("uid") eq '3') {
return _submenu($session,$session->privilege->vitalComponent());
} else {
$output .= $i18n->get(167).'';
$output .= '
';
return _submenu($session,$output,'42',"user delete");
}
}
#-------------------------------------------------------------------
=head2 www_deleteUserConfirm ( )
Deletes a user. Only Admins are allowed to delete users. The UID of the user
to delete is expected in a URL param named 'uid'. www_listUsers is called
after this.
=cut
sub www_deleteUserConfirm {
my $session = shift;
return $session->privilege->adminOnly() unless ($session->user->isInGroup(3));
my ($u);
if ($session->form->process("uid") eq '1' || $session->form->process("uid") eq '3') {
return WebGUI::AdminConsole->new($session,"users")->render($session->privilege->vitalComponent());
} else {
$u = WebGUI::User->new($session,$session->form->process("uid"));
$u->delete;
return www_listUsers($session);
}
}
#-------------------------------------------------------------------
sub www_editUser {
my $session = shift;
return $session->privilege->adminOnly() unless ($session->user->isInGroup(11));
my $error = shift;
my $uid = shift || $session->form->process("uid");
my $i18n = WebGUI::International->new($session, "WebGUI");
my %tabs;
tie %tabs, 'Tie::IxHash';
%tabs = (
"account"=> { label=>$i18n->get("account")},
"profile"=> { label=>$i18n->get("profile")},
"groups"=> { label=>$i18n->get('89')},
);
my $tabform = WebGUI::TabForm->new($session,\%tabs);
$tabform->formHeader({extras=>'autocomplete="off"'});
my $u = WebGUI::User->new($session,($uid eq 'new') ? '' : $uid); #Setting uid to '' when uid is 'new' so visitor defaults prefill field for new user
my $username = $u->userId eq '1' ? '' : $u->username;
$session->stow->set("editUser_UID", $uid);
$tabform->hidden({name=>"op",value=>"editUserSave"});
$tabform->hidden({name=>"uid",value=>$uid});
$tabform->getTab("account")->raw('| | |
');
$tabform->getTab("account")->readOnly(value=>$uid,label=>$i18n->get(378));
$tabform->getTab("account")->readOnly(value=>$u->karma,label=>$i18n->get(537)) if ($session->setting->get("useKarma"));
$tabform->getTab("account")->readOnly(value=>$session->datetime->epochToHuman($u->dateCreated,"%z"),label=>$i18n->get(453));
$tabform->getTab("account")->readOnly(value=>$session->datetime->epochToHuman($u->lastUpdated,"%z"),label=>$i18n->get(454));
$tabform->getTab("account")->text(
-name=>"username",
-label=>$i18n->get(50),
-value=>$username
);
my %status;
tie %status, 'Tie::IxHash';
%status = (
Active =>$i18n->get(817),
Deactivated =>$i18n->get(818),
Selfdestructed =>$i18n->get(819)
);
if ($u->userId eq $session->user->userId) {
$tabform->getTab("account")->hidden(
-name => "status",
-value => $u->status
);
} else {
$tabform->getTab("account")->selectBox(
-name => "status",
-options => \%status,
-label => $i18n->get(816),
-value => $u->status
);
}
my $options;
foreach (@{$session->config->get("authMethods")}) {
$options->{$_} = $_;
}
$tabform->getTab("account")->selectBox(
-name=>"authMethod",
-options=>$options,
-label=>$i18n->get(164),
-value=>$u->authMethod,
);
foreach (@{$session->config->get("authMethods")}) {
$tabform->getTab("account")->fieldSetStart($_);
my $authInstance = WebGUI::Operation::Auth::getInstance($session,$_,$u->userId);
$tabform->getTab("account")->raw($authInstance->editUserForm);
$tabform->getTab("account")->fieldSetEnd;
}
foreach my $category (@{WebGUI::ProfileCategory->getCategories($session)}) {
$tabform->getTab("profile")->fieldSetStart($category->getLabel);
foreach my $field (@{$category->getFields}) {
next if $field->getId =~ /contentPositions/;
my $label = $field->getLabel . ($field->isRequired ? "*" : '');
if ($field->getId eq "alias" && $u->userId eq '1') {
$tabform->getTab("profile")->raw($field->formField({label=>$label},1,undef,1));
} else {
$tabform->getTab("profile")->raw($field->formField({label=>$label},1,$u));
}
}
$tabform->getTab("profile")->fieldSetEnd($category->getLabel);
}
my @groupsToAdd = $session->form->group("groupsToAdd");
my @exclude = $session->db->buildArray("select groupId from groupings where userId=".$session->db->quote($u->userId));
@exclude = (@exclude,"1","2","7");
$tabform->getTab("groups")->group(
-name=>"groupsToAdd",
-label=>$i18n->get("groups to add"),
-excludeGroups=>\@exclude,
-size=>15,
-multiple=>1,
-value=>\@groupsToAdd
);
my @include;
foreach my $group (@exclude) {
unless (
$group eq "1" || $group eq "2" || $group eq "7" # can't remove user from magic groups
|| ($session->user->userId eq $u->userId && $group eq 3) # cannot remove self from admin
|| ($u->userId eq "3" && $group eq "3") # admin user cannot be remove from admin
) {
push(@include,$group);
}
}
push (@include, "0");
my @groupsToDelete = $session->form->group("groupsToDelete");
$tabform->getTab("groups")->selectList(
-name=>"groupsToDelete",
-options=>$session->db->buildHashRef("select groupId, groupName from groups
where groupId in (".$session->db->quoteAndJoin(\@include).") and showInForms=1 order by groupName"),
-label=>$i18n->get("groups to delete"),
-multiple=>1,
-size=>15,
-value=>\@groupsToDelete
);
return _submenu($session,$error.$tabform->print,'168',"user add/edit");
}
#-------------------------------------------------------------------
sub www_editUserSave {
my $session = shift;
my $postedUserId = $session->form->process("uid"); #userId posted from www_editUser form
my $isAdmin = $session->user->isInGroup(3);
my $isSecondary;
my $i18n = WebGUI::International->new($session);
my ($existingUserId) = $session->db->quickArray("select userId from users where username=".$session->db->quote($session->form->process("username")));
my $error;
my $actualUserId; #userId returned from the user object
unless ($isAdmin) {
$isSecondary = ($session->user->isInGroup(11) && $postedUserId eq "new");
}
return $session->privilege->adminOnly() unless ($isAdmin || $isSecondary);
# Check to see if
# 1) the userId associated with the posted username matches the posted userId (we're editing an account)
# or that the userId is new and the username selected is unique (creating new account)
# or that the username passed in isn't assigned a userId (changing a username)
#
# Also verify that the posted username is not blank (we need a username)
#
if (($existingUserId eq $postedUserId || ($postedUserId eq "new" && !$existingUserId) || $existingUserId eq '')
&& $session->form->process("username") ne '')
{
# Create a user object with the id passed in. If the Id is 'new', the new method will return a new user,
# otherwise return the existing users properties
my $u = WebGUI::User->new($session,$postedUserId);
$actualUserId = $u->userId;
# Update the user properties with passed in values. These methods will save changes to the db.
$u->username($session->form->process("username"));
$u->authMethod($session->form->process("authMethod"));
$u->status($session->form->process("status"));
# Loop through all of this users authentication methods
foreach (@{$session->config->get("authMethods")}) {
# Instantiate each auth object and call it's save method. These methods are responsible for
# updating authentication information with values supplied by the www_editUser form.
my $authInstance = WebGUI::Operation::Auth::getInstance($session, $_, $actualUserId);
$authInstance->editUserFormSave();
}
# Loop through all profile fields, and update them with new values.
foreach my $field (@{WebGUI::ProfileField->new($session,'dummy')->getFields}) {
next if $field->getId =~ /contentPositions/;
$u->profileField($field->getId,$field->formProcess);
}
# Update group assignements
my @groups = $session->form->group("groupsToAdd");
$u->addToGroups(\@groups);
@groups = $session->form->group("groupsToDelete");
$u->deleteFromGroups(\@groups);
# Display an error telling them the username they are trying to use is not available and suggest alternatives
} else {
my $username = $session->form->process("username");
$error = '' . sprintf($i18n->get(77), $username, $username, $username, $session->datetime->epochToHuman($session->datetime->time(),"%y")).'
';
}
if ($isSecondary) {
return _submenu($session,$i18n->get(978));
# Display updated user information
} else {
return www_editUser($session,$error,$actualUserId);
}
}
#-------------------------------------------------------------------
sub www_editUserKarma {
my $session = shift;
return $session->privilege->adminOnly() unless ($session->user->isInGroup(3));
my ($output, $f, $a, %user, %data, $method, $values, $category, $label, $default, $previousCategory);
my $i18n = WebGUI::International->new($session);
$f = WebGUI::HTMLForm->new($session);
$f->submit;
$f->hidden(
-name => "op",
-value => "editUserKarmaSave",
);
$f->hidden(
-name => "uid",
-value => $session->form->process("uid"),
);
$f->integer(
-name => "amount",
-label => $i18n->get(556),
-hoverHelp => $i18n->get('556 description'),
);
$f->text(
-name => "description",
-label => $i18n->get(557),
-hoverHelp => $i18n->get('557 description'),
);
$f->submit;
$output .= $f->print;
return _submenu($session,$output,'558',"edit user karma");
}
#-------------------------------------------------------------------
sub www_editUserKarmaSave {
my $session = shift;
return $session->privilege->adminOnly() unless ($session->user->isInGroup(3));
my ($u);
$u = WebGUI::User->new($session,$session->form->process("uid"));
$u->karma($session->form->process("amount"),$session->user->username." (".$session->user->userId.")",$session->form->process("description"));
return www_editUser();
}
#-------------------------------------------------------------------
=head2 www_formUsers ( $session )
Form helper to pick a user from the system.
=cut
sub www_formUsers {
my $session = shift;
$session->http->setCacheControl("none");
return $session->privilege->insufficient() unless $session->user->isInGroup(12);
$session->style->useEmptyStyle("1");
my $output = getUserSearchForm($session,"formUsers",{formId=>$session->form->process("formId")},1);
my ($userCount) = $session->db->quickArray("select count(*) from users");
return $output unless ($session->form->process("doit") || $userCount<250 || $session->form->process("pn") > 1);
$output .= '';
$output .= $p->getBarTraditional;
return $output;
}
#-------------------------------------------------------------------
sub www_listUsers {
my $session = shift;
unless ($session->user->isInGroup(3)) {
if ($session->user->isInGroup(11)) {
return www_editUser($session, undef, "new");
}
return $session->privilege->adminOnly();
}
my %status;
my $i18n = WebGUI::International->new($session);
my $output = getUserSearchForm($session,"listUsers");
my ($userCount) = $session->db->quickArray("select count(*) from users");
return _submenu($session,$output) unless ($session->form->process("doit") || $userCount<250 || $session->form->process("pn") > 1);
tie %status, 'Tie::IxHash';
%status = (
Active => $i18n->get(817),
Deactivated => $i18n->get(818),
Selfdestructed => $i18n->get(819)
);
$output .= '';
$output .= '
';
my $p = doUserSearch($session,"listUsers",1);
foreach my $data (@{$p->getPageData}) {
$output .= '';
$output .= '| '.$status{$data->{status}}.' | ';
$output .= ''.$data->{username}.' | ';
$output .= ''.$data->{email}.' | ';
$output .= ''.$session->datetime->epochToHuman($data->{dateCreated},"%z").' | ';
$output .= ''.$session->datetime->epochToHuman($data->{lastUpdated},"%z").' | ';
my ($lastLoginStatus, $lastLogin) = $session->db->quickArray("select status,timeStamp from userLoginLog where
userId=".$session->db->quote($data->{userId})." order by timeStamp DESC");
if ($lastLogin) {
$output .= ''.$session->datetime->epochToHuman($lastLogin).' | ';
} else {
$output .= ' - | ';
}
if ($lastLoginStatus) {
$output .= ''.$lastLoginStatus.' | ';
} else {
$output .= ' - | ';
}
$output .= '
';
}
$output .= '
';
$p->setAlphabeticalKey('username');
$output .= $p->getBarTraditional;
return _submenu($session,$output,undef,"users manage");
}
1;