/**
* Whether a group has capability
*
* @since 2.1
* @package facileManager
*
* @param integer $group_id Group ID to check.
* @param string|array $capability Capability name.
* @param string $module Module name to check capability for
* @param string $extra_perm Extra capability to check
* @param array $allowed_capabilities Capabilities granted to the user or group
* @return boolean
*/
function userGroupCan($id, $capability, $module = 'facileManager', $extra_perm = null, $allowed_capabilities = array())
{
global $fm_name;
/** Check if super admin */
if (@array_key_exists('do_everything', $allowed_capabilities[$fm_name])) {
return true;
}
/** Handle multiple capabilities */
if (is_array($capability)) {
foreach ($capability as $cap) {
if (userCan($id, $cap, $module, $extra_perm)) {
return true;
}
}
return false;
}
/** Check capability */
if (@array_key_exists($capability, $allowed_capabilities[$module])) {
if (is_array($allowed_capabilities[$module][$capability])) {
if (is_array($extra_perm)) {
$found = false;
foreach ($extra_perm as $needle) {
if (in_array($needle, $allowed_capabilities[$module][$capability])) {
$found = true;
}
}
return $found;
} else {
return in_array($extra_perm, $allowed_capabilities[$module][$capability]);
}
}
return true;
}
return false;
}
/**
* Whether a user has capability
*
* @since 1.2
* @package facileManager
*
* @param integer $user_id User ID to check.
* @param string|array $capability Capability name.
* @param string $module Module name to check capability for
* @param string $extra_perm Extra capability to check
* @return boolean
*/
function userCan($user_id, $capability, $module = 'facileManager', $extra_perm = null)
{
global $fm_name;
$user_capabilities = getUserCapabilities($user_id);
/** Check if super admin */
if (@array_key_exists('do_everything', $user_capabilities[$fm_name])) {
return true;
}
/** If no authentication then return full access */
if (!getOption('auth_method')) {
return true;
}
/** Handle multiple capabilities */
if (is_array($capability)) {
foreach ($capability as $cap) {
if (userCan($user_id, $cap, $module, $extra_perm)) {
return true;
}
}
return false;
}
/** Check user capability */
if (@array_key_exists($capability, $user_capabilities[$module])) {
if (is_array($user_capabilities[$module][$capability])) {
if (is_array($extra_perm)) {
$found = false;
foreach ($extra_perm as $needle) {
if (in_array($needle, $user_capabilities[$module][$capability])) {
$found = true;
}
}
return $found;
} else {
return in_array($extra_perm, $user_capabilities[$module][$capability]);
}
}
return true;
}
if ($capability === null) {
return true;
}
return false;
}
/**
* Check the current user's permissions against an ownable item.
* @param $permission
* @param Ownable $ownable
* @return bool
*/
protected function checkOwnablePermission($permission, Ownable $ownable)
{
if (userCan($permission, $ownable)) {
return true;
}
return $this->showPermissionError();
}
/**
* Update the specified user in storage.
* @param Request $request
* @param int $id
* @return Response
*/
public function update(Request $request, $id)
{
$this->preventAccessForDemoUsers();
$this->checkPermissionOr('users-manage', function () use($id) {
return $this->currentUser->id == $id;
});
$this->validate($request, ['name' => 'min:2', 'email' => 'min:2|email|unique:users,email,' . $id, 'password' => 'min:5|required_with:password_confirm', 'password-confirm' => 'same:password|required_with:password'], ['password-confirm.required_with' => 'Password confirmation required']);
$user = $this->user->findOrFail($id);
$user->fill($request->all());
// Role updates
if (userCan('users-manage') && $request->has('roles')) {
$roles = $request->get('roles');
$user->roles()->sync($roles);
}
// Password updates
if ($request->has('password') && $request->get('password') != '') {
$password = $request->get('password');
$user->password = bcrypt($password);
}
// External auth id updates
if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
$user->external_auth_id = $request->get('external_auth_id');
}
$user->save();
session()->flash('success', 'User successfully updated');
$redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
return redirect($redirectUrl);
}
/**
* Displays the form to add new user
*
* @since 1.0
* @package facileManager
*/
function printUsersForm($data = '', $action = 'add', $form_bits = array(), $button_text = 'Save', $button_id = 'submit', $action_page = 'admin-users.php', $print_form_head = true, $display_type = 'popup')
{
global $__FM_CONFIG, $fm_name, $fm_login;
$user_id = 0;
$user_login = $user_password = $cpassword = null;
$ucaction = ucfirst($action);
$disabled = isset($_GET['id']) && $_SESSION['user']['id'] == $_GET['id'] ? 'disabled' : null;
$button_disabled = null;
$user_email = $user_default_module = null;
$hidden = $user_perm_form = $return_form_rows = null;
$user_force_pwd_change = $user_template_only = null;
if (!empty($_POST) && !array_key_exists('is_ajax', $_POST)) {
if (is_array($_POST)) {
extract($_POST);
}
} elseif (@is_object($data[0])) {
extract(get_object_vars($data[0]));
$user_password = null;
}
$popup_title = $action == 'add' ? __('Add User') : __('Edit User');
$popup_header = buildPopup('header', $popup_title);
$popup_footer = buildPopup('footer');
if (in_array('user_login', $form_bits)) {
/** Get field length */
$field_length = getColumnLength('fm_users', 'user_login');
$username_form = $action == 'add' ? '<input name="user_login" id="user_login" type="text" value="' . $user_login . '" size="40" maxlength="' . $field_length . '" />' : '<span id="form_username">' . $user_login . '</span>';
$hidden = '<input type="hidden" name="user_id" value="' . $user_id . '" />';
$hidden .= $action != 'add' ? '<input type="hidden" name="user_login" value="' . $user_login . '" />' : null;
$return_form_rows .= '<tr>
<th width="33%" scope="row"><label for="user_login">' . _('User Login') . '</label></th>
<td width="67%">' . $username_form . '</td>
</tr>';
}
if (in_array('user_email', $form_bits)) {
/** Get field length */
$field_length = getColumnLength('fm_users', 'user_login');
$return_form_rows .= '<tr>
<th width="33%" scope="row"><label for="user_email">' . _('User Email') . '</label></th>
<td width="67%"><input name="user_email" id="user_email" type="email" value="' . $user_email . '" size="32" maxlength="' . $field_length . '" ' . $disabled . ' /></td>
</tr>';
}
if (in_array('user_auth_method', $form_bits) && getOption('auth_method')) {
if (!isset($user_auth_type)) {
$user_auth_type = 1;
}
$auth_method_types = $__FM_CONFIG['options']['auth_method'];
if (array_shift($auth_method_types) && count($auth_method_types) > 1) {
$return_form_rows .= '<tr>
<th width="33%" scope="row"><label for="user_email">' . _('Authentication Method') . '</label></th>
<td width="67%">' . buildSelect('user_auth_type', 'user_auth_type', $auth_method_types, $user_auth_type) . '</td>
</tr>';
}
}
if (in_array('user_password', $form_bits) || array_key_exists('user_password', $form_bits)) {
if ($action == 'add') {
$button_disabled = 'disabled';
}
$strength = $GLOBALS['PWD_STRENGTH'];
if (array_key_exists('user_password', $form_bits)) {
$strength = $form_bits['user_password'];
}
$return_form_rows .= '<tr class="user_password">
<th width="33%" scope="row"><label for="user_password">' . _('User Password') . '</label></th>
<td width="67%"><input name="user_password" id="user_password" type="password" value="" size="40" onkeyup="javascript:checkPasswd(\'user_password\', \'' . $button_id . '\', \'' . $strength . '\');" /></td>
</tr>
<tr class="user_password">
<th width="33%" scope="row"><label for="cpassword">' . _('Confirm Password') . '</label></th>
<td width="67%"><input name="cpassword" id="cpassword" type="password" value="" size="40" onkeyup="javascript:checkPasswd(\'cpassword\', \'' . $button_id . '\', \'' . $strength . '\');" /></td>
</tr>
<tr class="user_password">
<th width="33%" scope="row">' . _('Password Validity') . '</th>
<td width="67%"><div id="passwd_check">' . _('No Password') . '</div></td>
</tr>
<tr class="pwdhint user_password">
<th width="33%" scope="row">' . _('Hint') . '</th>
<td width="67%">' . $__FM_CONFIG['password_hint'][$strength][1] . '</td>
</tr>';
}
if (in_array('user_module', $form_bits)) {
$active_modules = $user_id == $_SESSION['user']['id'] ? getActiveModules(true) : getActiveModules();
$user_module_options = buildSelect('user_default_module', 'user_default_module', $active_modules, $user_default_module);
unset($active_modules);
$return_form_rows .= '<tr>
<th width="33%" scope="row">' . _('Default Module') . '</th>
<td width="67%">' . $user_module_options . '</td>
</tr>';
}
if (in_array('user_options', $form_bits)) {
$force_pwd_check = $user_force_pwd_change == 'yes' ? 'checked disabled' : null;
$user_template_only_check = $user_template_only == 'yes' ? 'checked' : null;
$return_form_rows .= '<tr>
<th width="33%" scope="row">' . _('Options') . '</th>
<td width="67%">
<input name="user_force_pwd_change" id="user_force_pwd_change" value="yes" type="checkbox" ' . $force_pwd_check . '/><label for="user_force_pwd_change">' . _('Force Password Change at Next Login') . '</label><br />
<input name="user_template_only" id="user_template_only" value="yes" type="checkbox" ' . $user_template_only_check . '/><label for="user_template_only">' . _('Template User') . '</label>
</td>
</tr>';
}
if (in_array('verbose', $form_bits)) {
$hidden .= '<input type="hidden" name="verbose" value="0" />' . "\n";
$return_form_rows .= '<tr>
<th width="33%" scope="row">' . _('Options') . '</th>
<td width="67%"><input name="verbose" id="verbose" type="checkbox" value="1" checked /><label for="verbose">' . _('Verbose Output') . '</label></td>
</tr>';
}
do {
if (in_array('user_perms', $form_bits)) {
/** Cannot edit perms of super-admin if logged in user is not a super-admin */
if (userCan($user_id, 'do_everything') && !currentUserCan('do_everything')) {
break;
}
$user_is_super_admin = userCan($user_id, 'do_everything');
$fm_perm_boxes = $perm_boxes = null;
$i = 1;
$fm_user_caps = getAvailableUserCapabilities();
foreach ($fm_user_caps[$fm_name] as $key => $title) {
if ($key != 'do_everything' && $user_is_super_admin) {
$checked = null;
} else {
$checked = userCan($user_id, $key) ? 'checked' : null;
}
if ($key == 'do_everything') {
$title = "<b>{$title}</b>";
}
$fm_perm_boxes .= ' <input name="user_caps[' . $fm_name . '][' . $key . ']" id="fm_perm_' . $key . '" type="checkbox" value="1" ' . $checked . '/> <label for="fm_perm_' . $key . '">' . $title . '</label>' . "\n";
/** Display checkboxes three per row */
if ($i == 3) {
$fm_perm_boxes .= "<br />\n";
$i = 0;
}
$i++;
}
if (!empty($fm_perm_boxes)) {
$perm_boxes .= <<<PERM
\t\t\t\t<tr id="userperms">
\t\t\t\t\t<th width="33%" scope="row">{$fm_name}</th>
\t\t\t\t\t<td width="67%">
\t\t\t\t\t\t<input type="hidden" name="process_user_caps" value="1" />
\t\t\t\t\t\t{$fm_perm_boxes}
\t\t\t\t\t</td>
\t\t\t\t</tr>
PERM;
}
/** Process module permissions */
$active_modules = getActiveModules();
foreach ($active_modules as $module_name) {
$module_perm_boxes = null;
$i = 1;
if (array_key_exists($module_name, $fm_user_caps)) {
foreach ($fm_user_caps[$module_name] as $key => $title) {
$checked = userCan($user_id, $key, $module_name) && !$user_is_super_admin ? 'checked' : null;
$module_perm_boxes .= ' <input name="user_caps[' . $module_name . '][' . $key . ']" id="fm_perm_' . $module_name . '_' . $key . '" type="checkbox" value="1" ' . $checked . '/> <label for="fm_perm_' . $module_name . '_' . $key . '">' . $title . '</label>' . "\n";
/** Display checkboxes three per row */
if ($i == 3) {
$module_perm_boxes .= "<br />\n";
$i = 0;
}
$i++;
}
$module_extra_functions = ABSPATH . 'fm-modules' . DIRECTORY_SEPARATOR . $module_name . DIRECTORY_SEPARATOR . 'functions.extra.php';
if (file_exists($module_extra_functions)) {
include $module_extra_functions;
$function = 'print' . $module_name . 'UsersForm';
if (function_exists($function)) {
$module_perm_boxes .= $function(getUserCapabilities($user_id), $module_name);
}
}
}
if (!empty($module_perm_boxes)) {
$perm_boxes .= <<<PERM
\t\t\t\t\t<tr id="userperms">
\t\t\t\t\t\t<th width="33%" scope="row">{$module_name}</th>
\t\t\t\t\t\t<td width="67%">
\t\t\t\t\t\t{$module_perm_boxes}
\t\t\t\t\t\t</td>
\t\t\t\t\t</tr>
\t
PERM;
}
}
if (!empty($perm_boxes)) {
$user_perm_form = sprintf('<tr><td colspan="2"><br /><br /><i>%s</i></td></tr>', _('User Permissions')) . $perm_boxes;
}
}
} while (false);
$return_form = $print_form_head ? '<form name="manage" id="manage" method="post" action="' . $action_page . '">' . "\n" : null;
if ($display_type == 'popup') {
$return_form .= $popup_header;
}
$return_form .= '
<div>
<form id="fm_user_profile">
<input type="hidden" name="action" value="' . $action . '" />' . $hidden . '
<table class="form-table" width="495px">
<tr><td colspan="2"><i>' . _('User Details') . '</i></td></tr>' . $return_form_rows . $user_perm_form;
$return_form .= '</table></div>';
if ($display_type == 'popup') {
$return_form .= '
</div>
<div class="popup-footer">
<input type="submit" id="' . $button_id . '" name="submit" value="' . $button_text . '" class="button primary" ' . $button_disabled . '/>
<input type="button" value="' . _('Cancel') . '" class="button left" id="cancel_button" />
</div>
</form>
<script>
$(document).ready(function() {
$("select").select2({
containerCss: { "min-width": "165px" },
minimumResultsForSearch: -1
});
$("select.wide_select").select2({
width: "300px",
minimumResultsForSearch: -1
});
});
</script>';
}
return $return_form;
}
