Manage user accounts
/**
* @route crew/permissions/{string}/context/{id}
*
* @param string $cabin
* @param string $contextId
*/
public function editContext(string $cabin, string $contextId)
{
$contextId = (int) $contextId;
if (!\in_array($cabin, $this->getCabinNamespaces())) {
\Airship\redirect($this->airship_cabin_prefix . '/crew/permissions');
}
$context = $this->perms->getContext($contextId, $cabin);
if (empty($context)) {
\Airship\redirect($this->airship_cabin_prefix . '/crew/permissions' . $cabin);
}
// Handle post data
$post = $this->post(new SaveContextFilter());
if (!empty($post)) {
if ($this->perms->saveContext($cabin, $contextId, $post)) {
\Airship\redirect($this->airship_cabin_prefix . '/crew/permissions/' . $cabin . '/context/' . $contextId, ['msg' => 'saved']);
}
}
// Okay,
$actions = $this->perms->getActionNames($cabin);
$groupPerms = $this->perms->buildGroupTree($cabin, $contextId, $actions);
$userPerms = $this->perms->buildUserList($cabin, $contextId, $actions);
$users = [];
foreach ($userPerms as $userid => $userPerm) {
$userid = (int) $userid;
$users[$userid] = $this->users->getUserAccount($userid, true);
unset($users[$userid]['password']);
}
if (!empty($_GET['msg'])) {
if ($_GET['msg'] === 'saved') {
$this->storeLensVar('message', \__('Your changes have been saved.'));
}
}
$this->lens('perms/context', ['actions' => $actions, 'cabin' => $cabin, 'context' => $context, 'permissions' => $groupPerms, 'userperms' => $userPerms, 'users' => $users]);
}
/**
* List the users
*
* @route crew/users
*/
public function users()
{
$get = $this->httpGetParams();
list($offset, $limit) = $this->getOffsetAndLimit($get['page'] ?? 0);
$suffix = '';
$dir = 'ASC';
if (\array_key_exists('dir', $get)) {
if ($get['dir'] === 'DESC') {
$dir = 'DESC';
}
}
if (\array_key_exists('sort', $get)) {
switch ($get['sort']) {
case 'username':
case 'display_name':
$suffix = \http_build_query(['sort' => $get['sort'], 'dir' => $dir]) . '&';
$users = $this->account->listUsers($offset, $limit, $get['sort'], $dir);
break;
default:
$users = $this->account->listUsers($offset, $limit);
}
} else {
$users = $this->account->listUsers($offset, $limit);
}
$this->lens('crew/user_list', ['active_link' => 'bridge-link-admin-crew-users', 'users' => $users, 'pagination' => ['base' => $this->airship_cabin_prefix . '/crew/users', 'suffix' => '?' . $suffix . 'page=', 'count' => $this->account->numUsers(), 'page' => (int) \ceil($offset / ($limit ?? 1)) + 1, 'per_page' => $limit]]);
}
/**
* Make sure the secret exists, then get the GoogleAuth object
*
* @param int $userID
* @return GoogleAuth
* @throws \Airship\Alerts\Security\UserNotLoggedIn
*/
protected function twoFactorPreamble(int $userID = 0) : GoogleAuth
{
if (!$userID) {
$userID = $this->getActiveUserId();
}
$secret = $this->acct->getTwoFactorSecret($userID);
if (empty($secret)) {
if (!$this->acct->resetTwoFactorSecret($userID)) {
\Airship\json_response(['test2']);
\Airship\redirect($this->airship_cabin_prefix);
}
$secret = $this->acct->getTwoFactorSecret($userID);
}
return new GoogleAuth($secret, new TOTP(0, (int) ($this->config('two-factor.period') ?? 30), (int) ($this->config('two-factor.length') ?? 6)));
}
/**
* @route admin/settings
*/
public function manageSettings()
{
$state = State::instance();
$settings = ['universal' => $state->universal];
$post = $this->post(new SettingsFilter());
if (!empty($post)) {
if ($this->saveSettings($post)) {
\Airship\clear_cache();
\Airship\redirect($this->airship_cabin_prefix . '/admin/settings', ['msg' => 'saved']);
} else {
$this->log('Could not save new settings', LogLevel::ALERT);
}
}
// Load individual files...
$settings['cabins'] = $this->loadJSONConfigFile('cabins.json');
$settings['content_security_policy'] = $this->loadJSONConfigFile('content_security_policy.json');
$settings['keyring'] = $this->loadJSONConfigFile('keyring.json');
foreach (\Airship\list_all_files(ROOT . '/config/supplier_keys/', 'json') as $supplier) {
$name = \Airship\path_to_filename($supplier, true);
$settings['suppliers'][$name] = \Airship\loadJSON($supplier);
}
$this->lens('admin_settings', ['active_link' => 'bridge-link-admin-settings', 'config' => $settings, 'groups' => $this->acct->getGroupTree()]);
}
