+++ /dev/null
-#**************************************************************************
-# Copyright (C) 2006 by Michael Andreen <harvATruinDOTnu> *
-# *
-# This program is free software; you can redistribute it and/or modify *
-# it under the terms of the GNU General Public License as published by *
-# the Free Software Foundation; either version 2 of the License, or *
-# (at your option) any later version. *
-# *
-# This program is distributed in the hope that it will be useful, *
-# but WITHOUT ANY WARRANTY; without even the implied warranty of *
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
-# GNU General Public License for more details. *
-# *
-# You should have received a copy of the GNU General Public License *
-# along with this program; if not, write to the *
-# Free Software Foundation, Inc., *
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. *
-#**************************************************************************/
-
-package NDWeb::Pages::Users;
-use strict;
-use warnings;
-use ND::Include;
-use CGI qw/:standard/;
-use NDWeb::Include;
-
-use base qw/NDWeb::XMLPage/;
-
-$NDWeb::Page::PAGES{users} = __PACKAGE__;
-
-sub render_body {
- my $self = shift;
- my ($BODY) = @_;
- $self->{TITLE} = 'Users';
- my $DBH = $self->{DBH};
-
- return $self->noAccess unless $self->isHC;
-
- my $error = '';
- my $user;
- if (defined param('user') && param('user') =~ /^(\d+)$/){
- my $query = $DBH->prepare(q{
- SELECT uid,username,hostmask,CASE WHEN u.planet IS NULL THEN '' ELSE coords(x,y,z) END AS planet,attack_points,defense_points,scan_points,humor_points,info, email, sms
- FROM users u LEFT OUTER JOIN current_planet_stats p ON u.planet = p.id
- WHERE uid = ?;
- }) or $error .= "<p> Something went wrong: </p>";
- $user = $DBH->selectrow_hashref($query,undef,$1) or $error.= "<p> Something went wrong: ".$DBH->errstr."</p>";
- }
-
-
- if ($user && defined param('cmd') && param('cmd') eq 'change'){
- $DBH->begin_work;
- for my $param (param()){
- if ($param =~ /^c:(planet|\w+_points|hostmask|info|username|email|sms)$/){
- my $column = $1;
- my $value = param($column);
- if ($column eq 'planet'){
- if ($value eq ''){
- $value = undef;
- }elsif($value =~ /^(\d+)\D+(\d+)\D+(\d+)$/){
- ($value) = $DBH->selectrow_array(q{SELECT id FROM
- current_planet_stats WHERE x = ? and y = ? and z =?}
- ,undef,$1,$2,$3);
- }
- }
- if ($DBH->do(qq{UPDATE users SET $column = ? WHERE uid = ? }
- ,undef,$value,$user->{uid})){
- $user->{$column} = param($column);
- log_message $ND::UID,"HC set $column to $value for user: $user->{uid}";
- }else{
- $error .= "<p> Something went wrong: ".$DBH->errstr."</p>";
- }
- }
- }
- my $groups = $DBH->prepare('SELECT gid,groupname FROM groups');
- my $delgroup = $DBH->prepare(q{DELETE FROM groupmembers WHERE uid = ? AND gid = ?});
- my $addgroup = $DBH->prepare(q{INSERT INTO groupmembers (uid,gid) VALUES(?,?)});
- $groups->execute();
- while (my $group = $groups->fetchrow_hashref){
- my $query;
- next unless defined param($group->{gid});
- if (param($group->{gid}) eq 'remove'){
- $query = $delgroup;
- }elsif(param($group->{gid}) eq 'add'){
- $query = $addgroup;
- }
- if ($query){
- if ($query->execute($user->{uid},$group->{gid})){
- my ($action,$a2) = ('added','to');
- ($action,$a2) = ('removed','from') if param($group->{gid}) eq 'remove';
- log_message $ND::UID,"HC $action user: $user->{uid} ($user->{username}) $a2 group: $group->{gid} ($group->{groupname})";
- }else{
- $error .= "<p> Something went wrong: ".$DBH->errstr."</p>";
- }
- }
- }
- $DBH->commit or $error .= "<p> Something went wrong: ".$DBH->errstr."</p>";
- }
-
- if ($user){
- $BODY->param(User => $user->{uid});
- $BODY->param(Username => $user->{username});
- $BODY->param(Hostmask => $user->{hostmask});
- $BODY->param(Planet => $user->{planet});
- $BODY->param(Attack_points => $user->{attack_points});
- $BODY->param(Defense_points => $user->{defense_points});
- $BODY->param(Scan_points => $user->{scan_points});
- $BODY->param(humor_points => $user->{humor_points});
- $BODY->param(info => $user->{info});
- $BODY->param(Email => $user->{email});
- $BODY->param(SMS => $user->{sms});
-
- my $groups = $DBH->prepare(q{SELECT g.gid,g.groupname,uid FROM groups g LEFT OUTER JOIN (SELECT gid,uid FROM groupmembers WHERE uid = ?) AS gm ON g.gid = gm.gid});
- $groups->execute($user->{uid});
-
- my @addgroups;
- my @remgroups;
- while (my $group = $groups->fetchrow_hashref){
- if ($group->{uid}){
- push @remgroups,{Id => $group->{gid}, Name => $group->{groupname}};
- }else{
- push @addgroups,{Id => $group->{gid}, Name => $group->{groupname}};
- }
- }
- $BODY->param(RemoveGroups => \@remgroups);
- $BODY->param(AddGroups => \@addgroups);
-
- }else{
- my $query = $DBH->prepare(qq{SELECT u.uid,username,TRIM(',' FROM concat(g.groupname||',')) AS groups
- FROM users u LEFT OUTER JOIN (groupmembers gm NATURAL JOIN groups g) ON gm.uid = u.uid
- WHERE u.uid > 0
- GROUP BY u.uid,username
- ORDER BY lower(username)})or $error .= $DBH->errstr;
- $query->execute or $error .= $DBH->errstr;
- my @users;
- while (my $user = $query->fetchrow_hashref){
- push @users, $user;
- }
- $BODY->param(Users => \@users);
- }
- $BODY->param(Error => $error);
- return $BODY;
-}
-1;
INSERT INTO roles VALUES('intel_menu');
INSERT INTO roles VALUES('attack_menu');
INSERT INTO roles VALUES('no_fleet_update');
+INSERT INTO roles VALUES('admin_users');
INSERT INTO group_roles (gid,role) VALUES(2,'member_menu');
INSERT INTO group_roles (gid,role) VALUES(2,'attack_menu');
INSERT INTO group_roles (gid,role) VALUES(1,'bc_menu');
INSERT INTO group_roles (gid,role) VALUES(1,'hc_menu');
INSERT INTO group_roles (gid,role) VALUES(1,'intel_menu');
+INSERT INTO group_roles (gid,role) VALUES(1,'admin_users');
INSERT INTO group_roles (gid,role) VALUES(3,'dc_menu');
INSERT INTO group_roles (gid,role) VALUES(3,'bc_menu');
INSERT INTO group_roles (gid,role) VALUES(3,'hc_menu');
INSERT INTO group_roles (gid,role) VALUES(3,'intel_menu');
+INSERT INTO group_roles (gid,role) VALUES(3,'admin_users');
Session::State::Cookie
/);
+__PACKAGE__->deny_access_unless('/users',[qw/admin_users/]);
+
=head1 NAME
NDWeb - Catalyst based application
--- /dev/null
+package NDWeb::Controller::Users;
+
+use strict;
+use warnings;
+use parent 'Catalyst::Controller';
+
+use ND::Include;
+
+=head1 NAME
+
+NDWeb::Controller::Users - Catalyst Controller
+
+=head1 DESCRIPTION
+
+Catalyst Controller.
+
+=head1 METHODS
+
+=cut
+
+
+=head2 index
+
+=cut
+
+sub index :Path :Args(0) {
+ my ( $self, $c ) = @_;
+ my $dbh = $c->model;
+
+ my $query = $dbh->prepare(qq{SELECT u.uid,username,TRIM(',' FROM concat(g.groupname||',')) AS groups
+ FROM users u LEFT OUTER JOIN (groupmembers gm NATURAL JOIN groups g) ON gm.uid = u.uid
+ WHERE u.uid > 0
+ GROUP BY u.uid,username
+ ORDER BY lower(username)});
+ $query->execute;
+
+ my @users;
+ while (my $user = $query->fetchrow_hashref){
+ push @users, $user;
+ }
+ $c->stash(users => \@users);
+}
+
+sub edit : Local {
+ my ( $self, $c, $user ) = @_;
+ my $dbh = $c->model;
+
+ $c->forward('findUser');
+ $user = $c->stash->{u};
+
+ my $groups = $dbh->prepare(q{SELECT g.gid,g.groupname,uid
+ FROM groups g
+ LEFT OUTER JOIN (SELECT gid,uid FROM groupmembers WHERE uid = ?)
+ AS gm ON g.gid = gm.gid
+ });
+ $groups->execute($user->{uid});
+
+
+ my @addgroups;
+ my @remgroups;
+ while (my $group = $groups->fetchrow_hashref){
+ if ($group->{uid}){
+ push @remgroups,$group;
+ }else{
+ push @addgroups,$group;
+ }
+ }
+ $c->stash(membergroups => \@remgroups);
+ $c->stash(othergroups => \@addgroups);
+
+}
+
+sub updateUser : Local {
+ my ( $self, $c, $user ) = @_;
+ my $dbh = $c->model;
+
+ $c->forward('findUser');
+ $user = $c->stash->{u};
+
+ $dbh->begin_work;
+ eval{
+ my $log = $dbh->prepare(q{INSERT INTO forum_posts (ftid,uid,message) VALUES(
+ (SELECT ftid FROM users WHERE uid = $1),$1,$2)
+ });
+
+ my $delgroup = $dbh->prepare(q{DELETE FROM groupmembers WHERE uid = ? AND gid = ?});
+ my $addgroup = $dbh->prepare(q{INSERT INTO groupmembers (uid,gid) VALUES(?,?)});
+ for my $param ($c->req->param()){
+ if ($param =~ /^c:(planet|\w+_points|hostmask|info|username|email|sms)$/){
+ my $column = $1;
+ my $value = $c->req->param($column);
+ if ($column eq 'planet'){
+ if ($value eq ''){
+ $value = undef;
+ }elsif($value =~ /^(\d+)\D+(\d+)\D+(\d+)$/){
+ ($value) = $dbh->selectrow_array(q{SELECT id FROM
+ current_planet_stats WHERE x = ? and y = ? and z =?}
+ ,undef,$1,$2,$3);
+ }
+ }
+ $dbh->do(qq{UPDATE users SET $column = ? WHERE uid = ? }
+ ,undef,$value,$user->{uid});
+ $log->execute($c->user->id,"HC changed $column from $c->{$column} to $value for user: $user->{uid} ($user->{username})");
+ }elsif ($param =~ /^gr:(\d+)$/){
+ my $query;
+ if ($c->req->param($param) eq 'remove'){
+ $query = $delgroup;
+ }elsif($c->req->param($param) eq 'add'){
+ $query = $addgroup;
+ }
+ if ($query){
+ $query->execute($user->{uid},$1);
+ my ($action,$a2) = ('added','to');
+ ($action,$a2) = ('removed','from') if $c->req->param($param) eq 'remove';
+ $log->execute($c->user->id,"HC $action user: $user->{uid} ($user->{username}) $a2 group: $1");
+ }
+ }
+ }
+ $dbh->commit;
+ };
+ if ($@){
+ $dbh->rollback;
+ die $@;
+ }
+ $c->res->redirect($c->uri_for('edit',$user->{uid}));
+}
+
+sub findUser : Private {
+ my ( $self, $c, $user ) = @_;
+ my $dbh = $c->model;
+
+ my $query = $dbh->prepare(q{
+ SELECT uid,username,hostmask,CASE WHEN u.planet IS NULL THEN '' ELSE coords(x,y,z) END AS planet,attack_points,defense_points,scan_points,humor_points,info, email, sms
+ FROM users u LEFT OUTER JOIN current_planet_stats p ON u.planet = p.id
+ WHERE uid = ?;
+ });
+ $user = $dbh->selectrow_hashref($query,undef,$user);
+
+ $c->stash(u => $user);
+}
+
+=head1 AUTHOR
+
+Micahel Andreen (harv@ruin.nu)
+
+=head1 LICENSE
+
+GPL 2.0, or later.
+
+=cut
+
+1;
--- /dev/null
+[% META title = 'Edit user' %]
+
+<form action="[% c.uri_for('updateUser', u.uid) %]" method="post"><fieldset> <legend>User details</legend>
+ <table>
+ <tr>
+ <th></th>
+ <th>Value</th>
+ <th>Change?</th>
+ </tr>
+ <tr><td>Username</td>
+ <td><input type="text" name="username" value="[% u.username %]"></td>
+ <td><input type="checkbox" name="c:username"></td>
+ </tr>
+ <tr><td>Email</td>
+ <td><input type="text" name="email" value="[% u.email %]"></td>
+ <td><input type="checkbox" name="c:email"></td>
+ </tr>
+ <tr><td>SMS</td>
+ <td><input type="text" name="sms" value="[% u.sms %]"></td>
+ <td><input type="checkbox" name="c:sms"></td>
+ </tr>
+ <tr><td>Host</td>
+ <td><input type="text" name="hostmask" value="[% u.hostmask %]"></td>
+ <td><input type="checkbox" name="c:hostmask"></td>
+ </tr>
+ <tr><td>Planet</td>
+ <td><input type="text" name="planet" value="[% u.planet %]"></td>
+ <td><input type="checkbox" name="c:planet"></td>
+ </tr>
+ <tr><td>Attack points</td>
+ <td><input type="text" name="attack_points" value="[% u.attack_points %]"></td>
+ <td><input type="checkbox" name="c:attack_points"></td>
+ </tr>
+ <tr><td>Defense points</td>
+ <td><input type="text" name="defense_points" value="[% u.defense_points %]"></td>
+ <td><input type="checkbox" name="c:defense_points"></td>
+ </tr>
+ <tr><td>Scan points</td>
+ <td><input type="text" name="scan_points" value="[% u.scan_points %]"></td>
+ <td><input type="checkbox" name="c:scan_points"></td>
+ </tr>
+ <tr><td>Humor points</td>
+ <td><input type="text" name="humor_points" value="[% u.humor_points %]"></td>
+ <td><input type="checkbox" name="c:humor_points"></td>
+ </tr>
+ </table>
+ <p>Other information. Change?<input type="checkbox" name="c:info"></p>
+ <textarea rows="15" cols="80" name="info">[% u.info | html %]</textarea>
+[% IF membergroups.size > 0 %]
+ <p>[% u.username %] is a member of the following groups</p>
+ <table>
+ <tr><th>Group</th><th>Remove</th></tr>
+ [% FOR g IN membergroups %]
+ <tr><td>[% g.groupname %]</td><td><input type="checkbox" name="gr:[% g.gid %]" value="remove"></td></tr>
+ [% END %]
+ </table>
+[% END %]
+[% IF othergroups.size > 0 %]
+ <p>[% u.username %] is a not member of the following groups</p>
+ <table>
+ <tr><th>Group</th><th>Add</th></tr>
+ [% FOR g IN othergroups %]
+ <tr><td>[% g.groupname %]</td><td><input type="checkbox" name="gr:[% g.gid %]" value="add"></td></tr>
+ [% END %]
+ </table>
+[% END %]
+ <p><input type="submit" name="cmd" value="Submit"></p>
+</fieldset>
+</form>
--- /dev/null
+[% META title = 'User listing' %]
+<table>
+ <tr><th>User</th><th>Groups</th></tr>
+[% FOR u IN users %]
+ <tr class="[% loop.count % 2 == 0 ? 'even' : 'odd' %]">
+ <td><a href="[% c.uri_for('edit',u.uid) %]">[% u.username | html %]</a></td>
+ <td>[% u.groups %]</td>
+ </tr>
+[% END %]
+</table>
--- /dev/null
+use strict;
+use warnings;
+use Test::More tests => 3;
+
+BEGIN { use_ok 'Catalyst::Test', 'NDWeb' }
+BEGIN { use_ok 'NDWeb::Controller::Users' }
+
+ok( request('/users')->is_success, 'Request should succeed' );
+
+
+++ /dev/null
-<TMPL_VAR NAME=Error>
-<TMPL_IF User>
-<form action="<TMPL_VAR NAME=PAGE>" method="post"><fieldset> <legend>User details</legend>
- <input type="hidden" name="page" value="<TMPL_VAR NAME=PAGE>"/>
- <input type="hidden" name="cmd" value="change"/>
- <input type="hidden" name="user" value="<TMPL_VAR NAME=User>"/>
- <table>
- <tr>
- <th></th>
- <th>Value</th>
- <th>Change?</th>
- </tr>
- <tr><td>Username</td>
- <td><input type="text" name="username" value="<TMPL_VAR NAME=Username>"/></td>
- <td><input type="checkbox" name="c:username"/></td>
- </tr>
- <tr><td>Email</td>
- <td><input type="text" name="email" value="<TMPL_VAR NAME=Email>"/></td>
- <td><input type="checkbox" name="c:email"/></td>
- </tr>
- <tr><td>SMS</td>
- <td><input type="text" name="sms" value="<TMPL_VAR NAME=SMS>"/></td>
- <td><input type="checkbox" name="c:sms"/></td>
- </tr>
- <tr><td>Host</td>
- <td><input type="text" name="hostmask" value="<TMPL_VAR NAME=Hostmask>"/></td>
- <td><input type="checkbox" name="c:hostmask"/></td>
- </tr>
- <tr><td>Planet</td>
- <td><input type="text" name="planet" value="<TMPL_VAR NAME=Planet>"/></td>
- <td><input type="checkbox" name="c:planet"/></td>
- </tr>
- <tr><td>Attack points</td>
- <td><input type="text" name="attack_points" value="<TMPL_VAR NAME=Attack_points>"/></td>
- <td><input type="checkbox" name="c:attack_points"/></td>
- </tr>
- <tr><td>Defense points</td>
- <td><input type="text" name="defense_points" value="<TMPL_VAR NAME=Defense_points>"/></td>
- <td><input type="checkbox" name="c:defense_points"/></td>
- </tr>
- <tr><td>Scan points</td>
- <td><input type="text" name="scan_points" value="<TMPL_VAR NAME=Scan_points>"/></td>
- <td><input type="checkbox" name="c:scan_points"/></td>
- </tr>
- <tr><td>Humor points</td>
- <td><input type="text" name="humor_points" value="<TMPL_VAR NAME=Humor_points>"/></td>
- <td><input type="checkbox" name="c:humor_points"/></td>
- </tr>
- </table>
- <p>Other information. Change?<input type="checkbox" name="c:info"/></p>
- <textarea rows="15" cols="80" name="info"><TMPL_VAR NAME=Info></textarea>
- <TMPL_IF RemoveGroups>
- <p><TMPL_VAR NAME=Username> is a member of the following groups</p>
- <table>
- <tr><th>Group</th><th>Remove</th></tr>
- <TMPL_LOOP RemoveGroups>
- <tr><td><TMPL_VAR NAME=Name></td><td><input type="checkbox" name="<TMPL_VAR NAME=Id>" value="remove"/></td></tr>
- </TMPL_LOOP>
- </table>
- </TMPL_IF>
- <TMPL_IF AddGroups>
- <p><TMPL_VAR NAME=Username> is not a member of the following groups</p>
- <table>
- <tr><th>Group</th><th>Add</th></tr>
- <TMPL_LOOP AddGroups>
- <tr><td><TMPL_VAR NAME=Name></td><td><input type="checkbox" name="<TMPL_VAR NAME=Id>" value="add"/></td></tr>
- </TMPL_LOOP>
- </table>
- </TMPL_IF>
- <p><input type="submit" value="Submit"/></p>
-</fieldset>
-</form>
-<TMPL_ELSE>
-<table>
- <tr><th>User</th><th>Groups</th></tr>
-<TMPL_LOOP Users>
- <tr class="<TMPL_IF __odd__>odd<TMPL_ELSE>even</TMPL_IF>">
- <td><a href="/<TMPL_VAR NAME=PAGE>?user=<TMPL_VAR NAME=Uid>"><TMPL_VAR NAME=Username></a></td>
- <td><TMPL_VAR NAME=Groups></td>
- </tr>
-</TMPL_LOOP>
-</table>
-</TMPL_IF>