From 32bf807f4c912062de85f9beee5228a23014484d Mon Sep 17 00:00:00 2001
From: Michael Andreen <harv@ruin.nu>
Date: Fri, 20 Jun 2008 00:08:32 +0200
Subject: [PATCH] Converted users to catalyst

---
 NDWeb/Pages/Users.pm          | 144 --------------------------------
 database/group_roles.sql      |   3 +
 lib/NDWeb.pm                  |   2 +
 lib/NDWeb/Controller/Users.pm | 152 ++++++++++++++++++++++++++++++++++
 root/src/users/edit.tt2       |  69 +++++++++++++++
 root/src/users/index.tt2      |  10 +++
 t/controller_Users.t          |  10 +++
 templates/users.tmpl          |  83 -------------------
 8 files changed, 246 insertions(+), 227 deletions(-)
 delete mode 100644 NDWeb/Pages/Users.pm
 create mode 100644 lib/NDWeb/Controller/Users.pm
 create mode 100644 root/src/users/edit.tt2
 create mode 100644 root/src/users/index.tt2
 create mode 100644 t/controller_Users.t
 delete mode 100644 templates/users.tmpl

diff --git a/NDWeb/Pages/Users.pm b/NDWeb/Pages/Users.pm
deleted file mode 100644
index b06289e..0000000
--- a/NDWeb/Pages/Users.pm
+++ /dev/null
@@ -1,144 +0,0 @@
-#**************************************************************************
-#   Copyright (C) 2006 by Michael Andreen <harvATruinDOTnu>               *
-#                                                                         *
-#   This program is free software; you can redistribute it and/or modify  *
-#   it under the terms of the GNU General Public License as published by  *
-#   the Free Software Foundation; either version 2 of the License, or     *
-#   (at your option) any later version.                                   *
-#                                                                         *
-#   This program is distributed in the hope that it will be useful,       *
-#   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
-#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
-#   GNU General Public License for more details.                          *
-#                                                                         *
-#   You should have received a copy of the GNU General Public License     *
-#   along with this program; if not, write to the                         *
-#   Free Software Foundation, Inc.,                                       *
-#   51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.         *
-#**************************************************************************/
-
-package NDWeb::Pages::Users;
-use strict;
-use warnings;
-use ND::Include;
-use CGI qw/:standard/;
-use NDWeb::Include;
-
-use base qw/NDWeb::XMLPage/;
-
-$NDWeb::Page::PAGES{users} = __PACKAGE__;
-
-sub render_body {
-	my $self = shift;
-	my ($BODY) = @_;
-	$self->{TITLE} = 'Users';
-	my $DBH = $self->{DBH};
-
-	return $self->noAccess unless $self->isHC;
-
-	my $error = '';
-	my $user;
-	if (defined param('user') && param('user') =~ /^(\d+)$/){
-		my $query = $DBH->prepare(q{
-			SELECT uid,username,hostmask,CASE WHEN u.planet IS NULL THEN '' ELSE coords(x,y,z) END AS planet,attack_points,defense_points,scan_points,humor_points,info, email, sms
-			FROM users u LEFT OUTER JOIN current_planet_stats p ON u.planet = p.id
-			WHERE uid = ?;
-			}) or $error .= "<p> Something went wrong: </p>";
-		$user = $DBH->selectrow_hashref($query,undef,$1) or $error.= "<p> Something went wrong: ".$DBH->errstr."</p>";
-	}
-
-
-	if ($user && defined param('cmd') && param('cmd') eq 'change'){
-		$DBH->begin_work;
-		for my $param (param()){
-			if ($param =~ /^c:(planet|\w+_points|hostmask|info|username|email|sms)$/){
-				my $column = $1;
-				my $value = param($column);
-				if ($column eq 'planet'){
-					if ($value eq ''){
-						$value = undef;
-					}elsif($value =~ /^(\d+)\D+(\d+)\D+(\d+)$/){
-						($value) = $DBH->selectrow_array(q{SELECT id FROM
-							current_planet_stats WHERE x = ? and y = ? and z =?}
-							,undef,$1,$2,$3);
-					}
-				}
-				if ($DBH->do(qq{UPDATE users SET $column = ? WHERE uid = ? }
-						,undef,$value,$user->{uid})){
-					$user->{$column} = param($column);
-					log_message $ND::UID,"HC set $column to $value for user: $user->{uid}";
-				}else{
-					$error .= "<p> Something went wrong: ".$DBH->errstr."</p>";
-				}
-			}
-		}
-		my $groups = $DBH->prepare('SELECT gid,groupname FROM groups');
-		my $delgroup = $DBH->prepare(q{DELETE FROM groupmembers WHERE uid = ? AND gid = ?});
-		my $addgroup = $DBH->prepare(q{INSERT INTO groupmembers (uid,gid) VALUES(?,?)});
-		$groups->execute();
-		while (my $group = $groups->fetchrow_hashref){
-			my $query;
-			next unless defined param($group->{gid});
-			if (param($group->{gid}) eq 'remove'){
-				$query = $delgroup;
-			}elsif(param($group->{gid}) eq 'add'){
-				$query = $addgroup;
-			}
-			if ($query){
-				if ($query->execute($user->{uid},$group->{gid})){
-					my ($action,$a2) = ('added','to');
-					($action,$a2) = ('removed','from') if param($group->{gid}) eq 'remove';
-					log_message $ND::UID,"HC $action user: $user->{uid} ($user->{username}) $a2 group: $group->{gid} ($group->{groupname})";
-				}else{
-					$error .= "<p> Something went wrong: ".$DBH->errstr."</p>";
-				}
-			}
-		}
-		$DBH->commit or $error .= "<p> Something went wrong: ".$DBH->errstr."</p>";
-	}
-
-	if ($user){
-		$BODY->param(User => $user->{uid});
-		$BODY->param(Username => $user->{username});
-		$BODY->param(Hostmask => $user->{hostmask});
-		$BODY->param(Planet => $user->{planet});
-		$BODY->param(Attack_points => $user->{attack_points});
-		$BODY->param(Defense_points => $user->{defense_points});
-		$BODY->param(Scan_points => $user->{scan_points});
-		$BODY->param(humor_points => $user->{humor_points});
-		$BODY->param(info => $user->{info});
-		$BODY->param(Email => $user->{email});
-		$BODY->param(SMS => $user->{sms});
-
-		my $groups = $DBH->prepare(q{SELECT g.gid,g.groupname,uid FROM groups g LEFT OUTER JOIN (SELECT gid,uid FROM groupmembers WHERE uid = ?) AS gm ON g.gid = gm.gid});
-		$groups->execute($user->{uid});
-
-		my @addgroups;
-		my @remgroups;
-		while (my $group = $groups->fetchrow_hashref){
-			if ($group->{uid}){
-				push @remgroups,{Id => $group->{gid}, Name => $group->{groupname}};
-			}else{
-				push @addgroups,{Id => $group->{gid}, Name => $group->{groupname}};
-			}
-		}
-		$BODY->param(RemoveGroups => \@remgroups);
-		$BODY->param(AddGroups => \@addgroups);
-
-	}else{
-		my $query = $DBH->prepare(qq{SELECT u.uid,username,TRIM(',' FROM concat(g.groupname||',')) AS groups
-			FROM users u LEFT OUTER JOIN (groupmembers gm NATURAL JOIN groups g) ON gm.uid = u.uid
-			WHERE u.uid > 0
-			GROUP BY u.uid,username
-			ORDER BY lower(username)})or $error .= $DBH->errstr;
-		$query->execute or $error .= $DBH->errstr;
-		my @users;
-		while (my $user = $query->fetchrow_hashref){
-			push @users, $user;
-		}
-		$BODY->param(Users => \@users);
-	}
-	$BODY->param(Error => $error);
-	return $BODY;
-}
-1;
diff --git a/database/group_roles.sql b/database/group_roles.sql
index e890bb5..b6165ab 100644
--- a/database/group_roles.sql
+++ b/database/group_roles.sql
@@ -14,6 +14,7 @@ INSERT INTO roles VALUES('dc_menu');
 INSERT INTO roles VALUES('intel_menu');
 INSERT INTO roles VALUES('attack_menu');
 INSERT INTO roles VALUES('no_fleet_update');
+INSERT INTO roles VALUES('admin_users');
 
 INSERT INTO group_roles (gid,role) VALUES(2,'member_menu');
 INSERT INTO group_roles (gid,role) VALUES(2,'attack_menu');
@@ -26,8 +27,10 @@ INSERT INTO group_roles (gid,role) VALUES(1,'dc_menu');
 INSERT INTO group_roles (gid,role) VALUES(1,'bc_menu');
 INSERT INTO group_roles (gid,role) VALUES(1,'hc_menu');
 INSERT INTO group_roles (gid,role) VALUES(1,'intel_menu');
+INSERT INTO group_roles (gid,role) VALUES(1,'admin_users');
 
 INSERT INTO group_roles (gid,role) VALUES(3,'dc_menu');
 INSERT INTO group_roles (gid,role) VALUES(3,'bc_menu');
 INSERT INTO group_roles (gid,role) VALUES(3,'hc_menu');
 INSERT INTO group_roles (gid,role) VALUES(3,'intel_menu');
+INSERT INTO group_roles (gid,role) VALUES(3,'admin_users');
diff --git a/lib/NDWeb.pm b/lib/NDWeb.pm
index 00c8f00..8cc8388 100644
--- a/lib/NDWeb.pm
+++ b/lib/NDWeb.pm
@@ -53,6 +53,8 @@ __PACKAGE__->setup(qw/
 	Session::State::Cookie
 	/);
 
+__PACKAGE__->deny_access_unless('/users',[qw/admin_users/]);
+
 =head1 NAME
 
 NDWeb - Catalyst based application
diff --git a/lib/NDWeb/Controller/Users.pm b/lib/NDWeb/Controller/Users.pm
new file mode 100644
index 0000000..36b94c3
--- /dev/null
+++ b/lib/NDWeb/Controller/Users.pm
@@ -0,0 +1,152 @@
+package NDWeb::Controller::Users;
+
+use strict;
+use warnings;
+use parent 'Catalyst::Controller';
+
+use ND::Include;
+
+=head1 NAME
+
+NDWeb::Controller::Users - Catalyst Controller
+
+=head1 DESCRIPTION
+
+Catalyst Controller.
+
+=head1 METHODS
+
+=cut
+
+
+=head2 index 
+
+=cut
+
+sub index :Path :Args(0) {
+	my ( $self, $c ) = @_;
+	my $dbh = $c->model;
+
+	my $query = $dbh->prepare(qq{SELECT u.uid,username,TRIM(',' FROM concat(g.groupname||',')) AS groups
+		FROM users u LEFT OUTER JOIN (groupmembers gm NATURAL JOIN groups g) ON gm.uid = u.uid
+		WHERE u.uid > 0
+		GROUP BY u.uid,username
+		ORDER BY lower(username)});
+	$query->execute;
+
+	my @users;
+	while (my $user = $query->fetchrow_hashref){
+		push @users, $user;
+	}
+	$c->stash(users => \@users);
+}
+
+sub edit : Local {
+	my ( $self, $c, $user ) = @_;
+	my $dbh = $c->model;
+
+	$c->forward('findUser');
+	$user = $c->stash->{u};
+
+	my $groups = $dbh->prepare(q{SELECT g.gid,g.groupname,uid 
+		FROM groups g 
+		LEFT OUTER JOIN (SELECT gid,uid FROM groupmembers WHERE uid = ?)
+			AS gm ON g.gid = gm.gid
+		});
+	$groups->execute($user->{uid});
+
+
+	my @addgroups;
+	my @remgroups;
+	while (my $group = $groups->fetchrow_hashref){
+		if ($group->{uid}){
+			push @remgroups,$group;
+		}else{
+			push @addgroups,$group;
+		}
+	}
+	$c->stash(membergroups => \@remgroups);
+	$c->stash(othergroups => \@addgroups);
+
+}
+
+sub updateUser : Local {
+	my ( $self, $c, $user ) = @_;
+	my $dbh = $c->model;
+
+	$c->forward('findUser');
+	$user = $c->stash->{u};
+
+	$dbh->begin_work;
+	eval{
+		my $log = $dbh->prepare(q{INSERT INTO forum_posts (ftid,uid,message) VALUES(
+			(SELECT ftid FROM users WHERE uid = $1),$1,$2)
+			});
+
+		my $delgroup = $dbh->prepare(q{DELETE FROM groupmembers WHERE uid = ? AND gid = ?});
+		my $addgroup = $dbh->prepare(q{INSERT INTO groupmembers (uid,gid) VALUES(?,?)});
+		for my $param ($c->req->param()){
+			if ($param =~ /^c:(planet|\w+_points|hostmask|info|username|email|sms)$/){
+				my $column = $1;
+				my $value = $c->req->param($column);
+				if ($column eq 'planet'){
+					if ($value eq ''){
+						$value = undef;
+					}elsif($value =~ /^(\d+)\D+(\d+)\D+(\d+)$/){
+						($value) = $dbh->selectrow_array(q{SELECT id FROM
+							current_planet_stats WHERE x = ? and y = ? and z =?}
+							,undef,$1,$2,$3);
+					}
+				}
+				$dbh->do(qq{UPDATE users SET $column = ? WHERE uid = ? }
+					,undef,$value,$user->{uid});
+				$log->execute($c->user->id,"HC changed $column from $c->{$column} to $value for user: $user->{uid} ($user->{username})");
+			}elsif ($param =~ /^gr:(\d+)$/){
+				my $query;
+				if ($c->req->param($param) eq 'remove'){
+					$query = $delgroup;
+				}elsif($c->req->param($param) eq 'add'){
+					$query = $addgroup;
+				}
+				if ($query){
+					$query->execute($user->{uid},$1);
+					my ($action,$a2) = ('added','to');
+					($action,$a2) = ('removed','from') if $c->req->param($param) eq 'remove';
+					$log->execute($c->user->id,"HC $action user: $user->{uid} ($user->{username}) $a2 group: $1");
+				}
+			}
+		}
+		$dbh->commit;
+	};
+	if ($@){
+		$dbh->rollback;
+		die $@;
+	}
+	$c->res->redirect($c->uri_for('edit',$user->{uid}));
+}
+
+sub findUser : Private {
+	my ( $self, $c, $user ) = @_;
+	my $dbh = $c->model;
+
+	my $query = $dbh->prepare(q{
+		SELECT uid,username,hostmask,CASE WHEN u.planet IS NULL THEN '' ELSE coords(x,y,z) END AS planet,attack_points,defense_points,scan_points,humor_points,info, email, sms
+		FROM users u LEFT OUTER JOIN current_planet_stats p ON u.planet = p.id
+		WHERE uid = ?;
+		});
+	$user = $dbh->selectrow_hashref($query,undef,$user);
+
+	$c->stash(u => $user);
+}
+
+=head1 AUTHOR
+
+Micahel Andreen (harv@ruin.nu)
+
+=head1 LICENSE
+
+GPL 2.0, or later.
+
+=cut
+
+1;
diff --git a/root/src/users/edit.tt2 b/root/src/users/edit.tt2
new file mode 100644
index 0000000..db1db84
--- /dev/null
+++ b/root/src/users/edit.tt2
@@ -0,0 +1,69 @@
+[% META title = 'Edit user' %]
+
+<form action="[% c.uri_for('updateUser', u.uid) %]" method="post"><fieldset> <legend>User details</legend>
+	<table>
+	<tr>
+		<th></th>
+		<th>Value</th>
+		<th>Change?</th>
+	</tr>
+	<tr><td>Username</td>
+		<td><input type="text" name="username" value="[% u.username %]"></td>
+		<td><input type="checkbox" name="c:username"></td>
+	</tr>
+	<tr><td>Email</td>
+		<td><input type="text" name="email" value="[% u.email %]"></td>
+		<td><input type="checkbox" name="c:email"></td>
+	</tr>
+	<tr><td>SMS</td>
+		<td><input type="text" name="sms" value="[% u.sms %]"></td>
+		<td><input type="checkbox" name="c:sms"></td>
+	</tr>
+	<tr><td>Host</td>
+		<td><input type="text" name="hostmask" value="[% u.hostmask %]"></td>
+		<td><input type="checkbox" name="c:hostmask"></td>
+	</tr>
+	<tr><td>Planet</td>
+		<td><input type="text" name="planet" value="[% u.planet %]"></td>
+		<td><input type="checkbox" name="c:planet"></td>
+	</tr>
+	<tr><td>Attack points</td>
+		<td><input type="text" name="attack_points" value="[% u.attack_points %]"></td>
+		<td><input type="checkbox" name="c:attack_points"></td>
+	</tr>
+	<tr><td>Defense points</td>
+		<td><input type="text" name="defense_points" value="[% u.defense_points %]"></td>
+		<td><input type="checkbox" name="c:defense_points"></td>
+	</tr>
+	<tr><td>Scan points</td>
+		<td><input type="text" name="scan_points" value="[% u.scan_points %]"></td>
+		<td><input type="checkbox" name="c:scan_points"></td>
+	</tr>
+	<tr><td>Humor points</td>
+		<td><input type="text" name="humor_points" value="[% u.humor_points %]"></td>
+		<td><input type="checkbox" name="c:humor_points"></td>
+	</tr>
+	</table>
+	<p>Other information. Change?<input type="checkbox" name="c:info"></p>
+	<textarea rows="15" cols="80" name="info">[% u.info | html %]</textarea>
+[% IF membergroups.size > 0 %]
+	<p>[% u.username %] is a member of the following groups</p>
+	<table>
+		<tr><th>Group</th><th>Remove</th></tr>
+	[% FOR g IN  membergroups %]
+		<tr><td>[% g.groupname %]</td><td><input type="checkbox" name="gr:[% g.gid %]" value="remove"></td></tr>
+	[% END %]
+	</table>
+[% END %]
+[% IF othergroups.size > 0 %]
+	<p>[% u.username %] is a not member of the following groups</p>
+	<table>
+		<tr><th>Group</th><th>Add</th></tr>
+	[% FOR g IN  othergroups %]
+		<tr><td>[% g.groupname %]</td><td><input type="checkbox" name="gr:[% g.gid %]" value="add"></td></tr>
+	[% END %]
+	</table>
+[% END %]
+		<p><input type="submit" name="cmd" value="Submit"></p>
+</fieldset>
+</form>
diff --git a/root/src/users/index.tt2 b/root/src/users/index.tt2
new file mode 100644
index 0000000..29127a3
--- /dev/null
+++ b/root/src/users/index.tt2
@@ -0,0 +1,10 @@
+[% META title = 'User listing' %]
+<table>
+	<tr><th>User</th><th>Groups</th></tr>
+[% FOR u IN users %]
+	<tr class="[% loop.count % 2 == 0 ? 'even' : 'odd' %]">
+		<td><a href="[% c.uri_for('edit',u.uid) %]">[% u.username | html %]</a></td>
+		<td>[% u.groups %]</td>
+	</tr>
+[% END %]
+</table>
diff --git a/t/controller_Users.t b/t/controller_Users.t
new file mode 100644
index 0000000..101e9e7
--- /dev/null
+++ b/t/controller_Users.t
@@ -0,0 +1,10 @@
+use strict;
+use warnings;
+use Test::More tests => 3;
+
+BEGIN { use_ok 'Catalyst::Test', 'NDWeb' }
+BEGIN { use_ok 'NDWeb::Controller::Users' }
+
+ok( request('/users')->is_success, 'Request should succeed' );
+
+
diff --git a/templates/users.tmpl b/templates/users.tmpl
deleted file mode 100644
index 3df838b..0000000
--- a/templates/users.tmpl
+++ /dev/null
@@ -1,83 +0,0 @@
-<TMPL_VAR NAME=Error>
-<TMPL_IF User>
-<form action="<TMPL_VAR NAME=PAGE>" method="post"><fieldset> <legend>User details</legend>
-	<input type="hidden" name="page" value="<TMPL_VAR NAME=PAGE>"/>
-	<input type="hidden" name="cmd" value="change"/>
-	<input type="hidden" name="user" value="<TMPL_VAR NAME=User>"/>
-	<table>
-	<tr>
-		<th></th>
-		<th>Value</th>
-		<th>Change?</th>
-	</tr>
-	<tr><td>Username</td>
-		<td><input type="text" name="username" value="<TMPL_VAR NAME=Username>"/></td>
-		<td><input type="checkbox" name="c:username"/></td>
-	</tr>
-	<tr><td>Email</td>
-		<td><input type="text" name="email" value="<TMPL_VAR NAME=Email>"/></td>
-		<td><input type="checkbox" name="c:email"/></td>
-	</tr>
-	<tr><td>SMS</td>
-		<td><input type="text" name="sms" value="<TMPL_VAR NAME=SMS>"/></td>
-		<td><input type="checkbox" name="c:sms"/></td>
-	</tr>
-	<tr><td>Host</td>
-		<td><input type="text" name="hostmask" value="<TMPL_VAR NAME=Hostmask>"/></td>
-		<td><input type="checkbox" name="c:hostmask"/></td>
-	</tr>
-	<tr><td>Planet</td>
-		<td><input type="text" name="planet" value="<TMPL_VAR NAME=Planet>"/></td>
-		<td><input type="checkbox" name="c:planet"/></td>
-	</tr>
-	<tr><td>Attack points</td>
-		<td><input type="text" name="attack_points" value="<TMPL_VAR NAME=Attack_points>"/></td>
-		<td><input type="checkbox" name="c:attack_points"/></td>
-	</tr>
-	<tr><td>Defense points</td>
-		<td><input type="text" name="defense_points" value="<TMPL_VAR NAME=Defense_points>"/></td>
-		<td><input type="checkbox" name="c:defense_points"/></td>
-	</tr>
-	<tr><td>Scan points</td>
-		<td><input type="text" name="scan_points" value="<TMPL_VAR NAME=Scan_points>"/></td>
-		<td><input type="checkbox" name="c:scan_points"/></td>
-	</tr>
-	<tr><td>Humor points</td>
-		<td><input type="text" name="humor_points" value="<TMPL_VAR NAME=Humor_points>"/></td>
-		<td><input type="checkbox" name="c:humor_points"/></td>
-	</tr>
-	</table>
-	<p>Other information. Change?<input type="checkbox" name="c:info"/></p>
-	<textarea rows="15" cols="80" name="info"><TMPL_VAR NAME=Info></textarea>
-	<TMPL_IF RemoveGroups>
-		<p><TMPL_VAR NAME=Username> is a member of the following groups</p>
-		<table>
-			<tr><th>Group</th><th>Remove</th></tr>
-		<TMPL_LOOP RemoveGroups>
-			<tr><td><TMPL_VAR NAME=Name></td><td><input type="checkbox" name="<TMPL_VAR NAME=Id>" value="remove"/></td></tr>
-		</TMPL_LOOP>
-			</table>		
-		</TMPL_IF>
-		<TMPL_IF AddGroups>
-			<p><TMPL_VAR NAME=Username> is not a member of the following groups</p>
-			<table>
-			<tr><th>Group</th><th>Add</th></tr>
-		<TMPL_LOOP AddGroups>
-			<tr><td><TMPL_VAR NAME=Name></td><td><input type="checkbox" name="<TMPL_VAR NAME=Id>" value="add"/></td></tr>
-		</TMPL_LOOP>
-			</table>		
-		</TMPL_IF>
-		<p><input type="submit" value="Submit"/></p>
-</fieldset>
-</form>
-<TMPL_ELSE>
-<table>
-	<tr><th>User</th><th>Groups</th></tr>
-<TMPL_LOOP Users>
-	<tr class="<TMPL_IF __odd__>odd<TMPL_ELSE>even</TMPL_IF>">
-		<td><a href="/<TMPL_VAR NAME=PAGE>?user=<TMPL_VAR NAME=Uid>"><TMPL_VAR NAME=Username></a></td>
-		<td><TMPL_VAR NAME=Groups></td>
-	</tr>
-</TMPL_LOOP>
-</table>
-</TMPL_IF>
-- 
2.39.2