1.1.4 (#61)

* Added Delete Functions * Added correct perm to delete user * Added Group Delete + Life Settings Move To Config * Update Composer * Added Data Table Log For Group/Users * Added Self Password Change * Fixed Perms
Cyberbyte-Software · Apr 4, 2018 · 6ecb93a · 6ecb93a
1 parent 6f2dab9
commit 6ecb93a
Show file tree

Hide file tree

Showing 23 changed files with 641 additions and 104 deletions.
diff --git a/app/Core/Controllers/Admin/LogController.php b/app/Core/Controllers/Admin/LogController.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace CyberWorks\Core\Controllers\Admin;
+
+use CyberWorks\Core\Models\Log;
+use LiveControl\EloquentDataTable\DataTable;
+use CyberWorks\Core\Controllers\Controller;
+
+class LogController extends Controller
+{
+    public function userIndex($request, $response)
+    {
+        return $this->view->render($response, 'logs/adminLogTable.twig', ['title' => 'core.perms.users.log', 'api' => 'user']);
+    }
+
+    public function userTable($request, $response)
+    {
+        $logs = new Log();
+        $table = new DataTable($logs->where('type', '5')->orderBy('created_at', 'desc'), ['id', 'message', 'user_id', 'created_at']);
+
+        $table->setFormatRowFunction(function ($log) {
+            return [
+                $log->name,
+                $log->message,
+                (string) $log->created_at
+            ];
+        });
+
+        return $response->withJson($table->make());
+    }
+
+    public function groupIndex($request, $response)
+    {
+        return $this->view->render($response, 'logs/adminLogTable.twig', ['title' => 'core.perms.group.log', 'api' => 'group']);
+    }
+
+    public function groupTable($request, $response)
+    {
+        $logs = new Log();
+        $table = new DataTable($logs->where('type', '6')->orderBy('created_at', 'desc'), ['id', 'message', 'user_id', 'created_at']);
+
+        $table->setFormatRowFunction(function ($log) {
+            return [
+                $log->name,
+                $log->message,
+                (string) $log->created_at
+            ];
+        });
+
+        return $response->withJson($table->make());
+    }
+}
diff --git a/app/Core/Controllers/Auth/GroupController.php b/app/Core/Controllers/Auth/GroupController.php
@@ -4,6 +4,7 @@
 
 use CyberWorks\Core\Controllers\Controller;
 use CyberWorks\Core\Models\Group;
+use CyberWorks\Core\Helper\EditLogger;
 use LiveControl\EloquentDataTable\DataTable;
 use Respect\Validation\Validator as v;
 
@@ -13,7 +14,7 @@ public function index($request, $response) {
         return $this->view->render($response, 'groups/index.twig');
     }
 
-    public function new($request, $response) {
+    public function newView($request, $response) {
         return $this->view->render($response, 'groups/new.twig');
     }
 
@@ -25,7 +26,7 @@ public function table($request, $response) {
             return [
                 '<a href="group/' . $group->id . '"target="_blank">' . $group->group_name . '</a>',
                 ($group->is_superUser == 1 ? "Yes" : "No"),
-                '<a href="group/' . $group->id . '"target="_blank"><i class="fa fa-pencil"></i></a>'
+                '<a href="group/' . $group->id . '"target="_blank"><i class="fa fa-pencil"></i></a> <a onclick=\'showDeleteGroupBox('. $group->id .',"'. $group->group_name .'")\'><i class="fa fa-trash"></i></a>'
             ];
         });
 
@@ -87,7 +88,8 @@ public function updateGroup($request, $response, $args) {
             'can_edit_group_perms_container' => v::optional(v::notEmpty()),
             'can_edit_house' => v::optional(v::notEmpty()),
             'can_view_houses' => v::optional(v::notEmpty()),
-            'can_edit_group_perms_house' => v::optional(v::notEmpty())
+            'can_edit_group_perms_house' => v::optional(v::notEmpty()),
+            'can_del_group' => v::optional(v::notEmpty())
         ]);
 
         if ($req_validation->failed()) {
@@ -149,12 +151,15 @@ public function updateGroup($request, $response, $args) {
         if ($group->can_edit_users != $this->convertCheckBox($request->getParam('can_edit_users'))) $group->can_edit_users = $this->convertCheckBox($request->getParam('can_edit_users'));
         if ($group->can_add_user != $this->convertCheckBox($request->getParam('can_add_user'))) $group->can_add_user = $this->convertCheckBox($request->getParam('can_add_user'));
         if ($group->can_del_user != $this->convertCheckBox($request->getParam('can_del_user'))) $group->can_del_user = $this->convertCheckBox($request->getParam('can_del_user'));
+        if ($group->can_del_group != $this->convertCheckBox($request->getParam('can_del_group'))) $group->can_del_group = $this->convertCheckBox($request->getParam('can_del_group'));
 
         if ($group->isDirty()) {
             $this->container->logger->info("Group: " + $group->id + " Was updated By User:" + $_SESSION['user_id']);
             $group->save();
         }
 
+        EditLogger::logEdit('6', "Updated Group ". $group->id ." ". $group->group_name);
+
         return $response->withRedirect($this->router->pathFor('groups'));
     }
 
@@ -206,7 +211,8 @@ public function newGroup($request, $response) {
             'can_edit_group_perms_container' => v::optional(v::notEmpty()),
             'can_edit_house' => v::optional(v::notEmpty()),
             'can_view_houses' => v::optional(v::notEmpty()),
-            'can_edit_group_perms_house' => v::optional(v::notEmpty())
+            'can_edit_group_perms_house' => v::optional(v::notEmpty()),
+            'can_del_group' => v::optional(v::notEmpty())
         ]);
 
         if ($req_validation->failed()) {
@@ -274,14 +280,39 @@ public function newGroup($request, $response) {
         $group->can_edit_users = $this->convertCheckBox($request->getParam('can_edit_users'));
         $group->can_add_user = $this->convertCheckBox($request->getParam('can_add_user'));
         $group->can_del_user = $this->convertCheckBox($request->getParam('can_del_user'));
+        $group->can_del_group = $this->convertCheckBox($request->getParam('can_del_group'));
 
         $this->container->logger->info("Group: " + $group->id + " Was Added By User:" + $_SESSION['user_id']);
         $group->save();
 
+        EditLogger::logEdit('6', "Added Group ". $group->id ." ". $group->group_name);
+
         return $response->withRedirect($this->router->pathFor('groups'));
     }
 
     public function convertCheckBox($input) {
         return ($input == 'on' ? 1 : 0);
     }
+
+    public function deleteGroup($request, $response) {
+        $req_validation = $this->validator->validate($request, [
+            'id' => v::notEmpty()
+        ]);
+
+        if ($req_validation->failed()) {
+            return $response->withJson(['error' => 'Validation Failed', 'errors' => $req_validation->errors()], 400);
+        }
+
+        if ($request->getParam('id') == 1) {
+            return $response->withJson(['error' => 'Can Not Remove Default Group!'], 400);
+        }
+
+        $group = Group::find($request->getParam('id'));
+
+        EditLogger::logEdit('6', "Deleted Group ". $group->group_name ." ". $request->getParam('id'));
+
+        $group->delete();
+
+        return $response->withStatus(200);
+    }
 }
diff --git a/app/Core/Controllers/Auth/UserController.php b/app/Core/Controllers/Auth/UserController.php
@@ -6,6 +6,7 @@
 use CyberWorks\Core\Controllers\Controller;
 use CyberWorks\Core\Models\Group;
 use CyberWorks\Core\Models\User;
+use CyberWorks\Core\Helper\EditLogger;
 use LiveControl\EloquentDataTable\DataTable;
 use Respect\Validation\Validator as v;
 
@@ -17,7 +18,7 @@ public function index($request, $response) {
         return $this->view->render($response, 'users/index.twig', $data);
     }
 
-    public function new($request, $response) {
+    public function newUserView($request, $response) {
         $groups = Group::all();
         $data = ['groups' => $groups];
         return $this->view->render($response, 'users/new.twig', $data);
@@ -35,7 +36,7 @@ public function table($request, $response) {
                 $user->name,
                 $user->email,
                 '<a href="group/' . $group->id . '"target="_blank">' . $group->group_name . '</a>',
-                '<a onclick=\'showUserEditBox('. $user->id .',"'. $user->name .'","'. $user->email .'",'. $group->id .')\'><i class="fa fa-pencil"></i></a> <a onclick=\'showUserEditPasswordBox('. $user->id .',"'. $user->name .'")\'><i class="fa fa-key"></i></a>'
+                '<a onclick=\'showUserEditBox('. $user->id .',"'. $user->name .'","'. $user->email .'",'. $group->id .')\'><i class="fa fa-pencil"></i></a> <a onclick=\'showUserEditPasswordBox('. $user->id .',"'. $user->name .'")\'><i class="fa fa-key"></i></a> <a onclick=\'deleteUserBox('. $user->id .',"'. $user->name .'")\'><i class="fa fa-trash"></i></a>'
             ];
         });
 
@@ -66,6 +67,8 @@ public function updateUser($request, $response) {
             $user->save();
         }
 
+        EditLogger::logEdit('5', "Updated User ". $user->name);
+
         return $response->withStatus(200);
     }
 
@@ -84,6 +87,27 @@ public function changeUserPassword($request, $response) {
         $user->password = password_hash($request->getParam('password'), PASSWORD_DEFAULT);
         $user->save();
 
+        EditLogger::logEdit('5', "Changed ". $user->name ." Password");
+
+        return $response->withStatus(200);
+    }
+
+    public function changeOwnPassword($request, $response) {
+        $req_validation = $this->validator->validate($request, [
+            'password' =>  v::notEmpty()
+        ]);
+
+        if ($req_validation->failed()) {
+            return $response->withJson(['error' => 'Validation Failed', 'errors' => $req_validation->errors()], 400);
+        }
+
+        $user = User::find($_SESSION['user_id']);
+
+        $user->password = password_hash($request->getParam('password'), PASSWORD_DEFAULT);
+        $user->save();
+
+        EditLogger::logEdit('5', "Changed ". $user->name ." Their Password");
+
         return $response->withStatus(200);
     }
 
@@ -111,7 +135,28 @@ public function newUser($request, $response) {
             'profilePicture' => $picture,
         ]);
 
+        EditLogger::logEdit('5', "Added User ". $request->getParam('username'));
+
         $this->alerts->addMessage('success', 'Account Created');
         return $response->withRedirect($this->router->pathFor('dashboard'));
     }
+
+    public function deleteUser($request, $response) {
+        $req_validation = $this->validator->validate($request, [
+            'id' => v::notEmpty()
+        ]);
+
+        if ($req_validation->failed()) {
+            return $response->withJson(['error' => 'Validation Failed', 'errors' => $req_validation->errors()], 400);
+        }
+
+        $user = User::find($request->getParam('id'));
+
+        EditLogger::logEdit('5', "Deleted User ". $request->getParam('id') . " " . $user->name);
+
+        $user->delete();
+
+
+        return $response->withStatus(200);
+    }
 }
diff --git a/app/Core/Controllers/PatchController.php b/app/Core/Controllers/PatchController.php
@@ -20,7 +20,7 @@ public function doGetRequest($url)
     public function checkForUpdate($request, $response)
     {
         $latestVersion = $this->doGetRequest("https://api.github.com/repos/Cyberbyte-Studios/CyberWorks-3/releases/latest")->tag_name;
-        $currentVersion = $this->container->config->get('version','1.1.3');
+        $currentVersion = $this->container->config->get('version','1.1.4');
         $updatedNeeded = false;
 
         if ($latestVersion != $currentVersion) $updatedNeeded = true;

diff --git a/app/Core/Helper/EditLogger.php b/app/Core/Helper/EditLogger.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace CyberWorks\Core\Helper;
+
+use CyberWorks\Core\Models\Log;
+
+class EditLogger
+{
+    public function logEdit($type, $message) {
+        $entry = new Log();
+        $entry->user_id = $_SESSION['user_id'];
+        $entry->message = $message;
+        $entry->type = $type;
+
+        $entry->save();
+    }
+}
diff --git a/app/Core/Middleware/API/GroupIsValidAPIMiddleware.php b/app/Core/Middleware/API/GroupIsValidAPIMiddleware.php
@@ -0,0 +1,21 @@
+<?php
+
+namespace CyberWorks\Core\Middleware\API;
+
+use CyberWorks\Core\Models\Group;
+use CyberWorks\Core\Middleware\Middleware;
+
+class GroupIsValidAPIMiddleware extends Middleware
+{
+    public function __invoke($request, $response, $next)
+    {
+        $group = Group::find($request->getParam('id'));
+
+        if (!$group) {
+            return $response->withJson(['error' => 'Group Not Found!'], 404);
+        }
+
+        $response = $next($request, $response);
+        return $response;
+    }
+}
diff --git a/app/Core/Middleware/API/UserIsValidAPIMiddleware.php b/app/Core/Middleware/API/UserIsValidAPIMiddleware.php
@@ -3,8 +3,9 @@
 namespace CyberWorks\Core\Middleware\API;
 
 use CyberWorks\Core\Models\User;
+use CyberWorks\Core\Middleware\Middleware;
 
-class UserIsValidAPIMiddleware
+class UserIsValidAPIMiddleware extends Middleware
 {
     public function __invoke($request, $response, $next)
     {
@@ -17,5 +18,4 @@ public function __invoke($request, $response, $next)
         $response = $next($request, $response);
         return $response;
     }
-
 }
diff --git a/app/Core/Models/Group.php b/app/Core/Models/Group.php
@@ -55,6 +55,7 @@ class Group extends Model
         'can_add_user',
         'can_del_user',
         'can_edit_container',
-        'can_view_containers'
+        'can_view_containers',
+        'can_del_group'
     ];
 }
diff --git a/app/Core/container.php b/app/Core/container.php
@@ -24,3 +24,6 @@
 $container['PatchController'] = function ($container) {
     return new CyberWorks\Core\Controllers\PatchController($container);
 };
+$container['LogController'] = function ($container) {
+    return new CyberWorks\Core\Controllers\Admin\LogController($container);
+};
diff --git a/app/Core/routes.php b/app/Core/routes.php
@@ -6,6 +6,7 @@
 use CyberWorks\Core\Middleware\Permissions\HasPermissionMiddleware;
 use CyberWorks\Core\Middleware\API\UserIsValidAPIMiddleware;
 use CyberWorks\Core\Middleware\GroupIsValidMiddleware;
+use CyberWorks\Core\Middleware\API\GroupIsValidAPIMiddleware;
 
 $app->group("/auth", function() {
     $this->get('/login','AuthController:loginPage')->setName('auth.login');
@@ -30,17 +31,23 @@
 
     $this->get('/groups', 'GroupController:index')->add(new HasPermissionMiddleware($this->getContainer(), "can_edit_group_perms"))->setName('groups');
 
-    $this->get('/group/new', 'GroupController:new')->add(new HasPermissionMiddleware($this->getContainer(), "can_make_groups"))->setName('group.new');
+    $this->get('/group/new', 'GroupController:newView')->add(new HasPermissionMiddleware($this->getContainer(), "can_make_groups"))->setName('group.new');
     $this->post('/group/new', 'GroupController:newGroup')->add(new HasPermissionMiddleware($this->getContainer(), "can_make_groups"));
 
     $this->get('/group/{id}', 'GroupController:group')->add(new HasPermissionMiddleware($this->getContainer(), "can_edit_group_perms"))->add(new GroupIsValidMiddleware($this->getContainer()));
     $this->post('/group/{id}', 'GroupController:updateGroup')->setName('group.update')->add(new HasPermissionMiddleware($this->getContainer(), "can_edit_group_perms"))->add(new GroupIsValidMiddleware($this->getContainer()));
 
     $this->get('/users', 'UserController:index')->add(new HasPermissionMiddleware($this->getContainer(), "can_edit_users"))->setName('users');
 
-    $this->get('/user/new', 'UserController:new')->add(new HasPermissionMiddleware($this->getContainer(), "can_add_user"));
+    $this->get('/user/new', 'UserController:newUserView')->add(new HasPermissionMiddleware($this->getContainer(), "can_add_user"));
     $this->post('/user/new', 'UserController:newUser')->add(new HasPermissionMiddleware($this->getContainer(), "can_add_user"))->setName('user.new');
 
+    $this->group("/logs", function () {
+        $container = $this->getContainer();
+        $this->get('/user', 'LogController:userIndex')->add(new HasPermissionMiddleware($container, "can_view_logs"))->setName('logs.user');
+        $this->get('/group', 'LogController:groupIndex')->add(new HasPermissionMiddleware($container, "can_view_logs"))->setName('logs.group');
+    });
+
 })->add(new AuthenticatedMiddleware($app->getContainer()));
 
 $app->group("/api/internal", function() {
@@ -51,8 +58,18 @@
     $this->post('/users', 'UserController:table');
     $this->post('/user/update', 'UserController:updateUser')->add(new HasPermissionAPIMiddleware($this->getContainer(), "can_edit_users"))->add(new UserIsValidAPIMiddleware($this->getContainer()))->setName('user.update');
     $this->post('/user/update/password', 'UserController:changeUserPassword')->add(new HasPermissionAPIMiddleware($this->getContainer(), "can_edit_users"))->add(new UserIsValidAPIMiddleware($this->getContainer()))->setName('user.update');
+    $this->post('/user/delete', 'UserController:deleteUser')->add(new HasPermissionAPIMiddleware($this->getContainer(), "can_del_user"))->add(new UserIsValidAPIMiddleware($this->getContainer()))->setName('user.delete');
+
+    $this->post('/group/delete', 'GroupController:deleteGroup')->add(new HasPermissionAPIMiddleware($this->getContainer(), "can_del_group"))->add(new GroupIsValidAPIMiddleware($this->getContainer()))->setName('group.delete');
 
     $this->get('/check/update', 'PatchController:checkForUpdate');
 
+    $this->group("/logs", function () {
+        $container = $this->getContainer();
+        $this->post('/user', 'LogController:userTable')->add(new HasPermissionAPIMiddleware($container, "can_view_logs"))->setName('api.logs.user');
+        $this->post('/group', 'LogController:groupTable')->add(new HasPermissionAPIMiddleware($container, "can_view_logs"))->setName('api.logs.group');
+    });
+
+    $this->post('/self/update/password', 'UserController:changeOwnPassword')->setName('self.update');
 })->add(new AuthenticatedMiddleware($app->getContainer()));