PageRenderTime 40ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/22222/htdocs/db/pma/libraries/server_user_groups.lib.php

https://gitlab.com/jmcdowall/transactions
PHP | 361 lines | 276 code | 26 blank | 59 comment | 38 complexity | 7fafed7b2b7d9b12ab03895ec4bdf49f MD5 | raw file
  1. <?php
  2. /* vim: set expandtab sw=4 ts=4 sts=4: */
  3. /**
  4. * set of functions for user group handling
  5. *
  6. * @package PhpMyAdmin
  7. */
  8. /**
  9. * Return HTML to list the users belonging to a given user group
  10. *
  11. * @param string $userGroup user group name
  12. *
  13. * @return string HTML to list the users belonging to a given user group
  14. */
  15. function PMA_getHtmlForListingUsersofAGroup($userGroup)
  16. {
  17. $html_output = '<h2>'
  18. . sprintf(__('Users of \'%s\' user group'), htmlspecialchars($userGroup))
  19. . '</h2>';
  20. $cfgRelation = PMA_getRelationsParam();
  21. $usersTable = PMA\libraries\Util::backquote($cfgRelation['db'])
  22. . "." . PMA\libraries\Util::backquote($cfgRelation['users']);
  23. $sql_query = "SELECT `username` FROM " . $usersTable
  24. . " WHERE `usergroup`='" . PMA\libraries\Util::sqlAddSlashes($userGroup)
  25. . "'";
  26. $result = PMA_queryAsControlUser($sql_query, false);
  27. if ($result) {
  28. if ($GLOBALS['dbi']->numRows($result) == 0) {
  29. $html_output .= '<p>'
  30. . __('No users were found belonging to this user group.')
  31. . '</p>';
  32. } else {
  33. $html_output .= '<table>'
  34. . '<thead><tr><th>#</th><th>' . __('User') . '</th></tr></thead>'
  35. . '<tbody>';
  36. $i = 0;
  37. while ($row = $GLOBALS['dbi']->fetchRow($result)) {
  38. $i++;
  39. $html_output .= '<tr>'
  40. . '<td>' . $i . ' </td>'
  41. . '<td>' . htmlspecialchars($row[0]) . '</td>'
  42. . '</tr>';
  43. }
  44. $html_output .= '</tbody>'
  45. . '</table>';
  46. }
  47. }
  48. $GLOBALS['dbi']->freeResult($result);
  49. return $html_output;
  50. }
  51. /**
  52. * Returns HTML for the 'user groups' table
  53. *
  54. * @return string HTML for the 'user groups' table
  55. */
  56. function PMA_getHtmlForUserGroupsTable()
  57. {
  58. $html_output = '<h2>' . __('User groups') . '</h2>';
  59. $cfgRelation = PMA_getRelationsParam();
  60. $groupTable = PMA\libraries\Util::backquote($cfgRelation['db'])
  61. . "." . PMA\libraries\Util::backquote($cfgRelation['usergroups']);
  62. $sql_query = "SELECT * FROM " . $groupTable . " ORDER BY `usergroup` ASC";
  63. $result = PMA_queryAsControlUser($sql_query, false);
  64. if ($result && $GLOBALS['dbi']->numRows($result)) {
  65. $html_output .= '<form name="userGroupsForm" id="userGroupsForm"'
  66. . ' action="server_privileges.php" method="post">';
  67. $html_output .= PMA_URL_getHiddenInputs();
  68. $html_output .= '<table id="userGroupsTable">';
  69. $html_output .= '<thead><tr>';
  70. $html_output .= '<th style="white-space: nowrap">'
  71. . __('User group') . '</th>';
  72. $html_output .= '<th>' . __('Server level tabs') . '</th>';
  73. $html_output .= '<th>' . __('Database level tabs') . '</th>';
  74. $html_output .= '<th>' . __('Table level tabs') . '</th>';
  75. $html_output .= '<th>' . __('Action') . '</th>';
  76. $html_output .= '</tr></thead>';
  77. $html_output .= '<tbody>';
  78. $odd = true;
  79. $userGroups = array();
  80. while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
  81. $groupName = $row['usergroup'];
  82. if (! isset($userGroups[$groupName])) {
  83. $userGroups[$groupName] = array();
  84. }
  85. $userGroups[$groupName][$row['tab']] = $row['allowed'];
  86. }
  87. foreach ($userGroups as $groupName => $tabs) {
  88. $html_output .= '<tr class="' . ($odd ? 'odd' : 'even') . '">';
  89. $html_output .= '<td>' . htmlspecialchars($groupName) . '</td>';
  90. $html_output .= '<td>' . _getAllowedTabNames($tabs, 'server') . '</td>';
  91. $html_output .= '<td>' . _getAllowedTabNames($tabs, 'db') . '</td>';
  92. $html_output .= '<td>' . _getAllowedTabNames($tabs, 'table') . '</td>';
  93. $html_output .= '<td>';
  94. $html_output .= '<a class="" href="server_user_groups.php'
  95. . PMA_URL_getCommon(
  96. array(
  97. 'viewUsers' => 1, 'userGroup' => $groupName
  98. )
  99. )
  100. . '">'
  101. . PMA\libraries\Util::getIcon('b_usrlist.png', __('View users'))
  102. . '</a>';
  103. $html_output .= '&nbsp;&nbsp;';
  104. $html_output .= '<a class="" href="server_user_groups.php'
  105. . PMA_URL_getCommon(
  106. array(
  107. 'editUserGroup' => 1, 'userGroup' => $groupName
  108. )
  109. )
  110. . '">'
  111. . PMA\libraries\Util::getIcon('b_edit.png', __('Edit')) . '</a>';
  112. $html_output .= '&nbsp;&nbsp;';
  113. $html_output .= '<a class="deleteUserGroup ajax"'
  114. . ' href="server_user_groups.php'
  115. . PMA_URL_getCommon(
  116. array(
  117. 'deleteUserGroup' => 1, 'userGroup' => $groupName
  118. )
  119. )
  120. . '">'
  121. . PMA\libraries\Util::getIcon('b_drop.png', __('Delete')) . '</a>';
  122. $html_output .= '</td>';
  123. $html_output .= '</tr>';
  124. $odd = ! $odd;
  125. }
  126. $html_output .= '</tbody>';
  127. $html_output .= '</table>';
  128. $html_output .= '</form>';
  129. }
  130. $GLOBALS['dbi']->freeResult($result);
  131. $html_output .= '<fieldset id="fieldset_add_user_group">';
  132. $html_output .= '<a href="server_user_groups.php'
  133. . PMA_URL_getCommon(array('addUserGroup' => 1)) . '">'
  134. . PMA\libraries\Util::getIcon('b_usradd.png')
  135. . __('Add user group') . '</a>';
  136. $html_output .= '</fieldset>';
  137. return $html_output;
  138. }
  139. /**
  140. * Returns the list of allowed menu tab names
  141. * based on a data row from usergroup table.
  142. *
  143. * @param array $row row of usergroup table
  144. * @param string $level 'server', 'db' or 'table'
  145. *
  146. * @return string comma separated list of allowed menu tab names
  147. */
  148. function _getAllowedTabNames($row, $level)
  149. {
  150. $tabNames = array();
  151. $tabs = PMA\libraries\Util::getMenuTabList($level);
  152. foreach ($tabs as $tab => $tabName) {
  153. if (! isset($row[$level . '_' . $tab])
  154. || $row[$level . '_' . $tab] == 'Y'
  155. ) {
  156. $tabNames[] = $tabName;
  157. }
  158. }
  159. return implode(', ', $tabNames);
  160. }
  161. /**
  162. * Deletes a user group
  163. *
  164. * @param string $userGroup user group name
  165. *
  166. * @return void
  167. */
  168. function PMA_deleteUserGroup($userGroup)
  169. {
  170. $cfgRelation = PMA_getRelationsParam();
  171. $userTable = PMA\libraries\Util::backquote($cfgRelation['db'])
  172. . "." . PMA\libraries\Util::backquote($cfgRelation['users']);
  173. $groupTable = PMA\libraries\Util::backquote($cfgRelation['db'])
  174. . "." . PMA\libraries\Util::backquote($cfgRelation['usergroups']);
  175. $sql_query = "DELETE FROM " . $userTable
  176. . " WHERE `usergroup`='" . PMA\libraries\Util::sqlAddSlashes($userGroup)
  177. . "'";
  178. PMA_queryAsControlUser($sql_query, true);
  179. $sql_query = "DELETE FROM " . $groupTable
  180. . " WHERE `usergroup`='" . PMA\libraries\Util::sqlAddSlashes($userGroup)
  181. . "'";
  182. PMA_queryAsControlUser($sql_query, true);
  183. }
  184. /**
  185. * Returns HTML for add/edit user group dialog
  186. *
  187. * @param string $userGroup name of the user group in case of editing
  188. *
  189. * @return string HTML for add/edit user group dialog
  190. */
  191. function PMA_getHtmlToEditUserGroup($userGroup = null)
  192. {
  193. $html_output = '';
  194. if ($userGroup == null) {
  195. $html_output .= '<h2>' . __('Add user group') . '</h2>';
  196. } else {
  197. $html_output .= '<h2>'
  198. . sprintf(__('Edit user group: \'%s\''), htmlspecialchars($userGroup))
  199. . '</h2>';
  200. }
  201. $html_output .= '<form name="userGroupForm" id="userGroupForm"'
  202. . ' action="server_user_groups.php" method="post">';
  203. $urlParams = array();
  204. if ($userGroup != null) {
  205. $urlParams['userGroup'] = $userGroup;
  206. $urlParams['editUserGroupSubmit'] = '1';
  207. } else {
  208. $urlParams['addUserGroupSubmit'] = '1';
  209. }
  210. $html_output .= PMA_URL_getHiddenInputs($urlParams);
  211. $html_output .= '<fieldset id="fieldset_user_group_rights">';
  212. $html_output .= '<legend>' . __('User group menu assignments')
  213. . '&nbsp;&nbsp;&nbsp;'
  214. . '<input type="checkbox" class="checkall_box" title="Check all">'
  215. . '<label for="addUsersForm_checkall">' . __('Check all') . '</label>'
  216. . '</legend>';
  217. if ($userGroup == null) {
  218. $html_output .= '<label for="userGroup">' . __('Group name:') . '</label>';
  219. $html_output .= '<input type="text" name="userGroup" '
  220. . 'autocomplete="off" required="required" />';
  221. $html_output .= '<div class="clearfloat"></div>';
  222. }
  223. $allowedTabs = array(
  224. 'server' => array(),
  225. 'db' => array(),
  226. 'table' => array()
  227. );
  228. if ($userGroup != null) {
  229. $cfgRelation = PMA_getRelationsParam();
  230. $groupTable = PMA\libraries\Util::backquote($cfgRelation['db'])
  231. . "." . PMA\libraries\Util::backquote($cfgRelation['usergroups']);
  232. $sql_query = "SELECT * FROM " . $groupTable
  233. . " WHERE `usergroup`='" . PMA\libraries\Util::sqlAddSlashes($userGroup)
  234. . "'";
  235. $result = PMA_queryAsControlUser($sql_query, false);
  236. if ($result) {
  237. while ($row = $GLOBALS['dbi']->fetchAssoc($result)) {
  238. $key = $row['tab'];
  239. $value = $row['allowed'];
  240. if (substr($key, 0, 7) == 'server_' && $value == 'Y') {
  241. $allowedTabs['server'][] = mb_substr($key, 7);
  242. } elseif (substr($key, 0, 3) == 'db_' && $value == 'Y') {
  243. $allowedTabs['db'][] = mb_substr($key, 3);
  244. } elseif (substr($key, 0, 6) == 'table_'
  245. && $value == 'Y'
  246. ) {
  247. $allowedTabs['table'][] = mb_substr($key, 6);
  248. }
  249. }
  250. }
  251. $GLOBALS['dbi']->freeResult($result);
  252. }
  253. $html_output .= _getTabList(
  254. __('Server-level tabs'), 'server', $allowedTabs['server']
  255. );
  256. $html_output .= _getTabList(
  257. __('Database-level tabs'), 'db', $allowedTabs['db']
  258. );
  259. $html_output .= _getTabList(
  260. __('Table-level tabs'), 'table', $allowedTabs['table']
  261. );
  262. $html_output .= '</fieldset>';
  263. $html_output .= '<fieldset id="fieldset_user_group_rights_footer"'
  264. . ' class="tblFooters">';
  265. $html_output .= '<input type="submit" value="' . __('Go') . '">';
  266. $html_output .= '</fieldset>';
  267. return $html_output;
  268. }
  269. /**
  270. * Returns HTML for checkbox groups to choose
  271. * tabs of 'server', 'db' or 'table' levels.
  272. *
  273. * @param string $title title of the checkbox group
  274. * @param string $level 'server', 'db' or 'table'
  275. * @param array $selected array of selected allowed tabs
  276. *
  277. * @return string HTML for checkbox groups
  278. */
  279. function _getTabList($title, $level, $selected)
  280. {
  281. $tabs = PMA\libraries\Util::getMenuTabList($level);
  282. $html_output = '<fieldset>';
  283. $html_output .= '<legend>' . $title . '</legend>';
  284. foreach ($tabs as $tab => $tabName) {
  285. $html_output .= '<div class="item">';
  286. $html_output .= '<input type="checkbox" class="checkall"'
  287. . (in_array($tab, $selected) ? ' checked="checked"' : '')
  288. . ' name="' . $level . '_' . $tab . '" value="Y" />';
  289. $html_output .= '<label for="' . $level . '_' . $tab . '">'
  290. . '<code>' . $tabName . '</code>'
  291. . '</label>';
  292. $html_output .= '</div>';
  293. }
  294. $html_output .= '</fieldset>';
  295. return $html_output;
  296. }
  297. /**
  298. * Add/update a user group with allowed menu tabs.
  299. *
  300. * @param string $userGroup user group name
  301. * @param boolean $new whether this is a new user group
  302. *
  303. * @return void
  304. */
  305. function PMA_editUserGroup($userGroup, $new = false)
  306. {
  307. $tabs = PMA\libraries\Util::getMenuTabList();
  308. $cfgRelation = PMA_getRelationsParam();
  309. $groupTable = PMA\libraries\Util::backquote($cfgRelation['db'])
  310. . "." . PMA\libraries\Util::backquote($cfgRelation['usergroups']);
  311. if (! $new) {
  312. $sql_query = "DELETE FROM " . $groupTable
  313. . " WHERE `usergroup`='" . PMA\libraries\Util::sqlAddSlashes($userGroup)
  314. . "';";
  315. PMA_queryAsControlUser($sql_query, true);
  316. }
  317. $sql_query = "INSERT INTO " . $groupTable
  318. . "(`usergroup`, `tab`, `allowed`)"
  319. . " VALUES ";
  320. $first = true;
  321. foreach ($tabs as $tabGroupName => $tabGroup) {
  322. foreach ($tabGroup as $tab => $tabName) {
  323. if (! $first) {
  324. $sql_query .= ", ";
  325. }
  326. $tabName = $tabGroupName . '_' . $tab;
  327. $allowed = isset($_REQUEST[$tabName]) && $_REQUEST[$tabName] == 'Y';
  328. $sql_query .= "('" . PMA_Util::sqlAddSlashes($userGroup) . "', '" . $tabName . "', '"
  329. . ($allowed ? "Y" : "N") . "')";
  330. $first = false;
  331. }
  332. }
  333. $sql_query .= ";";
  334. PMA_queryAsControlUser($sql_query, true);
  335. }