PDF rausgenommen
This commit is contained in:
aschwarz
466
msd2/tracking/piwik/plugins/UsersManager/Controller.php
Normal file
466
msd2/tracking/piwik/plugins/UsersManager/Controller.php
Normal file
@ -0,0 +1,466 @@
|
||||
<?php
|
||||
/**
|
||||
* Piwik - free/libre analytics platform
|
||||
*
|
||||
* @link http://piwik.org
|
||||
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
|
||||
*
|
||||
*/
|
||||
namespace Piwik\Plugins\UsersManager;
|
||||
|
||||
use Exception;
|
||||
use Piwik\API\Request;
|
||||
use Piwik\API\ResponseBuilder;
|
||||
use Piwik\Common;
|
||||
use Piwik\Container\StaticContainer;
|
||||
use Piwik\Piwik;
|
||||
use Piwik\Plugin\ControllerAdmin;
|
||||
use Piwik\Plugins\LanguagesManager\API as APILanguagesManager;
|
||||
use Piwik\Plugins\LanguagesManager\LanguagesManager;
|
||||
use Piwik\Plugins\UsersManager\API as APIUsersManager;
|
||||
use Piwik\SettingsPiwik;
|
||||
use Piwik\Site;
|
||||
use Piwik\Tracker\IgnoreCookie;
|
||||
use Piwik\Translation\Translator;
|
||||
use Piwik\Url;
|
||||
use Piwik\View;
|
||||
use Piwik\Session\SessionInitializer;
|
||||
|
||||
class Controller extends ControllerAdmin
|
||||
{
|
||||
/**
|
||||
* @var Translator
|
||||
*/
|
||||
private $translator;
|
||||
|
||||
public function __construct(Translator $translator)
|
||||
{
|
||||
$this->translator = $translator;
|
||||
|
||||
parent::__construct();
|
||||
}
|
||||
|
||||
static function orderByName($a, $b)
|
||||
{
|
||||
return strcmp($a['name'], $b['name']);
|
||||
}
|
||||
|
||||
/**
|
||||
* The "Manage Users and Permissions" Admin UI screen
|
||||
*/
|
||||
public function index()
|
||||
{
|
||||
Piwik::checkUserIsNotAnonymous();
|
||||
Piwik::checkUserHasSomeAdminAccess();
|
||||
|
||||
$view = new View('@UsersManager/index');
|
||||
|
||||
$IdSitesAdmin = Request::processRequest('SitesManager.getSitesIdWithAdminAccess');
|
||||
$idSiteSelected = 1;
|
||||
|
||||
if (count($IdSitesAdmin) > 0) {
|
||||
$defaultWebsiteId = $IdSitesAdmin[0];
|
||||
$idSiteSelected = $this->idSite ?: $defaultWebsiteId;
|
||||
}
|
||||
|
||||
if (!Piwik::isUserHasAdminAccess($idSiteSelected) && count($IdSitesAdmin) > 0) {
|
||||
// make sure to show a website where user actually has admin access
|
||||
$idSiteSelected = $IdSitesAdmin[0];
|
||||
}
|
||||
|
||||
$defaultReportSiteName = Site::getNameFor($idSiteSelected);
|
||||
|
||||
$view->idSiteSelected = $idSiteSelected;
|
||||
$view->defaultReportSiteName = $defaultReportSiteName;
|
||||
$view->currentUserRole = Piwik::hasUserSuperUserAccess() ? 'superuser' : 'admin';
|
||||
$view->accessLevels = [
|
||||
['key' => 'noaccess', 'value' => Piwik::translate('UsersManager_PrivNone')],
|
||||
['key' => 'view', 'value' => Piwik::translate('UsersManager_PrivView')],
|
||||
['key' => 'write', 'value' => Piwik::translate('UsersManager_PrivWrite')],
|
||||
['key' => 'admin', 'value' => Piwik::translate('UsersManager_PrivAdmin')],
|
||||
['key' => 'superuser', 'value' => Piwik::translate('Installation_SuperUser'), 'disabled' => true],
|
||||
];
|
||||
$view->filterAccessLevels = [
|
||||
['key' => '', 'value' => Piwik::translate('UsersManager_ShowAll')],
|
||||
['key' => 'noaccess', 'value' => Piwik::translate('UsersManager_PrivNone')],
|
||||
['key' => 'some', 'value' => Piwik::translate('UsersManager_AtLeastView')],
|
||||
['key' => 'view', 'value' => Piwik::translate('UsersManager_PrivView')],
|
||||
['key' => 'write', 'value' => Piwik::translate('UsersManager_PrivWrite')],
|
||||
['key' => 'admin', 'value' => Piwik::translate('UsersManager_PrivAdmin')],
|
||||
['key' => 'superuser', 'value' => Piwik::translate('Installation_SuperUser')],
|
||||
];
|
||||
|
||||
$capabilities = Request::processRequest('UsersManager.getAvailableCapabilities', [], []);
|
||||
foreach ($capabilities as $capability) {
|
||||
$capabilityEntry = [
|
||||
'key' => $capability['id'], 'value' => $capability['category'] . ': ' . $capability['name'],
|
||||
];
|
||||
$view->accessLevels[] = $capabilityEntry;
|
||||
$view->filterAccessLevels[] = $capabilityEntry;
|
||||
}
|
||||
|
||||
$this->setBasicVariablesView($view);
|
||||
|
||||
return $view->render();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns default date for Piwik reports
|
||||
*
|
||||
* @param string $user
|
||||
* @return string today, yesterday, week, month, year
|
||||
*/
|
||||
protected function getDefaultDateForUser($user)
|
||||
{
|
||||
return APIUsersManager::getInstance()->getUserPreference($user, APIUsersManager::PREFERENCE_DEFAULT_REPORT_DATE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the enabled dates that users can select,
|
||||
* in their User Settings page "Report date to load by default"
|
||||
*
|
||||
* @throws
|
||||
* @return array
|
||||
*/
|
||||
protected function getDefaultDates()
|
||||
{
|
||||
$dates = array(
|
||||
'today' => $this->translator->translate('Intl_Today'),
|
||||
'yesterday' => $this->translator->translate('Intl_Yesterday'),
|
||||
'previous7' => $this->translator->translate('General_PreviousDays', 7),
|
||||
'previous30' => $this->translator->translate('General_PreviousDays', 30),
|
||||
'last7' => $this->translator->translate('General_LastDays', 7),
|
||||
'last30' => $this->translator->translate('General_LastDays', 30),
|
||||
'week' => $this->translator->translate('General_CurrentWeek'),
|
||||
'month' => $this->translator->translate('General_CurrentMonth'),
|
||||
'year' => $this->translator->translate('General_CurrentYear'),
|
||||
);
|
||||
|
||||
$mappingDatesToPeriods = array(
|
||||
'today' => 'day',
|
||||
'yesterday' => 'day',
|
||||
'previous7' => 'range',
|
||||
'previous30' => 'range',
|
||||
'last7' => 'range',
|
||||
'last30' => 'range',
|
||||
'week' => 'week',
|
||||
'month' => 'month',
|
||||
'year' => 'year',
|
||||
);
|
||||
|
||||
// assertion
|
||||
if (count($dates) != count($mappingDatesToPeriods)) {
|
||||
throw new Exception("some metadata is missing in getDefaultDates()");
|
||||
}
|
||||
|
||||
$allowedPeriods = self::getEnabledPeriodsInUI();
|
||||
$allowedDates = array_intersect($mappingDatesToPeriods, $allowedPeriods);
|
||||
$dates = array_intersect_key($dates, $allowedDates);
|
||||
|
||||
/**
|
||||
* Triggered when the list of available dates is requested, for example for the
|
||||
* User Settings > Report date to load by default.
|
||||
*
|
||||
* @param array &$dates Array of (date => translation)
|
||||
*/
|
||||
Piwik::postEvent('UsersManager.getDefaultDates', array(&$dates));
|
||||
|
||||
return $dates;
|
||||
}
|
||||
|
||||
/**
|
||||
* The "User Settings" admin UI screen view
|
||||
*/
|
||||
public function userSettings()
|
||||
{
|
||||
Piwik::checkUserIsNotAnonymous();
|
||||
|
||||
$view = new View('@UsersManager/userSettings');
|
||||
|
||||
$userLogin = Piwik::getCurrentUserLogin();
|
||||
$user = Request::processRequest('UsersManager.getUser', array('userLogin' => $userLogin));
|
||||
$view->userEmail = $user['email'];
|
||||
$view->userTokenAuth = Piwik::getCurrentUserTokenAuth();
|
||||
$view->ignoreSalt = $this->getIgnoreCookieSalt();
|
||||
|
||||
$userPreferences = new UserPreferences();
|
||||
$defaultReport = $userPreferences->getDefaultReport();
|
||||
|
||||
if ($defaultReport === false) {
|
||||
$defaultReport = $userPreferences->getDefaultWebsiteId();
|
||||
}
|
||||
|
||||
$view->defaultReport = $defaultReport;
|
||||
|
||||
if ($defaultReport == 'MultiSites') {
|
||||
|
||||
$defaultSiteId = $userPreferences->getDefaultWebsiteId();
|
||||
$reportOptionsValue = $defaultSiteId;
|
||||
|
||||
$view->defaultReportIdSite = $defaultSiteId;
|
||||
$view->defaultReportSiteName = Site::getNameFor($defaultSiteId);
|
||||
} else {
|
||||
$reportOptionsValue = $defaultReport;
|
||||
$view->defaultReportIdSite = $defaultReport;
|
||||
$view->defaultReportSiteName = Site::getNameFor($defaultReport);
|
||||
}
|
||||
|
||||
$view->defaultReportOptions = array(
|
||||
array('key' => 'MultiSites', 'value' => Piwik::translate('General_AllWebsitesDashboard')),
|
||||
array('key' => $reportOptionsValue, 'value' => Piwik::translate('General_DashboardForASpecificWebsite')),
|
||||
);
|
||||
|
||||
$view->defaultDate = $this->getDefaultDateForUser($userLogin);
|
||||
$view->availableDefaultDates = $this->getDefaultDates();
|
||||
|
||||
$languages = APILanguagesManager::getInstance()->getAvailableLanguageNames();
|
||||
$languageOptions = array();
|
||||
foreach ($languages as $language) {
|
||||
$languageOptions[] = array(
|
||||
'key' => $language['code'],
|
||||
'value' => $language['name']
|
||||
);
|
||||
}
|
||||
|
||||
$view->languageOptions = $languageOptions;
|
||||
$view->currentLanguageCode = LanguagesManager::getLanguageCodeForCurrentUser();
|
||||
$view->currentTimeformat = (int) LanguagesManager::uses12HourClockForCurrentUser();
|
||||
$view->ignoreCookieSet = IgnoreCookie::isIgnoreCookieFound();
|
||||
$view->piwikHost = Url::getCurrentHost();
|
||||
$this->setBasicVariablesView($view);
|
||||
|
||||
$view->timeFormats = array(
|
||||
'1' => Piwik::translate('General_12HourClock'),
|
||||
'0' => Piwik::translate('General_24HourClock')
|
||||
);
|
||||
|
||||
return $view->render();
|
||||
}
|
||||
|
||||
/**
|
||||
* The "Anonymous Settings" admin UI screen view
|
||||
*/
|
||||
public function anonymousSettings()
|
||||
{
|
||||
Piwik::checkUserHasSuperUserAccess();
|
||||
|
||||
$view = new View('@UsersManager/anonymousSettings');
|
||||
|
||||
$view->availableDefaultDates = $this->getDefaultDates();
|
||||
|
||||
$this->initViewAnonymousUserSettings($view);
|
||||
$this->setBasicVariablesView($view);
|
||||
|
||||
return $view->render();
|
||||
}
|
||||
|
||||
public function setIgnoreCookie()
|
||||
{
|
||||
Piwik::checkUserHasSomeViewAccess();
|
||||
Piwik::checkUserIsNotAnonymous();
|
||||
|
||||
$salt = Common::getRequestVar('ignoreSalt', false, 'string');
|
||||
if ($salt !== $this->getIgnoreCookieSalt()) {
|
||||
throw new Exception("Not authorized");
|
||||
}
|
||||
|
||||
IgnoreCookie::setIgnoreCookie();
|
||||
Piwik::redirectToModule('UsersManager', 'userSettings', array('token_auth' => false));
|
||||
}
|
||||
|
||||
/**
|
||||
* The Super User can modify Anonymous user settings
|
||||
* @param View $view
|
||||
*/
|
||||
protected function initViewAnonymousUserSettings($view)
|
||||
{
|
||||
if (!Piwik::hasUserSuperUserAccess()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$userLogin = 'anonymous';
|
||||
|
||||
// Which websites are available to the anonymous users?
|
||||
|
||||
$anonymousSitesAccess = Request::processRequest('UsersManager.getSitesAccessFromUser', array('userLogin' => $userLogin));
|
||||
$anonymousSites = array();
|
||||
$idSites = array();
|
||||
foreach ($anonymousSitesAccess as $info) {
|
||||
$idSite = $info['site'];
|
||||
$idSites[] = $idSite;
|
||||
|
||||
$site = Request::processRequest('SitesManager.getSiteFromId', array('idSite' => $idSite));
|
||||
// Work around manual website deletion
|
||||
if (!empty($site)) {
|
||||
$anonymousSites[] = array('key' => $idSite, 'value' => $site['name']);
|
||||
}
|
||||
}
|
||||
$view->anonymousSites = $anonymousSites;
|
||||
|
||||
$anonymousDefaultSite = '';
|
||||
|
||||
// Which report is displayed by default to the anonymous user?
|
||||
$anonymousDefaultReport = Request::processRequest('UsersManager.getUserPreference', array('userLogin' => $userLogin, 'preferenceName' => APIUsersManager::PREFERENCE_DEFAULT_REPORT));
|
||||
if ($anonymousDefaultReport === false) {
|
||||
if (empty($anonymousSites)) {
|
||||
$anonymousDefaultReport = Piwik::getLoginPluginName();
|
||||
} else {
|
||||
// we manually imitate what would happen, in case the anonymous user logs in
|
||||
// and is redirected to the first website available to him in the list
|
||||
// @see getDefaultWebsiteId()
|
||||
$anonymousDefaultReport = '1';
|
||||
$anonymousDefaultSite = $anonymousSites[0]['key'];
|
||||
}
|
||||
}
|
||||
|
||||
if (is_numeric($anonymousDefaultReport)) {
|
||||
$anonymousDefaultSite = $anonymousDefaultReport;
|
||||
$anonymousDefaultReport = '1'; // a website is selected, we make sure "Dashboard for a specific site" gets pre-selected
|
||||
}
|
||||
|
||||
if ((empty($anonymousDefaultSite) || !in_array($anonymousDefaultSite, $idSites)) && !empty($idSites)) {
|
||||
$anonymousDefaultSite = $anonymousSites[0]['key'];
|
||||
}
|
||||
|
||||
$view->anonymousDefaultReport = $anonymousDefaultReport;
|
||||
$view->anonymousDefaultSite = $anonymousDefaultSite;
|
||||
$view->anonymousDefaultDate = $this->getDefaultDateForUser($userLogin);
|
||||
|
||||
$view->defaultReportOptions = array(
|
||||
array('key' => 'Login', 'value' => Piwik::translate('UsersManager_TheLoginScreen')),
|
||||
array('key' => 'MultiSites', 'value' => Piwik::translate('General_AllWebsitesDashboard'), 'disabled' => empty($anonymousSites)),
|
||||
array('key' => '1', 'value' => Piwik::translate('General_DashboardForASpecificWebsite')),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Records settings for the anonymous users (default report, default date)
|
||||
*/
|
||||
public function recordAnonymousUserSettings()
|
||||
{
|
||||
$response = new ResponseBuilder(Common::getRequestVar('format'));
|
||||
try {
|
||||
Piwik::checkUserHasSuperUserAccess();
|
||||
$this->checkTokenInUrl();
|
||||
|
||||
$anonymousDefaultReport = Common::getRequestVar('anonymousDefaultReport');
|
||||
$anonymousDefaultDate = Common::getRequestVar('anonymousDefaultDate');
|
||||
$userLogin = 'anonymous';
|
||||
APIUsersManager::getInstance()->setUserPreference($userLogin,
|
||||
APIUsersManager::PREFERENCE_DEFAULT_REPORT,
|
||||
$anonymousDefaultReport);
|
||||
APIUsersManager::getInstance()->setUserPreference($userLogin,
|
||||
APIUsersManager::PREFERENCE_DEFAULT_REPORT_DATE,
|
||||
$anonymousDefaultDate);
|
||||
$toReturn = $response->getResponse();
|
||||
} catch (Exception $e) {
|
||||
$toReturn = $response->getResponseException($e);
|
||||
}
|
||||
|
||||
return $toReturn;
|
||||
}
|
||||
|
||||
/**
|
||||
* Records settings from the "User Settings" page
|
||||
* @throws Exception
|
||||
*/
|
||||
public function recordUserSettings()
|
||||
{
|
||||
$response = new ResponseBuilder(Common::getRequestVar('format'));
|
||||
try {
|
||||
$this->checkTokenInUrl();
|
||||
|
||||
$defaultReport = Common::getRequestVar('defaultReport');
|
||||
$defaultDate = Common::getRequestVar('defaultDate');
|
||||
$language = Common::getRequestVar('language');
|
||||
$timeFormat = Common::getRequestVar('timeformat');
|
||||
$userLogin = Piwik::getCurrentUserLogin();
|
||||
|
||||
Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin);
|
||||
|
||||
$this->processPasswordChange($userLogin);
|
||||
|
||||
LanguagesManager::setLanguageForSession($language);
|
||||
|
||||
Request::processRequest('LanguagesManager.setLanguageForUser', [
|
||||
'login' => $userLogin,
|
||||
'languageCode' => $language,
|
||||
]);
|
||||
Request::processRequest('LanguagesManager.set12HourClockForUser', [
|
||||
'login' => $userLogin,
|
||||
'use12HourClock' => $timeFormat,
|
||||
]);
|
||||
|
||||
APIUsersManager::getInstance()->setUserPreference($userLogin,
|
||||
APIUsersManager::PREFERENCE_DEFAULT_REPORT,
|
||||
$defaultReport);
|
||||
APIUsersManager::getInstance()->setUserPreference($userLogin,
|
||||
APIUsersManager::PREFERENCE_DEFAULT_REPORT_DATE,
|
||||
$defaultDate);
|
||||
$toReturn = $response->getResponse();
|
||||
} catch (Exception $e) {
|
||||
$toReturn = $response->getResponseException($e);
|
||||
}
|
||||
|
||||
return $toReturn;
|
||||
}
|
||||
|
||||
private function noAdminAccessToWebsite($idSiteSelected, $defaultReportSiteName, $message)
|
||||
{
|
||||
$view = new View('@UsersManager/noWebsiteAdminAccess');
|
||||
|
||||
$view->idSiteSelected = $idSiteSelected;
|
||||
$view->defaultReportSiteName = $defaultReportSiteName;
|
||||
$view->message = $message;
|
||||
$this->setBasicVariablesView($view);
|
||||
|
||||
return $view->render();
|
||||
}
|
||||
|
||||
private function processPasswordChange($userLogin)
|
||||
{
|
||||
$email = Common::getRequestVar('email');
|
||||
$password = Common::getRequestvar('password', false);
|
||||
$passwordBis = Common::getRequestvar('passwordBis', false);
|
||||
$passwordCurrent = Common::getRequestvar('passwordConfirmation', false);
|
||||
|
||||
$newPassword = false;
|
||||
if (!empty($password) || !empty($passwordBis)) {
|
||||
if ($password != $passwordBis) {
|
||||
throw new Exception($this->translator->translate('Login_PasswordsDoNotMatch'));
|
||||
}
|
||||
$newPassword = $password;
|
||||
}
|
||||
|
||||
if ($newPassword !== false && !Url::isValidHost()) {
|
||||
throw new Exception("Cannot change password or email with untrusted hostname!");
|
||||
}
|
||||
|
||||
// UI disables password change on invalid host, but check here anyway
|
||||
Request::processRequest('UsersManager.updateUser', [
|
||||
'userLogin' => $userLogin,
|
||||
'password' => $newPassword,
|
||||
'email' => $email,
|
||||
'passwordConfirmation' => $passwordCurrent
|
||||
], $default = []);
|
||||
|
||||
if ($newPassword !== false) {
|
||||
// logs the user in with the new password
|
||||
$newPassword = Common::unsanitizeInputValue($newPassword);
|
||||
$sessionInitializer = new SessionInitializer();
|
||||
$auth = StaticContainer::get('Piwik\Auth');
|
||||
$auth->setTokenAuth(null); // ensure authenticated through password
|
||||
$auth->setLogin($userLogin);
|
||||
$auth->setPassword($newPassword);
|
||||
$sessionInitializer->initSession($auth);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
private function getIgnoreCookieSalt()
|
||||
{
|
||||
return md5(SettingsPiwik::getSalt());
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user