PDF rausgenommen

msd2/tracking/piwik/plugins/UsersManager/Sql/SiteAccessFilter.php

@@ -0,0 +1,91 @@
+<?php
+/**
+ * Piwik - free/libre analytics platform
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ */
+
+namespace Piwik\Plugins\UsersManager\Sql;
+
+
+use Piwik\Common;
+
+class SiteAccessFilter
+{
+    /**
+     * @var string
+     */
+    private $filterByRole;
+
+    /**
+     * @var int
+     */
+    private $userLogin;
+
+    /**
+     * @var string
+     */
+    private $filterSearch;
+
+    /**
+     * List of sites to limit the search to.
+     *
+     * @var int[]|null
+     */
+    private $idSites;
+
+    public function __construct($userLogin, $filterSearch, $filterByRole, $idSites)
+    {
+        if (empty($userLogin)) {
+            throw new \InvalidArgumentException("filtering by role is only supported for a single site");
+        }
+
+        $this->userLogin = $userLogin;
+        $this->filterSearch = $filterSearch;
+        $this->filterByRole = $filterByRole;
+        $this->idSites = empty($idSites) ? null : array_map('intval', $idSites);
+    }
+
+    public function getJoins($accessTable)
+    {
+        $result = "RIGHT JOIN ". Common::prefixTable('site') . " s ON s.idsite = $accessTable.idsite AND a.login = ?";
+        $bind = [$this->userLogin];
+
+        return [$result, $bind];
+    }
+
+    public function getWhere()
+    {
+        $bind = [];
+        $result = [];
+
+        if ($this->filterSearch) {
+            $bind = array_merge($bind, \Piwik\Plugins\SitesManager\Model::getPatternMatchSqlBind($this->filterSearch));
+            $result[] = \Piwik\Plugins\SitesManager\Model::getPatternMatchSqlQuery('s');
+        }
+
+        if ($this->filterByRole) {
+            if ($this->filterByRole == 'noaccess') {
+                $result[] = 'a.access IS NULL';
+            } else if ($this->filterByRole == 'some') {
+                $result[] = 'a.access IS NOT NULL';
+            } else {
+                $result[] = 'a.access = ?';
+                $bind[] = $this->filterByRole;
+            }
+        }
+
+        if (!empty($this->idSites)) {
+            $result[] = 's.idsite IN (' . implode(',', $this->idSites) . ')';
+        }
+
+        if (!empty($result)) {
+            $result = 'WHERE ' . implode(' AND ', $result);
+        } else {
+            $result = '';
+        }
+
+        return [$result, $bind];
+    }
+}

msd2/tracking/piwik/plugins/UsersManager/Sql/UserTableFilter.php

@@ -0,0 +1,118 @@
+<?php
+/**
+ * Piwik - free/libre analytics platform
+ *
+ * @link http://piwik.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ */
+
+namespace Piwik\Plugins\UsersManager\Sql;
+
+
+use Piwik\Access;
+use Piwik\Common;
+use Piwik\Piwik;
+
+class UserTableFilter
+{
+    /**
+     * @var string
+     */
+    private $filterByRole;
+
+    /**
+     * @var int
+     */
+    private $filterByRoleSite;
+
+    /**
+     * @var string
+     */
+    private $filterSearch;
+
+    /**
+     * @var string[]
+     */
+    private $logins;
+
+    public function __construct($filterByRole, $filterByRoleSite, $filterSearch, $logins = null)
+    {
+        $this->filterByRole = $filterByRole;
+        $this->filterByRoleSite = $filterByRoleSite;
+        $this->filterSearch = $filterSearch;
+        $this->logins = $logins;
+
+        if (isset($this->filterByRole) && !isset($this->filterByRoleSite)) {
+            throw new \InvalidArgumentException("filtering by role is only supported for a single site");
+        }
+
+        // can only filter by superuser if current user is a superuser
+        if ($this->filterByRole == 'superuser'
+            && !Piwik::hasUserSuperUserAccess()
+        ) {
+            $this->filterByRole = null;
+        }
+    }
+
+    public function getJoins($userTable)
+    {
+        $result = "LEFT JOIN " . Common::prefixTable('access') . " a ON $userTable.login = a.login AND (a.idsite IS NULL OR a.idsite = ?)";
+        $bind = [$this->filterByRoleSite];
+
+        return [$result, $bind];
+    }
+
+    public function getWhere()
+    {
+        $conditions = [];
+        $bind = [];
+
+        if ($this->filterByRole) {
+            list($filterByRoleSql, $filterByRoleBind) = $this->getAccessSelectSqlCondition();
+
+            $conditions[] = $filterByRoleSql;
+            $bind = array_merge($bind, $filterByRoleBind);
+        }
+
+        if ($this->filterSearch) {
+            $conditions[] = '(u.login LIKE ? OR u.email LIKE ?)';
+            $bind = array_merge($bind, ['%' . $this->filterSearch . '%', '%' . $this->filterSearch . '%']);
+        }
+
+        if ($this->logins !== null) {
+            $logins = array_map('json_encode', $this->logins);
+            $conditions[] = 'u.login IN (' . implode(',', $logins) . ')';
+        }
+
+        $result = implode(' AND ', $conditions);
+        if (!empty($result)) {
+            $result = 'WHERE ' . $result;
+        }
+
+        return [$result, $bind];
+    }
+
+    private function getAccessSelectSqlCondition()
+    {
+        $sql = '';
+        $bind = [];
+
+        switch ($this->filterByRole) {
+            case 'noaccess':
+                $sql = "(a.access IS NULL AND u.superuser_access <> 1)";
+                break;
+            case 'some':
+                $sql = "(a.access IS NOT NULL OR u.superuser_access = 1)";
+                break;
+            case 'superuser':
+                $sql = "u.superuser_access = 1";
+                break;
+            default:
+                $sql = "a.access = ?";
+                $bind[] = $this->filterByRole;
+                break;
+        }
+
+        return [$sql, $bind];
+    }
+}