1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
<?php
declare(strict_types=1);
namespace PhpMyAdmin\Controllers\Server;
use PhpMyAdmin\CheckUserPrivileges;
use PhpMyAdmin\ConfigStorage\Features\ConfigurableMenusFeature;
use PhpMyAdmin\ConfigStorage\Relation;
use PhpMyAdmin\Controllers\AbstractController;
use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\ResponseRenderer;
use PhpMyAdmin\Template;
use PhpMyAdmin\Util;
use function __;
use function sprintf;
use function strlen;
final class UserGroupsFormController extends AbstractController
{
/** @var Relation */
private $relation;
/** @var DatabaseInterface */
private $dbi;
public function __construct(
ResponseRenderer $response,
Template $template,
Relation $relation,
DatabaseInterface $dbi
) {
parent::__construct($response, $template);
$this->relation = $relation;
$this->dbi = $dbi;
}
public function __invoke(): void
{
$this->response->setAjax(true);
if (! isset($_GET['username']) || strlen((string) $_GET['username']) === 0) {
$this->response->setRequestStatus(false);
$this->response->setHttpResponseCode(400);
$this->response->addJSON('message', __('Missing parameter:') . ' username');
return;
}
$username = $_GET['username'];
$checkUserPrivileges = new CheckUserPrivileges($this->dbi);
$checkUserPrivileges->getPrivileges();
$configurableMenusFeature = $this->relation->getRelationParameters()->configurableMenusFeature;
if ($configurableMenusFeature === null) {
$this->response->setRequestStatus(false);
$this->response->setHttpResponseCode(400);
$this->response->addJSON('message', __('User groups management is not enabled.'));
return;
}
$form = $this->getHtmlToChooseUserGroup($username, $configurableMenusFeature);
$this->response->addJSON('message', $form);
}
/**
* Displays a dropdown to select the user group with menu items configured to each of them.
*/
private function getHtmlToChooseUserGroup(
string $username,
ConfigurableMenusFeature $configurableMenusFeature
): string {
$groupTable = Util::backquote($configurableMenusFeature->database)
. '.' . Util::backquote($configurableMenusFeature->userGroups);
$userTable = Util::backquote($configurableMenusFeature->database)
. '.' . Util::backquote($configurableMenusFeature->users);
$sqlQuery = sprintf(
'SELECT `usergroup` FROM %s WHERE `username` = \'%s\'',
$userTable,
$this->dbi->escapeString($username)
);
$userGroup = $this->dbi->fetchValue($sqlQuery, 0, DatabaseInterface::CONNECT_CONTROL);
$allUserGroups = [];
$sqlQuery = 'SELECT DISTINCT `usergroup` FROM ' . $groupTable;
$result = $this->dbi->tryQueryAsControlUser($sqlQuery);
if ($result) {
while ($row = $result->fetchRow()) {
$allUserGroups[$row[0]] = $row[0];
}
}
return $this->template->render('server/privileges/choose_user_group', [
'all_user_groups' => $allUserGroups,
'user_group' => $userGroup,
'params' => ['username' => $username],
]);
}
}
|
