# Selima Website Content Management System # User.pm: The user account data processor. # Copyright (c) 2006-2018 imacat. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Author: imacat # First written: 2006-03-17 package Selima::Processor::User; use 5.008; use strict; use warnings; use base qw(Selima::Processor); use CGI; use Selima::ChkPriv; use Selima::DataVars qw(:addcol :groups); use Selima::Guest; use Selima::LogIn; use Selima::ShortCut; use Selima::UserName; use Selima::Processor::UserMem; use Selima::Processor::Deletion; # new: Initialize the processor sub new : method { local ($_, %_); my ($self, $class); ($class, @_) = @_; $_[1] = "users" if @_ < 2; $self = $class->SUPER::new(@_); $self->{"is_self"} = 0; $self->{"no_set_groups"} = 0; # Non-super-users editing herself are not allowed to update the groups $self->{"no_set_groups"} = 1 if exists $self->{"sn"} && !is_su && $self->{"sn"} == get_login_sn; return $self; } # _save_cols: Save the column deposit sub _save_cols : method { local ($_, %_); my ($self, $form, $cur, @olditems, @newitems, @additems, @delitems, $passwd); $self = $_[0]; ($form, $cur) = ($self->{"form"}, $self->{"cur"}); # A form to create a new item if ($self->{"type"} eq "new") { # Set a dummy password for guests $self->{"sn"} = $self->_new_sn; $self->{"cols"} = new Selima::AddCol($self->{"table"}, ADDCOL_INSERT); $self->{"cols"}->{"login"} = $self->{"sn"} if $self->{"is_self"} && !defined get_login_sn; $self->{"cols"}->addnum("sn", $self->{"sn"}); $self->{"cols"}->addstr("id", $self->_form("id")); $self->{"cols"}->addpass("passwd", $self->_purge_passwd, $self->_form("passwd")); $self->{"cols"}->addstr("name", $self->_form("name")); $self->{"cols"}->addbool("disabled", $self->_form("disabled")); # Find the changed items unless ($self->{"no_set_groups"}) { @additems = qw(); for ($_ = 0; defined $form->param("supgroup$_" . "sn"); $_++) { push @additems, $form->param("supgroup$_" . "sn") if defined $form->param("supgroup$_"); } # Super users can set the super-user privilege if (is_su) { # Super user privilege is added push @additems, su_group_sn if defined $form->param("su"); } foreach my $item (@additems) { my ($subform, $cols); $subform = new CGI(""); $subform->param("form", "new"); $subform->param("grp", $item); $subform->param("member", $self->{"sn"}); $cols = new Selima::Processor::UserMem($subform); $cols->_save_cols; push @{$self->{"subs"}}, $cols; } } # A form to edit a current item } elsif ($self->{"type"} eq "cur") { $self->{"cols"} = new Selima::AddCol($self->{"table"}, ADDCOL_UPDATE); $self->{"cols"}->{"login"} = $self->{"sn"} if $self->{"is_self"} && !defined get_login_sn; # Skip for non-super-user editing a super-user unless (!is_su && $cur->param("su")) { $self->{"cols"}->addstr("id", $self->_form("id"), scalar $cur->param("id")); $self->{"cols"}->addpass("passwd", $self->_purge_passwd, $self->_form("passwd"), scalar $cur->param("passwd")); } $self->{"cols"}->addstr("name", $self->_form("name"), scalar $cur->param("name")); # Skip for non-super-user editing herself or a super-user unless (!is_su && ($cur->param("su") || $self->{"sn"} == get_login_sn)) { $self->{"cols"}->addbool("disabled", $self->_form("disabled"), scalar $cur->param("disabled")); } # Find the changed items unless ($self->{"no_set_groups"}) { @olditems = qw(); @newitems = qw(); for ($_ = 0; $_ < $cur->param("supgroupcount"); $_++) { push @olditems, $cur->param("supgroup$_" . "sn"); } for ($_ = 0; defined $form->param("supgroup$_" . "sn"); $_++) { push @newitems, $form->param("supgroup$_" . "sn") if defined $form->param("supgroup$_"); } %_ = map { $_ => 1 } @newitems; @delitems = grep !exists $_{$_}, @olditems; %_ = map { $_ => 1 } @olditems; @additems = grep !exists $_{$_}, @newitems; # Super users can set the super-user privilege if (is_su) { # Super user privilege is added if (!$cur->param("su") && defined $form->param("su")) { push @additems, su_group_sn; # Super user privilege is removed } elsif ($cur->param("su") && !defined $form->param("su")) { push @delitems, su_group_sn; } } foreach my $item (@additems) { my ($subform, $cols); $subform = new CGI(""); $subform->param("form", "new"); $subform->param("grp", $item); $subform->param("member", $self->{"sn"}); $cols = new Selima::Processor::UserMem($subform); $cols->_save_cols; push @{$self->{"subs"}}, $cols; } if (@delitems > 0) { my $subform; @_ = map "grp=$_", @delitems; $_ = (scalar(@_) == 1)? $_[0]: "(" . join(" OR ", @_) . ")"; $subform = new CGI(""); $subform->param("cond", "$_ AND member=" . $self->{"sn"}); push @{$self->{"subs"}}, new Selima::Processor::Deletion($subform, "usermem"); } } # A form to delete a current item } elsif ($self->{"type"} eq "del") { # Find the changed items $_ = new CGI(""); $_->param("cond", "member=" . $self->{"sn"}); push @{$self->{"subs"}}, new Selima::Processor::Deletion($_, "usermem"); $_ = new CGI(""); $_->param("cond", "usr=" . $self->{"sn"}); push @{$self->{"subs"}}, new Selima::Processor::Deletion($_, "userpref"); } return; } # _actlog: Log the activity sub _actlog : method { local ($_, %_); my ($self, $form, $cur); $self = $_[0]; ($form, $cur) = ($self->{"form"}, $self->{"cur"}); # A form to create a new item return gactlog "Create a user account " . $form->param("id") . " with s/n " . $self->{"sn"} . "." if $self->{"type"} eq "new"; # A form to edit a current item return gactlog "Update the user account " . (defined $form->param("id")? $form->param("id"): $cur->param("id")) . " with s/n " . $self->{"sn"} . "." if $self->{"type"} eq "cur"; # A form to delete a current item return gactlog "Delete the user account " . $cur->param("id") . " with s/n " . $self->{"sn"} . "." if $self->{"type"} eq "del"; } # _ret_status: Return the process status sub _ret_status : method { local ($_, %_); my $self; $self = $_[0]; return {"msg"=>N_("This user account was not modified."), "isform"=>0} if !$self->_modified; # A form to create a new item return {"msg"=>N_("This user account has been successfully added."), "isform"=>0} if $self->{"type"} eq "new"; # A form to edit a current item return {"msg"=>N_("This user account has been successfully updated."), "isform"=>0} if $self->{"type"} eq "cur"; # A form to delete a current item return {"msg"=>N_("This user account has been successfully deleted."), "isform"=>0} if $self->{"type"} eq "del"; } # _purge_passwd: If we need to purge the password of the user sub _purge_passwd : method { local ($_, %_); my ($self, $form); $self = $_[0]; $form = $self->{"form"}; # Checked before return $self->{"purge_passwd"} if exists $self->{"purge_passwd"}; # Purge password for guests unless ($self->{"no_set_groups"}) { for ($_ = 0; defined $form->param("supgroup$_" . "sn"); $_++) { # Skip unselected groups next unless defined $form->param("supgroup$_"); # Check if this is the guest group return ($self->{"purge_passwd"} = 1) if groupid($form->param("supgroup$_" . "sn")) eq GUEST_GROUP; } } # No guest group was found return ($self->{"purge_passwd"} = 0); } return 1;