keith
/
friendica
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move "submanage" Session value into own methods

This commit is contained in:
Philipp 2022-10-21 19:33:28 +02:00
parent cafb23f8f0
commit 44a9683008
No known key found for this signature in database
GPG Key ID: 24A7501396EB5432
8 changed files with 37 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mod/removeme.php
View File

@ -32,7 +32,7 @@ function removeme_post(App $a)
return; return;
} }
if (!empty($_SESSION['submanage'])) { if (DI::userSession()->getSubManagedUserId()) {
return; return;
} }

4
mod/settings.php
View File

@ -51,7 +51,7 @@ function settings_post(App $a)
return; return;
} }
if (!empty($_SESSION['submanage'])) { if (DI::userSession()->getSubManagedUserId()) {
return; return;
} }
@ -152,7 +152,7 @@ function settings_content(App $a)
return Login::form(); return Login::form();
} }
if (!empty($_SESSION['submanage'])) { if (DI::userSession()->getSubManagedUserId()) {
DI::sysmsg()->addNotice(DI::l10n()->t('Permission denied.')); DI::sysmsg()->addNotice(DI::l10n()->t('Permission denied.'));
return ''; return '';
} }

2
src/Content/Nav.php
View File

@ -287,7 +287,7 @@ class Nav
$nav['messages']['outbox'] = ['message/sent', DI::l10n()->t('Outbox'), '', DI::l10n()->t('Outbox')]; $nav['messages']['outbox'] = ['message/sent', DI::l10n()->t('Outbox'), '', DI::l10n()->t('Outbox')];
$nav['messages']['new'] = ['message/new', DI::l10n()->t('New Message'), '', DI::l10n()->t('New Message')]; $nav['messages']['new'] = ['message/new', DI::l10n()->t('New Message'), '', DI::l10n()->t('New Message')];
if (User::hasIdentities(DI::session()->get('submanage') ?: DI::userSession()->getLocalUserId())) { if (User::hasIdentities(DI::userSession()->getSubManagedUserId() ?: DI::userSession()->getLocalUserId())) {
$nav['delegation'] = ['delegation', DI::l10n()->t('Accounts'), '', DI::l10n()->t('Manage other pages')]; $nav['delegation'] = ['delegation', DI::l10n()->t('Accounts'), '', DI::l10n()->t('Manage other pages')];
} }

14
src/Core/Session/Capability/IHandleUserSessions.php
View File

@ -72,6 +72,20 @@ interface IHandleUserSessions
*/ */
public function isAuthenticated(): bool; public function isAuthenticated(): bool;
/**
* Returns User ID of the managed user in case it's a different identity
*
* @return int|bool uid of the manager or false
*/
public function getSubManagedUserId();
/**
* Sets the User ID of the managed user in case it's a different identity
*
* @param int $managed_uid The user id of the managing user
*/
public function setSubManagedUserId(int $managed_uid): void;
/** /**
* Set the session variable that contains the contact IDs for the visitor's contact URL * Set the session variable that contains the contact IDs for the visitor's contact URL
* *

12
src/Core/Session/Model/UserSession.php
View File

@ -118,4 +118,16 @@ class UserSession implements IHandleUserSessions
{ {
$this->session->set('remote', Contact::getVisitorByUrl($this->session->get('my_url'))); $this->session->set('remote', Contact::getVisitorByUrl($this->session->get('my_url')));
} }
/** {@inheritDoc} */
public function getSubManagedUserId()
{
return $this->session->get('submanage') ?? false;
}
/** {@inheritDoc} */
public function setSubManagedUserId(int $managed_uid): void
{
$this->session->set('submanage', $managed_uid);
}
} }

2
src/Module/BaseAdmin.php
View File

@ -63,7 +63,7 @@ abstract class BaseAdmin extends BaseModule
throw new HTTPException\ForbiddenException(DI::l10n()->t('You don\'t have access to administration pages.')); throw new HTTPException\ForbiddenException(DI::l10n()->t('You don\'t have access to administration pages.'));
} }
if (!empty($_SESSION['submanage'])) { if (DI::userSession()->getSubManagedUserId()) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administration pages. Please log back in as the main account.')); throw new HTTPException\ForbiddenException(DI::l10n()->t('Submanaged account can\'t access the administration pages. Please log back in as the main account.'));
} }
} }

8
src/Module/Delegation.php
View File

@ -45,8 +45,8 @@ class Delegation extends BaseModule
$uid = DI::userSession()->getLocalUserId(); $uid = DI::userSession()->getLocalUserId();
$orig_record = User::getById(DI::app()->getLoggedInUserId()); $orig_record = User::getById(DI::app()->getLoggedInUserId());
if (DI::session()->get('submanage')) { if (DI::userSession()->getSubManagedUserId()) {
$user = User::getById(DI::session()->get('submanage')); $user = User::getById(DI::userSession()->getSubManagedUserId());
if (DBA::isResult($user)) { if (DBA::isResult($user)) {
$uid = intval($user['uid']); $uid = intval($user['uid']);
$orig_record = $user; $orig_record = $user;
@ -101,7 +101,7 @@ class Delegation extends BaseModule
DI::auth()->setForUser(DI::app(), $user, true, true); DI::auth()->setForUser(DI::app(), $user, true, true);
if ($limited_id) { if ($limited_id) {
DI::session()->set('submanage', $original_id); DI::userSession()->setSubManagedUserId($original_id);
} }
$ret = []; $ret = [];
@ -118,7 +118,7 @@ class Delegation extends BaseModule
throw new ForbiddenException(DI::l10n()->t('Permission denied.')); throw new ForbiddenException(DI::l10n()->t('Permission denied.'));
} }
$identities = User::identities(DI::session()->get('submanage', DI::userSession()->getLocalUserId())); $identities = User::identities(DI::userSession()->getSubManagedUserId() ?: DI::userSession()->getLocalUserId());
//getting additinal information for each identity //getting additinal information for each identity
foreach ($identities as $key => $identity) { foreach ($identities as $key => $identity) {

4
src/Module/Settings/Delegation.php
View File

@ -76,7 +76,7 @@ class Delegation extends BaseSettings
$user_id = $args->get(3); $user_id = $args->get(3);
if ($action === 'add' && $user_id) { if ($action === 'add' && $user_id) {
if (DI::session()->get('submanage')) { if (DI::userSession()->getSubManagedUserId()) {
DI::sysmsg()->addNotice(DI::l10n()->t('Delegated administrators can view but not change delegation permissions.')); DI::sysmsg()->addNotice(DI::l10n()->t('Delegated administrators can view but not change delegation permissions.'));
DI::baseUrl()->redirect('settings/delegation'); DI::baseUrl()->redirect('settings/delegation');
} }
@ -98,7 +98,7 @@ class Delegation extends BaseSettings
} }
if ($action === 'remove' && $user_id) { if ($action === 'remove' && $user_id) {
if (DI::session()->get('submanage')) { if (DI::userSession()->getSubManagedUserId()) {
DI::sysmsg()->addNotice(DI::l10n()->t('Delegated administrators can view but not change delegation permissions.')); DI::sysmsg()->addNotice(DI::l10n()->t('Delegated administrators can view but not change delegation permissions.'));
DI::baseUrl()->redirect('settings/delegation'); DI::baseUrl()->redirect('settings/delegation');
} }