File Coverage

lib/CallBackery/GuiPlugin/UserForm.pm

Criterion	Covered	Total	%
statement	15	30	50.0
branch	0	8	0.0
condition	0	6	0.0
subroutine	5	6	83.3
pod	1	1	100.0
total	21	51	41.1

line	stmt	bran	cond	sub	pod	time	code
1							package CallBackery::GuiPlugin::UserForm;
2	1			1		996	use Mojo::Base 'CallBackery::GuiPlugin::AbstractForm';
	1					3
	1					6
3	1			1		78	use CallBackery::Translate qw(trm);
	1					4
	1					53
4	1			1		6	use CallBackery::Exception qw(mkerror);
	1					2
	1					44
5	1			1		7	use Mojo::Util qw(hmac_sha1_sum);
	1					1
	1					44
6	1			1		9	use Mojo::JSON qw(true false);
	1					2
	1					1918
7
8							=head1 NAME
9
10							CallBackery::GuiPlugin::UserForm - UserForm Plugin
11
12							=head1 SYNOPSIS
13
14							use CallBackery::GuiPlugin::UserForm;
15
16							=head1 DESCRIPTION
17
18							The UserForm Plugin.
19
20							=cut
21
22
23							=head1 PROPERTIES
24
25							All the methods of L plus:
26
27							=cut
28
29							=head2 formCfg
30
31							Returns a Configuration Structure for the Report Frontend Module.
32
33							=cut
34
35							my $DUMMY_PASSWORD = '>>NOt REALly a PaSSwoRd<<';
36
37							has formCfg => sub {
38							my $self = shift;
39
40							if ($self->config->{type} eq 'edit' and not $self->args->{selection}{cbuser_id}){
41							return [{
42							label => trm('Error'),
43							widget => 'header',
44							note => trm('No user selected.')
45							}];
46							}
47							return [
48							$self->config->{type} eq 'edit' ? {
49							key => 'cbuser_id',
50							label => trm('UserId'),
51							widget => 'hiddenText',
52							set => {
53							readOnly => true,
54							},
55							} : (),
56
57							{
58							key => 'cbuser_login',
59							label => trm('Username'),
60							widget => 'text',
61							set => {
62							required => true,
63							readOnly => $self->user->may('admin') ? false : true
64							},
65							},
66							{
67							key => 'cbuser_password',
68							label => trm('Password'),
69							widget => 'password',
70							set => {
71							required => true,
72							},
73							},
74							{
75							key => 'cbuser_password_check',
76							label => trm('Password Again'),
77							widget => 'password',
78							set => {
79							required => true,
80							},
81							},
82
83							{
84							key => 'cbuser_given',
85							label => trm('Given Name'),
86							widget => 'text',
87							set => {
88							required => true,
89							readOnly => $self->user->may('admin') ? false : true
90							},
91							},
92							{
93							key => 'cbuser_family',
94							label => trm('Family Name'),
95							widget => 'text',
96							set => {
97							required => true,
98							readOnly => $self->user->may('admin') ? false : true
99							}
100							},
101							$self->user->may('admin') ? (
102							{
103							key => 'cbuser_note',
104							label => trm('Note'),
105							widget => 'textArea',
106							set => {
107							placeholder => 'some extra information about this user',
108							}
109							} ) : (),
110							@{$self->rightsCheckBoxes}
111							];
112							};
113
114							has rightsCheckBoxes => sub {
115							my $self = shift;
116							return [] if not $self->user->may('admin');
117							my $db = $self->user->mojoSqlDb;
118							my $rightTbl= $db->dbh->quote_identifier('cbright');
119							my $rights = $db->dbh->selectall_arrayref(<<"SQL",{Slice => {}});
120							SELECT cbright_id,cbright_label FROM $rightTbl
121							SQL
122							my @checkboxes = {
123							widget => 'header',
124							label => 'Permissions'
125							};
126							my $adminId = $self->user->db->lookUp('cbright','key','admin');
127
128							for (sort {$a->{cbright_label} cmp $b->{cbright_label}} @$rights){
129							push @checkboxes,
130							{
131							key => 'cbright_id_'.$_->{cbright_id},
132							widget => 'checkBox',
133							label => $_->{cbright_label},
134							}
135							}
136							return \@checkboxes;
137							};
138
139
140							has actionCfg => sub {
141							my $self = shift;
142							my $mode = $self->config->{mode} // 'default';
143							my $type = $self->config->{type} // 'new';
144
145							my $handler = sub {
146							my $self = shift;
147							my $args = shift;
148							my $admin = ($self->user->may('admin') or $mode eq 'init');
149
150							my @fields = $admin ? (qw(login family given note)) : ();
151							my $itsMine = $args->{cbuser_id} == $self->user->userId;
152							die mkerror(2847,trm("You can only edit your own stuff unless you have admin permissions."))
153							unless $admin or $itsMine;
154
155							if ($args->{cbuser_password} ne $DUMMY_PASSWORD){
156							die mkerror(2847,trm("The password instances did not match."))
157							if $args->{cbuser_password} ne $args->{cbuser_password_check};
158							push @fields, 'password';
159							}
160
161							$args->{cbuser_password} = hmac_sha1_sum($args->{cbuser_password});
162							my $db = $self->user->db;
163
164							$args->{cbuser_id} = $db->updateOrInsertData('cbuser',{
165							map { $_ => $args->{'cbuser_'.$_} } @fields
166							},$args->{cbuser_id} ? { id => int($args->{cbuser_id}) } : ());
167
168
169							my $adminId = $db->fetchValue('cbright',{key=>'admin'},'id');
170							if ($admin){
171							for (keys %$args){
172							next if not /^cbright_id_(\d+)$/;
173							my $right_id = $1;
174							my $match = {
175							cbuser => $args->{cbuser_id},
176							cbright => $right_id
177							};
178							# in init mode the user gets admin ... always
179							if ($args->{$_}
180							or ( $mode eq 'init' and $right_id == $adminId )
181							or ( $itsMine and $right_id == $adminId )
182							){
183							$db->updateOrInsertData('cbuserright',$match,$match);
184							}
185							else {
186							$db->deleteDataWhere('cbuserright',$match);
187							}
188							}
189							}
190
191							if ($self->controller and $self->controller->can('runEventActions')){
192							$self->controller->runEventActions('changeConfig');
193							}
194							return {
195							action => $mode eq 'init' ? 'logout' : 'dataSaved'
196							};
197							};
198
199							return [
200							{
201							label => $mode eq 'init'
202							? trm('Create Admin Account')
203							: $type eq 'edit'
204							? trm('Save Changes')
205							: trm('Add User'),
206							action => 'submit',
207							key => 'save',
208							actionHandler => $handler
209							}
210							];
211							};
212
213							has grammar => sub {
214							my $self = shift;
215							$self->mergeGrammar(
216							$self->SUPER::grammar,
217							{
218							_doc => "User Form Configuration",
219							_vars => [ qw(type mode) ],
220							type => {
221							_doc => 'type of form to show: edit, add',
222							_re => '(edit\|add)'
223							},
224							mode => {
225							_doc => 'In init mode the for will run for the __ROOT user and thus allow the creation of the initial account',
226							_re => '(init\|default)',
227							_re_error => 'Pick one of init or default',
228							_default => 'default'
229							}
230							},
231							);
232							};
233
234							has checkAccess => sub {
235							my $self = shift;
236							my $userId = $self->user->userId;
237							my $mode = $self->config->{mode} // 'default';
238							if ($mode eq 'init'){
239							return ($userId and $userId eq '__ROOT');
240							}
241							return $self->user;
242							};
243
244							=head1 METHODS
245
246							All the methods of L plus:
247
248							=cut
249
250
251							sub getAllFieldValues {
252	0			0	1		my $self = shift;
253	0						my $args = shift;
254	0	0					return {} if $self->config->{type} ne 'edit';
255	0		0				my $id = $args->{selection}{cbuser_id} // $self->user->userId;
256
257	0	0					return {} unless $id;
258
259	0	0	0				die mkerror(2847,"You can only edit your own stuff unless you have admin permissions.")
260							if not ( $self->user->may('admin') or $id == $self->user->userId );
261
262	0						my $data = $self->user->db->fetchRow('cbuser',{id => $id});
263	0						$data->{cbuser_password} = $DUMMY_PASSWORD;
264	0						$data->{cbuser_password_check} = $DUMMY_PASSWORD;
265	0						my $db = $self->user->mojoSqlDb;
266	0						my $rightTbl= $db->dbh->quote_identifier('cbright');
267	0						my $rights = $db->dbh->selectall_arrayref(<<"SQL",{Slice => {}}, $id);
268							SELECT cbright_id, cbuserright_id IS NOT NULL as value
269							FROM $rightTbl LEFT JOIN cbuserright ON (cbright_id = cbuserright_cbright AND cbuserright_cbuser = ?)
270							SQL
271	0						for (@$rights){
272	0	0					$data->{'cbright_id_'.$_->{cbright_id}} = $_->{value} ? 1 : 0;
273							}
274
275	0						return $data;
276							}
277
278							1;
279							__END__