new permission: user-delete + user-change-class

2026-04-14 12:30:49 +08:00 · 2022-09-13 04:09:23 +08:00
parent 9a00c17ea5
commit 7a435132d6
10 changed files with 70 additions and 39 deletions
--- a/app/Filament/Resources/User/UserResource/Pages/UserProfile.php
+++ b/app/Filament/Resources/User/UserResource/Pages/UserProfile.php
@@ -14,10 +14,11 @@ use Filament\Resources\Pages\Concerns\InteractsWithRecord;
 use Filament\Resources\Pages\Page;
 use Filament\Pages\Actions;
 use Filament\Forms;
+use Filament\Resources\Pages\ViewRecord;
 use Illuminate\Support\Facades\Auth;
 use Nexus\Database\NexusDB;

-class UserProfile extends Page
+class UserProfile extends ViewRecord
 {
    use InteractsWithRecord;
    use HasRelationManagers;
@@ -47,16 +48,6 @@ class UserProfile extends Page
        $this->record = $this->resolveRecord($id);
    }

-    public function mount($record)
-    {
-        static::authorizeResourceAccess();
-
-        $this->record = $this->resolveRecord($record);
-
-        abort_unless(static::getResource()::canView($this->getRecord()), 403);
-
-    }
-
    protected function getActions(): array
    {
        $actions = [];
@@ -74,7 +65,9 @@ class UserProfile extends Page
            $actions[] = $this->buildResetPasswordAction();
            $actions[] = $this->buildEnableDisableAction();
            $actions[] = $this->buildEnableDisableDownloadPrivilegesAction();
-
+            if (user_can('user-delete')) {
+                $actions[] = $this->buildDeleteAction();
+            }
            $actions = apply_filter('user_profile_actions', $actions);
        }
        return $actions;
@@ -299,6 +292,13 @@ class UserProfile extends Page
            });
    }

+    private function buildDeleteAction(): Actions\Action
+    {
+        return Actions\DeleteAction::make()->using(function () {
+            $this->getRep()->destroy($this->record->id);
+        });
+    }
+
    public function getViewData(): array
    {
        return [
--- a/app/Repositories/UserRepository.php
+++ b/app/Repositories/UserRepository.php
@@ -497,4 +497,21 @@ class UserRepository extends BaseRepository
        return true;
    }

+    public function destroy($id)
+    {
+        user_can('user-delete', true);
+        $tables = [
+            'users' => 'id',
+            'hit_and_runs' => 'uid',
+            'claims' => 'uid',
+            'exam_users' => 'uid',
+            'exam_progress' => 'uid',
+        ];
+        foreach ($tables as $table => $key) {
+            \Nexus\Database\NexusDB::table($table)->where($key, $id)->delete();
+        }
+        do_log("[DESTROY_USER]: $id", 'error');
+        return true;
+    }
+
 }
--- a/nexus/Install/settings.default.php
+++ b/nexus/Install/settings.default.php
@@ -177,6 +177,8 @@ return array (
      'torrent_hr' => User::CLASS_ADMINISTRATOR,
      'torrent-approval' => User::CLASS_ADMINISTRATOR,
      'torrent-delete' => User::CLASS_ADMINISTRATOR,
+      'user-delete' => User::CLASS_ADMINISTRATOR,
+      'user-change-class' => User::CLASS_ADMINISTRATOR,
  ),
  'tweak' =>
  array (
--- a/public/delacctadmin.php
+++ b/public/delacctadmin.php
@@ -1,8 +1,7 @@
 <?php
 require "../include/bittorrent.php";
 dbconn();
-if (get_user_class() < UC_ADMINISTRATOR)
-stderr("Error", "Permission denied.");
+user_can('user-delete', true);

 if ($_SERVER["REQUEST_METHOD"] == "POST")
 {
@@ -18,25 +17,8 @@ $arr = mysql_fetch_assoc($res);

 $id = $arr['id'];
 $name = $arr['username'];
-try {
-    \Nexus\Database\NexusDB::transaction(function () use ($id) {
-        $affectedRows = \Nexus\Database\NexusDB::table('users')->where('id', $id)->delete();
-        if ($affectedRows != 1) {
-            throw new \RuntimeException("Unable to delete the account.");
-        }
-        $tables = [
-            'hit_and_runs' => 'uid',
-            'claims' => 'uid',
-            'exam_users' => 'uid',
-            'exam_progress' => 'uid',
-        ];
-        foreach ($tables as $table => $key) {
-            \Nexus\Database\NexusDB::table($table)->where($key, $id)->delete();
-        }
-    });
-} catch (\Exception $exception) {
-    stderr("Error", $exception->getMessage());
-}
+$userRep = new \App\Repositories\UserRepository();
+$userRep->destroy($id);
 stderr("Success", "The account <b>".htmlspecialchars($name)."</b> was deleted.",false);
 }
 stdhead("Delete account");
--- a/public/modtask.php
+++ b/public/modtask.php
@@ -194,7 +194,7 @@ if ($action == "edituser")
 	if ($curclass >= get_user_class())
 		puke();

-	if ($curclass != $class)
+	if (user_can('user-change-class') && $curclass != $class)
 	{
 		$what = ($class > $curclass ? $lang_modtask_target[get_user_lang($userid)]['msg_promoted'] : $lang_modtask_target[get_user_lang($userid)]['msg_demoted']);
 		$subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_class_change']);
--- a/public/settings.php
+++ b/public/settings.php
@@ -221,7 +221,8 @@ elseif ($action == 'savesettings_authority') 	// save user authority
        'commanage','forummanage','viewuserlist','torrentmanage','torrentsticky', 'torrentonpromotion', 'torrent_hr', 'askreseed', 'viewnfo',
        'torrentstructure','sendinvite','viewhistory','topten','log','confilog','userprofile', 'torrenthistory','prfmanage', 'cruprfmanage',
        'uploadsub','delownsub','submanage','updateextinfo', 'viewanonymous','beanonymous','addoffer','offermanage', 'upload','uploadspecial',
-        'view_special_torrent','movetorrent','chrmanage','viewinvite', 'buyinvite','seebanned','againstoffer','userbar', 'torrent-approval', 'torrent-delete'
+        'view_special_torrent','movetorrent','chrmanage','viewinvite', 'buyinvite','seebanned','againstoffer','userbar', 'torrent-approval',
+        'torrent-delete', 'user-delete', 'user-change-class',
    );
 	GetVar($validConfig);
 	$AUTHORITY = [];
@@ -439,6 +440,9 @@ elseif ($action == 'authoritysettings')	//Authority settings
 	tr($lang_settings['row_comment_management'], $lang_settings['text_minimum_class'].classlist('commanage',$maxclass,$AUTHORITY['commanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_MODERATOR,false,true,true).$lang_settings['text_comment_management_note'],1);
 	tr($lang_settings['row_forum_management'], $lang_settings['text_minimum_class'].classlist('forummanage',$maxclass,$AUTHORITY['forummanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).$lang_settings['text_forum_management_note'],1);
 	tr($lang_settings['row_view_userlist'], $lang_settings['text_minimum_class'].classlist('viewuserlist',$maxclass,$AUTHORITY['viewuserlist'],0,true).$lang_settings['text_default'].get_user_class_name(UC_POWER_USER,false,true,true).$lang_settings['text_view_userlist_note'],1);
+	tr(nexus_trans('permission.user-delete.text'), $lang_settings['text_minimum_class'].classlist('user-delete',$maxclass,$AUTHORITY['user-delete'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).nexus_trans('permission.user-delete.desc'),1);
+	tr(nexus_trans('permission.user-change-class.text'), $lang_settings['text_minimum_class'].classlist('user-change-class',$maxclass,$AUTHORITY['user-change-class'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).nexus_trans('permission.user-change-class.desc'),1);
+
 	tr($lang_settings['row_torrent_management'], $lang_settings['text_minimum_class'].classlist('torrentmanage',$maxclass,$AUTHORITY['torrentmanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_MODERATOR,false,true,true).$lang_settings['text_torrent_management_note'], 1);
 	tr($lang_settings['row_torrent_delete'], $lang_settings['text_minimum_class'].classlist('torrent-delete',$maxclass,$AUTHORITY['torrent-delete'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).$lang_settings['text_torrent_delete_note'], 1);

--- a/public/userdetails.php
+++ b/public/userdetails.php
@@ -464,9 +464,11 @@ if (user_can('prfmanage') && $user["class"] < get_user_class())
 		tr($lang_userdetails['row_donated'], "USD: <input type=\"text\" size=\"5\" name=\"donated\" value=\"" . htmlspecialchars($user['donated']) . "\" />&nbsp;&nbsp;&nbsp;&nbsp;CNY: <input type=\"text\" size=\"5\" name=\"donated_cny\" value=\"" . htmlspecialchars($user['donated_cny']) . "\" />" . $lang_userdetails['text_transaction_memo'] . "<input type=\"text\" size=\"50\" name=\"donation_memo\" />", 1);
        tr($lang_userdetails['row_donoruntil'], "<input type=\"text\" name=\"donoruntil\" value=\"".htmlspecialchars($user["donoruntil"])."\" /> ".$lang_userdetails['text_donoruntil_note'], 1);
 	}
-    $maxclass = get_user_class() - 1;
-	$classselect=classlist('class', $maxclass, $user["class"]);
-	tr($lang_userdetails['row_class'], $classselect, 1);
+	if (user_can('user-change-class')) {
+        $maxclass = get_user_class() - 1;
+        $classselect=classlist('class', $maxclass, $user["class"]);
+        tr($lang_userdetails['row_class'], $classselect, 1);
+    }
 	tr($lang_userdetails['row_vip_by_bonus'], "<input type=\"radio\" name=\"vip_added\" value=\"yes\"" .($user["vip_added"] == "yes" ? " checked=\"checked\"" : "")." />".$lang_userdetails['radio_yes']." <input type=\"radio\" name=\"vip_added\" value=\"no\"" .($user["vip_added"] == "no" ? " checked=\"checked\"" : "")." />".$lang_userdetails['radio_no']."<br />".$lang_userdetails['text_vip_by_bonus_note'], 1);
 	tr($lang_userdetails['row_vip_until'], "<input type=\"text\" name=\"vip_until\" value=\"".htmlspecialchars($user["vip_until"])."\" /> ".$lang_userdetails['text_vip_until_note'], 1);
 	$supportlang = htmlspecialchars($user["supportlang"]);
@@ -610,7 +612,7 @@ JS;
 	print("</table>\n");
 	print("</form>\n");
 	end_frame();
-	if (user_can('cruprfmanage'))
+	if (user_can('user-delete'))
 	{
 		begin_frame($lang_userdetails['text_delete_user'], true);
 		print("<form method=\"post\" action=\"delacctadmin.php\" name=\"deluser\">
--- a/resources/lang/en/permission.php
+++ b/resources/lang/en/permission.php
@@ -57,6 +57,14 @@ return [
        'text' => 'View User List',
        'desc' => 'View, search user list',
    ],
+    'user-delete' => [
+        'text' => 'Delete user',
+        'desc' => 'Completely delete user account information from the database',
+    ],
+    'user-change-class' => [
+        'text' => 'Change user class',
+        'desc' => "Modify the user's level, can not be modified to a level higher than or equal to their own",
+    ],
    'torrentmanage' => [
        'text' => 'Torrent Management',
        'desc' => 'Edit torrents, excluding setting torrent sticky or on promotion or delete',
--- a/resources/lang/zh_CN/permission.php
+++ b/resources/lang/zh_CN/permission.php
@@ -57,6 +57,14 @@ return [
        'text' => '查看用户列表',
        'desc' => '查看、搜索用户列表',
    ],
+    'user-delete' => [
+        'text' => '删除用户',
+        'desc' => '彻底从数据库删除用户账号信息',
+    ],
+    'user-change-class' => [
+        'text' => '修改用户等级',
+        'desc' => '修改用户的等级，不能修改为高于或等于自己的等级',
+    ],
    'torrentmanage' => [
        'text' => '管理种子',
        'desc' => '编辑、删除种子，但不能将种子设为置顶或促销',
--- a/resources/lang/zh_TW/permission.php
+++ b/resources/lang/zh_TW/permission.php
@@ -57,6 +57,14 @@ return [
        'text' => '檢視用戶清單',
        'desc' => '檢視、搜索用戶清單',
    ],
+    'user-delete' => [
+        'text' => '刪除用戶',
+        'desc' => '徹底從數據庫刪除用戶賬號信息',
+    ],
+    'user-change-class' => [
+        'text' => '修改用戶等級',
+        'desc' => '修改用戶的等級，不能修改為高於或等於自己的等級',
+    ],
    'torrentmanage' => [
        'text' => '管理種子',
        'desc' => '編輯、移除種子，但無法將種子設為置頂或促銷',