mirror of
https://github.com/lkddi/nexusphp.git
synced 2026-04-24 20:17:24 +08:00
new permission: user-delete + user-change-class
This commit is contained in:
xiaomlove
@@ -14,10 +14,11 @@ use Filament\Resources\Pages\Concerns\InteractsWithRecord;
|
|||||||
use Filament\Resources\Pages\Page;
|
use Filament\Resources\Pages\Page;
|
||||||
use Filament\Pages\Actions;
|
use Filament\Pages\Actions;
|
||||||
use Filament\Forms;
|
use Filament\Forms;
|
||||||
|
use Filament\Resources\Pages\ViewRecord;
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
use Nexus\Database\NexusDB;
|
use Nexus\Database\NexusDB;
|
||||||
|
|
||||||
class UserProfile extends Page
|
class UserProfile extends ViewRecord
|
||||||
{
|
{
|
||||||
use InteractsWithRecord;
|
use InteractsWithRecord;
|
||||||
use HasRelationManagers;
|
use HasRelationManagers;
|
||||||
@@ -47,16 +48,6 @@ class UserProfile extends Page
|
|||||||
$this->record = $this->resolveRecord($id);
|
$this->record = $this->resolveRecord($id);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function mount($record)
|
|
||||||
{
|
|
||||||
static::authorizeResourceAccess();
|
|
||||||
|
|
||||||
$this->record = $this->resolveRecord($record);
|
|
||||||
|
|
||||||
abort_unless(static::getResource()::canView($this->getRecord()), 403);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function getActions(): array
|
protected function getActions(): array
|
||||||
{
|
{
|
||||||
$actions = [];
|
$actions = [];
|
||||||
@@ -74,7 +65,9 @@ class UserProfile extends Page
|
|||||||
$actions[] = $this->buildResetPasswordAction();
|
$actions[] = $this->buildResetPasswordAction();
|
||||||
$actions[] = $this->buildEnableDisableAction();
|
$actions[] = $this->buildEnableDisableAction();
|
||||||
$actions[] = $this->buildEnableDisableDownloadPrivilegesAction();
|
$actions[] = $this->buildEnableDisableDownloadPrivilegesAction();
|
||||||
|
if (user_can('user-delete')) {
|
||||||
|
$actions[] = $this->buildDeleteAction();
|
||||||
|
}
|
||||||
$actions = apply_filter('user_profile_actions', $actions);
|
$actions = apply_filter('user_profile_actions', $actions);
|
||||||
}
|
}
|
||||||
return $actions;
|
return $actions;
|
||||||
@@ -299,6 +292,13 @@ class UserProfile extends Page
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function buildDeleteAction(): Actions\Action
|
||||||
|
{
|
||||||
|
return Actions\DeleteAction::make()->using(function () {
|
||||||
|
$this->getRep()->destroy($this->record->id);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
public function getViewData(): array
|
public function getViewData(): array
|
||||||
{
|
{
|
||||||
return [
|
return [
|
||||||
|
|||||||
@@ -497,4 +497,21 @@ class UserRepository extends BaseRepository
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function destroy($id)
|
||||||
|
{
|
||||||
|
user_can('user-delete', true);
|
||||||
|
$tables = [
|
||||||
|
'users' => 'id',
|
||||||
|
'hit_and_runs' => 'uid',
|
||||||
|
'claims' => 'uid',
|
||||||
|
'exam_users' => 'uid',
|
||||||
|
'exam_progress' => 'uid',
|
||||||
|
];
|
||||||
|
foreach ($tables as $table => $key) {
|
||||||
|
\Nexus\Database\NexusDB::table($table)->where($key, $id)->delete();
|
||||||
|
}
|
||||||
|
do_log("[DESTROY_USER]: $id", 'error');
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -177,6 +177,8 @@ return array (
|
|||||||
'torrent_hr' => User::CLASS_ADMINISTRATOR,
|
'torrent_hr' => User::CLASS_ADMINISTRATOR,
|
||||||
'torrent-approval' => User::CLASS_ADMINISTRATOR,
|
'torrent-approval' => User::CLASS_ADMINISTRATOR,
|
||||||
'torrent-delete' => User::CLASS_ADMINISTRATOR,
|
'torrent-delete' => User::CLASS_ADMINISTRATOR,
|
||||||
|
'user-delete' => User::CLASS_ADMINISTRATOR,
|
||||||
|
'user-change-class' => User::CLASS_ADMINISTRATOR,
|
||||||
),
|
),
|
||||||
'tweak' =>
|
'tweak' =>
|
||||||
array (
|
array (
|
||||||
|
|||||||
+3
-21
@@ -1,8 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
require "../include/bittorrent.php";
|
require "../include/bittorrent.php";
|
||||||
dbconn();
|
dbconn();
|
||||||
if (get_user_class() < UC_ADMINISTRATOR)
|
user_can('user-delete', true);
|
||||||
stderr("Error", "Permission denied.");
|
|
||||||
|
|
||||||
if ($_SERVER["REQUEST_METHOD"] == "POST")
|
if ($_SERVER["REQUEST_METHOD"] == "POST")
|
||||||
{
|
{
|
||||||
@@ -18,25 +17,8 @@ $arr = mysql_fetch_assoc($res);
|
|||||||
|
|
||||||
$id = $arr['id'];
|
$id = $arr['id'];
|
||||||
$name = $arr['username'];
|
$name = $arr['username'];
|
||||||
try {
|
$userRep = new \App\Repositories\UserRepository();
|
||||||
\Nexus\Database\NexusDB::transaction(function () use ($id) {
|
$userRep->destroy($id);
|
||||||
$affectedRows = \Nexus\Database\NexusDB::table('users')->where('id', $id)->delete();
|
|
||||||
if ($affectedRows != 1) {
|
|
||||||
throw new \RuntimeException("Unable to delete the account.");
|
|
||||||
}
|
|
||||||
$tables = [
|
|
||||||
'hit_and_runs' => 'uid',
|
|
||||||
'claims' => 'uid',
|
|
||||||
'exam_users' => 'uid',
|
|
||||||
'exam_progress' => 'uid',
|
|
||||||
];
|
|
||||||
foreach ($tables as $table => $key) {
|
|
||||||
\Nexus\Database\NexusDB::table($table)->where($key, $id)->delete();
|
|
||||||
}
|
|
||||||
});
|
|
||||||
} catch (\Exception $exception) {
|
|
||||||
stderr("Error", $exception->getMessage());
|
|
||||||
}
|
|
||||||
stderr("Success", "The account <b>".htmlspecialchars($name)."</b> was deleted.",false);
|
stderr("Success", "The account <b>".htmlspecialchars($name)."</b> was deleted.",false);
|
||||||
}
|
}
|
||||||
stdhead("Delete account");
|
stdhead("Delete account");
|
||||||
|
|||||||
+1
-1
@@ -194,7 +194,7 @@ if ($action == "edituser")
|
|||||||
if ($curclass >= get_user_class())
|
if ($curclass >= get_user_class())
|
||||||
puke();
|
puke();
|
||||||
|
|
||||||
if ($curclass != $class)
|
if (user_can('user-change-class') && $curclass != $class)
|
||||||
{
|
{
|
||||||
$what = ($class > $curclass ? $lang_modtask_target[get_user_lang($userid)]['msg_promoted'] : $lang_modtask_target[get_user_lang($userid)]['msg_demoted']);
|
$what = ($class > $curclass ? $lang_modtask_target[get_user_lang($userid)]['msg_promoted'] : $lang_modtask_target[get_user_lang($userid)]['msg_demoted']);
|
||||||
$subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_class_change']);
|
$subject = sqlesc($lang_modtask_target[get_user_lang($userid)]['msg_class_change']);
|
||||||
|
|||||||
+5
-1
@@ -221,7 +221,8 @@ elseif ($action == 'savesettings_authority') // save user authority
|
|||||||
'commanage','forummanage','viewuserlist','torrentmanage','torrentsticky', 'torrentonpromotion', 'torrent_hr', 'askreseed', 'viewnfo',
|
'commanage','forummanage','viewuserlist','torrentmanage','torrentsticky', 'torrentonpromotion', 'torrent_hr', 'askreseed', 'viewnfo',
|
||||||
'torrentstructure','sendinvite','viewhistory','topten','log','confilog','userprofile', 'torrenthistory','prfmanage', 'cruprfmanage',
|
'torrentstructure','sendinvite','viewhistory','topten','log','confilog','userprofile', 'torrenthistory','prfmanage', 'cruprfmanage',
|
||||||
'uploadsub','delownsub','submanage','updateextinfo', 'viewanonymous','beanonymous','addoffer','offermanage', 'upload','uploadspecial',
|
'uploadsub','delownsub','submanage','updateextinfo', 'viewanonymous','beanonymous','addoffer','offermanage', 'upload','uploadspecial',
|
||||||
'view_special_torrent','movetorrent','chrmanage','viewinvite', 'buyinvite','seebanned','againstoffer','userbar', 'torrent-approval', 'torrent-delete'
|
'view_special_torrent','movetorrent','chrmanage','viewinvite', 'buyinvite','seebanned','againstoffer','userbar', 'torrent-approval',
|
||||||
|
'torrent-delete', 'user-delete', 'user-change-class',
|
||||||
);
|
);
|
||||||
GetVar($validConfig);
|
GetVar($validConfig);
|
||||||
$AUTHORITY = [];
|
$AUTHORITY = [];
|
||||||
@@ -439,6 +440,9 @@ elseif ($action == 'authoritysettings') //Authority settings
|
|||||||
tr($lang_settings['row_comment_management'], $lang_settings['text_minimum_class'].classlist('commanage',$maxclass,$AUTHORITY['commanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_MODERATOR,false,true,true).$lang_settings['text_comment_management_note'],1);
|
tr($lang_settings['row_comment_management'], $lang_settings['text_minimum_class'].classlist('commanage',$maxclass,$AUTHORITY['commanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_MODERATOR,false,true,true).$lang_settings['text_comment_management_note'],1);
|
||||||
tr($lang_settings['row_forum_management'], $lang_settings['text_minimum_class'].classlist('forummanage',$maxclass,$AUTHORITY['forummanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).$lang_settings['text_forum_management_note'],1);
|
tr($lang_settings['row_forum_management'], $lang_settings['text_minimum_class'].classlist('forummanage',$maxclass,$AUTHORITY['forummanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).$lang_settings['text_forum_management_note'],1);
|
||||||
tr($lang_settings['row_view_userlist'], $lang_settings['text_minimum_class'].classlist('viewuserlist',$maxclass,$AUTHORITY['viewuserlist'],0,true).$lang_settings['text_default'].get_user_class_name(UC_POWER_USER,false,true,true).$lang_settings['text_view_userlist_note'],1);
|
tr($lang_settings['row_view_userlist'], $lang_settings['text_minimum_class'].classlist('viewuserlist',$maxclass,$AUTHORITY['viewuserlist'],0,true).$lang_settings['text_default'].get_user_class_name(UC_POWER_USER,false,true,true).$lang_settings['text_view_userlist_note'],1);
|
||||||
|
tr(nexus_trans('permission.user-delete.text'), $lang_settings['text_minimum_class'].classlist('user-delete',$maxclass,$AUTHORITY['user-delete'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).nexus_trans('permission.user-delete.desc'),1);
|
||||||
|
tr(nexus_trans('permission.user-change-class.text'), $lang_settings['text_minimum_class'].classlist('user-change-class',$maxclass,$AUTHORITY['user-change-class'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).nexus_trans('permission.user-change-class.desc'),1);
|
||||||
|
|
||||||
tr($lang_settings['row_torrent_management'], $lang_settings['text_minimum_class'].classlist('torrentmanage',$maxclass,$AUTHORITY['torrentmanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_MODERATOR,false,true,true).$lang_settings['text_torrent_management_note'], 1);
|
tr($lang_settings['row_torrent_management'], $lang_settings['text_minimum_class'].classlist('torrentmanage',$maxclass,$AUTHORITY['torrentmanage'],0,true).$lang_settings['text_default'].get_user_class_name(UC_MODERATOR,false,true,true).$lang_settings['text_torrent_management_note'], 1);
|
||||||
tr($lang_settings['row_torrent_delete'], $lang_settings['text_minimum_class'].classlist('torrent-delete',$maxclass,$AUTHORITY['torrent-delete'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).$lang_settings['text_torrent_delete_note'], 1);
|
tr($lang_settings['row_torrent_delete'], $lang_settings['text_minimum_class'].classlist('torrent-delete',$maxclass,$AUTHORITY['torrent-delete'],0,true).$lang_settings['text_default'].get_user_class_name(UC_ADMINISTRATOR,false,true,true).$lang_settings['text_torrent_delete_note'], 1);
|
||||||
|
|
||||||
|
|||||||
@@ -464,9 +464,11 @@ if (user_can('prfmanage') && $user["class"] < get_user_class())
|
|||||||
tr($lang_userdetails['row_donated'], "USD: <input type=\"text\" size=\"5\" name=\"donated\" value=\"" . htmlspecialchars($user['donated']) . "\" /> CNY: <input type=\"text\" size=\"5\" name=\"donated_cny\" value=\"" . htmlspecialchars($user['donated_cny']) . "\" />" . $lang_userdetails['text_transaction_memo'] . "<input type=\"text\" size=\"50\" name=\"donation_memo\" />", 1);
|
tr($lang_userdetails['row_donated'], "USD: <input type=\"text\" size=\"5\" name=\"donated\" value=\"" . htmlspecialchars($user['donated']) . "\" /> CNY: <input type=\"text\" size=\"5\" name=\"donated_cny\" value=\"" . htmlspecialchars($user['donated_cny']) . "\" />" . $lang_userdetails['text_transaction_memo'] . "<input type=\"text\" size=\"50\" name=\"donation_memo\" />", 1);
|
||||||
tr($lang_userdetails['row_donoruntil'], "<input type=\"text\" name=\"donoruntil\" value=\"".htmlspecialchars($user["donoruntil"])."\" /> ".$lang_userdetails['text_donoruntil_note'], 1);
|
tr($lang_userdetails['row_donoruntil'], "<input type=\"text\" name=\"donoruntil\" value=\"".htmlspecialchars($user["donoruntil"])."\" /> ".$lang_userdetails['text_donoruntil_note'], 1);
|
||||||
}
|
}
|
||||||
$maxclass = get_user_class() - 1;
|
if (user_can('user-change-class')) {
|
||||||
$classselect=classlist('class', $maxclass, $user["class"]);
|
$maxclass = get_user_class() - 1;
|
||||||
tr($lang_userdetails['row_class'], $classselect, 1);
|
$classselect=classlist('class', $maxclass, $user["class"]);
|
||||||
|
tr($lang_userdetails['row_class'], $classselect, 1);
|
||||||
|
}
|
||||||
tr($lang_userdetails['row_vip_by_bonus'], "<input type=\"radio\" name=\"vip_added\" value=\"yes\"" .($user["vip_added"] == "yes" ? " checked=\"checked\"" : "")." />".$lang_userdetails['radio_yes']." <input type=\"radio\" name=\"vip_added\" value=\"no\"" .($user["vip_added"] == "no" ? " checked=\"checked\"" : "")." />".$lang_userdetails['radio_no']."<br />".$lang_userdetails['text_vip_by_bonus_note'], 1);
|
tr($lang_userdetails['row_vip_by_bonus'], "<input type=\"radio\" name=\"vip_added\" value=\"yes\"" .($user["vip_added"] == "yes" ? " checked=\"checked\"" : "")." />".$lang_userdetails['radio_yes']." <input type=\"radio\" name=\"vip_added\" value=\"no\"" .($user["vip_added"] == "no" ? " checked=\"checked\"" : "")." />".$lang_userdetails['radio_no']."<br />".$lang_userdetails['text_vip_by_bonus_note'], 1);
|
||||||
tr($lang_userdetails['row_vip_until'], "<input type=\"text\" name=\"vip_until\" value=\"".htmlspecialchars($user["vip_until"])."\" /> ".$lang_userdetails['text_vip_until_note'], 1);
|
tr($lang_userdetails['row_vip_until'], "<input type=\"text\" name=\"vip_until\" value=\"".htmlspecialchars($user["vip_until"])."\" /> ".$lang_userdetails['text_vip_until_note'], 1);
|
||||||
$supportlang = htmlspecialchars($user["supportlang"]);
|
$supportlang = htmlspecialchars($user["supportlang"]);
|
||||||
@@ -610,7 +612,7 @@ JS;
|
|||||||
print("</table>\n");
|
print("</table>\n");
|
||||||
print("</form>\n");
|
print("</form>\n");
|
||||||
end_frame();
|
end_frame();
|
||||||
if (user_can('cruprfmanage'))
|
if (user_can('user-delete'))
|
||||||
{
|
{
|
||||||
begin_frame($lang_userdetails['text_delete_user'], true);
|
begin_frame($lang_userdetails['text_delete_user'], true);
|
||||||
print("<form method=\"post\" action=\"delacctadmin.php\" name=\"deluser\">
|
print("<form method=\"post\" action=\"delacctadmin.php\" name=\"deluser\">
|
||||||
|
|||||||
@@ -57,6 +57,14 @@ return [
|
|||||||
'text' => 'View User List',
|
'text' => 'View User List',
|
||||||
'desc' => 'View, search user list',
|
'desc' => 'View, search user list',
|
||||||
],
|
],
|
||||||
|
'user-delete' => [
|
||||||
|
'text' => 'Delete user',
|
||||||
|
'desc' => 'Completely delete user account information from the database',
|
||||||
|
],
|
||||||
|
'user-change-class' => [
|
||||||
|
'text' => 'Change user class',
|
||||||
|
'desc' => "Modify the user's level, can not be modified to a level higher than or equal to their own",
|
||||||
|
],
|
||||||
'torrentmanage' => [
|
'torrentmanage' => [
|
||||||
'text' => 'Torrent Management',
|
'text' => 'Torrent Management',
|
||||||
'desc' => 'Edit torrents, excluding setting torrent sticky or on promotion or delete',
|
'desc' => 'Edit torrents, excluding setting torrent sticky or on promotion or delete',
|
||||||
|
|||||||
@@ -57,6 +57,14 @@ return [
|
|||||||
'text' => '查看用户列表',
|
'text' => '查看用户列表',
|
||||||
'desc' => '查看、搜索用户列表',
|
'desc' => '查看、搜索用户列表',
|
||||||
],
|
],
|
||||||
|
'user-delete' => [
|
||||||
|
'text' => '删除用户',
|
||||||
|
'desc' => '彻底从数据库删除用户账号信息',
|
||||||
|
],
|
||||||
|
'user-change-class' => [
|
||||||
|
'text' => '修改用户等级',
|
||||||
|
'desc' => '修改用户的等级,不能修改为高于或等于自己的等级',
|
||||||
|
],
|
||||||
'torrentmanage' => [
|
'torrentmanage' => [
|
||||||
'text' => '管理种子',
|
'text' => '管理种子',
|
||||||
'desc' => '编辑、删除种子,但不能将种子设为置顶或促销',
|
'desc' => '编辑、删除种子,但不能将种子设为置顶或促销',
|
||||||
|
|||||||
@@ -57,6 +57,14 @@ return [
|
|||||||
'text' => '檢視用戶清單',
|
'text' => '檢視用戶清單',
|
||||||
'desc' => '檢視、搜索用戶清單',
|
'desc' => '檢視、搜索用戶清單',
|
||||||
],
|
],
|
||||||
|
'user-delete' => [
|
||||||
|
'text' => '刪除用戶',
|
||||||
|
'desc' => '徹底從數據庫刪除用戶賬號信息',
|
||||||
|
],
|
||||||
|
'user-change-class' => [
|
||||||
|
'text' => '修改用戶等級',
|
||||||
|
'desc' => '修改用戶的等級,不能修改為高於或等於自己的等級',
|
||||||
|
],
|
||||||
'torrentmanage' => [
|
'torrentmanage' => [
|
||||||
'text' => '管理種子',
|
'text' => '管理種子',
|
||||||
'desc' => '編輯、移除種子,但無法將種子設為置頂或促銷',
|
'desc' => '編輯、移除種子,但無法將種子設為置頂或促銷',
|
||||||
|
|||||||
Reference in New Issue
Block a user