Viewing file:  UserGroupsFormController.php (3.29 KB) -rwxr-x---
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
declare(strict_types=1);
namespace PhpMyAdmin\Controllers\Server;
use PhpMyAdmin\CheckUserPrivileges;
use PhpMyAdmin\ConfigStorage\Features\ConfigurableMenusFeature;
use PhpMyAdmin\ConfigStorage\Relation;
use PhpMyAdmin\Controllers\AbstractController;
use PhpMyAdmin\DatabaseInterface;
use PhpMyAdmin\ResponseRenderer;
use PhpMyAdmin\Template;
use PhpMyAdmin\Util;
use function __;
use function sprintf;
use function strlen;
final class UserGroupsFormController extends AbstractController
{
/** @var Relation */
private $relation;
/** @var DatabaseInterface */
private $dbi;
public function __construct(
ResponseRenderer $response,
Template $template,
Relation $relation,
DatabaseInterface $dbi
) {
parent::__construct($response, $template);
$this->relation = $relation;
$this->dbi = $dbi;
}
public function __invoke(): void
{
$this->response->setAjax(true);
if (! isset($_GET['username']) || strlen((string) $_GET['username']) === 0) {
$this->response->setRequestStatus(false);
$this->response->setHttpResponseCode(400);
$this->response->addJSON('message', __('Missing parameter:') . ' username');
return;
}
$username = $_GET['username'];
$checkUserPrivileges = new CheckUserPrivileges($this->dbi);
$checkUserPrivileges->getPrivileges();
$configurableMenusFeature = $this->relation->getRelationParameters()->configurableMenusFeature;
if ($configurableMenusFeature === null) {
$this->response->setRequestStatus(false);
$this->response->setHttpResponseCode(400);
$this->response->addJSON('message', __('User groups management is not enabled.'));
return;
}
$form = $this->getHtmlToChooseUserGroup($username, $configurableMenusFeature);
$this->response->addJSON('message', $form);
}
/**
* Displays a dropdown to select the user group with menu items configured to each of them.
*/
private function getHtmlToChooseUserGroup(
string $username,
ConfigurableMenusFeature $configurableMenusFeature
): string {
$groupTable = Util::backquote($configurableMenusFeature->database)
. '.' . Util::backquote($configurableMenusFeature->userGroups);
$userTable = Util::backquote($configurableMenusFeature->database)
. '.' . Util::backquote($configurableMenusFeature->users);
$sqlQuery = sprintf(
'SELECT `usergroup` FROM %s WHERE `username` = \'%s\'',
$userTable,
$this->dbi->escapeString($username)
);
$userGroup = $this->dbi->fetchValue($sqlQuery, 0, DatabaseInterface::CONNECT_CONTROL);
$allUserGroups = [];
$sqlQuery = 'SELECT DISTINCT `usergroup` FROM ' . $groupTable;
$result = $this->dbi->tryQueryAsControlUser($sqlQuery);
if ($result) {
while ($row = $result->fetchRow()) {
$allUserGroups[$row[0]] = $row[0];
}
}
return $this->template->render('server/privileges/choose_user_group', [
'all_user_groups' => $allUserGroups,
'user_group' => $userGroup,
'params' => ['username' => $username],
]);
}
}
|