update
This commit is contained in:
@@ -12,16 +12,50 @@ if (!$module) {
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$selectedUsers = is_array($_POST['auth_user_values'] ?? null) ? $_POST['auth_user_values'] : [];
|
||||
$selectedGroups = is_array($_POST['auth_group_values'] ?? null) ? $_POST['auth_group_values'] : [];
|
||||
$manualUsers = (string)($_POST['auth_users'] ?? '');
|
||||
$manualGroups = (string)($_POST['auth_groups'] ?? '');
|
||||
|
||||
modules()->saveAuth($moduleName, [
|
||||
'required' => isset($_POST['auth_required']),
|
||||
'users' => (string)($_POST['auth_users'] ?? ''),
|
||||
'groups' => (string)($_POST['auth_groups'] ?? ''),
|
||||
'users' => array_merge($selectedUsers, preg_split('/[,\\n]+/', $manualUsers) ?: []),
|
||||
'groups' => array_merge($selectedGroups, preg_split('/[,\\n]+/', $manualGroups) ?: []),
|
||||
]);
|
||||
$notice = 'Zugriff gespeichert.';
|
||||
$module = modules()->get($moduleName) ?: $module;
|
||||
}
|
||||
|
||||
$authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required' => false, 'users' => [], 'groups' => []];
|
||||
$allowedUsers = is_array($authConfig['users'] ?? null) ? array_values(array_filter(array_map('strval', $authConfig['users']))) : [];
|
||||
$allowedGroups = is_array($authConfig['groups'] ?? null) ? array_values(array_filter(array_map('strval', $authConfig['groups']))) : [];
|
||||
$knownUsers = modules()->knownAuthUsers();
|
||||
$knownGroups = modules()->knownAuthGroups();
|
||||
$currentUser = auth_user();
|
||||
if (is_array($currentUser) && trim((string)($currentUser['sub'] ?? '')) !== '') {
|
||||
$currentSub = (string)$currentUser['sub'];
|
||||
$hasCurrentUser = false;
|
||||
foreach ($knownUsers as $knownUser) {
|
||||
if ((string)($knownUser['sub'] ?? '') === $currentSub) {
|
||||
$hasCurrentUser = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!$hasCurrentUser) {
|
||||
$knownUsers[] = [
|
||||
'sub' => $currentSub,
|
||||
'username' => (string)($currentUser['username'] ?? ''),
|
||||
'email' => (string)($currentUser['email'] ?? ''),
|
||||
'name' => (string)($currentUser['name'] ?? ''),
|
||||
'groups' => is_array($currentUser['groups'] ?? null) ? $currentUser['groups'] : [],
|
||||
];
|
||||
}
|
||||
}
|
||||
$knownGroups = array_values(array_unique(array_merge($knownGroups, auth_groups())));
|
||||
sort($knownGroups, SORT_NATURAL | SORT_FLAG_CASE);
|
||||
$knownUserValues = array_column($knownUsers, 'sub');
|
||||
$manualUsers = array_values(array_filter($allowedUsers, fn (string $value): bool => !in_array($value, $knownUserValues, true)));
|
||||
$manualGroups = array_values(array_filter($allowedGroups, fn (string $value): bool => !in_array($value, $knownGroups, true)));
|
||||
?>
|
||||
<div class="card">
|
||||
<div class="pill">Zugriff</div>
|
||||
@@ -40,15 +74,48 @@ $authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required'
|
||||
<span>Login fuer dieses Modul erforderlich</span>
|
||||
</label>
|
||||
|
||||
<label class="muted" style="display:grid; gap:6px;">
|
||||
<div class="muted" style="display:grid; gap:8px;">
|
||||
<span>Erlaubte Benutzer</span>
|
||||
<textarea name="auth_users" rows="3" placeholder="Keycloak-Sub, Benutzername oder E-Mail, je Zeile oder Komma"><?= e(implode("\n", is_array($authConfig['users'] ?? null) ? $authConfig['users'] : [])) ?></textarea>
|
||||
</label>
|
||||
<?php if ($knownUsers === []): ?>
|
||||
<small class="muted">Noch keine Keycloak-User bekannt. User erscheinen hier, nachdem sie sich einmal angemeldet haben.</small>
|
||||
<?php else: ?>
|
||||
<div style="display:grid; gap:6px;">
|
||||
<?php foreach ($knownUsers as $knownUser): ?>
|
||||
<?php
|
||||
$sub = (string)($knownUser['sub'] ?? '');
|
||||
$label = trim((string)($knownUser['name'] ?? ''));
|
||||
if ($label === '') {
|
||||
$label = trim((string)($knownUser['username'] ?? ''));
|
||||
}
|
||||
$email = trim((string)($knownUser['email'] ?? ''));
|
||||
$suffix = $email !== '' && $email !== $label ? ' (' . $email . ')' : '';
|
||||
?>
|
||||
<label style="display:flex; align-items:center; gap:10px;">
|
||||
<input type="checkbox" name="auth_user_values[]" value="<?= e($sub) ?>" <?= in_array($sub, $allowedUsers, true) ? 'checked' : '' ?>>
|
||||
<span><?= e(($label !== '' ? $label : $sub) . $suffix) ?></span>
|
||||
</label>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<textarea name="auth_users" rows="3" placeholder="Weitere Keycloak-Sub, Benutzername oder E-Mail, je Zeile oder Komma"><?= e(implode("\n", $manualUsers)) ?></textarea>
|
||||
</div>
|
||||
|
||||
<label class="muted" style="display:grid; gap:6px;">
|
||||
<div class="muted" style="display:grid; gap:8px;">
|
||||
<span>Erlaubte Gruppen</span>
|
||||
<textarea name="auth_groups" rows="3" placeholder="/admin oder mining-users, je Zeile oder Komma"><?= e(implode("\n", is_array($authConfig['groups'] ?? null) ? $authConfig['groups'] : [])) ?></textarea>
|
||||
</label>
|
||||
<?php if ($knownGroups === []): ?>
|
||||
<small class="muted">Noch keine Keycloak-Gruppen bekannt. Gruppen werden aus angemeldeten Usern und gespeicherten Modulrechten gesammelt.</small>
|
||||
<?php else: ?>
|
||||
<div style="display:grid; gap:6px;">
|
||||
<?php foreach ($knownGroups as $knownGroup): ?>
|
||||
<label style="display:flex; align-items:center; gap:10px;">
|
||||
<input type="checkbox" name="auth_group_values[]" value="<?= e($knownGroup) ?>" <?= in_array($knownGroup, $allowedGroups, true) ? 'checked' : '' ?>>
|
||||
<span><?= e($knownGroup) ?></span>
|
||||
</label>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php endif; ?>
|
||||
<textarea name="auth_groups" rows="3" placeholder="Weitere Gruppen, je Zeile oder Komma"><?= e(implode("\n", $manualGroups)) ?></textarea>
|
||||
</div>
|
||||
|
||||
<small class="muted">Wenn Login aktiv ist und Benutzer/Gruppen leer bleiben, darf jeder eingeloggte Benutzer das Modul oeffnen.</small>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user