private/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f193f12c71889db2f70ea97ea9623d10898be1cc
nexus/partials/landingpages/modules/access.php
Lars Gebhardt-Kusche 93c867040e
All checks were successful
Deploy / deploy-staging (push) Successful in 5s
Details
Deploy / deploy-production (push) Has been skipped
Details
update
2026-04-14 22:48:35 +02:00

129 lines
6.1 KiB
PHP
Raw Blame History

<?php
$moduleName = (string)($_GET['module'] ?? '');
$module = modules()->get($moduleName);
$notice = null;
require_admin();
if (!$module) {
http_response_code(404);
echo '<div class="card">Modul nicht gefunden.</div>';
return;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$selectedUsers = is_array($_POST['auth_user_values'] ?? null) ? $_POST['auth_user_values'] : [];
$selectedGroups = is_array($_POST['auth_group_values'] ?? null) ? $_POST['auth_group_values'] : [];
$manualUsers = (string)($_POST['auth_users'] ?? '');
$manualGroups = (string)($_POST['auth_groups'] ?? '');
modules()->saveAuth($moduleName, [
'required' => isset($_POST['auth_required']),
'users' => array_merge($selectedUsers, preg_split('/[,\\n]+/', $manualUsers) ?: []),
'groups' => array_merge($selectedGroups, preg_split('/[,\\n]+/', $manualGroups) ?: []),
]);
$notice = 'Zugriff gespeichert.';
$module = modules()->get($moduleName) ?: $module;
}
$authConfig = is_array($module['auth'] ?? null) ? $module['auth'] : ['required' => false, 'users' => [], 'groups' => []];
$allowedUsers = is_array($authConfig['users'] ?? null) ? array_values(array_filter(array_map('strval', $authConfig['users']))) : [];
$allowedGroups = is_array($authConfig['groups'] ?? null) ? array_values(array_filter(array_map('strval', $authConfig['groups']))) : [];
$knownUsers = modules()->knownAuthUsers();
$knownGroups = modules()->knownAuthGroups();
$currentUser = auth_user();
if (is_array($currentUser) && trim((string)($currentUser['sub'] ?? '')) !== '') {
$currentSub = (string)$currentUser['sub'];
$hasCurrentUser = false;
foreach ($knownUsers as $knownUser) {
if ((string)($knownUser['sub'] ?? '') === $currentSub) {
$hasCurrentUser = true;
break;
}
}
if (!$hasCurrentUser) {
$knownUsers[] = [
'sub' => $currentSub,
'username' => (string)($currentUser['username'] ?? ''),
'email' => (string)($currentUser['email'] ?? ''),
'name' => (string)($currentUser['name'] ?? ''),
'groups' => is_array($currentUser['groups'] ?? null) ? $currentUser['groups'] : [],
];
}
}
$knownGroups = array_values(array_unique(array_merge($knownGroups, auth_groups())));
sort($knownGroups, SORT_NATURAL | SORT_FLAG_CASE);
$knownUserValues = array_column($knownUsers, 'sub');
$manualUsers = array_values(array_filter($allowedUsers, fn (string $value): bool => !in_array($value, $knownUserValues, true)));
$manualGroups = array_values(array_filter($allowedGroups, fn (string $value): bool => !in_array($value, $knownGroups, true)));
?>
<div class="card">
<div class="pill">Zugriff</div>
<h1 style="margin-top:.75rem;"><?= e($module['title']) ?> - Zugriffsrechte</h1>
<p class="muted">Diese Seite ist nur fuer eingeloggte Mitglieder der Gruppe <?= e(app()->config()->oidcAdminGroup) ?> verfuegbar.</p>
<?php if ($notice): ?>
<div class="card" style="margin-top:1rem; border-color:var(--accent-2);">
<?= e($notice) ?>
</div>
<?php endif; ?>
<form method="post" style="margin-top:1rem; display:grid; gap:14px; max-width:520px;">
<label class="muted" style="display:flex; align-items:center; gap:10px;">
<input type="checkbox" name="auth_required" value="1" <?= !empty($authConfig['required']) ? 'checked' : '' ?>>
<span>Login fuer dieses Modul erforderlich</span>
</label>
<div class="muted" style="display:grid; gap:8px;">
<span>Erlaubte Benutzer</span>
<?php if ($knownUsers === []): ?>
<small class="muted">Noch keine Keycloak-User bekannt. User erscheinen hier, nachdem sie sich einmal angemeldet haben.</small>
<?php else: ?>
<div style="display:grid; gap:6px;">
<?php foreach ($knownUsers as $knownUser): ?>
<?php
$sub = (string)($knownUser['sub'] ?? '');
$label = trim((string)($knownUser['name'] ?? ''));
if ($label === '') {
$label = trim((string)($knownUser['username'] ?? ''));
}
$email = trim((string)($knownUser['email'] ?? ''));
$suffix = $email !== '' && $email !== $label ? ' (' . $email . ')' : '';
?>
<label style="display:flex; align-items:center; gap:10px;">
<input type="checkbox" name="auth_user_values[]" value="<?= e($sub) ?>" <?= in_array($sub, $allowedUsers, true) ? 'checked' : '' ?>>
<span><?= e(($label !== '' ? $label : $sub) . $suffix) ?></span>
</label>
<?php endforeach; ?>
</div>
<?php endif; ?>
<textarea name="auth_users" rows="3" placeholder="Weitere Keycloak-Sub, Benutzername oder E-Mail, je Zeile oder Komma"><?= e(implode("\n", $manualUsers)) ?></textarea>
</div>
<div class="muted" style="display:grid; gap:8px;">
<span>Erlaubte Gruppen</span>
<?php if ($knownGroups === []): ?>
<small class="muted">Noch keine Keycloak-Gruppen bekannt. Gruppen werden aus angemeldeten Usern und gespeicherten Modulrechten gesammelt.</small>
<?php else: ?>
<div style="display:grid; gap:6px;">
<?php foreach ($knownGroups as $knownGroup): ?>
<label style="display:flex; align-items:center; gap:10px;">
<input type="checkbox" name="auth_group_values[]" value="<?= e($knownGroup) ?>" <?= in_array($knownGroup, $allowedGroups, true) ? 'checked' : '' ?>>
<span><?= e($knownGroup) ?></span>
</label>
<?php endforeach; ?>
</div>
<?php endif; ?>
<textarea name="auth_groups" rows="3" placeholder="Weitere Gruppen, je Zeile oder Komma"><?= e(implode("\n", $manualGroups)) ?></textarea>
</div>
<small class="muted">Wenn Login aktiv ist und Benutzer/Gruppen leer bleiben, darf jeder eingeloggte Benutzer das Modul oeffnen.</small>
<div style="display:flex; gap:10px;">
<button class="cta-button" type="submit">Zugriff speichern</button>
<a class="nav-link" href="/modules/setup/<?= e($moduleName) ?>">Setup</a>
<a class="nav-link" href="/modules">Zurück</a>
</div>
</form>
</div>
Reference in New Issue View Git Blame Copy Permalink