src/Diplix/KMGBundle/Controller/Admin/UserController.php line 165

Open in your IDE?
  1. <?php
  2. namespace Diplix\KMGBundle\Controller\Admin;
  4. use Diplix\KMGBundle\Controller\BaseController;
  5. use Diplix\KMGBundle\Entity\Accounting\CoopMember;
  6. use Diplix\KMGBundle\Entity\Customer;
  7. use Diplix\KMGBundle\Entity\Role;
  8. use Diplix\KMGBundle\Entity\User;
  9. use Diplix\KMGBundle\Form\Admin\CustomerForm;
  10. use Diplix\KMGBundle\Form\Admin\WizardForm;
  11. use Diplix\KMGBundle\Form\DefaultDeleteForm;
  12. use Diplix\KMGBundle\Form\Admin\UserForm;
  13. use Diplix\KMGBundle\Helper\ClientConfigProvider;
  14. use Diplix\KMGBundle\Repository\UserRepository;
  15. use Diplix\KMGBundle\Service\MailHelper;
  16. use Symfony\Component\EventDispatcher\EventDispatcher;
  17. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  18. use Symfony\Component\Form\FormError;
  19. use Symfony\Component\HttpFoundation\Request;
  20. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  21. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  22. use Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface;
  23. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  24. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  27. class UserController extends BaseController
  28. {
  29.     /**
  30.      * @var UserRepository;
  31.      */
  32.     protected $rep;
  34.     public function __construct(
  35.         protected EventDispatcherInterface $dispatcher,
  36.         protected MailHelper $mailHelper,
  37.         protected UserPasswordHasherInterface $hasher,
  38.         protected ClientConfigProvider $clientConfigProvider
  39.     )
  40.     {
  41.     }
  43.     protected function init()
  44.     {
  45.         $this->rep $this->getDoctrine()->getManager()->getRepository('Diplix\KMGBundle\Entity\User');
  47.         if (
  48.             (!$this->hasUserRole(Role::USER_ADMIN))
  49.             &&
  50.             (!$this->hasUserRole(Role::SUB_USER_ADMIN))
  51.             &&
  52.             (!$this->hasUserRole(Role::ADMIN1))
  53.             )
  54.         {
  55.             throw new AccessDeniedException();
  56.         }
  57.         $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
  58.     }
  60.     /**
  61.      * Generate a new random password
  62.      * @return string
  63.      */
  64.     protected function generatePw()
  65.     {
  66.         $out "";
  67.         for ($i 0$i 4;$i++)
  68.         {
  69.             $out .= chrrand(97,122));
  70.         }
  71.         for ($i 0$i 4;$i++)
  72.         {
  73.             $out .= rand(0,9);
  74.         }
  75.         return $out;
  76.     }
  78.     /**
  79.      * Generate a new random username
  80.      * @return string
  81.      */
  82.     public static function generateUsername()
  83.     {
  84.         $out "";
  85.         for ($i 0$i 8;$i++)
  86.         {
  87.             $out .= chrrand(97,122));
  88.         }
  89.         $out .= uniqid();
  90.         return $out;
  91.     }
  93.     /**
  94.      * Set encrypted pw using the default provider
  95.      * @param User $row
  96.      * @param string $newPw
  97.      * @return true
  98.      */
  99.     protected function setEncryptedUserPw(User $row$newPw)
  100.     {
  101.         $password $this->hasher->hashPassword($row,$newPw);
  102.         $row->setPassword($password);
  103.         return true;
  104.     }
  106.     /**
  107.      * @return User
  108.      */
  109.     protected function getNewUserObject()
  110.     {
  111.         $row = new User();
  112.         // since the username is currently not really used, except for the admin account, just use a random one
  113.         $row->setUsername($this->generateUsername());
  114.         $newPassword $this->generatePw();
  115.         $this->setEncryptedUserPw($row$newPassword);
  116.         $role $this->rep->getRoleObjectByRoleName(Role::USER);
  117.         $row->addRole($role);
  119.         if (!$this->hasUserRole(Role::USER_ADMIN))
  120.         {
  121.             // when not being an global user admin, limit the user to our group
  122.             $row->setCustomer$this->getCurrentUser()->getCustomer());
  123.         }
  125.         return $row;
  126.     }
  129.     public function indexAction(Request $request)
  130.     {
  131.         $this->init();
  132.         $f $request->get('filter','customers');
  133.         // TODO : change to array hydration
  134.         // TODO: use iterator and paging as well as dynamic json loading for dataTable !
  135.         if ( ($this->hasUserRole(Role::USER_ADMIN)) || ($this->hasUserRole(Role::ADMIN1)) )
  136.         {
  137.             $list $this->rep->findUserForList($f,null);
  138.         }
  139.         else
  140.         {
  141.             $list $this->rep->findUserForList('customers',$this->getCurrentUser()->getCustomer());
  142.         }
  143.         return $this->render('@DiplixKMG/Admin/User/list.html.twig', array(
  144.             "dataList"=>$list"filter"=>$f));
  145.     }
  147.     protected function removeRoleIfNotHavingItSelf($roleNameUser $data)
  148.     {
  149.         if (!$this->hasUserRole($roleName))
  150.         {
  151.             $remove null;
  152.             /** @var Role $r */
  153.             foreach ($data->getRoles(true) as $r)
  154.             {
  155.                 if ($r->getRole() == $roleName$remove $r;
  156.             }
  157.             if (is_object($remove))
  158.             {
  159.                 $data->removeRole($remove);
  160.                 $this->addFlash("warning","Zuweisen der ".$roleName."-Rolle nicht zulässig.");
  161.             }
  162.         }
  163.     }
  165.    public function editAction(Request $request)
  166.     {
  167.         $newUser false;
  168.         User::$roles_as_object true;
  169.         $this->init();
  170.         $id $request->query->get('id');
  171.         if ($id>0)
  172.         {
  173.             if ( ($this->hasUserRole(Role::USER_ADMIN)) || ($this->hasUserRole(Role::ADMIN1)) )
  174.                 $row $this->rep->findOneBy(array("id"=>$id,"hidden"=>false));
  175.             else    // for SUB_USER_ADMIN
  176.                 $row $this->rep->findOneBy(array("id"=>$id,"hidden"=>false,"customer"=>$this->getCurrentUser()->getCustomer()));
  178.             if ($row===null)
  179.             {
  180.                 $this->addFlash('warning','Invalid ID');
  181.                 return  $this->redirect($this->generateUrl('admin-users'));
  182.             }
  183.         }
  184.         else
  185.         {
  186.             $row $this->getNewUserObject();
  187.             $newUser true;
  188.             $newGeneratedPassword $this->generatePw();
  189.             $this->setEncryptedUserPw($row,$newGeneratedPassword);
  190.         }
  192.         // Only sys_admin may edit sys_admin users
  193.         if ( ($row->hasRole(Role::SYS_ADMIN)) && (!$this->hasUserRole(Role::SYS_ADMIN,true)) )
  194.         {
  195.             throw new AccessDeniedException();
  196.         }
  198.         $originalPasswordHash $row->getPassword(); // NOTE: not accessible anymore after used with createForm()!!!
  200.         // render form
  201.         $sameCustomer false;
  202.         if ( ($row->getCustomer()!==null) && ($this->getCurrentUser()->getCustomer()!==null) )
  203.         {
  204.             $sameCustomer $row->getCustomer()->getId() === $this->getCurrentUser()->getCustomer()->getId();
  205.         }
  206.         $opts = array(
  207.             UserForm::SUPER => $this->hasUserRole(Role::SUPER_ADMIN),
  208.             UserForm::ALLOW_PW_CHANGE =>  !$row->hasRole(Role::SYS_ADMIN) && (  $this->hasUserRole(Role::SUPER_ADMIN) || ($this->hasUserRole(Role::SUB_USER_ADMIN) && $sameCustomer) ),
  209.             UserForm::ALLOW_ROLE_CHANGE => !$row->hasRole(Role::SYS_ADMIN),
  210.             UserForm::DASHBOARDS => $this->clientConfigProvider->getDashboardCategories()
  211.         );
  212.         $form $this->createForm(UserForm::class,$row,$opts);
  213.         $form->handleRequest($request);
  214.         if ($form->isSubmitted())
  215.         {
  216.             $valid $form->isValid();
  217.             /** @var User $data */
  218.             $data $form->getData();
  220.             // check email uniqueness
  221.             $ret $this->rep->findBy(array('email'=>$data->getEmail()));
  222.             if (count($ret)>0)
  223.             {
  224.                 if ($ret[0]->getId() != $data->getId())
  225.                 {
  226.                     /*
  227.                     $valid = false;
  228.                     $form->get('email')->addError(new FormError("Diese eMail-Adresse existiert bereits"));
  229.                     */
  230.                     // eMail-Adressen dĂĽrfen mehrfach vorkommen
  231.                     $this->addFlash('info',sprintf('Hinweis: Diese eMail-Adresse (%s) wird mehrfach verwendet. Ein Login/Passwortreset per eMail ist zukĂĽnftig nicht mehr möglich.',$data->getEmail()));
  232.                 }
  233.             }
  235.             // check username uniqueness
  236.             $ret $this->rep->findOneBy(array('username'=>$data->getUsername()));
  237.             if (is_object($ret))
  238.             {
  239.                 if ($ret->getId() != $data->getId())
  240.                 {
  241.                     $valid false;
  242.                     $form->get('username')->addError(new FormError("Dieser Benutzername existiert bereits"));
  243.                 }
  244.             }
  247.             if (!$valid)
  248.             {
  249.                 $form->addError(new FormError("Bitte ĂĽberprĂĽfen Sie Ihre Eingaben"));
  250.                 return $this->render('@DiplixKMG/Admin/User/edit.html.twig',array ( "form" => $form->createView(),
  251.                     "row"=> $row,
  252.                 ));
  253.             }
  255.             if (strlen(trim($data->getPassword()))<1)
  256.             {
  257.                 // no pw entered keep old one
  258.                 $data->setPassword($originalPasswordHash);
  259.             }
  260.             else
  261.             {
  262.                 if ($newUser)
  263.                 {
  264.                     $data->setPassword($originalPasswordHash);
  265.                 }
  266.                 else
  267.                 {
  268.                     // set new pw
  269.                     $this->setEncryptedUserPw($data$data->getPassword());
  270.                     $data->setLastPasswordChange(new \DateTime());
  271.                 }
  272.             }
  274.             // do not allow to set superadmin rights when not being a superadmin
  275.             $this->removeRoleIfNotHavingItSelf(Role::SUPER_ADMIN,$data);
  276.             $this->removeRoleIfNotHavingItSelf(Role::SYS_ADMIN,$data);
  277. //            if (!$this->hasUserRole(Role::SUPER_ADMIN))
  278. //            {
  279. //                $remove = null;
  280. //                /** @var User $data*/
  281. //                /** @var Role $r */
  282. //                foreach ($data->getRoles(true) as $r)
  283. //                {
  284. //                    if ($r->getRole() == Role::SUPER_ADMIN) $remove = $r;
  285. //                }
  286. //                if (is_object($remove))
  287. //                {
  288. //                    $data->removeRole($remove);
  289. //                    $this->addFlash("warning","Zuweisen der SuperAdmin-Rolle nicht zulässig.");
  290. //                }
  291. //            }
  293.             $this->rep->persistFlush($data);
  294.             $this->addFlash('success','Record has been saved.');
  295.             if ($newUser)
  296.             {
  297.                $this->addFlash("info",sprintf("Neues Passwort: %s",$newGeneratedPassword));
  298.             }
  299.             return  $this->redirect($this->generateUrl'admin-users', array("lastRecordId"=>$data->getId())));
  301.         }
  302.         else
  303.         {
  304.             return $this->render('@DiplixKMG/Admin/User/edit.html.twig',array ( "form" => $form->createView(),
  305.                 "row"=> $row,
  306.             ));
  307.         }
  309.     }
  311.     public function deleteAction(Request $request)
  312.     {
  313.         $this->init();
  314.         $id $request->get('id'); // _GET or _POST
  315.         /** @var User $row */
  317.         if ($this->hasUserRole(Role::USER_ADMIN))
  318.                 $row $this->rep->findOneBy(array("id"=>$id,"hidden"=>false));
  319.             else    // for SUB_USER_ADMIN
  320.                 $row $this->rep->findOneBy(array("id"=>$id,"hidden"=>false,"customer"=>$this->getCurrentUser()->getCustomer()));
  322.         if ($row===null)
  323.         {
  324.             $this->addFlash('warning','Invalid record ID');
  325.             return  $this->redirect($this->generateUrl('admin-users'));
  326.         }
  328.         if ($row->getSysUser())
  329.         {
  330.             $this->addFlash('warning','This is a internal system user. Please contact support if you want to delete it.');
  331.             return  $this->redirect($this->generateUrl('admin-users'));
  332.         }
  334.         // Only sys_admin may delete sys_admin users
  335.         if ( ($row->hasRole(Role::SYS_ADMIN)) && (!$this->hasUserRole(Role::SYS_ADMIN,true)) )
  336.         {
  337.             throw new AccessDeniedException();
  338.         }
  340.         $form $this->createFormDefaultDeleteForm::class,array("id"=>$id));
  341.         $form->handleRequest($request);
  342.         if ($form->isSubmitted())
  343.         {
  344.             if ($form->get('commit')->getData() == 1)
  345.             {
  346.                 $row->eraseMyself();
  347.                 $this->rep->persistFlush($row);
  348.                 $this->addFlash('success','Record has been deleted.');
  349.             }
  350.             return  $this->redirect($this->generateUrl('admin-users'));
  351.         }
  352.         else
  353.         {
  354.             return $this->render('@DiplixKMG/Admin/User/delete.html.twig',array ( "row"=> $row"form"=>$form->createView()));
  355.         }
  356.     }
  358.     public function wizardAction(Request $request)
  359.     {
  360.         $this->init();
  362.         $this->ensureUserHasRole(Role::USER_ADMIN);
  364.         $form $this->createForm(WizardForm::class,array());
  365.         $form->handleRequest($request);
  366.         if ($form->isSubmitted())
  367.         {
  368.             $valid $form->isValid();
  369.             if ($valid)
  370.             {
  371.                 // check email uniqueness
  372.                 $ret $this->rep->findOneBy(array('email' => $form->get("email")->getData()));
  373.                 if (is_object($ret))
  374.                 {
  375.                     $valid false;
  376.                     $form->get('email')->addError(new FormError("Diese eMail-Adresse existiert bereits"));
  377.                 }
  378.                 if ($valid)
  379.                 {
  380.                     $U $this->getNewUserObject();
  381.                     $newPassword $this->generatePw();
  382.                     $this->setEncryptedUserPw($U$newPassword);
  383.                     $U->setEmail($form->get("email")->getData());
  384.                     $U->setPhone($form->get('phone')->getData());
  385.                     $U->setFirstName($form->get("firstName")->getData());
  386.                     $U->setLastName($form->get("lastName")->getData());
  387.                     // ensure unique username
  388.                     $unameBase substr(strtolower($U->getFirstName()), 01) ."."strtolower($U->getLastName());
  389.                     $idx 0;
  390.                     do
  391.                     {
  392.                         $uname $unameBase . ($idx sprintf("%d"$idx) : "");
  393.                         $U->setUsername($uname);
  394.                         $ret $this->rep->findOneBy(array('username' => $uname));
  395.                         $idx++;
  396.                     } while (is_object($ret));
  397.                     // store
  398.                     $this->rep->persistFlush($U);
  399.                     if ($form->get('type')->getData()==WizardForm::CUSTOMER)
  400.                     {
  401.                         // create customer
  402.                         $C = new Customer();
  403.                         $C->setName($form->get("company")->getData());
  404.                         $C->setCustomerNo($form->get("customerNo")->getData());
  405.                         $this->getDoctrine()->getManager()->persist($C);
  406.                         $U->setCustomer($C);
  407.                     }
  408.                     else
  409.                     if ($form->get('type')->getData()==WizardForm::MEMBER)
  410.                     {
  411.                         $M = new CoopMember();
  412.                         $M->setName($form->get("company")->getData());
  413.                         $M->setNumber($form->get("memberNo")->getData());
  414.                         $M->setShortCode($form->get('shortCode')->getData());
  415.                         $this->getDoctrine()->getManager()->persist($M);
  416.                         $U->setMember($M);
  417.                     }
  418.                     else
  419.                     {
  420.                         throw $this->createAccessDeniedException('Unbekannter Typ');
  421.                     }
  422.                     $this->rep->flush($U);
  423.                     $this->addFlash('success''Benutzer/Kunde wurde angelegt.');
  424.                     // inform user
  425.                     try
  426.                     {
  427.                         $mh $this->mailHelper;
  428.                         $mh->NewAccountMail($U$newPassword);
  429.                         $this->addFlash('info''Zugangsdaten wurden per eMail versendet.');
  430.                     }
  431.                     catch (\Throwable $ex)
  432.                     {
  433.                         $this->addFlash('warning','Automatischer Versand der Zugangsdaten fehlgeschlagen !');
  434.                     }
  436.                     return $this->redirectToRoute("admin-users");
  437.                 }
  438.             }
  439.         }
  440.         return $this->render('@DiplixKMG/Admin/User/wizard.html.twig',array ( "form"=>$form->createView()));
  441.     }
  444.     public function loginAsAction(Request $request)
  445.     {
  446.         $this->init();
  447.         $this->ensureUserHasRole(Role::SUPER_ADMIN);
  448.         $id $request->get('id'); // _GET or _POST
  449.         /** @var User $user */
  450.         $user $this->rep->findOneBy(array("id" => $id"hidden" => false));
  451.         if ($user === null)
  452.         {
  453.             $this->addFlash('warning''Invalid record ID');
  454.             return $this->redirect($this->generateUrl('admin-users'));
  455.         }
  457.         if ( ($user->hasRole(Role::SYS_ADMIN)) && (!$this->hasUserRole(Role::SYS_ADMIN,true)) )
  458.         {
  459.             throw new AccessDeniedException();
  460.         }
  462.         // Impersonate
  464.         $firewall "admin_area";
  465.         $session $request->getSession();
  466.         // clean eventually existing session
  467.         $this->container->get('security.token_storage')->setToken(null);
  468.         // set new token
  469.         $token = new UsernamePasswordToken($user"no-password"$firewall$user->getRoles());
  470.         $this->container->get('security.token_storage')->setToken($token);
  471.         // save token in session
  472.         $session->set('_security_'.$firewallserialize($token));
  473.         $session->save();
  474.         // Fire the login event
  475.         $this->dispatcher->dispatch(new InteractiveLoginEvent($request$token));
  476.         $this->addFlash("info","Sie befinden sich nun im Benutzerkontext von ".$user->getUsername());
  478.         $home $this->generateUrl("kmg_home");
  479.         if ($user->getCustomer() != null)
  480.         {
  481.             return $this->redirectToRoute("admin-switch-customer",
  482.                         array(  "customerId"=>$user->getCustomer()->getId(),
  483.                                 "referTo"=>$home));
  484.         }
  485.         return $this->redirect($home);
  486.     }
  489. }