diff --git a/catalyst/api-bundle/Entity/User.php b/catalyst/api-bundle/Entity/User.php index d47d8892..5edf489b 100644 --- a/catalyst/api-bundle/Entity/User.php +++ b/catalyst/api-bundle/Entity/User.php @@ -16,9 +16,15 @@ use DateTime; */ class User extends BaseUser implements UserInterface { + /** + * @ORM\Id + * @ORM\Column(type="integer") + * @ORM\GeneratedValue(strategy="AUTO") + */ + protected $id; + // api key /** - * @ORM\Id * @ORM\Column(type="string", length=32) */ protected $api_key; @@ -43,9 +49,7 @@ class User extends BaseUser implements UserInterface // roles /** * @ORM\ManyToMany(targetEntity="Role", inversedBy="users") - * @ORM\JoinTable(name="api_user_role", - * joinColumns={@JoinColumn(name="user_api_key", referencedColumnName="api_key")}, - * inverseJoinColumns={@JoinColumn(name="role_id", referencedColumnName="id")}) + * @ORM\JoinTable(name="api_user_role") */ protected $roles; diff --git a/config/acl.yaml b/config/acl.yaml index 619bcf9b..1b378e66 100644 --- a/config/acl.yaml +++ b/config/acl.yaml @@ -47,10 +47,6 @@ access_keys: label: Update - id: apiuser.delete label: Delete - - id: apiuser.role.sadmin - label: Super Admin Role - - id: apiuser.profile - label: User Profile - id: apirole label: API Role Access acls: diff --git a/config/routes/api_user.yaml b/config/routes/api_user.yaml index a3660fd8..e6c16e27 100644 --- a/config/routes/api_user.yaml +++ b/config/routes/api_user.yaml @@ -31,14 +31,3 @@ api_user_delete: path: /apiusers/{id} controller: App\Controller\APIUserController::destroy methods: [DELETE] - -api_user_profile: - path: /apiprofile - controller: App\Controller\APIUserController::profileForm - methods: [GET] - -api_user_profile_submit: - path: /apiprofile - controller: App\Controller\APIUserController::profileSubmit - methods: [POST] - diff --git a/src/Controller/APIUserController.php b/src/Controller/APIUserController.php new file mode 100644 index 00000000..8889f5d4 --- /dev/null +++ b/src/Controller/APIUserController.php @@ -0,0 +1,209 @@ +denyAccessUnlessGranted('apiuser.list', null, 'No access.'); + + $params = $this->initParameters('api_user_list'); + + return $this->render('api-user/list.html.twig', $params); + } + + public function rows(Request $req) + { + $this->denyAccessUnlessGranted('apiuser.list', null, 'No access.'); + + // get query builder + $qb = $this->getDoctrine() + ->getRepository(APIUser::class) + ->createQueryBuilder('q'); + + // get datatable params + $datatable = $req->request->get('datatable'); + + // count total records + $tquery = $qb->select('COUNT(q)'); + + // add filters to count query + $this->setQueryFilters($datatable, $tquery); + + $total = $tquery->getQuery() + ->getSingleScalarResult(); + + // get current page number + $page = $datatable['pagination']['page'] ?? 1; + + $perpage = $datatable['pagination']['perpage']; + $offset = ($page - 1) * $perpage; + + // add metadata + $meta = [ + 'page' => $page, + 'perpage' => $perpage, + 'pages' => ceil($total / $perpage), + 'total' => $total, + 'sort' => 'asc', + 'field' => 'id' + ]; + + // build query + $query = $qb->select('q'); + + // add filters to query + $this->setQueryFilters($datatable, $query); + + // check if sorting is present, otherwise use default + if (isset($datatable['sort']['field']) && !empty($datatable['sort']['field'])) { + $order = $datatable['sort']['sort'] ?? 'asc'; + $query->orderBy('q.' . $datatable['sort']['field'], $order); + } else { + $query->orderBy('q.id', 'asc'); + } + + // get rows for this page + $obj_rows = $query->setFirstResult($offset) + ->setMaxResults($perpage) + ->getQuery() + ->getResult(); + // Query::HYDRATE_ARRAY); + + // process rows + $rows = []; + foreach ($obj_rows as $orow) { + // add row data + $row['id'] = $orow->getID(); + $row['name'] = $orow->getName(); + $row['api_key'] = $orow->getAPIKey(); + $row['enabled'] = $orow->isEnabled(); + + // add row metadata + $row['meta'] = [ + 'update_url' => '', + 'delete_url' => '' + ]; + + // check if they have access to super admin users + if (!$this->isGranted('user.role.sadmin') && $orow->isSuperAdmin()) + { + $rows[] = $row; + continue; + } + + // add crud urls + if ($this->isGranted('apiuser.update')) + $row['meta']['update_url'] = $this->generateUrl('api_user_update', ['id' => $row['id']]); + if ($this->isGranted('user.delete')) + $row['meta']['delete_url'] = $this->generateUrl('api_user_delete', ['id' => $row['id']]); + + $rows[] = $row; + } + + // response + return $this->json([ + 'meta' => $meta, + 'data' => $rows + ]); + } + + public function addForm() + { + $this->denyAccessUnlessGranted('apiuser.add', null, 'No access.'); + + $params = $this->initParameters('api_user_list'); + $params['obj'] = new APIUser(); + $params['mode'] = 'create'; + + // get roles + $em = $this->getDoctrine()->getManager(); + $params['roles'] = $em->getRepository(APIRole::class)->findAll(); + + // response + return $this->render('api-user/form.html.twig', $params); + } + + public function addSubmit(Request $req, EncoderFactoryInterface $ef, ValidatorInterface $validator) + { + $this->denyAccessUnlessGranted('apiuser.add', null, 'No access.'); + + // create new row + // API and secret keys are generated with the call to new APIUser() + $em = $this->getDoctrine()->getManager(); + $obj = new APIUser(); + + // set and save values + $obj->setName($req->request->get('name')) + ->setEnabled($req->request->get('enabled') ? true : false) + ->clearRoles(); + + // set roles + $roles = $req->request->get('roles'); + + if (!empty($roles)) { + foreach ($roles as $role_id) { + // check if role exists + $role = $em->getRepository(APIRole::class)->find($role_id); + if (!empty($role)) + { + // check access to super user roles + if ($role->isSuperAdmin() && !$this->isGranted('user.role.sadmin')) + continue; + + $obj->addRole($role); + } + } + } + + // validate + $errors = $validator->validate($obj); + + // initialize error list + $error_array = []; + + // add errors to list + foreach ($errors as $error) { + $error_array[$error->getPropertyPath()] = $error->getMessage(); + } + + // check if any errors were found + if (!empty($error_array)) { + // return validation failure response + return $this->json([ + 'success' => false, + 'errors' => $error_array + ], 422); + } else { + // validated! save the entity + $em->persist($obj); + $em->flush(); + + // return successful response + return $this->json([ + 'success' => 'Changes have been saved!' + ]); + } + } + + // check if datatable filter is present and append to query + protected function setQueryFilters($datatable, &$query) { + if (isset($datatable['query']['data-rows-search']) && !empty($datatable['query']['data-rows-search'])) { + $query->where('q.name LIKE :filter') + ->setParameter('filter', '%' . $datatable['query']['data-rows-search'] . '%'); + } + } + +} diff --git a/templates/api-user/form.html.twig b/templates/api-user/form.html.twig new file mode 100644 index 00000000..57c3c313 --- /dev/null +++ b/templates/api-user/form.html.twig @@ -0,0 +1,177 @@ +{% extends 'base.html.twig' %} + +{% block body %} + +
+
+
+

+ API Users +

+
+
+
+ +
+ +
+
+
+
+
+
+ + + +

+ {% if mode == 'update' %} + Edit API User + {{ obj.getId() }} + {% else %} + New API User + {% endif %} +

+
+
+
+
+
+
+
+ + + + Name for this user +
+
+
+
+
+ + + + +
+
+
+
+
+

+ API Roles +

+
+
+
+
+ {% for role in roles %} + {% if role.isSuperAdmin and not is_granted('user.role.sadmin') %} + {% else %} + + {% endif %} + {% endfor %} +
+ + Check all roles that apply +
+
+
+
+
+
+
+
+
+
+ + Back +
+
+
+
+ +
+ + + +{% endblock %} + +{% block scripts %} + +{% endblock %} + + diff --git a/templates/api-user/list.html.twig b/templates/api-user/list.html.twig new file mode 100644 index 00000000..7a8bb6a8 --- /dev/null +++ b/templates/api-user/list.html.twig @@ -0,0 +1,164 @@ +{% extends 'base.html.twig' %} + +{% block body %} + +
+
+
+

+ API Users +

+
+
+
+ +
+ +
+
+
+
+
+
+
+
+
+
+ + + + +
+
+
+
+
+ + + + New API User + + +
+
+
+
+ +
+ +
+
+
+
+
+{% endblock %} + +{% block scripts %} + +{% endblock %} + +