Apply group weight system to API token modifications
This commit is contained in:
@@ -60,6 +60,11 @@ if ($result->num_rows == 1) {
|
||||
|
||||
$_GET['user_uuid'] = $user_uuid;
|
||||
|
||||
$userHashigherGroupWeight = false;
|
||||
if ($admin_data['user_group_weight'] > $_SESSION['user']['user_group_weight']) {
|
||||
$userHashigherGroupWeight = true;
|
||||
};
|
||||
|
||||
$API_token = new API_apitoken();
|
||||
$requiredFields = ['user_uuid' => ['type' => 'uuid']];
|
||||
$API_token->validateData($requiredFields);
|
||||
@@ -258,10 +263,13 @@ if ($admin_data) { ?>
|
||||
<?php if ($API_token->checkPermissions('user-apitoken-others', 'RW', true)) { ?>
|
||||
<form method="POST" action="/api/v1/user/apitoken/">
|
||||
<input type="hidden" name="user_uuid" value="<?php echo $user_uuid ?>">
|
||||
<input type="hidden" name="_return" value="/accesscontrol/?admin_view=<?php echo $user_uuid ?>">
|
||||
<button type="submit" href="#" class="btn btn-primary">
|
||||
<i class="fa-solid fa-plus"></i> Generate new token
|
||||
</button>
|
||||
<input type="hidden" name="_return" value="/userprofile/">
|
||||
<div class="input-group mb-3">
|
||||
<input type="text" name="api_token_name" class="form-control" placeholder="API Token name..." aria-label="API Token name..." aria-describedby="button-addon2" <?php echo($userHashigherGroupWeight ? '' : 'disabled') ?>>
|
||||
<button type="submit" href="#" class="btn btn-success" <?php echo($userHashigherGroupWeight ? '' : 'disabled') ?>>
|
||||
<i class="fa-solid fa-plus"></i> <?php echo __('generate_new_api_token') ?>
|
||||
</button>
|
||||
</div>
|
||||
</form>
|
||||
<?php } ?>
|
||||
</div>
|
||||
@@ -269,7 +277,8 @@ if ($admin_data) { ?>
|
||||
<table class="table table-hover table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>token</th>
|
||||
<th>Token id</th>
|
||||
<th>Token Name</th>
|
||||
<th>Expiration</th>
|
||||
<th>Created</th>
|
||||
<th>Last used</th>
|
||||
@@ -281,23 +290,27 @@ if ($admin_data) { ?>
|
||||
<tr>
|
||||
<td class="text-nowrap" style="max-width: 100%;">
|
||||
<div class="d-flex align-items-center gap-2" style="max-width: 100%;">
|
||||
<div class="text-truncate" style="max-width: 200px;">
|
||||
<?php echo substr($token_data['api_token'], 0, 15) . '...'; ?>
|
||||
<div class="text-truncate" style="max-width: 200px;" id="<?php echo $token_data['api_token_uuid'] ?>" data-copy-data="<?php echo $token_data['api_token_uuid']; ?>">
|
||||
<?php echo $token_data['api_token_uuid']; ?>
|
||||
</div>
|
||||
<button type="button" class="btn btn-sm btn-outline-secondary" data-copy-target="<?php echo $token_data['api_token_uuid'] ?>" title="Copy ID">
|
||||
<i class="fa-solid fa-copy"></i>
|
||||
</button>
|
||||
</div>
|
||||
</td>
|
||||
<td><?php echo $token_data['api_token_name'] ?></td>
|
||||
<td><?php showTime($token_data['api_token_expiration_timestamp']) ?></td>
|
||||
<td><?php showTime($token_data['api_token_created_timestamp']) ?></td>
|
||||
<td><?php showTime($token_data['api_token_last_used_timestamp']) ?></td>
|
||||
<td>
|
||||
<label class="switch">
|
||||
<input type="checkbox" class="checkbox" data-api-data='<?php echo json_encode(['api_token_uuid' => $token_data['api_token_uuid'], 'api_token_revoked' => $token_data['api_token_revoked'] ? 1 : 0]) ?>' data-api-changevalue="api_token_revoked" data-api-url="/api/v1/user/apitoken/" <?php echo((($token_data['api_token_revoked'])) ? 'checked' : '') ?>>
|
||||
<input type="checkbox" class="checkbox" data-api-data='<?php echo json_encode(['api_token_uuid' => $token_data['api_token_uuid'], 'api_token_revoked' => $token_data['api_token_revoked'] ? 1 : 0]) ?>' data-api-changevalue="api_token_revoked" data-api-url="/api/v1/user/apitoken/" <?php echo((($token_data['api_token_revoked'])) ? 'checked' : '') ?> <?php echo($userHashigherGroupWeight ? '' : 'disabled') ?>>
|
||||
<div class="slider"></div>
|
||||
</label>
|
||||
</td>
|
||||
<?php if ($API_token->checkPermissions('user-apitoken-others', 'RW', true)) { ?>
|
||||
<td class="text-nowrap">
|
||||
<a href="#" class="btn btn-danger btn-sm btn-rounded delete-btn" data-item-uuid="<?php echo $token_data['api_token_uuid'] ?>" data-item-name="api_token_uuid" data-api-url="/api/v1/user/apitoken/"><i class="fas fa-trash-alt"></i></a>
|
||||
<a href="#" class="btn btn-danger btn-sm btn-rounded delete-btn <?php echo($userHashigherGroupWeight ? '' : 'disabled') ?>" data-item-uuid="<?php echo $token_data['api_token_uuid'] ?>" data-item-name="api_token_uuid" data-api-url="/api/v1/user/apitoken/"><i class="fas fa-trash-alt"></i></a>
|
||||
</td>
|
||||
<?php } ?>
|
||||
</tr>
|
||||
|
||||
Reference in New Issue
Block a user