src/Module/Delegation.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2010-2023, the Friendica project
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 namespace Friendica\Module;
  23
  24 use Friendica\BaseModule;
  25 use Friendica\Core\Hook;
  26 use Friendica\Core\Renderer;
  27 use Friendica\Database\DBA;
  28 use Friendica\DI;
  29 use Friendica\Model\Notification;
  30 use Friendica\Model\User;
  31 use Friendica\Network\HTTPException\ForbiddenException;
  32 use Friendica\Util\Proxy;
  33
  34 /**
  35  * Switches current user between delegates/parent user
  36  */
  37 class Delegation extends BaseModule
  38 {
  39         protected function post(array $request = [])
  40         {
  41                 if (!DI::userSession()->getLocalUserId()) {
  42                         return;
  43                 }
  44
  45                 $uid = DI::userSession()->getLocalUserId();
  46                 $orig_record = User::getById(DI::app()->getLoggedInUserId());
  47
  48                 if (DI::userSession()->getSubManagedUserId()) {
  49                         $user = User::getById(DI::userSession()->getSubManagedUserId());
  50                         if (DBA::isResult($user)) {
  51                                 $uid = intval($user['uid']);
  52                                 $orig_record = $user;
  53                         }
  54                 }
  55
  56                 $identity = intval($_POST['identity'] ?? 0);
  57                 if (!$identity) {
  58                         return;
  59                 }
  60
  61                 $limited_id = 0;
  62                 $original_id = $uid;
  63
  64                 $manages = DBA::selectToArray('manage', ['mid'], ['uid' => $uid]);
  65                 foreach ($manages as $manage) {
  66                         if ($identity == $manage['mid']) {
  67                                 $limited_id = $manage['mid'];
  68                                 break;
  69                         }
  70                 }
  71
  72                 if ($limited_id) {
  73                         $user = User::getById($limited_id);
  74                 } else {
  75                         // Check if the target user is one of our children
  76                         $user = DBA::selectFirst('user', [], ['uid' => $identity, 'parent-uid' => $orig_record['uid']]);
  77
  78                         // Check if the target user is one of our siblings
  79                         if (!DBA::isResult($user) && ($orig_record['parent-uid'] != 0)) {
  80                                 $user = DBA::selectFirst('user', [], ['uid' => $identity, 'parent-uid' => $orig_record['parent-uid']]);
  81                         }
  82
  83                         // Check if it's our parent or our own user
  84                         if (!DBA::isResult($user)
  85                                 && (
  86                                         $orig_record['parent-uid'] != 0 && $orig_record['parent-uid'] == $identity
  87                                         ||
  88                                         $orig_record['uid'] != 0 && $orig_record['uid'] == $identity
  89                                 )
  90                         ) {
  91                                 $user = User::getById($identity);
  92                         }
  93                 }
  94
  95                 if (!DBA::isResult($user)) {
  96                         return;
  97                 }
  98
  99                 DI::session()->clear();
 100
 101                 DI::auth()->setForUser(DI::app(), $user, true, true);
 102
 103                 if ($limited_id) {
 104                         DI::userSession()->setSubManagedUserId($original_id);
 105                 }
 106
 107                 $ret = [];
 108                 Hook::callAll('home_init', $ret);
 109
 110                 DI::sysmsg()->addNotice($this->t('You are now logged in as %s', $user['username']));
 111
 112                 DI::baseUrl()->redirect('network');
 113         }
 114
 115         protected function content(array $request = []): string
 116         {
 117                 if (!DI::userSession()->getLocalUserId()) {
 118                         throw new ForbiddenException(DI::l10n()->t('Permission denied.'));
 119                 }
 120
 121                 $identities = User::identities(DI::userSession()->getSubManagedUserId() ?: DI::userSession()->getLocalUserId());
 122
 123                 //getting additional information for each identity
 124                 foreach ($identities as $key => $identity) {
 125                         $identities[$key]['thumb'] = User::getAvatarUrl($identity, Proxy::SIZE_THUMB);
 126
 127                         $identities[$key]['selected'] = ($identity['nickname'] === DI::app()->getLoggedInUserNickname());
 128
 129                         $condition = ["`msg` != '' AND NOT (`type` IN (?, ?)) AND NOT `seen`", Notification\Type::INTRO, Notification\Type::MAIL];
 130                         $params = ['distinct' => true, 'expression' => 'parent'];
 131                         $notifications = DI::notify()->countForUser($identity['uid'], $condition, $params);
 132
 133                         $params = ['distinct' => true, 'expression' => 'convid'];
 134                         $notifications += DBA::count('mail', ['uid' => $identity['uid'], 'seen' => false], $params);
 135
 136                         $notifications += DI::intro()->countActiveForUser($identity['uid']);
 137
 138                         $identities[$key]['notifications'] = $notifications;
 139                 }
 140
 141                 $o = Renderer::replaceMacros(Renderer::getMarkupTemplate('delegation.tpl'), [
 142                         '$title'      => DI::l10n()->t('Switch between your accounts'),
 143                         '$settings_label' => DI::l10n()->t('Manage your accounts'),
 144                         '$desc'       => DI::l10n()->t('Toggle between different identities or community/group pages which share your account details or which you have been granted "manage" permissions'),
 145                         '$choose'     => DI::l10n()->t('Select an identity to manage: '),
 146                         '$identities' => $identities,
 147                         '$submit'     => DI::l10n()->t('Submit'),
 148                 ]);
 149
 150                 return $o;
 151         }
 152 }