From b65216317aeeb7f1c68acfae4fee5d412490206e Mon Sep 17 00:00:00 2001 From: konrad Date: Fri, 14 Nov 2008 16:05:20 +0000 Subject: [PATCH] make it possible to replace a user when deleting it git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@181 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- doc/prog_protocol.html | 6 +--- src/debug.cpp | 13 ++++++++++- src/overview.cpp | 12 +++++++++- src/user.cpp | 11 +++++++-- src/user.h | 4 +- www/inc/db/db.php | 2 +- www/inc/db/db_mysql.php | 5 +++- www/inc/machine/session.php | 50 +++++++++++++++++++++++++++++++++++++------ 8 files changed, 83 insertions(+), 20 deletions(-) diff --git a/doc/prog_protocol.html b/doc/prog_protocol.html index 7c22d4b..d79d8f8 100644 --- a/doc/prog_protocol.html +++ b/doc/prog_protocol.html @@ -313,11 +313,9 @@ The adduser call also uses it for the response, leaving out any user na

Deleting a User

-The deleteuser transaction deletes one single user. The request contains only the user name to be deleted. The response is empty.

+The deleteuser transaction deletes one single user. The request contains the user name to be deleted on the first line and optionally a user to assign database object to that are currently owned by the user to be deleted (eg. orders). If no second user is referenced those objects are un-assigned.

-FIXME: this call can fail silently if the user is still referenced somewhere. The client program must refresh its list of users to find out whether the user still exists.

- -FIXME 2: currently this transaction is not atomic for a reason: if it fails to delete the user it will at least succeed in deleting its access rights. +The response is empty or optionally contains an error message.

Changing a Users own Password

diff --git a/src/debug.cpp b/src/debug.cpp index a0d0098..bb52125 100644 --- a/src/debug.cpp +++ b/src/debug.cpp @@ -34,14 +34,25 @@ static void mymsghandler(QtMsgType, const char *msg) void initDebug() { + //create new log file QDir(dataDir).mkpath("debuglog"); mylogFile=new QFile(dataDir+"/debuglog/log-"+QDateTime::currentDateTime().toString("yyyy-MM-dd_hh.mm.ss.zzz")+".txt"); + //...open it if(mylogFile->open(QIODevice::WriteOnly|QIODevice::Append|QIODevice::Text)){ + //install as default log qInstallMsgHandler(mymsghandler); }else{ + //hmm, failed to open, well hope that stderr is working... delete mylogFile; mylogFile=0; qDebug("Failed to install debuglog."); } - + //delete old logs (older than 30 days) + QStringList fll=QDir(dataDir+"/debuglog").entryList(QDir::Files); + QDateTime old=QDateTime::currentDateTime().addDays(-30); + for(int i=0;idata(usermodel->index(sel.row(),0)).toString(); //make sure user wants this if(QMessageBox::question(this,tr("Delete User?"),tr("Really delete user '%1'?").arg(name),QMessageBox::Yes|QMessageBox::No)!=QMessageBox::Yes)return; + //get replacement + bool ok; + QStringList rplc; + rplc<rowCount();i++) + rplc<data(usermodel->index(i,0)).toString(); + QString rp=QInputDialog::getItem(this,tr("Delete User"),tr("Select which user will inherit this users database objects:"),rplc,0,false,&ok); + if(!ok)return; //delete - MUser(req,name).deleteUser(); + QString ret=MUser(req,name).deleteUser(rp); + if(ret!="") + QMessageBox::warning(this,tr("Error"),tr("Cannot delete user: %1").arg(ret)); updateUsers(); } diff --git a/src/user.cpp b/src/user.cpp index f78429c..b6da953 100644 --- a/src/user.cpp +++ b/src/user.cpp @@ -101,10 +101,15 @@ bool MUser::changePassword(QString pwd) } } -void MUser::deleteUser() -{ - if(!isValid())return; - req->request("deleteuser",m_userid.toUtf8()); +QString MUser::deleteUser(QString replace) +{ + if(!isValid())return QCoreApplication::translate("MUser","User not valid: cannot delete."); + QByteArray rplc; + if(replace.trimmed()!="")rplc="\n"+replace.trimmed().toUtf8(); + bool b=req->request("deleteuser",m_userid.toUtf8()+rplc); + b&=req->responseStatus()==MWebRequest::Ok; + if(!b)return " "+QCoreApplication::translate("@default",req->responseBody()); + else return QString(); } bool MUser::setDescription(QString d) diff --git a/src/user.h b/src/user.h index eb61f8f..7e564be 100644 --- a/src/user.h +++ b/src/user.h @@ -43,8 +43,8 @@ class MUser /**creates user in database with an initial password; returns true on success*/ bool create(QString pwd); - /**deletes user from database*/ - void deleteUser(); + /**deletes user from database; optionally: replace it by another existing user; returns an empty string on success or an error message on failure (may be a single space if no message was sent)*/ + QString deleteUser(QString replace=QString()); /**sets new description, both locally and on server*/ bool setDescription(QString); diff --git a/www/inc/db/db.php b/www/inc/db/db.php index 932d09b..2b3edd5 100644 --- a/www/inc/db/db.php +++ b/www/inc/db/db.php @@ -59,7 +59,7 @@ abstract class DbEngine /**update database values; returns how many rows have been changed or false for failure*/ public abstract function update($table,array $values,$where); - /**delete database values*/ + /**delete database values; returns the amount of rows deleted or false if an error occurred*/ public abstract function deleteRows($table,$where); /**creates a table; the argument is an array of the form "col-name" => array("col-type", "flags"...); use sqlCreateTable() etc. to create the actual statement*/ diff --git a/www/inc/db/db_mysql.php b/www/inc/db/db_mysql.php index 5e09031..8d4afe1 100644 --- a/www/inc/db/db_mysql.php +++ b/www/inc/db/db_mysql.php @@ -186,7 +186,10 @@ class MysqlEngine extends DbEngine public function deleteRows($table,$where) { - mysqli_query($this->dbhdl,$this->sqlDelete($table,$where)); + $b=mysqli_query($this->dbhdl,$this->sqlDelete($table,$where)); +// echo mysqli_error($this->dbhdl); + if($b)return mysqli_affected_rows($this->dbhdl); + else return false; } public function lastError() diff --git a/www/inc/machine/session.php b/www/inc/machine/session.php index 8e6d988..d0503fa 100644 --- a/www/inc/machine/session.php +++ b/www/inc/machine/session.php @@ -513,17 +513,53 @@ function addUserXml($txt) function deleteUserXml($txt) { global $db; - $usr=trim($txt); + $lst=explode("\n",trim($txt)); + if($lst===false || count($lst)<1){ + header("X-MagicSmoke-Status: SyntaxError"); + echo tr("Syntax Error"); + return; + } + $usr=trim($lst[0]); + if(count($lst)>1)$nusr=trim($lst[1]); + else $nusr=false; + //start transaction + $db->beginTransaction(); + $b=true; //delete ACL - $db->deleteRows("userroles","uname=".$db->escapeString($usr)); + $b &= $db->deleteRows("userrole","uname=".$db->escapeString($usr)) !== false; //delete Hosts - $db->deleteRows("userhosts","uname=".$db->escapeString($usr)); + $b &= $db->deleteRows("userhosts","uname=".$db->escapeString($usr)) !== false; //delete open sessions - $db->deleteRows("session","user=".$db->escapeString($usr)); + $b &= $db->deleteRows("session","user=".$db->escapeString($usr)) !== false; + //check for success so far + if(!$b){ + $db->rollbackTransaction(); + echo tr("Cannot remove user: DB error while deleting ACL."); + return; + } + //re-assign DB objects + $b &= $db->update("order",array("soldby"=>$nusr),"soldby=".$db->escapeString($usr)) !== false; + $b &= $db->update("order",array("depositat"=>$nusr),"depositat=".$db->escapeString($usr)) !== false; + $b &= $db->update("ticket",array("reservedby"=>$nusr),"reservedby=".$db->escapeString($usr)) !== false; + if(!$b){ + header("X-MagicSmoke-Status: Error"); + echo tr("Cannot remove user: unable to replace user."); + //end transaction + $db->rollbackTransaction(); + } //attempt to delete User itself - $db->deleteRows("users","uname=".$db->escapeString($usr)); - //say OK anyway; FIXME: check for success above - header("X-MagicSmoke-Status: Ok"); + $b=$db->deleteRows("users","uname=".$db->escapeString($usr)) !== false; + //say OK or not OK now + if($b){ + header("X-MagicSmoke-Status: Ok"); + //end transaction + $db->commitTransaction(); + }else{ + header("X-MagicSmoke-Status: Error"); + echo tr("Cannot remove user: DB error while deleting user."); + //end transaction + $db->rollbackTransaction(); + } } //set another users passwd -- 1.7.2.5