Fix #3828

2025-02-25 18:45:27 -06:00 · 2020-09-23 06:18:43 +02:00 · 2020-09-23 06:18:43 +02:00 · b288d6b0eb
commit b288d6b0eb
parent 8a2d5b12c3
2 changed files with 35 additions and 11 deletions
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@ -22,6 +22,7 @@ declare(strict_types=1);

 namespace FireflyIII\Http\Controllers\Admin;

+use FireflyIII\Api\V1\Requests\UserUpdateRequest;
 use FireflyIII\Http\Controllers\Controller;
 use FireflyIII\Http\Middleware\IsDemoUser;
 use FireflyIII\Http\Requests\UserFormRequest;
@ -36,8 +37,8 @@ use Log;
 */
 class UserController extends Controller
 {
-    /** @var UserRepositoryInterface */
-    private $repository;
+    private UserRepositoryInterface $repository;
+    protected bool                  $externalIdentity;

    /**
     * UserController constructor.
@ -56,17 +57,23 @@ class UserController extends Controller
            }
        );
        $this->middleware(IsDemoUser::class)->except(['index', 'show']);
+        $loginProvider          = config('firefly.login_provider');
+        $authGuard              = config('firefly.authentication_guard');
+        $this->externalIdentity = 'eloquent' !== $loginProvider || 'web' !== $authGuard;
    }

    /**
-     * Delete a user.
-     *
     * @param User $user
-     *
-     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
+     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|RedirectResponse|Redirector|\Illuminate\View\View
     */
    public function delete(User $user)
    {
+        if ($this->externalIdentity) {
+            request()->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
+
+            return redirect(route('admin.users'));
+        }
+
        $subTitle = (string) trans('firefly.delete_user', ['email' => $user->email]);

        return view('admin.users.delete', compact('user', 'subTitle'));
@ -81,6 +88,11 @@ class UserController extends Controller
     */
    public function destroy(User $user)
    {
+        if ($this->externalIdentity) {
+            request()->session()->flash('error', trans('firefly.external_user_mgt_disabled'));
+
+            return redirect(route('admin.users'));
+        }
        $this->repository->destroy($user);
        session()->flash('success', (string) trans('firefly.user_deleted'));

@ -96,6 +108,10 @@ class UserController extends Controller
     */
    public function edit(User $user)
    {
+        $canEditDetails = true;
+        if ($this->externalIdentity) {
+            $canEditDetails = false;
+        }
        // put previous url in session if not redirect from store (not "return_to_edit").
        if (true !== session('users.edit.fromUpdate')) {
            $this->rememberPreviousUri('users.edit.uri');
@ -113,7 +129,7 @@ class UserController extends Controller
            'email_changed' => (string) trans('firefly.block_code_email_changed'),
        ];

-        return view('admin.users.edit', compact('user', 'subTitle', 'subTitleIcon', 'codes', 'currentUser','isAdmin'));
+        return view('admin.users.edit', compact('user', 'canEditDetails', 'subTitle', 'subTitleIcon', 'codes', 'currentUser', 'isAdmin'));
    }

    /**
@ -179,8 +195,10 @@ class UserController extends Controller
        Log::debug('Actually here');
        $data = $request->getUserData();

+        var_dump($data);
+
        // update password
-        if ('' !== $data['password']) {
+        if (array_key_exists('password', $data) && '' !== $data['password']) {
            $this->repository->changePassword($user, $data['password']);
        }
        if (true === $data['is_owner']) {
--- a/resources/views/v1/admin/users/edit.twig
+++ b/resources/views/v1/admin/users/edit.twig
@ -17,9 +17,15 @@
                    <h3 class="box-title">{{ 'mandatoryFields'|_ }}</h3>
                </div>
                <div class="box-body">
-                    {{ ExpandedForm.text('email',null,{'helpText': trans('firefly.admin_update_email')}) }}
-                    {{ ExpandedForm.password('password') }}
-                    {{ ExpandedForm.password('password_confirmation') }}
+                    {% if canEditDetails %}
+                        {{ ExpandedForm.text('email',null,{'helpText': trans('firefly.admin_update_email')}) }}
+                        {{ ExpandedForm.password('password') }}
+                        {{ ExpandedForm.password('password_confirmation') }}
+                    {% else %}
+                        <input type="hidden" name="email" value="{{ user.email }}"/>
+                        <input type="hidden" name="password" value=""/>
+                        <input type="hidden" name="password_confirmation" value=""/>
+                    {% endif %}
                    {{ ExpandedForm.checkbox('blocked') }}
                    {{ ExpandedForm.select('blocked_code', codes, user.blocked_code) }}
                    {% if user.id != currentUser.id %}