KF2-Dev-Scripts/WebAdmin/Classes/QHMultiAdmin.uc

/**
 * Query handler for the multi admin access control.
 *
 * Copyright 2008 Epic Games, Inc. All Rights Reserved
 *
 * @author  Michiel 'elmuerte' Hendriks
 */
class QHMultiAdmin extends Object implements(IQueryHandler) config(WebAdmin)
	dependson(WebAdminUtils);

`include(WebAdmin.uci)

var MultiWebAdminAuth authModule;
var WebAdmin webadmin;

/**
 * A list of administrator names that are protected. These can not be deleted
 * at all. And can not be modified by themselves.
 */
var config array<string> protectedAdmins;

var string fullMenu;

//!localization
var localized string menuAdmins, menuAdminsDesc, msgCreatedAdmin, msgDupName,
	msgCantRemoveLast, msgCantDelete, msgRemovedAdmin, msgUnableToRemove,
	msgSavedAdmin, msgPassError, msgCannotDisableSelf, msgPrivLogEnabled,
	msgPrivLogDisabled;

function init(WebAdmin webapp)
{
	local int i;
	local string clsname;

	webadmin = webapp;
	clsname = class.getPackageName()$"."$class.name;
	if (authModule == none)
	{
		`Log("Authentication module is not MultiWebAdminAuth, unregistering QHMultiAdmin",,'WebAdmin');
		for (i = 0; i < webadmin.QueryHandlers.Length; i++)
		{
			if (webadmin.QueryHandlers[i] ~= clsname)
			{
				webadmin.QueryHandlers.Remove(i, 1);
				webadmin.SaveConfig();
				break;
			}
		}
		cleanup();
		return;
	}
	else {
		for (i = 0; i < webadmin.handlers.Length; i++)
		{
			if (webadmin.handlers[i] == self)
			{
				break;
			}
		}
		if (i == webadmin.handlers.Length)
		{
			webadmin.handlers[i] = self;
		}
	}
}

function cleanup()
{
	authModule = none;
	webadmin = none;
}

function bool producesXhtml()
{
	return true;
}

function bool handleQuery(WebAdminQuery q)
{
	if (authModule == none) return false;
	switch (q.request.URI)
	{
		case "/multiadmin":
			handleAdmins(q);
			return true;
	}
}

function bool unhandledQuery(WebAdminQuery q)
{
	return false;
}

function decoratePage(WebAdminQuery q);

function registerMenuItems(WebAdminMenu menu)
{
	if (authModule == none) return;
	menu.addMenu("/multiadmin", menuAdmins, self, menuAdminsDesc, 1000);
}

function handleAdmins(WebAdminQuery q)
{
	local string editAdmin;
	local string tmp;
	local array<string> tmpa;
	local int i;
	local MultiAdminData adminData;

	editAdmin = q.request.getVariable("adminid");

	if ((q.request.getVariable("action") ~= "create") || (q.request.getVariable("action") ~= "create administrator"))
	{
		if (len(editAdmin) > 0)
		{
			if (authModule.records.find('name', editAdmin) == INDEX_NONE)
			{
				adminData = new(none, editAdmin) class'MultiAdminData';
				editAdmin = string(adminData.name);
				adminData.SaveConfig();
				for (i = 0; i < authModule.records.length; i++)
				{
					if (caps(authModule.records[i].name) > caps(editAdmin))
					{
						authModule.records.insert(i, 1);
						authModule.records[i].name = editAdmin;
						authModule.records[i].data = adminData;
						break;
					}
				}
				if (i == authModule.records.length)
				{
					authModule.records.length = i+1;
					authModule.records[i].name = editAdmin;
					authModule.records[i].data = adminData;
				}
				webadmin.addMessage(q, repl(msgCreatedAdmin, "%s", editAdmin));
			}
			else {
				webadmin.addMessage(q, repl(msgDupName, "%s", editAdmin), MT_Error);
				editAdmin = "";
			}
		}
		else {
			webadmin.addMessage(q, "No name given.", MT_Error);
		}
	}

	if (q.request.getVariable("action") ~= "delete")
	{
		if (authModule.records.length <= 1)
		{
			webadmin.addMessage(q, msgCantRemoveLast, MT_Error);
		}
		else if (len(editAdmin) > 0)
		{
			if (!canDeleteAdmin(editAdmin, q.user))
			{
				webadmin.addMessage(q, repl(msgCantDelete, "%s", editAdmin), MT_Error);
			}
			else if (authModule.removeAdminRecord(editAdmin))
			{
				webadmin.addMessage(q, repl(msgRemovedAdmin, "%s", editAdmin));
			}
			else {
				webadmin.addMessage(q, repl(msgUnableToRemove, "%s", editAdmin), MT_Error);
			}
		}
	}

	tmp = "";
	for (i = 0; i < authModule.records.length; i++)
	{
		if (!canEditAdmin(authModule.records[i].name, q.user)) continue;
		q.response.subst("multiadmin.name", `HTMLEscape(authModule.records[i].name));
		if (authModule.records[i].name ~= editAdmin)
		{
			q.response.subst("multiadmin.selected", "selected=\"selected\"");
		}
		else {
			q.response.subst("multiadmin.selected", "");
		}
		// ensure loaded
		authModule.getRecord(authModule.records[i].name);
		if (authModule.records[i].data.bEnabled) {
			q.response.subst("multiadmin.class", "adminEnabled");
		}
		else {
			q.response.subst("multiadmin.class", "adminDisabled");
		}
		tmp $= webadmin.include(q, "multiadmin_admin_select.inc");
	}
	q.response.subst("admins", tmp);

	if (len(editAdmin) > 0)
	{
		adminData = authModule.getRecord(editAdmin);
	}
	q.response.subst("editor", "");
	if (adminData != none)
	{
		if (q.request.getVariable("privlog") ~= "privlog")
		{
			tmp = q.session.getString("privilege.log");
			if (tmp == "")
			{
				q.session.putString("privilege.log", "true");
				webadmin.addMessage(q, msgPrivLogEnabled);
			}
			else {
				q.session.putString("privilege.log", "");
				webadmin.addMessage(q, msgPrivLogDisabled);
			}
		}

		if (q.request.getVariable("action") ~= "save" && canEditAdmin(editAdmin, q.user))
		{
			tmp = q.request.getVariable("password1");
			if (tmp == q.request.getVariable("password2"))
			{
				if (len(tmp) > 0)
				{
					tmp = authModule.getPasswordHash(adminData, tmp);
					adminData.setPassword(tmp);
				}
				adminData.displayName = q.request.getVariable("displayname");

				tmp = q.request.getVariable("enabled");
				if (tmp ~= "1") {
					adminData.bEnabled = true;
				}
				else {
					if (q.user.getUserId() == editAdmin) {
						webadmin.addMessage(q, repl(msgCannotDisableSelf, "%s", editAdmin), MT_Warning);
					}
					else {
						// TODO: count enabled accounts
						adminData.bEnabled = false;
					}
				}

				ParseStringIntoArray(q.request.getVariable("allow"), tmpa, chr(10), true);
				adminData.allow.length = 0;
				for (i = 0; i < tmpa.length; i++)
				{
					tmp = `Trim(tmpa[i]);
					if (len(tmp) == 0) continue;
					adminData.allow[adminData.allow.length] = tmp;
				}

				ParseStringIntoArray(q.request.getVariable("deny"), tmpa, chr(10), true);
				adminData.deny.length = 0;
				for (i = 0; i < tmpa.length; i++)
				{
					tmp = `Trim(tmpa[i]);
					if (len(tmp) == 0) continue;
					adminData.deny[adminData.deny.length] = tmp;
				}

				if (q.request.getVariable("order") ~= "AllowDeny") {
					adminData.order = AllowDeny;
				}
				else {
					adminData.order = DenyAllow;
				}

				adminData.saveconfig();
				adminData.clearAuthCache();
				webadmin.addMessage(q, msgSavedAdmin);
			}
			else {
				webadmin.addMessage(q, msgPassError, MT_Error);
			}
		}

		q.response.subst("adminid", `HTMLEscape(adminData.name));
		q.response.subst("displayname", `HTMLEscape(adminData.displayName));
		if (adminData.bEnabled)
		{
			q.response.subst("enabled.true", "checked=\"checked\"");
			q.response.subst("enabled.false", "");
		}
		else {
			q.response.subst("enabled.true", "");
			q.response.subst("enabled.false", "checked=\"checked\"");
		}
		if (adminData.order == DenyAllow)
		{
			q.response.subst("order.denyallow", "checked=\"checked\"");
			q.response.subst("order.allowdeny", "");
		}
		else if (adminData.order == AllowDeny)
		{
			q.response.subst("order.allowdeny", "checked=\"checked\"");
			q.response.subst("order.denyallow", "");
		}
		else {
			q.response.subst("order.denyallow", "");
			q.response.subst("order.allowdeny", "");
		}
		tmp = "";
		for (i = 0; i < adminData.allow.length; i++)
		{
			if (len(tmp) > 0) tmp $= chr(10);
			tmp $= adminData.allow[i];
		}
		q.response.subst("allow", tmp);
		tmp = "";
		for (i = 0; i < adminData.deny.length; i++)
		{
			if (len(tmp) > 0) tmp $= chr(10);
			tmp $= adminData.deny[i];
		}
		q.response.subst("deny", tmp);

		if (!canDeleteAdmin(string(adminData.name), q.user))
		{
			q.response.subst("allowdelete", "disabled=\"disabled\"");
		}
		else {
			q.response.subst("allowdelete", "");
		}

		if (len(fullMenu) == 0)
		{
			fullMenu = webadmin.menu.render("/multiadmin_editor_menu.inc", "/multiadmin_editor_menuitem.inc");
		}
		q.response.subst("menueditor", fullMenu);

		q.response.subst("editor", webadmin.include(q, "multiadmin_editor.inc"));
	}

	webadmin.sendPage(q, "multiadmin.html");
}

/**
 * True if the user can be deleted. Users can not delete themselves.
 */
function bool canDeleteAdmin(string adminName, IWebAdminUser me)
{
    `if(`WITH_CLEAR_CONFIG)
	if (protectedAdmins.find(adminName) != INDEX_NONE)
	{
		return false;
	}
	if (me.getUserid() ~= adminName)
	{
		return false;
	}
	return true;
	`else
	return false;
	`endif
}

/**
 * True if the user can be edited. Users can edit themselves if they are protected.
 */
function bool canEditAdmin(string adminName, IWebAdminUser me)
{
	if (protectedAdmins.find(adminName) != INDEX_NONE)
	{
		if (me.getUserid() ~= adminName)
		{
			return true;
		}
		return false;
	}
	return true;
}

defaultproperties
{
}
upload 2020-12-13 15:01:13 +00:00			`/**`
			`* Query handler for the multi admin access control.`
			`*`
			`* Copyright 2008 Epic Games, Inc. All Rights Reserved`
			`*`
			`* @author Michiel 'elmuerte' Hendriks`
			`*/`
			`class QHMultiAdmin extends Object implements(IQueryHandler) config(WebAdmin)`
			`dependson(WebAdminUtils);`

			`include(WebAdmin.uci)

			`var MultiWebAdminAuth authModule;`
			`var WebAdmin webadmin;`

			`/**`
			`* A list of administrator names that are protected. These can not be deleted`
			`* at all. And can not be modified by themselves.`
			`*/`
			`var config array<string> protectedAdmins;`

			`var string fullMenu;`

			`//!localization`
			`var localized string menuAdmins, menuAdminsDesc, msgCreatedAdmin, msgDupName,`
			`msgCantRemoveLast, msgCantDelete, msgRemovedAdmin, msgUnableToRemove,`
			`msgSavedAdmin, msgPassError, msgCannotDisableSelf, msgPrivLogEnabled,`
			`msgPrivLogDisabled;`

			`function init(WebAdmin webapp)`
			`{`
			`local int i;`
			`local string clsname;`

			`webadmin = webapp;`
			`clsname = class.getPackageName()$"."$class.name;`
			`if (authModule == none)`
			`{`
			`Log("Authentication module is not MultiWebAdminAuth, unregistering QHMultiAdmin",,'WebAdmin');
			`for (i = 0; i < webadmin.QueryHandlers.Length; i++)`
			`{`
			`if (webadmin.QueryHandlers[i] ~= clsname)`
			`{`
			`webadmin.QueryHandlers.Remove(i, 1);`
			`webadmin.SaveConfig();`
			`break;`
			`}`
			`}`
			`cleanup();`
			`return;`
			`}`
			`else {`
			`for (i = 0; i < webadmin.handlers.Length; i++)`
			`{`
			`if (webadmin.handlers[i] == self)`
			`{`
			`break;`
			`}`
			`}`
			`if (i == webadmin.handlers.Length)`
			`{`
			`webadmin.handlers[i] = self;`
			`}`
			`}`
			`}`

			`function cleanup()`
			`{`
			`authModule = none;`
			`webadmin = none;`
			`}`

			`function bool producesXhtml()`
			`{`
			`return true;`
			`}`

			`function bool handleQuery(WebAdminQuery q)`
			`{`
			`if (authModule == none) return false;`
			`switch (q.request.URI)`
			`{`
			`case "/multiadmin":`
			`handleAdmins(q);`
			`return true;`
			`}`
			`}`

			`function bool unhandledQuery(WebAdminQuery q)`
			`{`
			`return false;`
			`}`

			`function decoratePage(WebAdminQuery q);`

			`function registerMenuItems(WebAdminMenu menu)`
			`{`
			`if (authModule == none) return;`
			`menu.addMenu("/multiadmin", menuAdmins, self, menuAdminsDesc, 1000);`
			`}`

			`function handleAdmins(WebAdminQuery q)`
			`{`
			`local string editAdmin;`
			`local string tmp;`
			`local array<string> tmpa;`
			`local int i;`
			`local MultiAdminData adminData;`

			`editAdmin = q.request.getVariable("adminid");`

			`if ((q.request.getVariable("action") ~= "create") \|\| (q.request.getVariable("action") ~= "create administrator"))`
			`{`
			`if (len(editAdmin) > 0)`
			`{`
			`if (authModule.records.find('name', editAdmin) == INDEX_NONE)`
			`{`
			`adminData = new(none, editAdmin) class'MultiAdminData';`
			`editAdmin = string(adminData.name);`
			`adminData.SaveConfig();`
			`for (i = 0; i < authModule.records.length; i++)`
			`{`
			`if (caps(authModule.records[i].name) > caps(editAdmin))`
			`{`
			`authModule.records.insert(i, 1);`
			`authModule.records[i].name = editAdmin;`
			`authModule.records[i].data = adminData;`
			`break;`
			`}`
			`}`
			`if (i == authModule.records.length)`
			`{`
			`authModule.records.length = i+1;`
			`authModule.records[i].name = editAdmin;`
			`authModule.records[i].data = adminData;`
			`}`
			`webadmin.addMessage(q, repl(msgCreatedAdmin, "%s", editAdmin));`
			`}`
			`else {`
			`webadmin.addMessage(q, repl(msgDupName, "%s", editAdmin), MT_Error);`
			`editAdmin = "";`
			`}`
			`}`
			`else {`
			`webadmin.addMessage(q, "No name given.", MT_Error);`
			`}`
			`}`

			`if (q.request.getVariable("action") ~= "delete")`
			`{`
			`if (authModule.records.length <= 1)`
			`{`
			`webadmin.addMessage(q, msgCantRemoveLast, MT_Error);`
			`}`
			`else if (len(editAdmin) > 0)`
			`{`
			`if (!canDeleteAdmin(editAdmin, q.user))`
			`{`
			`webadmin.addMessage(q, repl(msgCantDelete, "%s", editAdmin), MT_Error);`
			`}`
			`else if (authModule.removeAdminRecord(editAdmin))`
			`{`
			`webadmin.addMessage(q, repl(msgRemovedAdmin, "%s", editAdmin));`
			`}`
			`else {`
			`webadmin.addMessage(q, repl(msgUnableToRemove, "%s", editAdmin), MT_Error);`
			`}`
			`}`
			`}`

			`tmp = "";`
			`for (i = 0; i < authModule.records.length; i++)`
			`{`
			`if (!canEditAdmin(authModule.records[i].name, q.user)) continue;`
			q.response.subst("multiadmin.name", `HTMLEscape(authModule.records[i].name));
			`if (authModule.records[i].name ~= editAdmin)`
			`{`
			`q.response.subst("multiadmin.selected", "selected=\"selected\"");`
			`}`
			`else {`
			`q.response.subst("multiadmin.selected", "");`
			`}`
			`// ensure loaded`
			`authModule.getRecord(authModule.records[i].name);`
			`if (authModule.records[i].data.bEnabled) {`
			`q.response.subst("multiadmin.class", "adminEnabled");`
			`}`
			`else {`
			`q.response.subst("multiadmin.class", "adminDisabled");`
			`}`
			`tmp $= webadmin.include(q, "multiadmin_admin_select.inc");`
			`}`
			`q.response.subst("admins", tmp);`

			`if (len(editAdmin) > 0)`
			`{`
			`adminData = authModule.getRecord(editAdmin);`
			`}`
			`q.response.subst("editor", "");`
			`if (adminData != none)`
			`{`
			`if (q.request.getVariable("privlog") ~= "privlog")`
			`{`
			`tmp = q.session.getString("privilege.log");`
			`if (tmp == "")`
			`{`
			`q.session.putString("privilege.log", "true");`
			`webadmin.addMessage(q, msgPrivLogEnabled);`
			`}`
			`else {`
			`q.session.putString("privilege.log", "");`
			`webadmin.addMessage(q, msgPrivLogDisabled);`
			`}`
			`}`

			`if (q.request.getVariable("action") ~= "save" && canEditAdmin(editAdmin, q.user))`
			`{`
			`tmp = q.request.getVariable("password1");`
			`if (tmp == q.request.getVariable("password2"))`
			`{`
			`if (len(tmp) > 0)`
			`{`
			`tmp = authModule.getPasswordHash(adminData, tmp);`
			`adminData.setPassword(tmp);`
			`}`
			`adminData.displayName = q.request.getVariable("displayname");`

			`tmp = q.request.getVariable("enabled");`
			`if (tmp ~= "1") {`
			`adminData.bEnabled = true;`
			`}`
			`else {`
			`if (q.user.getUserId() == editAdmin) {`
			`webadmin.addMessage(q, repl(msgCannotDisableSelf, "%s", editAdmin), MT_Warning);`
			`}`
			`else {`
			`// TODO: count enabled accounts`
			`adminData.bEnabled = false;`
			`}`
			`}`

			`ParseStringIntoArray(q.request.getVariable("allow"), tmpa, chr(10), true);`
			`adminData.allow.length = 0;`
			`for (i = 0; i < tmpa.length; i++)`
			`{`
			tmp = `Trim(tmpa[i]);
			`if (len(tmp) == 0) continue;`
			`adminData.allow[adminData.allow.length] = tmp;`
			`}`

			`ParseStringIntoArray(q.request.getVariable("deny"), tmpa, chr(10), true);`
			`adminData.deny.length = 0;`
			`for (i = 0; i < tmpa.length; i++)`
			`{`
			tmp = `Trim(tmpa[i]);
			`if (len(tmp) == 0) continue;`
			`adminData.deny[adminData.deny.length] = tmp;`
			`}`

			`if (q.request.getVariable("order") ~= "AllowDeny") {`
			`adminData.order = AllowDeny;`
			`}`
			`else {`
			`adminData.order = DenyAllow;`
			`}`

			`adminData.saveconfig();`
			`adminData.clearAuthCache();`
			`webadmin.addMessage(q, msgSavedAdmin);`
			`}`
			`else {`
			`webadmin.addMessage(q, msgPassError, MT_Error);`
			`}`
			`}`

			q.response.subst("adminid", `HTMLEscape(adminData.name));
			q.response.subst("displayname", `HTMLEscape(adminData.displayName));
			`if (adminData.bEnabled)`
			`{`
			`q.response.subst("enabled.true", "checked=\"checked\"");`
			`q.response.subst("enabled.false", "");`
			`}`
			`else {`
			`q.response.subst("enabled.true", "");`
			`q.response.subst("enabled.false", "checked=\"checked\"");`
			`}`
			`if (adminData.order == DenyAllow)`
			`{`
			`q.response.subst("order.denyallow", "checked=\"checked\"");`
			`q.response.subst("order.allowdeny", "");`
			`}`
			`else if (adminData.order == AllowDeny)`
			`{`
			`q.response.subst("order.allowdeny", "checked=\"checked\"");`
			`q.response.subst("order.denyallow", "");`
			`}`
			`else {`
			`q.response.subst("order.denyallow", "");`
			`q.response.subst("order.allowdeny", "");`
			`}`
			`tmp = "";`
			`for (i = 0; i < adminData.allow.length; i++)`
			`{`
			`if (len(tmp) > 0) tmp $= chr(10);`
			`tmp $= adminData.allow[i];`
			`}`
			`q.response.subst("allow", tmp);`
			`tmp = "";`
			`for (i = 0; i < adminData.deny.length; i++)`
			`{`
			`if (len(tmp) > 0) tmp $= chr(10);`
			`tmp $= adminData.deny[i];`
			`}`
			`q.response.subst("deny", tmp);`

			`if (!canDeleteAdmin(string(adminData.name), q.user))`
			`{`
			`q.response.subst("allowdelete", "disabled=\"disabled\"");`
			`}`
			`else {`
			`q.response.subst("allowdelete", "");`
			`}`

			`if (len(fullMenu) == 0)`
			`{`
			`fullMenu = webadmin.menu.render("/multiadmin_editor_menu.inc", "/multiadmin_editor_menuitem.inc");`
			`}`
			`q.response.subst("menueditor", fullMenu);`

			`q.response.subst("editor", webadmin.include(q, "multiadmin_editor.inc"));`
			`}`

			`webadmin.sendPage(q, "multiadmin.html");`
			`}`

			`/**`
			`* True if the user can be deleted. Users can not delete themselves.`
			`*/`
			`function bool canDeleteAdmin(string adminName, IWebAdminUser me)`
			`{`
			`if(`WITH_CLEAR_CONFIG)
			`if (protectedAdmins.find(adminName) != INDEX_NONE)`
			`{`
			`return false;`
			`}`
			`if (me.getUserid() ~= adminName)`
			`{`
			`return false;`
			`}`
			`return true;`
			`else
			`return false;`
			`endif
			`}`

			`/**`
			`* True if the user can be edited. Users can edit themselves if they are protected.`
			`*/`
			`function bool canEditAdmin(string adminName, IWebAdminUser me)`
			`{`
			`if (protectedAdmins.find(adminName) != INDEX_NONE)`
			`{`
			`if (me.getUserid() ~= adminName)`
			`{`
			`return true;`
			`}`
			`return false;`
			`}`
			`return true;`
			`}`

			`defaultproperties`
			`{`
			`}`