mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-05 16:14:11 +01:00
563 lines
19 KiB
PHP
563 lines
19 KiB
PHP
<?php
|
|
/**
|
|
* sysPass
|
|
*
|
|
* @author nuxsmin
|
|
* @link http://syspass.org
|
|
* @copyright 2012-2015 Rubén Domínguez nuxsmin@syspass.org
|
|
*
|
|
* This file is part of sysPass.
|
|
*
|
|
* sysPass is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* sysPass is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace SP\Controller;
|
|
|
|
defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
|
|
|
|
use SP\Account\Account;
|
|
use SP\Account\AccountHistory;
|
|
use SP\Api\ApiTokensUtil;
|
|
use SP\Core\Acl;
|
|
use SP\Core\ActionsInterface;
|
|
use SP\Core\Crypt;
|
|
use SP\Core\Exceptions\ItemException;
|
|
use SP\Core\Init;
|
|
use SP\Core\Plugin\PluginUtil;
|
|
use SP\Core\Session;
|
|
use SP\Core\SessionUtil;
|
|
use SP\Core\Template;
|
|
use SP\DataModel\AccountExtData;
|
|
use SP\DataModel\CategoryData;
|
|
use SP\DataModel\CustomerData;
|
|
use SP\DataModel\CustomFieldData;
|
|
use SP\DataModel\CustomFieldDefData;
|
|
use SP\DataModel\GroupData;
|
|
use SP\DataModel\ProfileData;
|
|
use SP\DataModel\TagData;
|
|
use SP\DataModel\UserData;
|
|
use SP\DataModel\UserPassData;
|
|
use SP\Http\Request;
|
|
use SP\Log\Log;
|
|
use SP\Mgmt\Categories\Category;
|
|
use SP\Mgmt\Customers\Customer;
|
|
use SP\Mgmt\CustomFields\CustomField;
|
|
use SP\Mgmt\CustomFields\CustomFieldDef;
|
|
use SP\Mgmt\CustomFields\CustomFieldTypes;
|
|
use SP\Mgmt\Files\FileUtil;
|
|
use SP\Mgmt\Groups\GroupUsers;
|
|
use SP\Mgmt\Plugins\Plugin;
|
|
use SP\Mgmt\PublicLinks\PublicLink;
|
|
use SP\Mgmt\Groups\Group;
|
|
use SP\Mgmt\Profiles\Profile;
|
|
use SP\Mgmt\Profiles\ProfileUtil;
|
|
use SP\Mgmt\Tags\Tag;
|
|
use SP\Mgmt\Users\User;
|
|
use SP\Mgmt\Users\UserPass;
|
|
use SP\Util\Checks;
|
|
use SP\Util\ImageUtil;
|
|
use SP\Util\Json;
|
|
use SP\Util\Util;
|
|
|
|
/**
|
|
* Class AccItemMgmt
|
|
*
|
|
* @package SP\Controller
|
|
*/
|
|
class ItemShowController extends ControllerBase implements ActionsInterface, ItemControllerInterface
|
|
{
|
|
use RequestControllerTrait;
|
|
|
|
/**
|
|
* Máximo numero de acciones antes de agrupar
|
|
*/
|
|
const MAX_NUM_ACTIONS = 3;
|
|
/**
|
|
* @var int
|
|
*/
|
|
private $module = 0;
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
* @param $template Template con instancia de plantilla
|
|
*/
|
|
public function __construct(Template $template = null)
|
|
{
|
|
parent::__construct($template);
|
|
|
|
$this->init();
|
|
|
|
$this->view->assign('isDemo', Checks::demoIsEnabled());
|
|
$this->view->assign('sk', SessionUtil::getSessionKey(true));
|
|
$this->view->assign('itemId', $this->itemId);
|
|
$this->view->assign('activeTab', $this->activeTab);
|
|
$this->view->assign('actionId', $this->actionId);
|
|
$this->view->assign('isView', false);
|
|
$this->view->assign('showViewPass', true);
|
|
}
|
|
|
|
/**
|
|
* Comprobar si la sesión está activa
|
|
*
|
|
* @throws \SP\Core\Exceptions\SPException
|
|
*/
|
|
protected function checkSession()
|
|
{
|
|
if (!Init::isLoggedIn()) {
|
|
Util::logout();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Realizar la acción solicitada en la la petición HTTP
|
|
*
|
|
* @param mixed $type Tipo de acción
|
|
*/
|
|
public function doAction($type = null)
|
|
{
|
|
try {
|
|
switch ($this->actionId) {
|
|
case self::ACTION_USR_USERS_VIEW:
|
|
$this->view->assign('header', _('Ver Usuario'));
|
|
$this->view->assign('isView', true);
|
|
$this->getUser();
|
|
break;
|
|
case self::ACTION_USR_USERS_EDIT:
|
|
$this->view->assign('header', _('Editar Usuario'));
|
|
$this->getUser();
|
|
break;
|
|
case self::ACTION_USR_USERS_EDITPASS:
|
|
$this->view->assign('header', _('Cambio de Clave'));
|
|
$this->getUserPass();
|
|
break;
|
|
case self::ACTION_USR_USERS_NEW:
|
|
$this->view->assign('header', _('Nuevo Usuario'));
|
|
$this->getUser();
|
|
break;
|
|
case self::ACTION_USR_GROUPS_VIEW:
|
|
$this->view->assign('header', _('Ver Grupo'));
|
|
$this->view->assign('isView', true);
|
|
$this->getGroup();
|
|
break;
|
|
case self::ACTION_USR_GROUPS_EDIT:
|
|
$this->view->assign('header', _('Editar Grupo'));
|
|
$this->getGroup();
|
|
break;
|
|
case self::ACTION_USR_GROUPS_NEW:
|
|
$this->view->assign('header', _('Nuevo Grupo'));
|
|
$this->getGroup();
|
|
break;
|
|
case self::ACTION_USR_PROFILES_VIEW:
|
|
$this->view->assign('header', _('Ver Perfil'));
|
|
$this->view->assign('isView', true);
|
|
$this->getProfile();
|
|
break;
|
|
case self::ACTION_USR_PROFILES_EDIT:
|
|
$this->view->assign('header', _('Editar Perfil'));
|
|
$this->getProfile();
|
|
break;
|
|
case self::ACTION_USR_PROFILES_NEW:
|
|
$this->view->assign('header', _('Nuevo Perfil'));
|
|
$this->getProfile();
|
|
break;
|
|
case self::ACTION_MGM_CUSTOMERS_VIEW:
|
|
$this->view->assign('header', _('Ver Cliente'));
|
|
$this->view->assign('isView', true);
|
|
$this->getCustomer();
|
|
break;
|
|
case self::ACTION_MGM_CUSTOMERS_EDIT:
|
|
$this->view->assign('header', _('Editar Cliente'));
|
|
$this->getCustomer();
|
|
break;
|
|
case self::ACTION_MGM_CUSTOMERS_NEW:
|
|
$this->view->assign('header', _('Nuevo Cliente'));
|
|
$this->getCustomer();
|
|
break;
|
|
case self::ACTION_MGM_CATEGORIES_VIEW:
|
|
$this->view->assign('header', _('Ver Categoría'));
|
|
$this->view->assign('isView', true);
|
|
$this->getCategory();
|
|
break;
|
|
case self::ACTION_MGM_CATEGORIES_EDIT:
|
|
$this->view->assign('header', _('Editar Categoría'));
|
|
$this->getCategory();
|
|
break;
|
|
case self::ACTION_MGM_CATEGORIES_NEW:
|
|
$this->view->assign('header', _('Nueva Categoría'));
|
|
$this->getCategory();
|
|
break;
|
|
case self::ACTION_MGM_APITOKENS_VIEW:
|
|
$this->view->assign('header', _('Ver Autorización'));
|
|
$this->view->assign('isView', true);
|
|
$this->getToken();
|
|
break;
|
|
case self::ACTION_MGM_APITOKENS_NEW:
|
|
$this->view->assign('header', _('Nueva Autorización'));
|
|
$this->getToken();
|
|
break;
|
|
case self::ACTION_MGM_APITOKENS_EDIT:
|
|
$this->view->assign('header', _('Editar Autorización'));
|
|
$this->getToken();
|
|
break;
|
|
case self::ACTION_MGM_CUSTOMFIELDS_NEW:
|
|
$this->view->assign('header', _('Nuevo Campo'));
|
|
$this->getCustomField();
|
|
break;
|
|
case self::ACTION_MGM_CUSTOMFIELDS_EDIT:
|
|
$this->view->assign('header', _('Editar Campo'));
|
|
$this->getCustomField();
|
|
break;
|
|
case self::ACTION_MGM_PUBLICLINKS_VIEW:
|
|
$this->view->assign('header', _('Ver Enlace Público'));
|
|
$this->view->assign('isView', true);
|
|
$this->getPublicLink();
|
|
break;
|
|
case self::ACTION_MGM_TAGS_NEW:
|
|
$this->view->assign('header', _('Nueva Etiqueta'));
|
|
$this->getTag();
|
|
break;
|
|
case self::ACTION_MGM_TAGS_EDIT:
|
|
$this->view->assign('header', _('Editar Etiqueta'));
|
|
$this->getTag();
|
|
break;
|
|
case self::ACTION_ACC_VIEW_PASS:
|
|
$this->view->assign('header', _('Clave de Cuenta'));
|
|
$this->getAccountPass();
|
|
break;
|
|
case self::ACTION_MGM_PLUGINS_VIEW:
|
|
$this->view->assign('header', _('Detalles de Plugin'));
|
|
$this->view->assign('isView', true);
|
|
$this->getPlugin();
|
|
break;
|
|
default:
|
|
$this->invalidAction();
|
|
}
|
|
|
|
if (count($this->jsonResponse->getData()) === 0) {
|
|
$this->jsonResponse->setData(['html' => $this->render()]);
|
|
}
|
|
} catch (\Exception $e) {
|
|
$this->jsonResponse->setDescription($e->getMessage());
|
|
}
|
|
|
|
Json::returnJson($this->jsonResponse);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de usuario
|
|
*
|
|
* @throws \SP\Core\Exceptions\SPException
|
|
*/
|
|
protected function getUser()
|
|
{
|
|
$this->module = self::ACTION_USR_USERS;
|
|
$this->view->addTemplate('users');
|
|
|
|
$this->view->assign('user', $this->itemId ? User::getItem()->getById($this->itemId) : new UserData());
|
|
$this->view->assign('isDisabled', ($this->view->isDemo || $this->view->actionId === self::ACTION_USR_USERS_VIEW) ? 'disabled' : '');
|
|
$this->view->assign('isReadonly', $this->view->isDisabled ? 'readonly' : '');
|
|
$this->view->assign('groups', Group::getItem()->getItemsForSelect());
|
|
$this->view->assign('profiles', Profile::getItem()->getItemsForSelect());
|
|
|
|
$this->getCustomFieldsForItem();
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener la lista de campos personalizados y sus valores
|
|
*/
|
|
protected function getCustomFieldsForItem()
|
|
{
|
|
$this->view->assign('customFields', CustomField::getItem(new CustomFieldData($this->module))->getById($this->itemId));
|
|
}
|
|
|
|
/**
|
|
* Inicializar la vista de cambio de clave de usuario
|
|
*/
|
|
protected function getUserPass()
|
|
{
|
|
$this->module = self::ACTION_USR_USERS;
|
|
$this->setAction(self::ACTION_USR_USERS_EDITPASS);
|
|
|
|
// Comprobar si el usuario a modificar es distinto al de la sesión
|
|
if ($this->itemId !== Session::getUserData()->getUserId() && !$this->checkAccess()) {
|
|
return;
|
|
}
|
|
|
|
$this->view->assign('user', User::getItem()->getById($this->itemId));
|
|
$this->view->addTemplate('userspass');
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de grupo
|
|
*/
|
|
protected function getGroup()
|
|
{
|
|
$this->module = self::ACTION_USR_GROUPS;
|
|
$this->view->addTemplate('groups');
|
|
|
|
$this->view->assign('group', $this->itemId ? Group::getItem()->getById($this->itemId) : new GroupData());
|
|
$this->view->assign('users', User::getItem()->getItemsForSelect());
|
|
$this->view->assign('groupUsers', GroupUsers::getItem()->getById($this->itemId));
|
|
|
|
$this->getCustomFieldsForItem();
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de perfil
|
|
*/
|
|
protected function getProfile()
|
|
{
|
|
$this->module = self::ACTION_USR_PROFILES;
|
|
$this->view->addTemplate('profiles');
|
|
|
|
$Profile = $this->itemId ? Profile::getItem()->getById($this->itemId) : new ProfileData();
|
|
|
|
$this->view->assign('profile', $Profile);
|
|
$this->view->assign('isDisabled', ($this->view->actionId === self::ACTION_USR_PROFILES_VIEW) ? 'disabled' : '');
|
|
$this->view->assign('isReadonly', $this->view->isDisabled ? 'readonly' : '');
|
|
|
|
if ($this->view->isView === true) {
|
|
$this->view->assign('usedBy', ProfileUtil::getProfileInUsersName($this->itemId));
|
|
}
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de cliente
|
|
*/
|
|
protected function getCustomer()
|
|
{
|
|
$this->module = self::ACTION_MGM_CUSTOMERS;
|
|
$this->view->addTemplate('customers');
|
|
|
|
$this->view->assign('customer', $this->itemId ? Customer::getItem()->getById($this->itemId) : new CustomerData());
|
|
$this->getCustomFieldsForItem();
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de categoría
|
|
*/
|
|
protected function getCategory()
|
|
{
|
|
$this->module = self::ACTION_MGM_CATEGORIES;
|
|
$this->view->addTemplate('categories');
|
|
|
|
$this->view->assign('category', $this->itemId ? Category::getItem()->getById($this->itemId) : new CategoryData());
|
|
$this->getCustomFieldsForItem();
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de tokens de API
|
|
*/
|
|
protected function getToken()
|
|
{
|
|
$this->module = self::ACTION_MGM_APITOKENS;
|
|
$this->view->addTemplate('tokens');
|
|
|
|
$token = ApiTokensUtil::getTokens($this->itemId, true);
|
|
|
|
$this->view->assign('users', User::getItem()->getItemsForSelect());
|
|
$this->view->assign('actions', ApiTokensUtil::getTokenActions());
|
|
$this->view->assign('token', $token);
|
|
$this->view->assign('gotData', is_object($token));
|
|
|
|
if ($this->view->isView === true) {
|
|
$msg = sprintf('%s ;;Usuario: %s', _('Token de autorización visualizado'), $token->user_login);
|
|
Log::writeNewLogAndEmail(_('Autorizaciones'), $msg);
|
|
}
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de campo personalizado
|
|
*/
|
|
protected function getCustomField()
|
|
{
|
|
$this->module = self::ACTION_MGM_CUSTOMFIELDS;
|
|
$this->view->addTemplate('customfields');
|
|
|
|
$customField = $this->itemId ? CustomFieldDef::getItem()->getById($this->itemId) : new CustomFieldDefData();
|
|
|
|
$this->view->assign('customField', $customField);
|
|
$this->view->assign('field', $customField);
|
|
$this->view->assign('types', CustomFieldTypes::getFieldsTypes());
|
|
$this->view->assign('modules', CustomFieldTypes::getFieldsModules());
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de enlace público
|
|
*
|
|
* @throws \SP\Core\Exceptions\SPException
|
|
*/
|
|
protected function getPublicLink()
|
|
{
|
|
$this->module = self::ACTION_MGM_PUBLICLINKS;
|
|
$this->view->addTemplate('publiclinks');
|
|
|
|
$PublicLink = PublicLink::getItem();
|
|
|
|
$this->view->assign('link', $PublicLink->getItemForList($PublicLink->getById($this->itemId)));
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la ficha de categoría
|
|
*
|
|
* @throws \SP\Core\Exceptions\SPException
|
|
*/
|
|
protected function getTag()
|
|
{
|
|
$this->module = self::ACTION_MGM_TAGS;
|
|
$this->view->addTemplate('tags');
|
|
|
|
$this->view->assign('tag', $this->itemId ? Tag::getItem()->getById($this->itemId) : new TagData());
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la vista de archivos de una cuenta
|
|
*/
|
|
protected function getAccountFiles()
|
|
{
|
|
$this->setAction(self::ACTION_ACC_FILES);
|
|
|
|
$this->view->assign('accountId', Request::analyze('id', 0));
|
|
$this->view->assign('deleteEnabled', Request::analyze('del', 0));
|
|
$this->view->assign('files', FileUtil::getAccountFiles($this->view->accountId));
|
|
|
|
if (!is_array($this->view->files) || count($this->view->files) === 0) {
|
|
return;
|
|
}
|
|
|
|
$this->view->addTemplate('files');
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
|
|
/**
|
|
* Mostrar la clave de una cuenta
|
|
*
|
|
* @throws ItemException
|
|
*/
|
|
public function getAccountPass()
|
|
{
|
|
$this->setAction(self::ACTION_ACC_VIEW_PASS);
|
|
|
|
$isHistory = Request::analyze('isHistory', false);
|
|
$isFull = Request::analyze('isFull', false);
|
|
|
|
$AccountData = new AccountExtData();
|
|
|
|
if (!$isHistory) {
|
|
$AccountData->setAccountId($this->itemId);
|
|
$Account = new Account($AccountData);
|
|
} else {
|
|
$Account = new AccountHistory($AccountData);
|
|
$Account->setId($this->itemId);
|
|
}
|
|
|
|
$Account->getAccountPassData();
|
|
|
|
if ($isHistory && !$Account->checkAccountMPass()) {
|
|
throw new ItemException(_('La clave maestra no coincide'));
|
|
}
|
|
|
|
$Acl = new Acl(Acl::ACTION_ACC_VIEW_PASS);
|
|
$Acl->setAccountData($Account->getAccountDataForACL());
|
|
|
|
$UserPass = new UserPass(new UserPassData());
|
|
$UserPass->getItemData()->setUserId(Session::getUserData()->getUserId());
|
|
|
|
if (!Acl::checkUserAccess(Acl::ACTION_ACC_VIEW_PASS) || !$Acl->checkAccountAccess()) {
|
|
throw new ItemException(_('No tiene permisos para acceder a esta cuenta'));
|
|
} elseif (!$UserPass->checkUserUpdateMPass()) {
|
|
throw new ItemException(_('Clave maestra actualizada') . '<br>' . _('Reinicie la sesión para cambiarla'));
|
|
}
|
|
|
|
$accountClearPass = Crypt::getDecrypt($AccountData->getAccountPass(), $AccountData->getAccountIV());
|
|
|
|
if (!$isHistory) {
|
|
$Account->incrementDecryptCounter();
|
|
|
|
$log = new Log(_('Ver Clave'));
|
|
$log->addDetails(_('ID'), $this->itemId);
|
|
$log->addDetails(_('Cuenta'), $AccountData->getCustomerName() . ' / ' . $AccountData->getAccountName());
|
|
$log->writeLog();
|
|
}
|
|
|
|
$useImage = (int)Checks::accountPassToImageIsEnabled();
|
|
|
|
if (!$useImage) {
|
|
$pass = $isFull ? htmlentities(trim($accountClearPass)) : trim($accountClearPass);
|
|
} else {
|
|
$pass = ImageUtil::convertText($accountClearPass);
|
|
}
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
|
|
if ($isFull) {
|
|
$this->view->addTemplate('viewpass', 'account');
|
|
|
|
$this->view->assign('login', $AccountData->getAccountLogin());
|
|
$this->view->assign('pass', $pass);
|
|
$this->view->assign('isImage', $useImage);
|
|
|
|
return;
|
|
}
|
|
|
|
$data = [
|
|
'acclogin' => $AccountData->getAccountLogin(),
|
|
'accpass' => $pass,
|
|
'useimage' => $useImage
|
|
];
|
|
|
|
$this->jsonResponse->setCsrf($this->view->sk);
|
|
$this->jsonResponse->setData($data);
|
|
}
|
|
|
|
/**
|
|
* Obtener los datos para la vista de plugins
|
|
*/
|
|
private function getPlugin()
|
|
{
|
|
$this->module = self::ACTION_MGM_PLUGINS;
|
|
$this->view->addTemplate('plugins');
|
|
|
|
$Plugin = Plugin::getItem()->getById($this->itemId);
|
|
|
|
$this->view->assign('isReadonly', $this->view->isView ? 'readonly' : '');
|
|
$this->view->assign('plugin', $Plugin);
|
|
$this->view->assign('pluginInfo', PluginUtil::getPluginInfo($Plugin->getPluginName()));
|
|
|
|
$this->jsonResponse->setStatus(0);
|
|
}
|
|
} |