Merge pull request #105 from Neraste/admin-validation-simple
New Feature: Optionally require an admin to approve the registration − new implementation
This commit is contained in:
Pellaeon Lin
GitHub
commit
3903e36b25
|
|
@ -149,7 +149,17 @@ class RegisterController extends Controller {
|
||||||
], 'guest');
|
], 'guest');
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->registrationService->loginUser($user->getUID(), $username, $password, false);
|
if ($user->isEnabled()) {
|
||||||
|
// log the user
|
||||||
|
return $this->registrationService->loginUser($user->getUID(), $username, $password, false);
|
||||||
|
} else {
|
||||||
|
// warn the user their account needs admin validation
|
||||||
|
return new TemplateResponse(
|
||||||
|
'registration',
|
||||||
|
'message',
|
||||||
|
array('msg' => $this->l10n->t("Your account has been successfully created, but it still needs approval from an administrator.")),
|
||||||
|
'guest');
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private function renderError($error, $hint="") {
|
private function renderError($error, $hint="") {
|
||||||
|
|
|
||||||
|
|
@ -47,14 +47,21 @@ class SettingsController extends Controller {
|
||||||
*
|
*
|
||||||
* @param string $registered_user_group all newly registered user will be put in this group
|
* @param string $registered_user_group all newly registered user will be put in this group
|
||||||
* @param string $allowed_domains Registrations are only allowed for E-Mailadresses with these domains
|
* @param string $allowed_domains Registrations are only allowed for E-Mailadresses with these domains
|
||||||
|
* @param bool $admin_approval_required newly registered users have to be validated by an admin
|
||||||
* @return DataResponse
|
* @return DataResponse
|
||||||
*/
|
*/
|
||||||
public function admin($registered_user_group, $allowed_domains) {
|
public function admin($registered_user_group, $allowed_domains, $admin_approval_required) {
|
||||||
|
// handle domains
|
||||||
if ( ( $allowed_domains==='' ) || ( $allowed_domains === NULL ) ){
|
if ( ( $allowed_domains==='' ) || ( $allowed_domains === NULL ) ){
|
||||||
$this->config->deleteAppValue($this->appName, 'allowed_domains');
|
$this->config->deleteAppValue($this->appName, 'allowed_domains');
|
||||||
}else{
|
}else{
|
||||||
$this->config->setAppValue($this->appName, 'allowed_domains', $allowed_domains);
|
$this->config->setAppValue($this->appName, 'allowed_domains', $allowed_domains);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// handle admin validation
|
||||||
|
$this->config->setAppValue($this->appName, 'admin_approval_required', $admin_approval_required ? "yes" : "no");
|
||||||
|
|
||||||
|
// handle groups
|
||||||
$groups = $this->groupmanager->search('');
|
$groups = $this->groupmanager->search('');
|
||||||
$group_id_list = array();
|
$group_id_list = array();
|
||||||
foreach ( $groups as $group ) {
|
foreach ( $groups as $group ) {
|
||||||
|
|
@ -92,17 +99,25 @@ class SettingsController extends Controller {
|
||||||
* @return TemplateResponse
|
* @return TemplateResponse
|
||||||
*/
|
*/
|
||||||
public function displayPanel() {
|
public function displayPanel() {
|
||||||
|
// handle groups
|
||||||
$groups = $this->groupmanager->search('');
|
$groups = $this->groupmanager->search('');
|
||||||
$group_id_list = [];
|
$group_id_list = [];
|
||||||
foreach ( $groups as $group ) {
|
foreach ( $groups as $group ) {
|
||||||
$group_id_list[] = $group->getGid();
|
$group_id_list[] = $group->getGid();
|
||||||
}
|
}
|
||||||
$current_value = $this->config->getAppValue($this->appName, 'registered_user_group', 'none');
|
$current_value = $this->config->getAppValue($this->appName, 'registered_user_group', 'none');
|
||||||
|
|
||||||
|
// handle domains
|
||||||
$allowed_domains = $this->config->getAppValue($this->appName, 'allowed_domains', '');
|
$allowed_domains = $this->config->getAppValue($this->appName, 'allowed_domains', '');
|
||||||
|
|
||||||
|
// handle admin validation
|
||||||
|
$admin_approval_required = $this->config->getAppValue($this->appName, 'admin_approval_required', "no");
|
||||||
|
|
||||||
return new TemplateResponse('registration', 'admin', [
|
return new TemplateResponse('registration', 'admin', [
|
||||||
'groups' => $group_id_list,
|
'groups' => $group_id_list,
|
||||||
'current' => $current_value,
|
'current' => $current_value,
|
||||||
'allowed' => $allowed_domains
|
'allowed' => $allowed_domains,
|
||||||
|
'approval_required' => $admin_approval_required
|
||||||
], '');
|
], '');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -38,6 +38,9 @@ OC.L10N.register(
|
||||||
"Email" : "E-Mail",
|
"Email" : "E-Mail",
|
||||||
"Request verification link" : "Bestätigungslink anfragen",
|
"Request verification link" : "Bestätigungslink anfragen",
|
||||||
"Please re-enter a valid email address" : "Bitte nochmals eine gültige E-Mail-Adresse angeben",
|
"Please re-enter a valid email address" : "Bitte nochmals eine gültige E-Mail-Adresse angeben",
|
||||||
"You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten"
|
"You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten",
|
||||||
|
"A new user \"%s\" has created an account on %s and awaits admin approbation" : "Ein neuer Benutzer \"%s\" hat ein Konto auf %s erstellt und erwarte den Administrator Approbation ",
|
||||||
|
"Your account has been successfully created, but it still needs approval from an administrator." : "Ihr Konto wurde erfolgreich erstellt, aber es muss von einem Administrator genehmigt werden.",
|
||||||
|
"Require admin approval?" : "Ist der Administrator Approbation erforderlich?"
|
||||||
},
|
},
|
||||||
"nplurals=2; plural=(n != 1);");
|
"nplurals=2; plural=(n != 1);");
|
||||||
|
|
|
||||||
|
|
@ -36,6 +36,9 @@
|
||||||
"Email" : "E-Mail",
|
"Email" : "E-Mail",
|
||||||
"Request verification link" : "Bestätigungslink anfragen",
|
"Request verification link" : "Bestätigungslink anfragen",
|
||||||
"Please re-enter a valid email address" : "Bitte nochmals eine gültige E-Mail-Adresse angeben",
|
"Please re-enter a valid email address" : "Bitte nochmals eine gültige E-Mail-Adresse angeben",
|
||||||
"You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten"
|
"You will receive an email with a verification link" : "Du wirst eine E-Mail mit einem Bestätigungslink erhalten",
|
||||||
|
"A new user \"%s\" has created an account on %s and awaits admin approbation" : "Ein neuer Benutzer \"%s\" hat ein Konto auf %s erstellt und erwarte den Administrator Approbation ",
|
||||||
|
"Your account has been successfully created, but it still needs approval from an administrator." : "Ihr Konto wurde erfolgreich erstellt, aber es muss von einem Administrator genehmigt werden.",
|
||||||
|
"Require admin approval?" : "Ist der Administrator Approbation erforderlich?"
|
||||||
},"pluralForm" :"nplurals=2; plural=(n != 1);"
|
},"pluralForm" :"nplurals=2; plural=(n != 1);"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,9 @@ OC.L10N.register(
|
||||||
"Email" : "Adresse courriel",
|
"Email" : "Adresse courriel",
|
||||||
"Request verification link" : "Demander un lien de vérification.",
|
"Request verification link" : "Demander un lien de vérification.",
|
||||||
"Please re-enter a valid email address" : "Veuillez indiquer une adresse courriel valide",
|
"Please re-enter a valid email address" : "Veuillez indiquer une adresse courriel valide",
|
||||||
"You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification"
|
"You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification",
|
||||||
|
"A new user \"%s\" has created an account on %s and awaits admin approbation" : "Un nouvel utilisateur \"%s\" a créé un compte sur %s et attend l'approbation d'un administrateur",
|
||||||
|
"Your account has been successfully created, but it still needs approval from an administrator." : "Votre compte a bien été créé, il doit maintenant être approuvé par un administrateur.",
|
||||||
|
"Require admin approval?" : "Nécessite l'approbation d'un administrateur ?"
|
||||||
},
|
},
|
||||||
"nplurals=2; plural=(n > 1);");
|
"nplurals=2; plural=(n > 1);");
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,9 @@
|
||||||
"Email" : "Adresse courriel",
|
"Email" : "Adresse courriel",
|
||||||
"Request verification link" : "Demander un lien de vérification.",
|
"Request verification link" : "Demander un lien de vérification.",
|
||||||
"Please re-enter a valid email address" : "Veuillez indiquer une adresse courriel valide",
|
"Please re-enter a valid email address" : "Veuillez indiquer une adresse courriel valide",
|
||||||
"You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification"
|
"You will receive an email with a verification link" : "Vous allez recevoir un courriel avec un lien de vérification",
|
||||||
|
"A new user \"%s\" has created an account on %s and awaits admin approbation" : "Un nouvel utilisateur \"%s\" a créé un compte sur %s et attend l'approbation d'un administrateur",
|
||||||
|
"Your account has been successfully created, but it still needs approval from an administrator." : "Votre compte a bien été créé, il doit maintenant être approuvé par un administrateur.",
|
||||||
|
"Require admin approval?" : "Nécessite l'approbation d'un administrateur ?"
|
||||||
},"pluralForm" :"nplurals=2; plural=(n > 1);"
|
},"pluralForm" :"nplurals=2; plural=(n > 1);"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,9 @@ OC.L10N.register(
|
||||||
"Email" : "メール",
|
"Email" : "メール",
|
||||||
"Request verification link" : "確認URLリンクをリクエスト",
|
"Request verification link" : "確認URLリンクをリクエスト",
|
||||||
"Please re-enter a valid email address" : "有効なメールアドレスを再度入力してください。",
|
"Please re-enter a valid email address" : "有効なメールアドレスを再度入力してください。",
|
||||||
"You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。"
|
"You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。",
|
||||||
|
"A new user \"%s\" has created an account on %s and awaits admin approbation" : "新しいユーザー \"%s\" を アカウント名 \"%s\" として作成しました、今管理者の承認は必要です",
|
||||||
|
"Your account has been successfully created, but it still needs approval from an administrator." : "アカウントは作成成功しましたけど、管理者の承認は必要です。",
|
||||||
|
"Require admin approval?" : "管理者の承認は必要ですか"
|
||||||
},
|
},
|
||||||
"nplurals=1; plural=0;");
|
"nplurals=1; plural=0;");
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,9 @@
|
||||||
"Email" : "メール",
|
"Email" : "メール",
|
||||||
"Request verification link" : "確認URLリンクをリクエスト",
|
"Request verification link" : "確認URLリンクをリクエスト",
|
||||||
"Please re-enter a valid email address" : "有効なメールアドレスを再度入力してください。",
|
"Please re-enter a valid email address" : "有効なメールアドレスを再度入力してください。",
|
||||||
"You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。"
|
"You will receive an email with a verification link" : "確認URLの入ったメールをお送り致します。",
|
||||||
|
"A new user \"%s\" has created an account on %s and awaits admin approbation" : "新しいユーザー \"%s\" を アカウント名 \"%s\" として作成しました、今管理者の承認は必要です",
|
||||||
|
"Your account has been successfully created, but it still needs approval from an administrator." : "アカウントは作成成功しましたけど、管理者の承認は必要です。",
|
||||||
|
"Require admin approval?" : "管理者の承認は必要ですか"
|
||||||
},"pluralForm" :"nplurals=1; plural=0;"
|
},"pluralForm" :"nplurals=1; plural=0;"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -106,10 +106,25 @@ class MailService {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $userId
|
* @param string $userId
|
||||||
|
* @param string $userGroupId
|
||||||
|
* @param bool $userIsEnabled
|
||||||
*/
|
*/
|
||||||
public function notifyAdmins($userId) {
|
public function notifyAdmins($userId, $userIsEnabled, $userGroupId) {
|
||||||
// Notify admin
|
// Notify admin
|
||||||
$admin_users = $this->groupManager->get('admin')->getUsers();
|
$admin_users = $this->groupManager->get('admin')->getUsers();
|
||||||
|
|
||||||
|
// if the user is disabled and belongs to a group
|
||||||
|
// add subadmins of this group to notification list
|
||||||
|
if (!$userIsEnabled and $userGroupId) {
|
||||||
|
$group = $this->groupManager->get($userGroupId);
|
||||||
|
$subadmin_users = $this->groupManager->getSubAdmin()->getGroupsSubAdmins($group);
|
||||||
|
foreach ($subadmin_users as $user) {
|
||||||
|
if (!in_array($user, $admin_users)) {
|
||||||
|
$admin_users[] = $user;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$to_arr = array();
|
$to_arr = array();
|
||||||
foreach ( $admin_users as $au ) {
|
foreach ( $admin_users as $au ) {
|
||||||
$au_email = $au->getEMailAddress();
|
$au_email = $au->getEMailAddress();
|
||||||
|
|
@ -118,7 +133,7 @@ class MailService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
$this->sendNewUserNotifEmail($to_arr, $userId);
|
$this->sendNewUserNotifEmail($to_arr, $userId, $userIsEnabled);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$this->logger->error('Sending admin notification email failed: '. $e->getMessage());
|
$this->logger->error('Sending admin notification email failed: '. $e->getMessage());
|
||||||
}
|
}
|
||||||
|
|
@ -128,16 +143,27 @@ class MailService {
|
||||||
* Sends new user notification email to admin
|
* Sends new user notification email to admin
|
||||||
* @param array $to
|
* @param array $to
|
||||||
* @param string $username the new user
|
* @param string $username the new user
|
||||||
|
* @param bool $userIsEnabled the new user account is enabled
|
||||||
* @throws \Exception
|
* @throws \Exception
|
||||||
*/
|
*/
|
||||||
private function sendNewUserNotifEmail(array $to, $username) {
|
private function sendNewUserNotifEmail(array $to, $username, $userIsEnabled) {
|
||||||
$template_var = [
|
$template_var = [
|
||||||
'user' => $username,
|
'user' => $username,
|
||||||
'sitename' => $this->defaults->getName()
|
'sitename' => $this->defaults->getName()
|
||||||
];
|
];
|
||||||
$html_template = new TemplateResponse('registration', 'email.newuser_html', $template_var, 'blank');
|
|
||||||
|
// handle user enableness
|
||||||
|
if ($userIsEnabled) {
|
||||||
|
$html_template_file = 'email.newuser_html';
|
||||||
|
$plaintext_template_file = 'email.newuser_plaintext';
|
||||||
|
} else {
|
||||||
|
$html_template_file = 'email.newuser.disabled_html';
|
||||||
|
$plaintext_template_file = 'email.newuser.disabled_plaintext';
|
||||||
|
}
|
||||||
|
|
||||||
|
$html_template = new TemplateResponse('registration', $html_template_file, $template_var, 'blank');
|
||||||
$html_part = $html_template->render();
|
$html_part = $html_template->render();
|
||||||
$plaintext_template = new TemplateResponse('registration', 'email.newuser_plaintext', $template_var, 'blank');
|
$plaintext_template = new TemplateResponse('registration', $plaintext_template_file, $template_var, 'blank');
|
||||||
$plaintext_part = $plaintext_template->render();
|
$plaintext_part = $plaintext_template->render();
|
||||||
$subject = $this->l10n->t('A new user "%s" has created an account on %s', [$username, $this->defaults->getName()]);
|
$subject = $this->l10n->t('A new user "%s" has created an account on %s', [$username, $this->defaults->getName()]);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -288,9 +288,18 @@ class RegistrationService {
|
||||||
try {
|
try {
|
||||||
$group = $this->groupManager->get($registered_user_group);
|
$group = $this->groupManager->get($registered_user_group);
|
||||||
$group->addUser($user);
|
$group->addUser($user);
|
||||||
|
$groupId = $group->getGID();
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
throw new RegistrationException($e->getMessage());
|
throw new RegistrationException($e->getMessage());
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$groupId = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
// disable user if this is requested by config
|
||||||
|
$admin_approval_required = $this->config->getAppValue($this->appName, 'admin_approval_required', "no");
|
||||||
|
if ($admin_approval_required == "yes") {
|
||||||
|
$user->setEnabled(false);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete pending registration if no client secret is stored
|
// Delete pending registration if no client secret is stored
|
||||||
|
|
@ -301,7 +310,7 @@ class RegistrationService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->mailService->notifyAdmins($userId);
|
$this->mailService->notifyAdmins($userId, $user->isEnabled(), $groupId);
|
||||||
return $user;
|
return $user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,4 +23,9 @@ foreach ( $_['groups'] as $group ) {
|
||||||
<em><?php p($l->t('Enter a semicolon-separated list of allowed domains. Example: owncloud.com;github.com'));?></em>
|
<em><?php p($l->t('Enter a semicolon-separated list of allowed domains. Example: owncloud.com;github.com'));?></em>
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
<label for="admin_approval_required"><?php p($l->t('Require admin approval?')); ?>
|
||||||
|
<input type="checkbox" id="admin_approval_required" name="admin_approval_required" <?php if($_['approval_required'] == "yes" ) echo " checked"; ?>>
|
||||||
|
</label>
|
||||||
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,2 @@
|
||||||
|
<?php
|
||||||
|
echo $l->t('A new user "%s" has created an account on %s and awaits admin approbation', [$_['user'], $_['sitename']]);
|
||||||
|
|
@ -0,0 +1,2 @@
|
||||||
|
<?php
|
||||||
|
echo $l->t('A new user "%s" has created an account on %s and awaits admin approbation', [$_['user'], $_['sitename']]);
|
||||||
Loading…
Reference in New Issue