feat: token list tab working

2025-12-06 09:38:23 +01:00 · 2025-06-23 16:32:34 +02:00
parent c46f09cac8
commit 42fceb4d05
3 changed files with 247 additions and 0 deletions
--- a/htdocs/core/lib/usergroups.lib.php
+++ b/htdocs/core/lib/usergroups.lib.php
@@ -226,6 +226,13 @@ function user_prepare_head(User $object)
 		$h++;
 	}

+	if (!empty($object->api_key)) {
+		$head[$h][0] = DOL_URL_ROOT.'/user/api_token/list.php?id='.$object->id;
+		$head[$h][1] = $langs->trans("ApiToken");
+		$head[$h][2] = 'apitoken';
+		$h++;
+	}
+
 	complete_head_from_modules($conf, $langs, $object, $head, $h, 'user', 'remove');

 	return $head;
--- a/htdocs/langs/en_US/users.lang
+++ b/htdocs/langs/en_US/users.lang
@@ -144,3 +144,6 @@ CloneCategoriesUser=Clone the user's categories
 ConfirmUserClone=Are you sure you want to clone the user: <b>%s</b>?
 NewEmailUserClone=Email address of the new user
 SocialNetworksUser=Social networks for user
+ApiToken=Api token
+ListOfTokensForUser=List of tokens for this user
+NumberOfPermissions=Number of permissions
--- a/htdocs/user/api_token/list.php
+++ b/htdocs/user/api_token/list.php
@@ -0,0 +1,237 @@
+<?php
+/* Copyright (C) 2005-2017  Laurent Destailleur         <eldy@users.sourceforge.net>
+ * Copyright (C) 2010-2015  Regis Houssin               <regis.houssin@inodbox.com>
+ * Copyright (C) 2013	    Florian Henry               <florian.henry@open-concept.pro.com>
+ * Copyright (C) 2018       Ferran Marcet               <fmarcet@2byte.es>
+ * Copyright (C) 2024       Frédéric France             <frederic.france@free.fr>
+ * Copyright (C) 2024-2025	MDW							<mdeweerd@users.noreply.github.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/**
+ *       \file       htdocs/user/param_ihm.php
+ *       \brief      Page to show user setup for display
+ */
+
+// Load Dolibarr environment
+require '../../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/lib/usergroups.lib.php';
+require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php';
+
+/**
+ * @var Conf $conf
+ * @var DoliDB $db
+ * @var HookManager $hookmanager
+ * @var Translate $langs
+ * @var User $user
+ */
+
+// Load translation files required by page
+$langs->loadLangs(array('companies', 'products', 'admin', 'users', 'languages', 'projects', 'members'));
+
+// Defini si peux lire/modifier permissions
+$canreaduser = ($user->admin || $user->hasRight("user", "user", "read"));
+$caneditfield = false;
+
+$id = GETPOSTINT('id');
+$action = GETPOST('action', 'aZ09');
+$contextpage = GETPOST('contextpage', 'aZ') ? GETPOST('contextpage', 'aZ') : 'userihm'; // To manage different context of search
+
+if (!isset($id) || empty($id)) {
+	accessforbidden();
+}
+'@phan-var-force int<1,max> $id';
+
+// $user est le user qui edite, $id est l'id de l'utilisateur edite
+$caneditfield = ((($user->id == $id) && $user->hasRight("user", "self", "write"))
+	|| (($user->id != $id) && $user->hasRight("user", "user", "write")));
+
+
+// Security check
+$socid = 0;
+if ($user->socid > 0) {
+	$socid = $user->socid;
+}
+$feature2 = (($socid && $user->hasRight("user", "self", "write")) ? '' : 'user');
+
+// Initialize a technical object to manage hooks of page. Note that conf->hooks_modules contains an array of hook context
+$hookmanager->initHooks(array('usercard', 'userihm', 'globalcard'));
+
+$result = restrictedArea($user, 'user', $id, 'user&user', $feature2);
+if ($user->id != $id && !$canreaduser) {
+	accessforbidden();
+}
+
+$object = new User($db);
+$object->fetch($id, '', '', 1);
+$object->loadRights();
+
+$form = new Form($db);
+$formadmin = new FormAdmin($db);
+
+/*
+ * Actions
+ */
+
+$parameters = array('id' => $socid);
+$reshook = $hookmanager->executeHooks('doActions', $parameters, $object, $action); // Note that $action and $object may have been modified by some hooks
+if ($reshook < 0) {
+	setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
+}
+
+if (empty($reshook)) {
+	if ($action == 'update' && ($caneditfield || !empty($user->admin))) {
+		header('Location: '.$_SERVER["PHP_SELF"].'?id='.$id);
+		exit;
+	}
+}
+
+
+/*
+ * View
+ */
+
+$person_name = !empty($object->firstname) ? $object->lastname.", ".$object->firstname : $object->lastname;
+$title = $person_name." - ".$langs->trans('Card');
+$help_url = '';
+
+llxHeader('', $title, $help_url, '', 0, 0, '', '', '', 'mod-user page-card_param_ihm');
+
+$head = user_prepare_head($object);
+
+$title = $langs->trans("User");
+
+if ($action == 'edit') {
+	print '<form method="post" action="'.$_SERVER["PHP_SELF"].'">';
+	print '<input type="hidden" name="token" value="'.newToken().'">';
+	print '<input type="hidden" name="action" value="update">';
+	print '<input type="hidden" name="id" value="'.$id.'">';
+}
+
+print dol_get_fiche_head($head, 'apitoken', $title, -1, 'user');
+
+$linkback = '<a href="'.DOL_URL_ROOT.'/user/list.php?restore_lastsearch_values=1">'.$langs->trans("BackToList").'</a>';
+
+$morehtmlref = '<a href="'.DOL_URL_ROOT.'/user/vcard.php?id='.$object->id.'&output=file&file='.urlencode(dol_sanitizeFileName($object->getFullName($langs).'.vcf')).'" class="refid" rel="noopener">';
+$morehtmlref .= img_picto($langs->trans("Download").' '.$langs->trans("VCard"), 'vcard.png', 'class="valignmiddle marginleftonly paddingrightonly"');
+$morehtmlref .= '</a>';
+
+$urltovirtualcard = '/user/virtualcard.php?id='.((int) $object->id);
+$morehtmlref .= dolButtonToOpenUrlInDialogPopup('publicvirtualcard', $langs->transnoentitiesnoconv("PublicVirtualCardUrl").' - '.$object->getFullName($langs), img_picto($langs->trans("PublicVirtualCardUrl"), 'card', 'class="valignmiddle marginleftonly paddingrightonly"'), $urltovirtualcard, '', 'nohover');
+
+dol_banner_tab($object, 'id', $linkback, $user->hasRight("user", "user", "read") || $user->admin, 'rowid', 'ref', $morehtmlref);
+
+print '<div class="fichecenter">';
+
+print '<div class="underbanner clearboth"></div>';
+
+print '<table class="border centpercent tableforfield">';
+
+// Login
+print '<tr><td class="titlefield">'.$langs->trans("Login").'</td>';
+if (!empty($object->ldap_sid) && $object->status == 0) {
+	print '<td class="error">';
+	print $langs->trans("LoginAccountDisableInDolibarr");
+	print '</td>';
+} else {
+	print '<td>';
+	$addadmin = '';
+	if (property_exists($object, 'admin')) {
+		if (isModEnabled('multicompany') && !empty($object->admin) && empty($object->entity)) {
+			$addadmin .= img_picto($langs->trans("SuperAdministratorDesc"), "redstar", 'class="paddingleft valignmiddle"');
+		} elseif (!empty($object->admin)) {
+			$addadmin .= img_picto($langs->trans("AdministratorDesc"), "star", 'class="paddingleft valignmiddle"');
+		}
+	}
+	print showValueWithClipboardCPButton($object->login).$addadmin;
+	print '</td>';
+}
+print '</tr>'."\n";
+
+print '</table>';
+
+print '</div>';
+
+print dol_get_fiche_end();
+
+print '<!-- Token section -->'."\n";
+
+$morehtmlright = '';
+//if (!empty($moreoptions['showhideaddbutton']) && $conf->use_javascript_ajax) {
+$tmpurlforbutton = DOL_URL_ROOT.'/user/api_token/list.php?id='.$id.'&action=create';
+//	TODO Permissions ? $morehtmlright .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', $tmpurlforbutton, '', $permtoeditline);
+$morehtmlright .= dolGetButtonTitle($langs->trans('New'), '', 'fa fa-plus-circle', $tmpurlforbutton);
+//}
+
+print load_fiche_titre($langs->trans("ListOfTokensForUser"), $morehtmlright, '');
+
+// TODO : Build the hook management
+// Other form for add user to group
+//$parameters = array('caneditgroup' => $permissiontoeditgroup, 'groupslist' => $groupslist, 'exclude' => $exclude);
+//$reshook = $hookmanager->executeHooks('formAddUserToGroup', $parameters, $object, $action); // Note that $action and $object may have been modified by hook
+//print $hookmanager->resPrint;
+
+if (empty($reshook)) {
+
+	print '<!-- List of tokens of the user -->';
+	print '<table class="noborder centpercent">';
+	print '<tr class="liste_titre">';
+	print '<th class="liste_titre">'.$langs->trans("ApiToken").'</th>';
+	print '<th class="liste_titre">'.$langs->trans("Entity").'</th>';
+	print '<th class="liste_titre">'.$langs->trans("NumberOfPermissions").'</th>';
+	print '<th class="liste_titre">'.$langs->trans("DateCreation").'</th>';
+	print '<th class="liste_titre">'.$langs->trans("DateModification").'</th>';
+	print '</tr>';
+
+	$sql = "SELECT ot.token, ot.entity, ot.state, ot.datec, ot.tms";
+	$sql .= " FROM ".MAIN_DB_PREFIX."oauth_token as ot";
+	$sql .= " WHERE ot.fk_user = ".((int) $object->id);
+
+	$resql = $db->query($sql);
+
+	// List of groups of user
+	if ($db->num_rows($resql) > 0) {
+		while ($obj = $db->fetch_object($resql)) {
+			print '<tr class="oddeven">';
+			print '<td>';
+			print $obj->token;
+			print '</td>';
+			print '<td>';
+			print $obj->entity;
+			print '</td>';
+			print '<td>';
+			print $obj->state;
+			print '</td>';
+			print '<td>';
+			print $obj->datec;
+			print '</td>';
+			print '<td>';
+			print $obj->tms;
+			print '</td>';
+			print '</tr>';
+		}
+	} else {
+		print '<tr class="oddeven"><td colspan="2"><span class="opacitymedium">'.$langs->trans("None").'</span></td></tr>';
+	}
+
+	print "</table>";
+	print "<br>";
+}
+
+// End of page
+llxFooter();
+$db->close();