Now with added Sugo!

public/index.php

@@ -10,5 +10,6 @@
 echo $template->render('index', [
 	'uid' => $_SESSION['uid'],
 	'id' => $_SESSION['id'],
-	'name' => $_SESSION['cn']
+	'name' => $_SESSION['cn'],
+	'hasSignedSIR' => $_SESSION['signedsir'],
 ]);

public/sir.php

@@ -9,7 +9,7 @@
 
 require '..' . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
 Authentication::requireLogin();
-if (!Authentication::isAdmin()) {
+if (!Authentication::isAdmin() && !isset($_GET['uid']) && $_GET['uid'] !== $_SESSION['uid']) {
 	$template = Template::create();
 	echo $template->render('403');
 	exit;

public/sugo.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace WEEEOpen\Crauto;
+
+use DateTimeZone;
+
+require '..' . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
+Authentication::requireLogin();
+
+
+
+$ldap = new Ldap(
+	CRAUTO_LDAP_URL,
+	CRAUTO_LDAP_BIND_DN,
+	CRAUTO_LDAP_PASSWORD,
+	CRAUTO_LDAP_USERS_DN,
+	CRAUTO_LDAP_GROUPS_DN,
+	CRAUTO_LDAP_STARTTLS
+);
+
+$users = [];
+$selectedUser = null;
+if (Authentication::isAdmin()) {
+	$ldap = new Ldap(
+		CRAUTO_LDAP_URL,
+		CRAUTO_LDAP_BIND_DN,
+		CRAUTO_LDAP_PASSWORD,
+		CRAUTO_LDAP_USERS_DN,
+		CRAUTO_LDAP_GROUPS_DN,
+		CRAUTO_LDAP_STARTTLS
+	);
+	$users = $ldap->getUsers(['givenname','sn','signedsir','nsaccountlock', 'mail']);
+	if (isset($_GET['uid'])) {
+		$selectedUser = $_GET['uid'];
+	}
+} else {
+	$users = [$ldap->getUser($_SESSION['uid'], ['givenname','sn','signedsir','nsaccountlock', 'mail'])];
+	$selectedUser = $_SESSION['uid'];
+}
+
+$mappedUsers = [];
+foreach ($users as $user) {
+	$mappedUsers[] = [
+		'id' => $user['uid'],
+		'name' => $user['givenname'] . ' ' . $user['sn'],
+		'needsToSign' => !($user['signedsir'] ?? false),
+		'isBlocked' => !($user['nsaccountlock'] ?? false),
+		'email' => $user['mail']
+	];
+}
+
+$template = Template::create();
+$template->addData(['currentSection' => 'sugo'], 'navbar');
+
+echo $template->render('sugo', [
+	'users' => $mappedUsers,
+	'selectedUser' => $selectedUser
+]);

src/Authentication.php

@@ -81,6 +81,7 @@ public static function authenticate()
 			$_SESSION['uid'] = 'test.administrator';
 			$_SESSION['id'] = 'fake:example:68048769-c06d-4873-adf6-dbfa6b0afcd3';
 			$_SESSION['cn'] = 'Test Administrator';
+			$_SESSION['hasSignedSIR'] = false;
 			$_SESSION['groups'] = ['HR'];
 			$_SESSION['expires'] = PHP_INT_MAX;
 			$_SESSION['refresh_token'] = 'refresh_token';
@@ -307,9 +308,21 @@ private static function setAttributes(OpenIDConnectClient $oidc, $claims = null,
 		$refresh_token = $oidc->getRefreshToken();
 		$id_token = $idt ?? $oidc->getIdToken();
 
+		$ldap = new Ldap(
+			CRAUTO_LDAP_URL,
+			CRAUTO_LDAP_BIND_DN,
+			CRAUTO_LDAP_PASSWORD,
+			CRAUTO_LDAP_USERS_DN,
+			CRAUTO_LDAP_GROUPS_DN,
+			CRAUTO_LDAP_STARTTLS
+		);
+
+		$ldapInfo = $ldap->getUser($uid, ['signedsir']);
+
 		$_SESSION['uid'] = $uid;
 		$_SESSION['id'] = $id;
 		$_SESSION['cn'] = $cn;
+		$_SESSION['signedsir'] = $ldapInfo['signedsir'] ?? false; // This won't updated until the next login but good enough
 		$_SESSION['groups'] = $groups;
 		$_SESSION['expires'] = $exp;
 

src/Ldap.php

@@ -33,7 +33,8 @@ class Ldap
 			'weeelabnickname' => ['io'],
 			'websitedescription' => "Il capo supremo\nSu due righe",
 			'description' => '',
-			'nsaccountlock' => null
+			'nsaccountlock' => null,
+			'mail' => '[email protected]',
 		],
 		'alice' => [
 			'uid' => 'alice',
@@ -53,7 +54,8 @@ class Ldap
 			'weeelabnickname' => [],
 			'websitedescription' => 'Persona',
 			'description' => '',
-			'nsaccountlock' => 'true'
+			'nsaccountlock' => 'true',
+			'mail' => '[email protected]',
 		],
 		'brodino' => [
 			'uid' => 'brodino',
@@ -72,7 +74,8 @@ class Ldap
 			'sshpublickey' => [],
 			'weeelabnickname' => [],
 			'description' => '',
-			'telegramnickname' => 'brodino'
+			'telegramnickname' => 'brodino',
+			'mail' => '[email protected]',
 		],
 		'bob' => [
 			'uid' => 'bob',
@@ -92,7 +95,8 @@ class Ldap
 			'sshpublickey' => [],
 			'weeelabnickname' => [],
 			'description' => '',
-			'nsaccountlock' => null
+			'nsaccountlock' => null,
+			'mail' => '[email protected]',
 		],
 		'broski' => [
 			'uid' => 'broski',
@@ -111,7 +115,8 @@ class Ldap
 			'sshpublickey' => [],
 			'weeelabnickname' => [],
 			'description' => '',
-			'telegramid' => '123456789'
+			'telegramid' => '123456789',
+			'mail' => '[email protected]',
 		],
 	];
 	private const EXAMPLE_GROUPS = ['Admin', 'Persone', 'Cloud'];

templates/index.php

@@ -2,10 +2,12 @@
 /** @var $uid string */
 /** @var $id string */
 /** @var $name string */
+/** @var $signedsir bool */
 $this->layout('base', ['title' => 'Welcome']) ?>
 
 <h1>Crauto</h1>
 <small>Creatore e Rimuovitore Autogestito di Utenti che Tutto Offre</small>
+<?php if (!$signedsir) echo "<p class=\"alert alert-warning\">You still haven't signed your SIR! <a href=\"/sugo.php?uid=" . urlencode($uid) . "\" class=\"btn btn-outline-warning text-right\" >Generate document</a></p>"; ?>
 <p>Hi <?= $name ?>, your username is <?= $uid ?> and your ID is <?= $id ?></p>
 <h2>Enabled services</h2>
 <p>What can I access with this account?</p>

templates/navbar.php

@@ -16,6 +16,9 @@
 					<li class="nav-item">
 						<a class="nav-link <?= $currentSection === 'personal' ? 'active' : '' ?>" href="/personal.php">Personal</a>
 					</li>
+					<li class="nav-item">
+						<a class="nav-link <?= $currentSection === 'sugo' ? 'active' : '' ?>" href="/sugo.php">Sugo</a>
+					</li>
 					<li class="nav-item">
 						<a class="nav-link <?= $currentSection === 'authentication' ? 'active' : '' ?>"
 						   href="/authentication.php">Authentication</a>