From a6182747607ec7774f0ed1a8f0c336d91f9cc20c Mon Sep 17 00:00:00 2001 From: jfefe Date: Fri, 29 May 2015 16:05:52 +0200 Subject: [PATCH 1/2] Allow modify API key from user card --- htdocs/langs/en_US/admin.lang | 1 + htdocs/user/card.php | 53 ++++++++++++++++++++++++++++++-- htdocs/user/class/user.class.php | 6 +++- 3 files changed, 57 insertions(+), 3 deletions(-) diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index 65412df87d0..7e098787fd0 100755 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -1567,6 +1567,7 @@ KeyForApiAccess=Key to use API (parameter "api_key") ApiEndPointIs=You can access to the API at url ApiExporerIs=You can explore the API at url OnlyActiveElementsAreExposed=Only elements from enabled modules are exposed +ApiKey=Key for API ##### Bank ##### BankSetupModule=Bank module setup FreeLegalTextOnChequeReceipts=Free text on cheque receipts diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 3a561ce8ebb..79e0e228be7 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -9,6 +9,7 @@ * Copyright (C) 2012 Juanjo Menent * Copyright (C) 2013 Florian Henry * Copyright (C) 2013-2015 Alexandre Spangaro + * Copyright (C) 2015 Jean-François Ferry * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -188,6 +189,7 @@ if ($action == 'add' && $canadduser) $object->lastname = GETPOST("lastname",'alpha'); $object->firstname = GETPOST("firstname",'alpha'); $object->login = GETPOST("login",'alpha'); + $object->api_key = GETPOST("api_key",'alpha'); $object->admin = GETPOST("admin",'alpha'); $object->office_phone = GETPOST("office_phone",'alpha'); $object->office_fax = GETPOST("office_fax",'alpha'); @@ -340,6 +342,7 @@ if ($action == 'update' && ! $_POST["cancel"]) $object->firstname = GETPOST("firstname",'alpha'); $object->login = GETPOST("login",'alpha'); $object->pass = GETPOST("password"); + $object->api_key = GETPOST("api_key"); $object->admin = empty($user->admin)?0:GETPOST("admin"); // A user can only be set admin by an admin $object->office_phone=GETPOST("office_phone",'alpha'); $object->office_fax = GETPOST("office_fax",'alpha'); @@ -804,7 +807,18 @@ if (($action == 'create') || ($action == 'adduserldap')) } } print ''; - + + // API key + $generated_api_key = ''; + require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; + $generated_password=getRandomPassword(false); + print ''.$langs->trans("ApiKey").''; + print ''; + print ''; + if (! empty($conf->use_javascript_ajax)) + print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"'); + print ''; + // Administrator if (! empty($user->admin)) { @@ -1228,7 +1242,16 @@ else print ""; } print ''."\n"; - + + // API key + if($user->admin) { + print ''.$langs->trans("ApiKey").''; + print ''; + if (! empty($object->api_key)) + print $langs->trans("Hidden"); + print ''; + } + // Administrator print ''.$langs->trans("Administrator").''; if (! empty($conf->multicompany->enabled) && $object->admin && ! $object->entity) @@ -1791,6 +1814,16 @@ else } print $text; print "\n"; + + // API key + if($user->admin) { + print ''.$langs->trans("ApiKey").''; + print ''; + print ''; + if (! empty($conf->use_javascript_ajax)) + print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"'); + print ''; + } // Administrator print ''.$langs->trans("Administrator").''; @@ -2164,6 +2197,22 @@ else } } +if (! empty($conf->use_javascript_ajax)) +{ + print "\n".''; +} llxFooter(); $db->close(); diff --git a/htdocs/user/class/user.class.php b/htdocs/user/class/user.class.php index b1836ef8cde..b3303867e9f 100644 --- a/htdocs/user/class/user.class.php +++ b/htdocs/user/class/user.class.php @@ -60,6 +60,7 @@ class User extends CommonObject var $user_mobile; var $admin; var $login; + var $api_key; var $entity; //! Clear password in memory @@ -153,7 +154,7 @@ class User extends CommonObject // Get user $sql = "SELECT u.rowid, u.lastname, u.firstname, u.email, u.job, u.skype, u.signature, u.office_phone, u.office_fax, u.user_mobile,"; $sql.= " u.admin, u.login, u.note,"; - $sql.= " u.pass, u.pass_crypted, u.pass_temp,"; + $sql.= " u.pass, u.pass_crypted, u.pass_temp, u.api_key,"; $sql.= " u.fk_soc, u.fk_socpeople, u.fk_member, u.fk_user, u.ldap_sid,"; $sql.= " u.statut, u.lang, u.entity,"; $sql.= " u.datec as datec,"; @@ -216,6 +217,7 @@ class User extends CommonObject $this->pass_indatabase_crypted = $obj->pass_crypted; $this->pass = $obj->pass; $this->pass_temp = $obj->pass_temp; + $this->api_key = $obj->api_key; $this->office_phone = $obj->office_phone; $this->office_fax = $obj->office_fax; $this->user_mobile = $obj->user_mobile; @@ -1130,6 +1132,7 @@ class User extends CommonObject $this->firstname = trim($this->firstname); $this->login = trim($this->login); $this->pass = trim($this->pass); + $this->api_key = trim($this->api_key); $this->office_phone = trim($this->office_phone); $this->office_fax = trim($this->office_fax); $this->user_mobile = trim($this->user_mobile); @@ -1161,6 +1164,7 @@ class User extends CommonObject $sql.= " lastname = '".$this->db->escape($this->lastname)."'"; $sql.= ", firstname = '".$this->db->escape($this->firstname)."'"; $sql.= ", login = '".$this->db->escape($this->login)."'"; + $sql.= ", api_key = '".$this->db->escape($this->api_key)."'"; $sql.= ", admin = ".$this->admin; $sql.= ", address = '".$this->db->escape($this->address)."'"; $sql.= ", zip = '".$this->db->escape($this->zip)."'"; From 3bf1b60be8c9dcdbff5984e12b4fb8247a4aed95 Mon Sep 17 00:00:00 2001 From: jfefe Date: Mon, 15 Jun 2015 14:38:02 +0200 Subject: [PATCH 2/2] Add test if module enabled before showing API information --- htdocs/user/card.php | 103 ++++++++++++++++++++++--------------------- 1 file changed, 53 insertions(+), 50 deletions(-) diff --git a/htdocs/user/card.php b/htdocs/user/card.php index 7b6d57f81a9..a869097f629 100644 --- a/htdocs/user/card.php +++ b/htdocs/user/card.php @@ -83,6 +83,7 @@ if ($user->id <> $id && ! $canreaduser) accessforbidden(); $langs->load("users"); $langs->load("companies"); $langs->load("ldap"); +$langs->load("admin"); $object = new User($db); $extrafields = new ExtraFields($db); @@ -824,59 +825,61 @@ if (($action == 'create') || ($action == 'adduserldap')) } print ''; - // API key - $generated_api_key = ''; - require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; - $generated_password=getRandomPassword(false); - print ''.$langs->trans("ApiKey").''; - print ''; - print ''; - if (! empty($conf->use_javascript_ajax)) - print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"'); - print ''; - - // Administrator - if (! empty($user->admin)) - { - print ''.$langs->trans("Administrator").''; + if(! empty($conf->api->enabled)) { + // API key + $generated_api_key = ''; + require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php'; + $generated_password=getRandomPassword(false); + print ''.$langs->trans("ApiKey").''; print ''; - print $form->selectyesno('admin',GETPOST('admin'),1); + print ''; + if (! empty($conf->use_javascript_ajax)) + print ' '.img_picto($langs->trans('Generate'), 'refresh', 'id="generate_api_key" class="linkobject"'); + print ''; - if (! empty($conf->multicompany->enabled) && ! $user->entity && empty($conf->multicompany->transverse_mode)) + // Administrator + if (! empty($user->admin)) { - if (! empty($conf->use_javascript_ajax)) + print ''.$langs->trans("Administrator").''; + print ''; + print $form->selectyesno('admin',GETPOST('admin'),1); + + if (! empty($conf->multicompany->enabled) && ! $user->entity && empty($conf->multicompany->transverse_mode)) { - print ''; + if (! empty($conf->use_javascript_ajax)) + { + print ''; + } + $checked=($_POST["superadmin"]?' checked':''); + $disabled=($_POST["superadmin"]?'':' disabled'); + print ' '.$langs->trans("SuperAdministrator"); } - $checked=($_POST["superadmin"]?' checked':''); - $disabled=($_POST["superadmin"]?'':' disabled'); - print ' '.$langs->trans("SuperAdministrator"); + print "\n"; } - print "\n"; } // Type @@ -1270,7 +1273,7 @@ else print ''."\n"; // API key - if($user->admin) { + if(! empty($conf->api->enabled) && $user->admin) { print ''.$langs->trans("ApiKey").''; print ''; if (! empty($object->api_key)) @@ -1849,7 +1852,7 @@ else print "\n"; // API key - if($user->admin) { + if(! empty($conf->api->enabled) && $user->admin) { print ''.$langs->trans("ApiKey").''; print ''; print ''; @@ -2230,7 +2233,7 @@ else } } -if (! empty($conf->use_javascript_ajax)) +if (! empty($conf->api->enabled) && ! empty($conf->use_javascript_ajax)) { print "\n".'