Add passwordless member adding capability (#46)

emoncms · Aug 15, 2018 · dc4983d · dc4983d
1 parent 3588ca8
commit dc4983d
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 15 deletions.
diff --git a/group_capabilities.php b/group_capabilities.php
@@ -1,12 +1,14 @@
 <?php
 
 $capabilities['group'] = [
-	'groups_can_create'           => 'create groups',
-	'groups_can_edit'             => 'edit group info',
-	'groups_can_create_user'      => 'create new users inside groups',
-	'groups_can_add_member_auth'    => 'add users to groups with their passwords',
+	'groups_can_create'             => 'create groups',
+	'groups_can_edit'               => 'edit group info',
+	'groups_can_delete'             => 'delete groups',
+	'groups_can_create_user'        => 'create new users inside groups',
+	'groups_can_add_member_auth'    => 'add users to groups (with password)',
+	'groups_can_add_member_no_auth' => 'add users to groups (without password)',
 	'groups_can_add_member_invite'  => 'invite users to join groups',
-	'groups_can_delete'           => 'delete groups',
-	'groups_can_delete_user'      => 'delete users',
-	'groups_can_edit_user'        => 'edit user info'
+	'groups_can_delete_user'        => 'delete users',
+	'groups_can_edit_user'          => 'edit user info',
+	'groups_can_impersonate'        => 'can impersonate other users',
 ];
diff --git a/group_model.php b/group_model.php
@@ -198,15 +198,20 @@ public function add_user_auth($admin_userid, $groupid, $username, $password, $ro
             return array('success' => false, 'message' => _("You haven't got enough permissions to add a member to this group"));
         }
 
-        // 2. Check username and password, return
-        $result = $this->user->get_apikeys_from_login($username, $password);
-        if (!$result["success"]) {
-            $this->log->error("Error adding user to group, username and password don't match - Session userid: " . $admin_userid);
-            return $result;
+        // 2. Check username and password if required
+        // We only allow adding without a password if the capabilities module is loaded
+        if (class_exists('Capabilities') && user_has_capability('groups_can_add_member_no_auth')) {
+            $add_userid = $this->user->get_id($username);
+        } else {
+            $result = $this->user->get_apikeys_from_login($username, $password);
+            if (!$result["success"]) {
+                $this->log->error("Error adding user to group, username and password don't match - Session userid: " . $admin_userid);
+                return $result;
+            }
+            $add_userid = $result["userid"];
         }
-        $add_userid = $result["userid"];
 
-        // 3. Add user to group 
+        // 3. Add user to group
         if (!$this->add_user($groupid, $add_userid, $role)) {
             $this->log->error("Error adding user to group");
             return array('success' => false, 'message' => _("Error adding user to group"));

diff --git a/group_view.php b/group_view.php
@@ -86,7 +86,8 @@
         <?php } ?>
 
         <?php if (user_has_capability('groups_can_add_member_invite') ||
-                  user_has_capability('groups_can_add_member_auth')) { ?>
+                    user_has_capability('groups_can_add_member_auth') ||
+                    user_has_capability('groups_can_add_member_no_auth')) { ?>
             <button id="addmember" class="btn if-admin groupselected">
                 <i class="icon-plus"></i> Add Member
             </button>
@@ -156,10 +157,15 @@
         <p>Username:<br>
             <input id="group-addmember-username" type="text"></p>
 
+        <?php if (user_has_capability('groups_can_add_member_auth') &&
+                !user_has_capability('groups_can_add_member_no_auth')) { ?>
+
         <p>Password:<br>
             <input id="group-addmember-password" type="password">
             <button class="generate-password btn" style="margin-bottom: 10px"><i class="icon-eye-open show-password"></i> Generate pasword</button></p>
 
+        <?php } ?>
+
         <p>Role   <i title="- Administrator: full access (create users, add member, create group feeds, dashboards graphs, etc)&#10;- Sub-administrator: view access to the list of members, write access to group graphs&#10;- Passive member: no access to group. The aim of the user is to be managed by the group administrator" class=" icon-question-sign"></i>:</p>
         <select id="group-addmember-access">
             <option value=1>Administrator</option>