From 68d639f90f5383cc59c1670f303f8bf69efa49d0 Mon Sep 17 00:00:00 2001
From: David Coutadeur <david.coutadeur@worteks.com>
Date: Fri, 25 Oct 2024 18:05:10 +0200
Subject: [PATCH] add a dedicated menu to list disabled accounts (#125)

---
 conf/config.inc.php          |  2 ++
 htdocs/enableaccount.php     | 15 ++++++------
 htdocs/index.php             |  3 +++
 htdocs/searchdisabled.php    | 45 ++++++++++++++++++++++++++++++++++++
 lang/en.inc.php              |  1 +
 lang/fr.inc.php              |  1 +
 templates/display.tpl        |  3 +++
 templates/listing_table.tpl  | 12 ++++++++++
 templates/menu.tpl           |  5 +++-
 templates/searchdisabled.tpl | 11 +++++++++
 10 files changed, 90 insertions(+), 8 deletions(-)
 create mode 100644 htdocs/searchdisabled.php
 create mode 100644 templates/searchdisabled.tpl

diff --git a/conf/config.inc.php b/conf/config.inc.php
index e232141..0384cab 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -137,6 +137,8 @@
 
 $use_searchlocked = true;
 
+$use_searchdisabled = true;
+
 $use_searchexpired = true;
 
 $use_searchwillexpire = true;
diff --git a/htdocs/enableaccount.php b/htdocs/enableaccount.php
index f2d23a9..95e2616 100644
--- a/htdocs/enableaccount.php
+++ b/htdocs/enableaccount.php
@@ -5,22 +5,23 @@
 
 $result = "";
 $dn = "";
-$password = "";
 $comment = "";
+$returnto = "display";
 
 if (isset($_POST["dn"]) and $_POST["dn"]) {
     $dn = $_POST["dn"];
+} else if (isset($_GET["dn"]) and $_GET["dn"]) {
+    $dn = $_GET["dn"];
 } else {
     $result = "dnrequired";
 }
 
-if (isset($_POST["comment"]) and $_POST["comment"]) {
-    $comment = $_POST["comment"];
+if (isset($_GET["returnto"]) and $_GET["returnto"]) {
+    $returnto = $_GET["returnto"];
 }
 
-
-if (!$use_enableaccount) {
-    $result = "actionforbidden";
+if (isset($_POST["comment"]) and $_POST["comment"]) {
+    $comment = $_POST["comment"];
 }
 
 if ($result === "") {
@@ -47,4 +48,4 @@
     auditlog($audit_log_file, $dn, $audit_admin, "enableaccount", $result, $comment);
 }
 
-header('Location: index.php?page=display&dn='.$dn.'&enableaccountresult='.$result);
+header('Location: index.php?page='.$returnto.'&dn='.$dn.'&enableaccountresult='.$result);
diff --git a/htdocs/index.php b/htdocs/index.php
index c2a48f4..453edc9 100644
--- a/htdocs/index.php
+++ b/htdocs/index.php
@@ -179,6 +179,7 @@
 $smarty->assign('show_expirestatus',$show_expirestatus);
 $smarty->assign('display_password_expiration_date',$display_password_expiration_date);
 $smarty->assign('use_searchlocked',$use_searchlocked);
+$smarty->assign('use_searchdisabled',$use_searchdisabled);
 $smarty->assign('use_searchexpired',$use_searchexpired);
 $smarty->assign('use_searchwillexpire',$use_searchwillexpire);
 $smarty->assign('use_searchidle',$use_searchidle);
@@ -241,7 +242,9 @@
 if ( $page === "checkpassword" and !$use_checkpassword ) { $page = "welcome"; }
 if ( $page === "resetpassword" and !$use_resetpassword ) { $page = "welcome"; }
 if ( $page === "unlockaccount" and !$use_unlockaccount ) { $page = "welcome"; }
+if ( $page === "enableaccount" and !$use_enableaccount ) { $page = "welcome"; }
 if ( $page === "searchlocked" and !$use_searchlocked ) { $page = "welcome"; }
+if ( $page === "searchdisabled" and !$use_searchdisabled ) { $page = "welcome"; }
 if ( $page === "searchexpired" and !$use_searchexpired ) { $page = "welcome"; }
 if ( $page === "searchwillexpire" and !$use_searchwillexpire ) { $page = "welcome"; }
 if ( $page === "searchidle" and !$use_searchidle ) { $page = "welcome"; }
diff --git a/htdocs/searchdisabled.php b/htdocs/searchdisabled.php
new file mode 100644
index 0000000..cc3d66f
--- /dev/null
+++ b/htdocs/searchdisabled.php
@@ -0,0 +1,45 @@
+<?php
+/*
+ * Search disabled entries in LDAP directory
+ */
+
+require_once("../conf/config.inc.php");
+require __DIR__ . '/../vendor/autoload.php';
+
+[$ldap,$result,$nb_entries,$entries,$size_limit_reached] = $ldapInstance->search($ldap_user_filter, array(), $attributes_map, $search_result_title, $search_result_sortby, $search_result_items, $ldap_scope);
+
+if ( !empty($entries) )
+{
+
+    # Check if entry is still locked
+    foreach($entries as $entry_key => $entry) {
+
+        $isEnabled = $directory->isAccountEnabled($ldap, $entry['dn']);
+
+        if ( $isEnabled === true ) {
+            unset($entries[$entry_key]);
+            $nb_entries--;
+        }
+
+    }
+
+    $smarty->assign("page_title", "disabledaccounts");
+    if ($nb_entries === 0) {
+        $result = "noentriesfound";
+    } else {
+        $smarty->assign("nb_entries", $nb_entries);
+        $smarty->assign("entries", $entries);
+        $smarty->assign("size_limit_reached", $size_limit_reached);
+
+        $columns = $search_result_items;
+        if (! in_array($search_result_title, $columns)) array_unshift($columns, $search_result_title);
+        $smarty->assign("listing_columns", $columns);
+        $smarty->assign("listing_linkto",  isset($search_result_linkto) ? $search_result_linkto : array($search_result_title));
+        $smarty->assign("listing_sortby",  array_search($search_result_sortby, $columns));
+        $smarty->assign("show_undef", $search_result_show_undefined);
+        $smarty->assign("truncate_value_after", $search_result_truncate_value_after);
+        if ($use_enableaccount) { $smarty->assign("display_enable_button", true); }
+    }
+}
+
+?>
diff --git a/lang/en.inc.php b/lang/en.inc.php
index ca8e65d..06d7e82 100644
--- a/lang/en.inc.php
+++ b/lang/en.inc.php
@@ -26,6 +26,7 @@
 $messages['currentpassword'] = "Current password";
 $messages['dashboards'] = "Dashboards";
 $messages['disableaccount'] = "Disable account";
+$messages['disabledaccounts'] = "Disabled accounts";
 $messages['displayentry'] = "Display entry";
 $messages['dnrequired'] = "Entry identifier required";
 $messages['editentry'] = "Edit entry";
diff --git a/lang/fr.inc.php b/lang/fr.inc.php
index a1544b3..e7357f9 100644
--- a/lang/fr.inc.php
+++ b/lang/fr.inc.php
@@ -26,6 +26,7 @@
 $messages['currentpassword'] = "Mot de passe actuel";
 $messages['dashboards'] = "Tableaux de bord";
 $messages['disableaccount'] = "Désactiver le compte";
+$messages['disabledaccounts'] = "Comptes désactivés";
 $messages['displayentry'] = "Afficher l'entrée";
 $messages['dnrequired'] = "L'identifiant de l'entrée est requis";
 $messages['editentry'] = "Modifier l'entrée";
diff --git a/templates/display.tpl b/templates/display.tpl
index fda7a7e..00b0857 100644
--- a/templates/display.tpl
+++ b/templates/display.tpl
@@ -241,6 +241,9 @@
                 {if $unlockaccountresult eq 'ldaperror'}
                 <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotunlocked}</div>
                 {/if}
+                {if $enableaccountresult eq 'ldaperror'}
+                <div class="alert alert-danger"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_accountnotenabled}</div>
+                {/if}
                 {if $use_unlockcomment}
                     <button type="button" class="btn btn-success" data-bs-toggle="modal" data-bs-target="#commentModal">
                         <i class="fa fa-fw fa-unlock me-2"></i>{$msg_unlockaccount}
diff --git a/templates/listing_table.tpl b/templates/listing_table.tpl
index 2d110e3..c6654c5 100644
--- a/templates/listing_table.tpl
+++ b/templates/listing_table.tpl
@@ -20,6 +20,12 @@
                 <i class="fa fa-fw fa-unlock"></i>
             </a>
             {/if}
+            {if $display_enable_button}
+            <a href="index.php?page=enableaccount&dn={$entry.dn|escape:'url'}&returnto=searchdisabled"
+                class="btn btn-success btn-sm" role="button" title="{$msg_enableaccount}">
+                <i class="fa fa-fw fa-person-circle-check"></i>
+            </a>
+            {/if}
         </th>
         {foreach $listing_columns as $column}
         <td>
@@ -59,6 +65,12 @@
                     <i class="fa fa-fw fa-unlock"></i>
                 </a>
                 {/if}
+                {if $display_enable_button}
+                <a href="index.php?page=enableaccount&dn={$event.dn|escape:'url'}&returnto=searchdisabled"
+                    class="btn btn-success btn-sm" role="button" title="{$msg_enableaccount}">
+                    <i class="fa fa-fw fa-person-circle-check"></i>
+                </a>
+                {/if}
             </th>
             {foreach $listing_columns as $column}
             <td>
diff --git a/templates/menu.tpl b/templates/menu.tpl
index f13dc45..7dffbde 100644
--- a/templates/menu.tpl
+++ b/templates/menu.tpl
@@ -14,13 +14,16 @@
 
             <div class="navbar-collapse collapse" id="navbarSupportedContent">
               <ul class="nav navbar-nav me-auto mb-2 mb-lg-0">
-                {if $use_searchlocked or $use_searchwillexpire or $use_searchexpired or $use_searchidle}
+                {if $use_searchlocked or $use_searchdisabled or $use_searchwillexpire or $use_searchexpired or $use_searchidle}
                 <li class="nav-item dropdown">
                   <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><i class="fa fa-fw fa-dashboard"></i> {$msg_dashboards}<span class="caret"></span></a>
                   <ul class="dropdown-menu">
                       {if $use_searchlocked}
                       <li><a href="index.php?page=searchlocked" class="dropdown-item"><i class="fa fa-fw fa-lock"></i> {$msg_lockedaccounts}</a></li>
                       {/if}
+                      {if $use_searchdisabled}
+                      <li><a href="index.php?page=searchdisabled" class="dropdown-item"><i class="fa fa-fw fa-user-slash"></i> {$msg_disabledaccounts}</a></li>
+                      {/if}
                       {if $use_searchwillexpire}
                       <li><a href="index.php?page=searchwillexpire" class="dropdown-item"><i class="fa fa-fw fa-hourglass-half"></i> {$msg_willexpireaccounts}</a></li>
                       {/if}
diff --git a/templates/searchdisabled.tpl b/templates/searchdisabled.tpl
new file mode 100644
index 0000000..6558c53
--- /dev/null
+++ b/templates/searchdisabled.tpl
@@ -0,0 +1,11 @@
+<div class="alert alert-warning">
+    {$nb_entries} {if $nb_entries==1}{$msg_entryfound}{else}{$msg_entriesfound}{/if}
+</div>
+
+{if {$size_limit_reached}}
+<div class="alert alert-warning"><i class="fa fa-fw fa-exclamation-triangle"></i> {$msg_sizelimit}</div>
+{/if}
+
+<table id="search-listing" class="table table-striped table-hover table-condensed dataTable">
+    {include 'listing_table.tpl' display="search"}
+</table>