Enhance access URL management to integrate the login-only option - refs BT#22639

Author: AngelFQC

public/main/admin/access_url_edit.php

@@ -18,6 +18,7 @@
 api_protect_global_admin_script();
 
 $httpRequest = HttpRequest::createFromGlobals();
+$urlRepo = Container::getAccessUrlRepository();
 
 $form = new FormValidator('add_url');
 
@@ -30,26 +31,35 @@
 $form->addFile('url_image_1', get_lang('Image'));
 //$form->addElement('file', 'url_image_2', 'URL Image 2 (PNG)');
 //$form->addElement('file', 'url_image_3', 'URL Image 3 (PNG)');
+$form->addCheckBox('login_only', get_lang('Login only'), get_lang('Yes'));
 
 $defaults['url'] = 'http://';
 $form->setDefaults($defaults);
 if ($httpRequest->query->has('url_id')) {
     $url_id = $httpRequest->query->getInt('url_id');
-    $num_url_id = UrlManager::url_id_exist($url_id);
-    if (1 != $num_url_id) {
+
+    /** @var AccessUrl $url_data */
+    $url_data = $urlRepo->find($url_id);
+
+    if (!$url_data) {
         header('Location: access_urls.php');
         exit();
     }
-    $url_data = UrlManager::get_url_data_from_id($url_id);
-    $form->addElement('hidden', 'id', $url_data['id']);
+    $form->addElement('hidden', 'id', $url_data->getId());
     // If we're still with localhost (should only happen at the very beginning)
     // offer the current URL by default. Once this has been saved, no more
     // magic will happen, ever.
-    if ($url_data['id'] === 1 && $url_data['url'] === AccessUrl::DEFAULT_ACCESS_URL) {
+    if ($url_data->getId() === 1 && $url_data->getUrl() === AccessUrl::DEFAULT_ACCESS_URL) {
         $https = api_is_https() ? 'https://' : 'http://';
-        $url_data['url'] = $https.$_SERVER['HTTP_HOST'].'/';
+        $url_data->setUrl($https.$_SERVER['HTTP_HOST'].'/');
     }
-    $form->setDefaults($url_data);
+    $form->setDefaults([
+        'id' => $url_data->getId(),
+        'url' => $url_data->getUrl(),
+        'description' => $url_data->getDescription(),
+        'active' => $url_data->getActive(),
+        'login_only' => $url_data->isLoginOnly(),
+    ]);
 }
 
 $form->addHidden(
@@ -71,18 +81,30 @@
         $description = Security::remove_XSS($url_array['description']);
         $active = isset($url_array['active']) ? (int) $url_array['active'] : 0;
         $url_id = isset($url_array['id']) ? (int) $url_array['id'] : 0;
+        $isLoginOnly = isset($url_array['login_only']) && (bool) $url_array['login_only'];
         $url_to_go = 'access_urls.php';
         if (!empty($url_id)) {
             //we can't change the status of the url with id=1
             if (1 == $url_id) {
                 $active = 1;
             }
             // Checking url
-            if ('/' == substr($url, strlen($url) - 1, strlen($url))) {
-                UrlManager::update($url_id, $url, $description, $active);
-            } else {
-                UrlManager::update($url_id, $url.'/', $description, $active);
+            if ('/' != substr($url, strlen($url) - 1, strlen($url))) {
+                $url .= '/';
             }
+
+            /** @var AccessUrl $accessUrl */
+            $accessUrl = $urlRepo->find($url_id);
+
+            $accessUrl
+                ->setUrl($url)
+                ->setDescription($description)
+                ->setActive($active)
+                ->setCreatedBy(api_get_user_id())
+                ->setTms(api_get_utc_datetime())
+                ->setIsLoginOnly($isLoginOnly)
+            ;
+
             $url_to_go = 'access_urls.php';
             $message = get_lang('The URL has been edited');
         } else {
@@ -91,19 +113,32 @@
             $message = get_lang('This URL already exists, please select another URL');
             if (0 === $num) {
                 // checking url
-                if ('/' == substr($url, strlen($url) - 1, strlen($url))) {
-                    $accessUrl = UrlManager::add($url, $description, $active);
-                } else {
-                    //create
-                    $accessUrl = UrlManager::add($url.'/', $description, $active);
+                if ('/' != substr($url, strlen($url) - 1, strlen($url))) {
+                    $url .= '/';
                 }
-                if (null !== $accessUrl) {
+
+                $accessUrl = $urlRepo->findOneBy(['url' => $url]);
+
+                if (!$accessUrl) {
+                    $accessUrl = new AccessUrl();
+                    $accessUrl
+                        ->setDescription($description)
+                        ->setActive($active)
+                        ->setUrl($url)
+                        ->setCreatedBy(api_get_user_id())
+                        ->setIsLoginOnly($isLoginOnly)
+                    ;
+
+                    Database::getManager()->persist($accessUrl);
+
                     $message = get_lang('The URL has been added');
                     $url_to_go = 'access_urls.php';
                 }
             }
         }
 
+        Database::getManager()->flush();
+
         Security::clear_token();
         $tok = Security::get_token();
         Display::addFlash(Display::return_message($message));

public/main/admin/access_urls.php

@@ -22,6 +22,8 @@
 
 $httpRequest = HttpRequest::createFromGlobals();
 
+$translator = Container::$container->get('translator');;
+
 $interbreadcrumb[] = ['url' => 'index.php', 'name' => get_lang('Administration')];
 $tool_name = get_lang('Multiple access URL / Branding');
 Display :: display_header($tool_name);
@@ -213,16 +215,24 @@
             '</a>';
     }
 
-    $rows[] = [$link, $desc, $status, $ts, $rowActions];
+    $rows[] = [
+        $link,
+        $desc,
+        $status,
+        $u->isLoginOnly() ? $translator->trans('Yes') : $translator->trans('No'),
+        $ts,
+        $rowActions,
+    ];
 }
 
 $table = new SortableTableFromArrayConfig($rows, 2, 50, 'urls');
 $table->set_additional_parameters($parameters);
 $table->set_header(0, 'URL');
 $table->set_header(1, get_lang('Description'));
 $table->set_header(2, get_lang('Active'));
-$table->set_header(3, get_lang('Created at'));
-$table->set_header(4, get_lang('Edit'), false);
+$table->set_header(3, get_lang('Is login only'));
+$table->set_header(4, get_lang('Created at'));
+$table->set_header(5, get_lang('Edit'), false);
 $table->display();
 
 Display::display_footer();

public/main/inc/lib/urlmanager.lib.php

@@ -21,7 +21,7 @@ class UrlManager
      * @param string $description The description of the site
      * @param int    $active      is active or not
      */
-    public static function add($url, $description, $active): ?AccessUrl
+    public static function add($url, $description, $active, bool $isLoginOnly = false): ?AccessUrl
     {
         $repo = Container::getAccessUrlRepository();
 
@@ -37,6 +37,7 @@ public static function add($url, $description, $active): ?AccessUrl
             ->setActive($active)
             ->setUrl($url)
             ->setCreatedBy(api_get_user_id())
+            ->setIsLoginOnly($isLoginOnly)
         ;
 
         $repo->create($accessUrl);
@@ -56,23 +57,25 @@ public static function add($url, $description, $active): ?AccessUrl
      *
      * @return bool if success
      */
-    public static function update($urlId, $url, $description, $active)
+    public static function update($urlId, $url, $description, $active, bool $isLoginOnly = false)
     {
         $urlId = (int) $urlId;
         $active = (int) $active;
 
         $table = Database::get_main_table(TABLE_MAIN_ACCESS_URL);
-        $sql = "UPDATE $table
-                SET url 	= '".Database::escape_string($url)."',
-                description = '".Database::escape_string($description)."',
-                active 		= '".$active."',
-                created_by 	= '".api_get_user_id()."',
-                tms 		= '".api_get_utc_datetime()."'
-                WHERE id = '$urlId'";
 
-        $result = Database::query($sql);
-
-        return $result;
+        return Database::update(
+            $table,
+            [
+                'url' => $url,
+                'description' => $description,
+                'active' => $active,
+                'created_by' => api_get_user_id(),
+                'tms' => api_get_utc_datetime(),
+                'is_login_only' => $isLoginOnly,
+            ],
+            ['id = ?' => [$urlId]]
+        );
     }
 
     /**