Redmine

  def users

    @users = User.where(id: params[:ids]).to_a

    (render_404; return) unless @users.present?

    if (@users.size == 1)

      @user = @users.first

    end

    render layout: false

  end

  def redirect_to_user_query(options)

    redirect_to users_path(options)

  end

  helper :queries

  include QueriesHelper

  helper :user_queries

  include UserQueriesHelper

    use_session = !request.format.csv?

    retrieve_query(UserQuery, use_session)

    if @query.valid?

      scope = @query.results_scope

#      sort_init 'login', 'asc'

#      sort_update %w(login firstname lastname admin created_on last_login_on)

      @user_count = scope.count

      respond_to do |format|

        format.html do

          @limit = per_page_option

          @user_pages = Paginator.new @user_count, @limit, params['page']

          @offset ||= @user_pages.offset

          @users = scope.limit(@limit).offset(@offset).to_a

          render :layout => !request.xhr?

        end

        format.csv do

          # Export all entries

          @entries = scope.to_a

          send_data(query_to_csv(@entries, @query, params), :type => 'text/csv; header=present', :filename => 'users.csv')

        end

        format.api do

          @offset, @limit = api_offset_and_limit

          @users = scope.limit(@limit).offset(@offset).to_a

        end

    else

      respond_to do |format|

        format.html {render :layout => !request.xhr?}

        format.csv {head 422}

        format.api {render_validation_errors(@query)}

module UserQueriesHelper

  def column_value(column, object, value)

    if object.is_a?(User) && column.name == :status

      user_status_label(column.value_object(object))

    else

      super

    end

  end

  def csv_value(column, object, value)

    if object.is_a?(User)

      case column.name

      when :status

        user_status_label(column.value_object(object))

      when :twofa_scheme

        twofa_scheme_label value

      else

        super

      end

    else

      super

    end

  end

  def user_status_label(value)

    case value.to_i

    when User::STATUS_ACTIVE

      l(:status_active)

    when User::STATUS_REGISTERED

      l(:status_registered)

    when User::STATUS_LOCKED

      l(:status_locked)

    end

  end

  def twofa_scheme_label(value)

    if value

      ::I18n.t :"twofa__#{value}__name"

    else

      ::I18n.t :label_disabled

    end

  end

end

    project = object.project if object.respond_to?(:project)

    if custom_field.visible_by?(project, User.current)

# frozen_string_literal: true

# Redmine - project management software

# Copyright (C) 2006-2022  Jean-Philippe Lang

#

# This program is free software; you can redistribute it and/or

# modify it under the terms of the GNU General Public License

# as published by the Free Software Foundation; either version 2

# of the License, or (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program; if not, write to the Free Software

class UserQuery < Query

  self.queried_class = Principal # must be Principal (not User) for custom field filters to work

  self.available_columns = [

    QueryColumn.new(:login, sortable: "#{User.table_name}.login"),

    QueryColumn.new(:firstname, sortable: "#{User.table_name}.firstname"),

    QueryColumn.new(:lastname, sortable: "#{User.table_name}.lastname"),

    QueryColumn.new(:mail, sortable: "#{EmailAddress.table_name}.address"),

    QueryColumn.new(:admin, sortable: "#{User.table_name}.admin"),

    QueryColumn.new(:created_on, :sortable => "#{User.table_name}.created_on"),

    QueryColumn.new(:updated_on, :sortable => "#{User.table_name}.updated_on"),

    QueryColumn.new(:last_login_on, :sortable => "#{User.table_name}.last_login_on"),

    QueryColumn.new(:passwd_changed_on, :sortable => "#{User.table_name}.passwd_changed_on"),

    QueryColumn.new(:status, sortable: "#{User.table_name}.status")

  ]

  def initialize(attributes=nil, *args)

    super attributes

    self.filters ||= { 'status' => {operator: "=", values: [User::STATUS_ACTIVE]} }

  end

  def initialize_available_filters

    add_available_filter "status",

      type: :list, values: ->{ user_statuses_values }

    add_available_filter "is_member_of_group",

      type: :list_optional,

      values: ->{ Group.givable.visible.map {|g| [g.name, g.id.to_s] } }

    if Setting.twofa?

      add_available_filter "twofa_scheme",

        type: :list_optional,

        values: ->{ Redmine::Twofa.available_schemes.map {|s| [I18n.t("twofa__#{s}__name"), s] } }

    end

    add_available_filter "name", type: :text

    add_available_filter "created_on", type: :date_past

    add_available_filter "last_login_on", type: :date_past

    add_available_filter "admin",

      type: :list,

      values: [ [l(:general_text_yes), '1'], [l(:general_text_no), '0'] ]

    add_custom_fields_filters(user_custom_fields)

  end

  def user_statuses_values

    [

      [l(:status_active), User::STATUS_ACTIVE.to_s],

      [l(:status_registered), User::STATUS_REGISTERED.to_s],

      [l(:status_locked), User::STATUS_LOCKED.to_s]

    ]

  end

  def available_columns

    return @available_columns if @available_columns

    @available_columns = self.class.available_columns.dup

    if Setting.twofa?

      @available_columns << QueryColumn.new(:twofa_scheme, sortable: "#{User.table_name}.twofa_scheme")

    end

    @available_columns += user_custom_fields.visible.

                            map {|cf| QueryCustomFieldColumn.new(cf)}

    @available_columns

  end

  # Returns a scope of user custom fields that are available as columns or filters

  def user_custom_fields

    UserCustomField.sorted

  end

  def default_columns_names

    @default_columns_names ||= %i[ login firstname lastname mail admin created_on last_login_on ]

  end

  def default_sort_criteria

    [['login', 'asc']]

  end

  def base_scope

    User.logged.where(statement).includes(:email_address)

  end

  def results_scope(options={})

    order_option = [group_by_sort_order, (options[:order] || sort_clause)].flatten.reject(&:blank?)

    base_scope.

      order(order_option).

      joins(joins_for_order_statement(order_option.join(',')))

  end

  def sql_for_admin_field(field, operator, value)

    return unless value = value.first

    true_value = operator == '=' ? '1' : '0'

    val = (value.to_s == true_value) ?

      self.class.connection.quoted_true :

      self.class.connection.quoted_false

    "(#{User.table_name}.admin = #{val})"

  end

  def sql_for_is_member_of_group_field(field, operator, value)

    if ["*", "!*"].include? operator

      value = Group.givable.map(&:id)

    end

    e = operator.start_with?("!") ? "NOT EXISTS" : "EXISTS"

    "(#{e} (SELECT 1 FROM groups_users WHERE #{User.table_name}.id = groups_users.user_id AND #{sql_for_field(field, "=", value, "groups_users", "group_id")}))"

  end

  def sql_for_name_field(field, operator, value)

    match = operator == '~'

    if Redmine::Database.sqlite?

      name_sql = sql_contains("login || ' ' || firstname || ' ' || lastname",

                              value.first, match: match)

    else

      name_sql = sql_contains("CONCAT(login, ' ', firstname, ' ', lastname)",

                              value.first, match: match)

    end

    emails = EmailAddress.table_name

    email_sql = <<-SQL

      #{match ? "EXISTS" : "NOT EXISTS"}

      (SELECT 1 FROM #{emails} WHERE

        #{emails}.user_id = #{User.table_name}.id AND

        #{sql_contains("#{emails}.address", value.first, match: true)})

    SQL

    if match

      "(#{name_sql}) OR (#{email_sql})"

    else

      "(#{name_sql}) AND (#{email_sql})"

    end

  end

end

<ul>

  <% if @user %>

    <% if @user.locked? %>

      <li>

        <%= context_menu_link l(:button_unlock), user_path(@user, user: { status: User::STATUS_ACTIVE }, back_url: @back), method: :put, class: 'icon icon-unlock' %>

      </li>

    <% elsif User.current != @user %>

      <li>

        <%= context_menu_link l(:button_lock), user_path(@user, user: { status: User::STATUS_LOCKED }, back_url: @back), method: :put, class: 'icon icon-lock' %>

      </li>

    <% end %>

    <li>

      <%= context_menu_link l(:button_edit), edit_user_path(@user, back_url: @back), class: 'icon icon-edit' %>

    </li>

    <% unless User.current == @user %>

      <li>

        <%= context_menu_link l(:button_delete), user_path(@user, back_url: @back),

          method: :delete, class: 'icon icon-del' %>

      </li>

    <% end %>

  <% end %>

</ul>

<%= form_tag({}, data: {cm_url: users_context_menu_path}) do -%>

<%= hidden_field_tag 'back_url', url_for(params: request.query_parameters), id: nil %>

<div class="autoscroll">

<table class="list odd-even users">

<thead>

  <tr>

    <th class="checkbox hide-when-print">

      <%= check_box_tag 'check_all', '', false, :class => 'toggle-selection',

        :title => "#{l(:button_check_all)}/#{l(:button_uncheck_all)}" %>

    </th>

    <% @query.inline_columns.each do |column| %>

      <%= column_header(@query, column) %>

    <% end %>

    <th></th>

  </tr>

</thead>

<tbody>

<% grouped_query_results(users, @query) do |user, group_name, group_count, group_totals| -%>

  <% if group_name %>

    <% reset_cycle %>

    <tr class="group open">

      <td colspan="<%= @query.inline_columns.size + 2 %>">

        <span class="expander" onclick="toggleRowGroup(this);">&nbsp;</span>

        <span class="name"><%= group_name %></span>

        <% if group_count %>

        <span class="count"><%= group_count %></span>

        <% end %>

        <span class="totals"><%= group_totals %></span>

        <%= link_to_function("#{l(:button_collapse_all)}/#{l(:button_expand_all)}",

                             "toggleAllRowGroups(this)", :class => 'toggle-all') %>

      </td>

    </tr>

  <% end %>

  <tr id="user-<%= user.id %>" class="user <%= cycle("odd", "even") %> hascontextmenu">

    <td class="checkbox hide-when-print"><%= check_box_tag("ids[]", user.id, false, id: nil) %></td>

    <% @query.inline_columns.each do |column| %>

      <% if column.name == :login %>

        <%= content_tag('td', link_to(user.login, edit_user_path(user)), class: column.css_classes) %>

      <% else %>

        <%= content_tag('td', column_content(column, user), class: column.css_classes) %>

      <% end %>

    <% end %>

    <td class="buttons">

      <%= link_to_context_menu %>

    </td>

  </tr>

  <% @query.block_columns.each do |column|

       if (text = column_content(column, issue)) && text.present? -%>

  <tr class="<%= current_cycle %>">

    <td colspan="<%= @query.inline_columns.size + 1 %>" class="<%= column.css_classes %>">

    <% if query.block_columns.count > 1 %>

      <span><%= column.caption %></span>

    <% end %>

    <%= text %>

    </td>

  </tr>

  <% end -%>

  <% end -%>

<% end -%>

</tbody>

</table>

</div>

<% end -%>

<%= context_menu %>

<h2><%= @query.new_record? ? l(:label_user_plural) : @query.name %></h2>

<%= form_tag(users_path, method: :get, id: 'query_form') do %>

  <%= render partial: 'queries/query_form' %>

<% if @query.valid? %>

  <% if @users.empty? %>

    <p class="nodata"><%= l(:label_no_data) %></p>

  <% else %>

    <%= render_query_totals(@query) %>

    <%= render partial: 'list', :locals => { :users => @users }%>

    <span class="pagination"><%= pagination_links_full @user_pages, @user_count %></span>

  <% other_formats_links do |f| %>

    <%= f.link_to_with_query_parameters 'CSV', {}, :onclick => "showModal('csv-export-options', '350px'); return false;" %>

  <div id="csv-export-options" style="display:none;">

    <h3 class="title"><%= l(:label_export_options, :export_format => 'CSV') %></h3>

    <%= form_tag(users_path(format: 'csv'), method: :get, id: 'csv-export-form') do %>

    <%= query_as_hidden_field_tags(@query) %>

    <%= hidden_field_tag('query_name', @query.name) %>

    <p>

      <label><%= radio_button_tag 'c[]', '', true %> <%= l(:description_selected_columns) %></label><br />

      <label><%= radio_button_tag 'c[]', 'all_inline' %> <%= l(:description_all_columns) %></label>

    </p>

    <% if @query.available_block_columns.any? %>

      <fieldset id="csv-export-block-columns">

        <legend>

          <%= toggle_checkboxes_link('#csv-export-block-columns input[type=checkbox]') %>

        </legend>

        <% @query.available_block_columns.each do |column| %>

          <label><%= check_box_tag 'c[]', column.name, @query.has_column?(column), :id => nil %> <%= column.caption %></label>

        <% end %>

      </fieldset>

    <% end %>

    <%= export_csv_encoding_select_tag %>

    <p class="buttons">

      <%= submit_tag l(:button_export), :name => nil, :onclick => "hideModal(this);", :data => { :disable_with => false } %>

      <%= link_to_function l(:button_cancel), "hideModal(this);" %>

    </p>

    <% end %>

  </div>

<% content_for :sidebar do %>

  <%= render_sidebar_queries(UserQuery, nil) %>

  <%= call_hook(:view_users_sidebar_queries_bottom) %>

<% end %>

  field_is_member_of_group: Mitglied in Gruppe

  field_is_member_of_group: Member of group

  match '/users/context_menu', to: 'context_menus#users', as: :users_context_menu, via: [:get, :post]

    active = User.active.first

    locked = User.where(status: User::STATUS_LOCKED).first

    assert_select "tr#user-#{active.id}"

    assert_select "tr#user-#{locked.id}", 0

    get :index, params: { set_filter: 1, f: ['status'], op: {status: '='}, v: {status: [3]} }

    assert_select "tr.user", User.where(status: 3).count

    get :index, params: { set_filter: 1, f: ['name'], op: {name: '~'}, v: {name: ['john']} }

    assert_select 'tr.user td.login', text: 'jsmith'

    get :index, params: {

      set_filter: 1,

      f: ['is_member_of_group'], op: {is_member_of_group: '='}, v: {is_member_of_group: ['10']}

    }

      assert_select "select#add_filter_select" do

        assert_select "option[value=twofa_scheme]", 0

      end

      assert_select "select#available_c" do

        assert_select "option[value=twofa_scheme]", 0

      end

      get :index, params: { set_filter: 1, f: ['twofa_scheme'], op: {twofa_scheme: '*'} }

      assert_select 'tr#user-1', 1

      assert_select "select#add_filter_select" do

        assert_select "option[value=twofa_scheme]"

      end

      assert_select "select#available_c" do

        assert_select "option[value=twofa_scheme]"

      end

    end

  def test_index_filter_by_twofa_scheme

      get :index, params: {

        set_filter: 1,

        f: ['twofa_scheme'], op: {twofa_scheme: '='}, v: {twofa_scheme: ['totp']}

      }

      assert_response :success

      assert_select 'tr#user-1', 1

      assert_select "select#add_filter_select" do

        assert_select "option[value=twofa_scheme]"

      end

      assert_select "select#available_c" do

        assert_select "option[value=twofa_scheme]"

      end

      get :index, params: { set_filter: 1, f: ['twofa_scheme'], op: {twofa_scheme: '!*'} }

      assert_select 'tr#user-1', 0

      assert_select 'tr.user'

      get :index, params: {format: 'csv', c: ['updated_on', 'status', 'passwd_changed_on', 'twofa_scheme']}

      get :index, params: {

        c: [ "cf_#{float_custom_field.id}", "cf_#{date_custom_field.id}" ],

        f: ["name"],

        op: { name: "~" },

        v: { name: [user.lastname] },

        format: 'csv'

      }

      get :index, :params => {

        :set_filter => '1',

        f: [:status], :op => { :status => '=' }, :v => { :status => [3] },

        c: [:login, :status],

        :format => 'csv'

      }

    get :index, :params => {

      :set_filter => '1',

      f: [:name], :op => { :name => '~' }, :v => { :name => ['John'] },

      c: [:login, :firstname, :status],

      :format => 'csv'

    }

    get :index, :params => {

      :set_filter => '1',

      f: [:is_member_of_group], :op => { :is_member_of_group => '=' }, :v => { :is_member_of_group => [10] },

      c: [:login, :status],

      :format => 'csv'

    }