add buttons to user-mgmt

webroot/admin/user-mgmt.php

@@ -4,18 +4,62 @@
 
 use UnityWebPortal\lib\UnityHTTPD;
 use UnityWebPortal\lib\UserFlag;
+use UnityWebPortal\lib\UnityUser;
 
 if (!$USER->getFlag(UserFlag::ADMIN)) {
     UnityHTTPD::forbidden("not an admin", "You are not an admin.");
 }
 
+$pi_uids = $LDAP->getAllNonDisabledPIGroupOwnerUIDs();
+$users_with_flags = [];
+foreach (UserFlag::cases() as $flag) {
+    $users_with_flags[$flag->value] = $LDAP->userFlagGroups[$flag->value]->getMemberUIDs();
+}
+
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     UnityHTTPD::validatePostCSRFToken();
     switch ($_POST["form_type"]) {
         case "viewAsUser":
             $_SESSION["viewUser"] = $_POST["uid"];
             UnityHTTPD::redirect(getURL("panel/account.php"));
             break; /** @phpstan-ignore deadCode.unreachable */
+        case "lockUser":
+            $uid = UnityHTTPD::getPostData("uid");
+            $user = new UnityUser($uid, $LDAP, $SQL, $MAILER, $WEBHOOK);
+            if (in_array($uid, $users_with_flags[UserFlag::LOCKED->value])) {
+                UnityHTTPD::messageError("Cannot lock user, already locked", $uid);
+                UnityHTTPD::redirect();
+            }
+            $user->setFlag(UserFlag::LOCKED, true);
+            UnityHTTPD::messageSuccess("User Locked", $uid);
+            UnityHTTPD::redirect();
+            break; /** @phpstan-ignore deadCode.unreachable */
+        case "unlockUser":
+            $uid = UnityHTTPD::getPostData("uid");
+            $user = new UnityUser($uid, $LDAP, $SQL, $MAILER, $WEBHOOK);
+            if (!in_array($uid, $users_with_flags[UserFlag::LOCKED->value])) {
+                UnityHTTPD::messageError("Cannot unlock user, not locked", $uid);
+                UnityHTTPD::redirect();
+            }
+            $user->setFlag(UserFlag::LOCKED, false);
+            UnityHTTPD::messageSuccess("User Unlocked", $uid);
+            UnityHTTPD::redirect();
+            break; /** @phpstan-ignore deadCode.unreachable */
+        case "disableUser":
+            $uid = UnityHTTPD::getPostData("uid");
+            $user = new UnityUser($uid, $LDAP, $SQL, $MAILER, $WEBHOOK);
+            if (in_array($uid, $users_with_flags[UserFlag::DISABLED->value])) {
+                UnityHTTPD::messageError("Cannot disable user, already disabled", $uid);
+                UnityHTTPD::redirect();
+            }
+            if ($user->isPI()) {
+                UnityHTTPD::messageError("Cannot disable user, user is PI", $uid);
+                UnityHTTPD::redirect();
+            }
+            $user->disable();
+            UnityHTTPD::messageSuccess("User Disabled", $uid);
+            UnityHTTPD::redirect();
+            break; /** @phpstan-ignore deadCode.unreachable */
     }
 }
 
@@ -55,10 +99,6 @@ class="stripe compact hover"
             "mail" => ["(not found)"]
         ]
     );
-    $users_with_flags = [];
-    foreach (UserFlag::cases() as $flag) {
-        $users_with_flags[$flag->value] = $LDAP->userFlagGroups[$flag->value]->getMemberUIDs();
-    }
     usort($user_attributes, fn ($a, $b) => strcmp($a["uid"][0], $b["uid"][0]));
     foreach ($user_attributes as $attributes) {
         $uid = $attributes["uid"][0];
@@ -84,13 +124,57 @@ class="stripe compact hover"
         echo "</ul>";
         echo "</td>";
         echo "<td>";
-        echo "<form class='viewAsUserForm' action='' method='POST'
-        onsubmit='return confirm(\"Are you sure you want to switch to the user $uid?\");'>
-        $CSRFTokenHiddenFormInput
-        <input type='hidden' name='form_type' value='viewAsUser'>
-        <input type='hidden' name='uid' value='$uid'>
-        <input type='submit' name='action' value='Access'>
-        </form>";
+        if (in_array($uid, $users_with_flags[UserFlag::LOCKED->value])) {
+            $access_button_disabled = "disabled";
+            [$action, $action_lowercase, $form_type] = ["Unlock", "unlock", "unlockUser"];
+        } else {
+            $access_button_disabled = "";
+            [$action, $action_lowercase, $form_type] = ["Lock", "lock", "lockUser"];
+        }
+        if (in_array($uid, $pi_uids)) {
+            $disable_button_disabled = "disabled";
+            $disable_button_title = "PI group owners cannot be disabled.";
+        } else {
+            $disable_button_disabled = "";
+            $disable_button_title = "";
+        }
+        echo "
+            <div style='display: flex; gap: 5px;'>
+                <form action='' method='POST'>
+                    $CSRFTokenHiddenFormInput
+                    <input type='hidden' name='form_type' value='viewAsUser'>
+                    <input type='hidden' name='uid' value='$uid'>
+                    <input type='submit' name='action' value='Access' $access_button_disabled>
+                </form>
+                <form
+                    action=''
+                    method='POST'
+                    onsubmit='return confirm(\"Are you sure you want to $action_lowercase user $uid?\");'
+                >
+                    $CSRFTokenHiddenFormInput
+                    <input type='hidden' name='form_type' value='$form_type'>
+                    <input type='hidden' name='uid' value='$uid'>
+                    <input type='submit' name='action' value='$action'>
+                </form>
+                <form
+                    action=''
+                    method='POST'
+                    onsubmit='return confirm(\"🚨 Are you sure you want to DISABLE user $uid? 🚨\");'
+                >
+                    $CSRFTokenHiddenFormInput
+                    <input type='hidden' name='form_type' value='disableUser'>
+                    <input type='hidden' name='uid' value='$uid'>
+                    <input
+                        type='submit'
+                        name='action'
+                        value='Disable'
+                        class='danger'
+                        title='$disable_button_title'
+                        $disable_button_disabled
+                    >
+                </form>
+            </div>
+        ";
         echo "</td>";
         foreach ($flags_to_display as $flag) {
             echo sprintf(