From c5871a626b3d4351ee5d77bb8604845fae46e233 Mon Sep 17 00:00:00 2001
From: Anonymous Contributor <anonymous@invalid>
Date: Sun, 27 Aug 2023 11:59:43 +0200
Subject: [PATCH] Add distinction of users and identities in admin

---
 pages/users.php       | 11 +++++++++--
 style/admin-users.css |  5 +++++
 2 files changed, 14 insertions(+), 2 deletions(-)
 create mode 100644 style/admin-users.css

diff --git a/pages/users.php b/pages/users.php
index 2dc4649..5b6c34e 100644
--- a/pages/users.php
+++ b/pages/users.php
@@ -1,6 +1,7 @@
 <?php
     $HTML->setHTMLTitle("Benutzer");
     $HTML->importSeitenInhalt("users.html");
+    $HTML->addHTMLHeader('<link rel="stylesheet" href="./style/admin-users.css">');
 
     if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) {
         $HTML->setHTMLTitle("Kein Zugriff");
@@ -49,11 +50,17 @@
 
     $table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
     
-    $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC");
+    // Only select current primary account
+    $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts JOIN auth ON auth.UUID = UserAccounts.PrincipalID ORDER BY Created ASC");
     $statement->execute();
 
+    $statementIdent = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,IdentityID FROM UserIdentitys JOIN UserAccounts ON UserAccounts.PrincipalID = UserIdentitys.IdentityID WHERE UserIdentitys.PrincipalID = ? AND UserIdentitys.PrincipalID != UserIdentitys.IdentityID");
     while ($row = $statement->fetch()) {
-        $entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button></form></td></tr>';
+        $entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button> <button type="submit" name="deluser" class="btn btn-link btn-sm" style="color: red">LÖSCHEN</button></form></td></tr>';
+        $statementIdent->execute([$row['PrincipalID']]);
+        while ($identRow = $statementIdent->fetch()) {
+            $entry = $entry.'<tr class="ident-row"><td>'.htmlspecialchars($identRow['FirstName']).'</td><td>'.htmlspecialchars($identRow['LastName']).'</td><td>'.htmlspecialchars($identRow['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($identRow['IdentityID']).'"><button type="submit" name="delident" class="btn btn-link btn-sm">Identität löschen</button></form></td></tr>';
+        }
         $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
     }
 
diff --git a/style/admin-users.css b/style/admin-users.css
new file mode 100644
index 0000000..192fbb7
--- /dev/null
+++ b/style/admin-users.css
@@ -0,0 +1,5 @@
+.ident-row td {
+    border-top: none;
+    padding-left: 2rem;
+    padding-top: 0;
+}
\ No newline at end of file