From 326bc59be5ef54213c62e808cd426acb443db25d Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
<161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sun, 15 Jun 2025 18:13:37 +0000
Subject: [PATCH 1/2] =?UTF-8?q?feat:=20Ajout=20de=20la=20fonctionnalit?=
=?UTF-8?q?=C3=A9=20de=20modification=20de=20r=C3=B4le=20utilisateur?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
J'ai implémenté la possibilité pour les administrateurs de changer le rôle des utilisateurs entre 'user' et 'admin' directement depuis la page de liste des utilisateurs.
Changements apportés :
- Ajout d'une méthode `toggleAdminRole` dans `UserController.php` pour gérer la logique de changement de rôle.
- Intégration de vérifications de sécurité pour empêcher la modification du rôle de l'admin principal, de votre propre rôle, ou la suppression du dernier rôle admin.
- Ajout d'une route POST `/users/toggle-admin` pour cette nouvelle fonctionnalité.
- Modification de la vue `app/src/Views/users/index.php` pour afficher les boutons de changement de rôle ("Passer Admin" / "Retirer Admin") avec une confirmation JavaScript.
- Mise à jour du fichier de langue `fr.json` avec les nouvelles chaînes de caractères nécessaires.
- Journalisation des actions de modification de rôle.
Il est recommandé de tester manuellement cette fonctionnalité pour s'assurer qu'elle fonctionne comme prévu dans tous les scénarios.
---
app/public/index.php | 1 +
app/src/Controllers/UserController.php | 73 ++++++++++++++++++++++++++
app/src/Lang/fr.json | 12 ++++-
app/src/Views/users/index.php | 19 +++++--
4 files changed, 101 insertions(+), 4 deletions(-)
diff --git a/app/public/index.php b/app/public/index.php
index 30c2eee..e596c68 100644
--- a/app/public/index.php
+++ b/app/public/index.php
@@ -215,6 +215,7 @@ $router->addRoute('GET', '/users', 'UserController@index', true);
$router->addRoute('GET', '/users/create', 'UserController@showCreateForm', true);
$router->addRoute('POST', '/users/create', 'UserController@create', true);
$router->addRoute('POST', '/users/delete', 'UserController@delete', true);
+$router->addRoute('POST', '/users/toggle-admin', 'UserController@toggleAdminRole', true);
$router->addRoute('GET', '/logout', 'AuthController@logout', true);
// Exécuter le routage
diff --git a/app/src/Controllers/UserController.php b/app/src/Controllers/UserController.php
index 85b4a31..e13aebb 100644
--- a/app/src/Controllers/UserController.php
+++ b/app/src/Controllers/UserController.php
@@ -7,6 +7,7 @@ use App\Services\AuthService;
use App\Services\LogService;
use App\Services\LanguageService;
use App\Utils\DarkMode;
+use \PDOException;
/**
* Contrôleur pour la gestion des utilisateurs.
@@ -210,4 +211,76 @@ class UserController
header('Location: /users');
exit();
}
+
+ /**
+ * Modifie le rôle d'un utilisateur (admin/user).
+ */
+ public function toggleAdminRole()
+ {
+ $this->requireAdmin();
+
+ if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+ header('Location: /users');
+ exit();
+ }
+
+ $userIdToModify = $_POST['user_id'] ?? null;
+ $ipAddress = $_SERVER['REMOTE_ADDR'];
+ $adminUserId = $this->authService->getUserId();
+
+ if (empty($userIdToModify)) {
+ $_SESSION['error'] = $this->langService->__('user_role_error_id_missing'); // Nouvelle chaîne de langue
+ header('Location: /users');
+ exit();
+ }
+
+ // Récupérer les informations de l'utilisateur à modifier
+ $stmt = $this->db->prepare("SELECT username, role FROM users WHERE id = ?");
+ $stmt->execute([$userIdToModify]);
+ $userToModify = $stmt->fetch();
+
+ if (!$userToModify) {
+ $_SESSION['error'] = $this->langService->__('user_not_found'); // Nouvelle chaîne de langue (ou existante)
+ header('Location: /users');
+ exit();
+ }
+
+ // Empêcher la modification du rôle de l'utilisateur "admin" (ou un nom spécifique)
+ // ou de son propre rôle si c'est l'admin connecté
+ if ($userToModify['username'] === 'admin' || $userIdToModify == $adminUserId) {
+ $_SESSION['error'] = $this->langService->__('cannot_change_admin_role'); // Nouvelle chaîne de langue
+ $this->logService->log('warning', "Tentative de modification du rôle de l'administrateur principal ou de soi-même par l'admin ID: {$adminUserId}.", $adminUserId, $ipAddress);
+ header('Location: /users');
+ exit();
+ }
+
+ $newRole = ($userToModify['role'] === 'admin') ? 'user' : 'admin';
+
+ // Si on retire le rôle admin, vérifier qu'il en reste au moins un autre
+ if ($newRole === 'user' && $userToModify['role'] === 'admin') {
+ $stmt = $this->db->query("SELECT COUNT(*) FROM users WHERE role = 'admin'");
+ $adminCount = $stmt->fetchColumn();
+ if ($adminCount <= 1) {
+ $_SESSION['error'] = $this->langService->__('cannot_remove_last_admin_role'); // Nouvelle chaîne de langue
+ $this->logService->log('warning', "Tentative de suppression du dernier rôle admin par l'admin ID: {$adminUserId}.", $adminUserId, $ipAddress);
+ header('Location: /users');
+ exit();
+ }
+ }
+
+ try {
+ $stmt = $this->db->prepare("UPDATE users SET role = ? WHERE id = ?");
+ $stmt->execute([$newRole, $userIdToModify]);
+
+ $this->logService->log('info', "Rôle de l'utilisateur '{$userToModify['username']}' (ID: {$userIdToModify}) changé en '{$newRole}' par l'administrateur ID: {$adminUserId}.", $adminUserId, $ipAddress);
+ $_SESSION['success'] = $this->langService->__('user_role_updated_success', ['username' => htmlspecialchars($userToModify['username']), 'role' => htmlspecialchars($newRole)]); // Nouvelle chaîne de langue
+ } catch (\PDOException $e) {
+ error_log("Erreur lors du changement de rôle de l'utilisateur: " . $e->getMessage());
+ $_SESSION['error'] = $this->langService->__('user_role_update_error_db'); // Nouvelle chaîne de langue
+ $this->logService->log('error', "Échec changement de rôle pour utilisateur ID: {$userIdToModify}: " . $e->getMessage(), $adminUserId, $ipAddress);
+ }
+
+ header('Location: /users');
+ exit();
+ }
}
diff --git a/app/src/Lang/fr.json b/app/src/Lang/fr.json
index 203b1bb..af24851 100644
--- a/app/src/Lang/fr.json
+++ b/app/src/Lang/fr.json
@@ -80,5 +80,15 @@
"user_delete_success": "Utilisateur '{username}' supprimé avec succès.",
"user_delete_error_not_found": "Utilisateur introuvable pour la suppression.",
"user_delete_error_db": "Erreur lors de la suppression de l'utilisateur dans la base de données.",
- "self_delete_not_allowed": "Vous ne pouvez pas vous supprimer vous-même."
+ "self_delete_not_allowed": "Vous ne pouvez pas vous supprimer vous-même.",
+ "user_role_error_id_missing": "ID utilisateur manquant pour la modification du rôle.",
+ "user_not_found": "Utilisateur non trouvé.",
+ "cannot_change_admin_role": "Le rôle de l'administrateur principal ou son propre rôle ne peut être modifié.",
+ "cannot_remove_last_admin_role": "Impossible de retirer le statut d'administrateur au dernier administrateur.",
+ "user_role_updated_success": "Le rôle de l'utilisateur '{username}' a été changé en '{role}' avec succès.",
+ "user_role_update_error_db": "Erreur de base de données lors de la mise à jour du rôle de l'utilisateur.",
+ "confirm_toggle_admin_role": "Êtes-vous sûr de vouloir modifier le rôle de cet utilisateur ?",
+ "remove_admin_status": "Retirer Admin",
+ "pass_to_admin": "Passer Admin",
+ "cannot_change_main_admin_role": "Rôle non modifiable"
}
diff --git a/app/src/Views/users/index.php b/app/src/Views/users/index.php
index 9396bce..3012824 100644
--- a/app/src/Views/users/index.php
+++ b/app/src/Views/users/index.php
@@ -36,13 +36,26 @@ require_once APP_ROOT_DIR . '/src/Views/shared/header.php';
|
|
format('Y-m-d H:i:s')) ?> |
-
- getUserId()): // Impossible de supprimer son propre compte ?>
+ |
+ getUserId()): ?>
+
+
+
+
+
+ getUserId() && $user['username'] !== 'admin'): // Condition existante pour la suppression, légèrement ajustée pour être sûr que 'admin' n'est pas supprimable non plus via cette interface ?>
-
+ getUserId() && $user['username'] !== 'admin'): // Permet à l'admin de voir "non modifiable" pour lui meme, mais pas "auto suppression interdite" si c'est admin ?>
|
From 3ea4fc51c9ad17e03dd5e71268b0f6e5fca4a9bc Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
<161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sun, 15 Jun 2025 18:25:50 +0000
Subject: [PATCH 2/2] =?UTF-8?q?fix:=20Ajout=20des=20traductions=20manquant?=
=?UTF-8?q?es=20pour=20la=20modification=20de=20r=C3=B4le?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
J'ai ajouté les clés de traduction nécessaires pour la fonctionnalité de modification de rôle utilisateur à tous les fichiers de langue.
- Les traductions françaises et anglaises sont fournies.
- Pour les autres langues (ar, de, es, hi, it, ja, pt, ru, zh), les textes anglais sont utilisés comme placeholders.
Ceci corrige l'omission de la mise à jour de tous les fichiers de langue lors de l'implémentation initiale de la fonctionnalité.
---
app/src/Lang/ar.json | 12 +++++++++++-
app/src/Lang/de.json | 12 +++++++++++-
app/src/Lang/en.json | 12 +++++++++++-
app/src/Lang/es.json | 12 +++++++++++-
app/src/Lang/hi.json | 12 +++++++++++-
app/src/Lang/it.json | 12 +++++++++++-
app/src/Lang/ja.json | 12 +++++++++++-
app/src/Lang/pt.json | 12 +++++++++++-
app/src/Lang/ru.json | 12 +++++++++++-
app/src/Lang/zh.json | 12 +++++++++++-
10 files changed, 110 insertions(+), 10 deletions(-)
diff --git a/app/src/Lang/ar.json b/app/src/Lang/ar.json
index 091d274..4af9b22 100644
--- a/app/src/Lang/ar.json
+++ b/app/src/Lang/ar.json
@@ -80,5 +80,15 @@
"user_delete_success": "Auto-translated 'User ''{username}'' deleted successfully.' to Arabic",
"user_delete_error_not_found": "Auto-translated 'User not found for deletion.' to Arabic",
"user_delete_error_db": "Auto-translated 'Error deleting user from the database.' to Arabic",
- "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Arabic"
+ "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Arabic",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/de.json b/app/src/Lang/de.json
index 90c16d4..6a5b1ac 100644
--- a/app/src/Lang/de.json
+++ b/app/src/Lang/de.json
@@ -80,5 +80,15 @@
"user_delete_success": "Benutzer '{username}' erfolgreich gelöscht.",
"user_delete_error_not_found": "Benutzer zum Löschen nicht gefunden.",
"user_delete_error_db": "Fehler beim Löschen des Benutzers aus der Datenbank.",
- "self_delete_not_allowed": "Sie können sich nicht selbst löschen."
+ "self_delete_not_allowed": "Sie können sich nicht selbst löschen.",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/en.json b/app/src/Lang/en.json
index 6951f8a..53e4348 100644
--- a/app/src/Lang/en.json
+++ b/app/src/Lang/en.json
@@ -80,5 +80,15 @@
"user_delete_success": "User '{username}' deleted successfully.",
"user_delete_error_not_found": "User not found for deletion.",
"user_delete_error_db": "Error deleting user from the database.",
- "self_delete_not_allowed": "You cannot delete yourself."
+ "self_delete_not_allowed": "You cannot delete yourself.",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/es.json b/app/src/Lang/es.json
index 66cb7ab..fc628a2 100644
--- a/app/src/Lang/es.json
+++ b/app/src/Lang/es.json
@@ -80,5 +80,15 @@
"user_delete_success": "Usuario '{username}' eliminado correctamente.",
"user_delete_error_not_found": "Usuario no encontrado para la eliminación.",
"user_delete_error_db": "Error al eliminar el usuario de la base de datos.",
- "self_delete_not_allowed": "No puedes eliminarte a ti mismo."
+ "self_delete_not_allowed": "No puedes eliminarte a ti mismo.",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/hi.json b/app/src/Lang/hi.json
index a2f7b86..bdee1a4 100644
--- a/app/src/Lang/hi.json
+++ b/app/src/Lang/hi.json
@@ -80,5 +80,15 @@
"user_delete_success": "Auto-translated 'User ''{username}'' deleted successfully.' to Hindi",
"user_delete_error_not_found": "Auto-translated 'User not found for deletion.' to Hindi",
"user_delete_error_db": "Auto-translated 'Error deleting user from the database.' to Hindi",
- "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Hindi"
+ "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Hindi",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/it.json b/app/src/Lang/it.json
index 2145aa9..b30a72f 100644
--- a/app/src/Lang/it.json
+++ b/app/src/Lang/it.json
@@ -80,5 +80,15 @@
"user_delete_success": "Utente '{username}' eliminato con successo.",
"user_delete_error_not_found": "Utente non trovato per l'eliminazione.",
"user_delete_error_db": "Errore durante l'eliminazione dell'utente dal database.",
- "self_delete_not_allowed": "Non puoi eliminare te stesso."
+ "self_delete_not_allowed": "Non puoi eliminare te stesso.",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/ja.json b/app/src/Lang/ja.json
index bccf65c..4b1fc53 100644
--- a/app/src/Lang/ja.json
+++ b/app/src/Lang/ja.json
@@ -80,5 +80,15 @@
"user_delete_success": "Auto-translated 'User ''{username}'' deleted successfully.' to Japanese",
"user_delete_error_not_found": "Auto-translated 'User not found for deletion.' to Japanese",
"user_delete_error_db": "Auto-translated 'Error deleting user from the database.' to Japanese",
- "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Japanese"
+ "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Japanese",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/pt.json b/app/src/Lang/pt.json
index 1ff5920..9e7e453 100644
--- a/app/src/Lang/pt.json
+++ b/app/src/Lang/pt.json
@@ -80,5 +80,15 @@
"user_delete_success": "Utilizador '{username}' eliminado com sucesso.",
"user_delete_error_not_found": "Utilizador não encontrado para eliminação.",
"user_delete_error_db": "Erro ao eliminar utilizador da base de dados.",
- "self_delete_not_allowed": "Não pode eliminar-se a si mesmo."
+ "self_delete_not_allowed": "Não pode eliminar-se a si mesmo.",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/ru.json b/app/src/Lang/ru.json
index 4deb99e..940f10d 100644
--- a/app/src/Lang/ru.json
+++ b/app/src/Lang/ru.json
@@ -80,5 +80,15 @@
"user_delete_success": "Auto-translated 'User ''{username}'' deleted successfully.' to Russian",
"user_delete_error_not_found": "Auto-translated 'User not found for deletion.' to Russian",
"user_delete_error_db": "Auto-translated 'Error deleting user from the database.' to Russian",
- "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Russian"
+ "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Russian",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}
diff --git a/app/src/Lang/zh.json b/app/src/Lang/zh.json
index e8b19b2..af88502 100644
--- a/app/src/Lang/zh.json
+++ b/app/src/Lang/zh.json
@@ -80,5 +80,15 @@
"user_delete_success": "Auto-translated 'User ''{username}'' deleted successfully.' to Chinese",
"user_delete_error_not_found": "Auto-translated 'User not found for deletion.' to Chinese",
"user_delete_error_db": "Auto-translated 'Error deleting user from the database.' to Chinese",
- "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Chinese"
+ "self_delete_not_allowed": "Auto-translated 'You cannot delete yourself.' to Chinese",
+ "user_role_error_id_missing": "User ID missing for role modification.",
+ "user_not_found": "User not found.",
+ "cannot_change_admin_role": "The main administrator's role or your own role cannot be modified.",
+ "cannot_remove_last_admin_role": "Cannot remove administrator status from the last administrator.",
+ "user_role_updated_success": "User '{username}' role has been successfully changed to '{role}'.",
+ "user_role_update_error_db": "Database error while updating user role.",
+ "confirm_toggle_admin_role": "Are you sure you want to modify this user's role?",
+ "remove_admin_status": "Remove Admin",
+ "pass_to_admin": "Make Admin",
+ "cannot_change_main_admin_role": "Role not modifiable"
}