Merge pull request #1730 from TehMuffinMoo/v2-develop

Add the ability to share the invites plugin with non-admins

api/plugins/invites/api.php

@@ -239,7 +239,7 @@ $app->get('/plugins/invites', function ($request, $response, $args) {
 	 */
 	$Invites = new Invites();
 	if ($Invites->checkRoute($request)) {
-		if ($Invites->qualifyRequest(1, true)) {
+		if ($Invites->qualifyRequest($Invites->config['INVITES-Auth-include'], true)) {
 			$GLOBALS['api']['response']['data'] = $Invites->_invitesPluginGetCodes();
 		}
 	}
@@ -265,7 +265,7 @@ $app->post('/plugins/invites', function ($request, $response, $args) {
 	 */
 	$Invites = new Invites();
 	if ($Invites->checkRoute($request)) {
-		if ($Invites->qualifyRequest(1, true)) {
+		if ($Invites->qualifyRequest($Invites->config['INVITES-Auth-include'], true)) {
 			$Invites->_invitesPluginCreateCode($Invites->apiData($request));
 		}
 	}
@@ -371,7 +371,7 @@ $app->delete('/plugins/invites/{code}', function ($request, $response, $args) {
 	 */
 	$Invites = new Invites();
 	if ($Invites->checkRoute($request)) {
-		if ($Invites->qualifyRequest(1, true)) {
+		if ($Invites->qualifyRequest($Invites->config['INVITES-Auth-include'], true)) {
 			$Invites->_invitesPluginDeleteCode($args['code']);
 		}
 	}
@@ -379,4 +379,4 @@ $app->delete('/plugins/invites/{code}', function ($request, $response, $args) {
 	return $response
 		->withHeader('Content-Type', 'application/json;charset=UTF-8')
 		->withStatus($GLOBALS['responseCode']);
-});
+});

api/plugins/invites/config.php

@@ -1,11 +1,14 @@
 <?php
 return array(
 	'INVITES-enabled' => false,
+	'INVITES-Auth-include' => '1',
 	'INVITES-dbVersion' => '1.0.0',
 	'INVITES-type-include' => 'plex',
 	'INVITES-plexLibraries' => '',
 	'INVITES-EmbyTemplate' => '',
 	'INVITES-plex-tv-labels' => '',
 	'INVITES-plex-music-labels' => '',
-	'INVITES-plex-movies-labels' => ''
-);
+	'INVITES-plex-movies-labels' => '',
+	'INVITES-allow-delete-include' => false,
+	'INVITES-maximum-invites' => '0'
+);

api/plugins/invites/main.js

@@ -13,7 +13,7 @@ function inviteLaunch(){
 	</div>
 	`;
 	if(activeInfo.plugins["INVITES-enabled"] == true){
-		if (activeInfo.user.loggedin === true && activeInfo.user.groupID <= 1) {
+		if (activeInfo.user.loggedin === true && activeInfo.user.groupID <= activeInfo.plugins.includes["INVITES-Auth-include"]) {
 			menuList = `<li><a class="inline-popups inviteModal" href="#invite-area" data-effect="mfp-zoom-out"><i class="fa fa-ticket fa-fw"></i> <span lang="en">Manage Invites</span></a></li>`;
 			htmlDOM += `
 			<div id="new-invite-area" class="white-popup mfp-with-anim mfp-hide">
@@ -301,8 +301,9 @@ function buildInvites(array){
 			<td>`+v.dateused+`</td>
 			<td>`+v.usedby+`</td>
 			<td>`+v.ip+`</td>
+			<td>`+v.invitedby+`</td>
 			<td>`+v.valid+`</td>
-			<td><button type="button" class="btn btn-danger btn-outline btn-circle btn-lg m-r-5" onclick="deleteInvite('`+v.code+`','`+v.id+`');"><i class="ti-trash"></i></button></td>
+			<td class="deleteButton"><button type="button" class="btn btn-danger btn-outline btn-circle btn-lg m-r-5" onclick="deleteInvite('`+v.code+`','`+v.id+`');"><i class="ti-trash"></i></button></td>
 		</tr>
 		`;
 	});
@@ -310,7 +311,7 @@ function buildInvites(array){
 }
 $(document).on('click', '.inviteModal', function() {
 	var htmlDOM = '';
-	if (activeInfo.user.loggedin === true && activeInfo.user.groupID <= 1) {
+	if (activeInfo.user.loggedin === true && activeInfo.user.groupID <= activeInfo.plugins.includes["INVITES-Auth-include"]) {
 		ajaxloader(".content-wrap","in");
 		organizrAPI2('GET','api/v2/plugins/invites').success(function(data) {
 			var response = data.response;
@@ -334,8 +335,9 @@ $(document).on('click', '.inviteModal', function() {
 									<th lang="en">DATE USED</th>
 									<th lang="en">USED BY</th>
 									<th lang="en">IP ADDRESS</th>
+									<th lang="en">INVITED BY</th>
 									<th lang="en">VALID</th>
-									<th lang="en">DELETE</th>
+									<th lang="en" class="deleteButton">DELETE</th>
 								</tr>
 							</thead>
 							<tbody id="manageInviteTable">
@@ -348,6 +350,9 @@ $(document).on('click', '.inviteModal', function() {
 			<div class="clearfix"></div>
 			`;
 			$('.invite-div').html(htmlDOM);
+			if (activeInfo.plugins.includes["INVITES-allow-delete-include"] === false && activeInfo.user.groupID > 1) {
+				$('.deleteButton').hide();
+			}
 		}).fail(function(xhr) {
 			console.error("Organizr Function: API Connection Failed");
 		});

api/plugins/invites/plugin.php

@@ -70,12 +70,25 @@ class Invites extends Organizr
 	
 	public function _invitesPluginGetCodes()
 	{
-		$response = [
-			array(
-				'function' => 'fetchAll',
-				'query' => 'SELECT * FROM invites'
-			)
-		];
+		if ($this->qualifyRequest(1, false)) {
+			$response = [
+				array(
+					'function' => 'fetchAll',
+					'query' => 'SELECT * FROM invites'
+				)
+			];
+		} else {
+			$response = [
+				array(
+					'function' => 'fetchAll',
+					'query' => array (
+						'SELECT * FROM invites WHERE invitedby = ?',
+						$this->user['username']
+					)
+				)
+			];
+		}
+
 		return $this->processQueries($response);
 	}
 	
@@ -84,6 +97,14 @@ class Invites extends Organizr
 		$code = ($array['code']) ?? null;
 		$username = ($array['username']) ?? null;
 		$email = ($array['email']) ?? null;
+		$invites = $this->_invitesPluginGetCodes();
+		$inviteCount = count($invites);
+		if (!$this->qualifyRequest(1, false)) {
+			if ($this->config['INVITES-maximum-invites'] != 0 && $inviteCount >= $this->config['INVITES-maximum-invites']) {
+			$this->setAPIResponse('error', 'Maximum number of invites reached', 409);
+			return false;
+			}
+		}
 		if (!$code) {
 			$this->setAPIResponse('error', 'Code not supplied', 409);
 			return false;
@@ -102,6 +123,7 @@ class Invites extends Organizr
 			'username' => $username,
 			'valid' => 'Yes',
 			'type' => $this->config['INVITES-type-include'],
+			'invitedby' => $this->user['username'],
 		];
 		$response = [
 			array(
@@ -163,15 +185,33 @@ class Invites extends Organizr
 	
 	public function _invitesPluginDeleteCode($code)
 	{
-		$response = [
-			array(
-				'function' => 'fetch',
-				'query' => array(
-					'SELECT * FROM invites WHERE code = ? COLLATE NOCASE',
-					$code
+		if ($this->qualifyRequest(1, false)) {
+			$response = [
+				array(
+					'function' => 'fetch',
+					'query' => array(
+						'SELECT * FROM invites WHERE code = ? COLLATE NOCASE',
+						$code
+					)
 				)
-			)
-		];
+			];
+		} else {
+			if ($this->config['INVITES-allow-delete']) {
+				$response = [
+					array(
+						'function' => 'fetch',
+						'query' => array(
+							'SELECT * FROM invites WHERE invitedby = ? AND code = ? COLLATE NOCASE',
+							$this->user['username'],
+							$code
+						)
+					)
+				];
+			} else {
+				$this->setAPIResponse('error', 'You are not permitted to delete invites.', 409);
+				return false;
+			}
+		}
 		$info = $this->processQueries($response);
 		if (!$info) {
 			$this->setAPIResponse('error', 'Code not found', 404);
@@ -308,7 +348,29 @@ class Invites extends Organizr
 							'value' => 'emby'
 						)
 					)
-				)
+				),
+				array(
+					'type' => 'select',
+					'name' => 'INVITES-Auth-include',
+					'label' => 'Minimum Authentication',
+					'value' => $this->config['INVITES-Auth-include'],
+					'options' => $this->groupSelect()
+				),
+				array(
+					'type' => 'switch',
+					'name' => 'INVITES-allow-delete-include',
+					'label' => 'Allow users to delete invites',
+					'help' => 'This must be disabled to enforce invitation limits.',
+					'value' => $this->config['INVITES-allow-delete-include']
+				),
+				array(
+					'type' => 'number',
+					'name' => 'INVITES-maximum-invites',
+					'label' => 'Maximum number of invites permitted for users.',
+					'help' => 'Set to 0 to disable the limit.',
+					'value' => $this->config['INVITES-maximum-invites'],
+					'placeholder' => '0'
+				),
 			),
 			'Plex Settings' => array(
 				array(
@@ -533,5 +595,5 @@ class Invites extends Organizr
 		}
 		return (!empty($plexUser) ? $plexUser : null);
 	}
-	
+
 }