fixes #3532

Closes #3532 Merge request studip/studip!2426
author: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2023-12-06 11:26:20 +0000
committer: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2023-12-06 11:26:20 +0000
commit: 55d3689ae8808f89b9d9b87a9af3d94acdb2585a (patch)
tree: d831316d3e22903b8029858ad181578c420c81c5
parent: cda5cbe132debf296f48aff619630f93d8ef4d0f (diff)
3 files changed, 20 insertions, 4 deletions
diff --git a/app/controllers/tfa.php b/app/controllers/tfa.php
index 1b57f26..370d883 100644
--- a/app/controllers/tfa.php
+++ b/app/controllers/tfa.php
@@ -11,6 +11,8 @@ class TfaController extends AuthenticatedController
         $this->user = User::findCurrent();
         $this->is_root = $GLOBALS['perm']->have_perm('root');
 
+        $this->own_profile = true;
+
         if ($this->is_root && Request::submitted('username')) {
             $username = Request::username('username');
             $this->user = User::findOneByUsername($username);
@@ -19,6 +21,8 @@ class TfaController extends AuthenticatedController
                 throw new Exception(_('Diesen Nutzer gibt es nicht'));
             }
 
+            $this->own_profile = false;
+
             URLHelper::addLinkParam('username', Request::username('username'));
 
             PageLayout::postMessage(
@@ -33,6 +37,10 @@ class TfaController extends AuthenticatedController
         }
 
         $this->secret = new TFASecret($this->user->id);
+
+        if (!$this->own_profile) {
+            PageLayout::postWarning(_('Sie können die Zwei-Faktor-Authentifizierung nicht für andere Personen einrichten.'));
+        }
     }
 
     public function index_action()
diff --git a/app/views/tfa/index.php b/app/views/tfa/index.php
index 25ab953..b4367f0 100644
--- a/app/views/tfa/index.php
+++ b/app/views/tfa/index.php
@@ -2,6 +2,7 @@
 /**
  * @var TFASecret $secret
  * @var TfaController $controller
+ * @var bool $own_profile
  */
 ?>
 <p>
@@ -9,5 +10,7 @@
     <?= $secret->type == 'app' ? _('Authenticator-App') : _('E-Mail') ?>
 </p>
 <form action="<?= $controller->revoke() ?>" method="post">
-    <?= Studip\Button::createAccept(_('Aufheben')) ?>
+    <?= Studip\Button::createAccept(_('Aufheben'), 'revoke', $own_profile ? [] : [
+        'disabled' => ''
+    ]) ?>
 </form>
diff --git a/app/views/tfa/setup.php b/app/views/tfa/setup.php
index 62278dd..e4a0a3d 100644
--- a/app/views/tfa/setup.php
+++ b/app/views/tfa/setup.php
@@ -1,6 +1,7 @@
 <?php
 /**
  * @var TfaController $controller
+ * @var bool $own_profile
  */
 ?>
 <form class="default" action="<?= $controller->create() ?>" method="post">
@@ -12,17 +13,21 @@
         <?= formatReady(Config::get()->TFA_TEXT_INTRODUCTION) ?>
 
         <label>
-            <input required type="radio" name="type" value="email">
+            <input required type="radio" name="type" value="email"
+                   <? if (!$own_profile) echo 'disabled'; ?>>
             <?= _('E-Mail') ?>
         </label>
 
         <label>
-            <input required type="radio" name="type" value="app">
+            <input required type="radio" name="type" value="app"
+                   <? if (!$own_profile) echo 'disabled'; ?>>
             <?= _('Authenticator-App') ?>
         </label>
     </fieldset>
 
     <footer>
-        <?= Studip\Button::createAccept(_('Aktivieren')) ?>
+        <?= Studip\Button::createAccept(_('Aktivieren'), 'activate', $own_profile ? [] : [
+            'disabled' => ''
+        ]) ?>
     </footer>
 </form>
author	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2023-12-06 11:26:20 +0000
committer	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2023-12-06 11:26:20 +0000
commit	55d3689ae8808f89b9d9b87a9af3d94acdb2585a (patch)
tree	d831316d3e22903b8029858ad181578c420c81c5
parent	cda5cbe132debf296f48aff619630f93d8ef4d0f (diff)