From 1d5a599734cde6d8e1bb78aa38b2172d2310760c Mon Sep 17 00:00:00 2001
From: n1rwana <93197434+n1rwana@users.noreply.github.com>
Date: Thu, 16 Dec 2021 21:40:34 +0300
Subject: [PATCH] Groups: Transfer community permissions to another user (#348)

Closes #302
---
 Web/Presenters/GroupPresenter.php            | 24 +++++++++++++++++
 Web/Presenters/templates/Group/Followers.xml | 27 ++++++++++++++++++++
 Web/routes.yml                               |  2 ++
 locales/en.strings                           |  6 +++++
 locales/ru.strings                           |  6 +++++
 5 files changed, 65 insertions(+)

diff --git a/Web/Presenters/GroupPresenter.php b/Web/Presenters/GroupPresenter.php
index 1a7b1932..376749a5 100644
--- a/Web/Presenters/GroupPresenter.php
+++ b/Web/Presenters/GroupPresenter.php
@@ -3,6 +3,7 @@ namespace openvk\Web\Presenters;
 use openvk\Web\Models\Entities\{Club, Photo};
 use openvk\Web\Models\Entities\Notifications\ClubModeratorNotification;
 use openvk\Web\Models\Repositories\{Clubs, Users, Albums, Managers, Topics};
+use Chandler\Security\Authenticator;
 
 final class GroupPresenter extends OpenVKPresenter
 {
@@ -272,4 +273,27 @@ final class GroupPresenter extends OpenVKPresenter
             $this->notFound();
         }
     }
+
+    function renderChangeOwner(int $id, int $newOwnerId): void
+    {
+        $this->assertUserLoggedIn();
+        $this->willExecuteWriteAction();
+
+        if($_SERVER['REQUEST_METHOD'] !== "POST")
+            $this->redirect("/groups" . $this->user->id);
+
+        if(!Authenticator::verifyHash($this->postParam("password"), $this->user->identity->getChandlerUser()->getRaw()->passwordHash))
+            $this->flashFail("err", tr("error"), tr("incorrect_password"));
+
+        $club = $this->clubs->get($id);
+        $newOwner = (new Users)->get($newOwnerId);
+        if($this->user->id !== $club->getOwner()->getId())
+            $this->flashFail("err", tr("error"), tr("forbidden"));
+
+        $club->setOwner($newOwnerId);
+        $club->addManager($this->user->id);
+        $club->save();
+
+        $this->flashFail("succ", tr("information_-1"), tr("group_owner_setted", $newOwner->getCanonicalName(), $club->getName()));
+    }
 }
diff --git a/Web/Presenters/templates/Group/Followers.xml b/Web/Presenters/templates/Group/Followers.xml
index ead3368a..6556198b 100644
--- a/Web/Presenters/templates/Group/Followers.xml
+++ b/Web/Presenters/templates/Group/Followers.xml
@@ -91,6 +91,12 @@
                             {_promote_to_admin}
                         {/if}
                     </a>
+                    {if $club->getOwner()->getId() != $user->getId() && $manager && $thisUser->getId() == $club->getOwner()->getId()}
+                        |
+                        <a href="javascript:changeOwner({$club->getId()}, {$user->getId()})">
+                            {_promote_to_owner}
+                        </a>
+                    {/if}
                     {if $manager}
                          | 
                         <a href="javascript:setClubAdminComment('{$club->getId()}', '{$manager->getUserId()}', '{rawurlencode($csrfToken)}')">
@@ -116,4 +122,25 @@
             </tr>
         </tbody>
     </table>
+
+    <script>
+        function changeOwner(club, newOwner) {
+            let action = "/groups/" + club + "/setNewOwner/" + newOwner;
+
+            MessageBox(tr("group_changeowner_modal_title"), `
+                tr("group_changeowner_modal_text", {$user->getFullName()})
+                <br/><br/>
+                <form id="transfer-owner-permissions-form" method="post">
+                    <label for="password">tr("password")</label>
+                    <input type="password" id="password" name="password" required />
+                    <input type="hidden" name="hash" value={$csrfToken} />
+                </form>
+            `, [tr("transfer"), tr("cancel")], [
+                () => {
+                    $('#transfer-owner-permissions-form').attr('action', action);
+                    document.querySelector("#transfer-owner-permissions-form").submit();
+                }, Function.noop
+            ]);
+        }
+    </script>
 {/block}
diff --git a/Web/routes.yml b/Web/routes.yml
index 8f31b4b8..e4bd8215 100644
--- a/Web/routes.yml
+++ b/Web/routes.yml
@@ -75,6 +75,8 @@ routes:
       handler: "Group->attend"
     - url: "/al_comments.pl/create/{text}/{num}"
       handler: "Comment->makeComment"
+    - url: "/groups/{num}/setNewOwner/{num}"
+      handler: "Group->changeOwner"
     - url: "/comment{num}/like"
       handler: "Comment->like"
     - url: "/comment{num}/delete"
diff --git a/locales/en.strings b/locales/en.strings
index ac3c26fb..b17f624b 100644
--- a/locales/en.strings
+++ b/locales/en.strings
@@ -237,6 +237,7 @@
 "role" = "Role";
 "administrator" = "Administrator";
 "promote_to_admin" = "Promote to admin";
+"promote_to_owner" = "Promote to owner";
 "devote" = "Devote";
 "set_comment" = "Set comment";
 "hidden_yes" = "Hidden: Yes";
@@ -248,6 +249,10 @@
 "group_display_all_administrators" = "Display all administrators";
 "group_dont_display_administrators_list" = "Display nothing";
 
+"group_changeowner_modal_title" = "Owner's permissions transfer";
+"group_changeowner_modal_text" = "Attention! You are transferring owner rights to user $1. This action is irreversible. After the transfer, you will remain an administrator, but you can easily stop being one.";
+"group_owner_setted" = "The new owner ($1) has been successfully assigned to the community $2. You have been granted administrator rights in the community. If you want to return the owner role, contact <a href='/support?act=new'>site technical support</a>.";
+
 "participants_zero" = "No participants";
 "participants_one" = "$1 participant";
 "participants_other" = "$1 participant";
@@ -723,6 +728,7 @@
 "no" = "No";
 "cancel" = "Cancel";
 "edit_action" = "Change";
+"transfer" = "Transfer";
 
 "warning" = "Warning";
 "question_confirm" = "This action can't be undone. Do you really wanna do it?";
diff --git a/locales/ru.strings b/locales/ru.strings
index b09db677..f96799a7 100644
--- a/locales/ru.strings
+++ b/locales/ru.strings
@@ -247,6 +247,7 @@
 "role" = "Роль";
 "administrator" = "Администратор";
 "promote_to_admin" = "Повысить до администратора";
+"promote_to_owner" = "Назначить владельцем";
 "devote" = "Разжаловать";
 "set_comment" = "Изменить комментарий";
 "hidden_yes" = "Скрыт: Да";
@@ -258,6 +259,10 @@
 "group_display_all_administrators" = "Отображать всех администраторов";
 "group_dont_display_administrators_list" = "Ничего не отображать";
 
+"group_changeowner_modal_title" = "Передача прав владельца";
+"group_changeowner_modal_text" = "Внимание! Вы передаёте права владельца пользователю $1. Это действие необратимо. После передави вы останетесь адмиинстратором, но сможете легко перестать им быть.";
+"group_owner_setted" = "Новый владелец ($1) успешно назначен в сообщество $2. Вам выданы права администратора в сообществе. Если Вы хотите вернуть роль владельца, обратитесь в <a href='/support?act=new'>техническую поддержку сайта</a>.";
+
 "participants_zero" = "Ни одного участника";
 "participants_one" = "Один участник";
 "participants_few" = "$1 участника";
@@ -754,6 +759,7 @@
 "no" = "Нет";
 "cancel" = "Отмена";
 "edit_action" = "Изменить";
+"transfer" = "Передать";
 
 "warning" = "Внимание";
 "question_confirm" = "Это действие нельзя отменить. Вы действительно уверены в том что хотите сделать?";