From 8e42483c7e8829002852efe823b2d1c05edc3351 Mon Sep 17 00:00:00 2001
From: Luca <lucas@devcode.it>
Date: Tue, 5 Mar 2024 15:12:39 +0100
Subject: [PATCH] Controlla che l'utente che voglio eliminare non presenti logs
 associati

---
 editor.php                  |  2 +-
 modules/utenti/actions.php  | 38 +++++++++++++++++++++++++++++++++----
 src/Models/OperationLog.php |  7 +++++++
 3 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/editor.php b/editor.php
index 70c1c7548..49f92d73d 100755
--- a/editor.php
+++ b/editor.php
@@ -333,7 +333,7 @@ if (empty($record) || !$has_access) {
         echo '
                 <div id="tab_info" class="tab-pane">';
 
-        $operations = $dbo->fetchArray('SELECT `zz_operations`.*, `zz_users`.`username` FROM `zz_operations` JOIN `zz_users` ON `zz_operations`.`id_utente` = `zz_users`.`id` WHERE id_module = '.prepare($id_module).' AND id_record = '.prepare($id_record).' ORDER BY `created_at` DESC LIMIT 200');
+        $operations = $dbo->fetchArray('SELECT `zz_operations`.*, `zz_users`.`username` FROM `zz_operations` LEFT JOIN `zz_users` ON `zz_operations`.`id_utente` = `zz_users`.`id` WHERE id_module = '.prepare($id_module).' AND id_record = '.prepare($id_record).' ORDER BY `created_at` DESC LIMIT 200');
 
         if (!empty($operations)) {
             echo '
diff --git a/modules/utenti/actions.php b/modules/utenti/actions.php
index e7a332376..3b33fc644 100755
--- a/modules/utenti/actions.php
+++ b/modules/utenti/actions.php
@@ -148,13 +148,43 @@ switch (filter('op')) {
 
         // Elimina utente + disattivazione token
     case 'delete_user':
-        if ($dbo->query('DELETE FROM zz_users WHERE id='.prepare($id_utente))) {
-            flash()->info(tr('Utente eliminato!'));
 
-            if ($dbo->query('DELETE FROM zz_tokens WHERE id_utente='.prepare($id_utente))) {
-                flash()->info(tr('Token eliminato!'));
+        $utente = User::find($id_utente);
+
+        /* Controlla che non posso auto eliminarmi */
+        if (Auth::user()->id != $utente->id) {
+            
+            /* Controlla che l'utente che voglio eliminare non presenti logs associati */
+            if (count($utente->logs)>0){
+
+                if ($dbo->query('DELETE FROM zz_users WHERE id='.prepare($id_utente))) {
+                    flash()->info(tr('Utente eliminato!'));
+
+                    if ($dbo->query('DELETE FROM zz_tokens WHERE id_utente='.prepare($id_utente))) {
+                        flash()->info(tr('Token eliminato!'));
+                    }
+                }
             }
+            else {
+                flash()->error(tr('L\'utente _USER_ presenta dei log attivi. Impossibile eliminare utente.', ['_USER_' => $utente->username]));
+                
+                $dbo->update('zz_users', [
+                    'enabled' => 0,
+                ], ['id' => $id_utente]);
+
+
+                flash()->info(tr('Utente disabilitato!'));
+
+                if ($dbo->query('DELETE FROM zz_tokens WHERE id_utente='.prepare($id_utente))) {
+                    flash()->info(tr('Token eliminato!'));
+                } flash()->info(tr('Token eliminato!'));
+            }
+
+        }else{
+                flash()->error(tr('L\'utente _USER_ è l\'utente attuale. Impossibile eliminare utente.', ['_USER_' => $utente->username]));
         }
+
+
         break;
 
         // Abilita API utente
diff --git a/src/Models/OperationLog.php b/src/Models/OperationLog.php
index d8e823014..70a84fcc1 100755
--- a/src/Models/OperationLog.php
+++ b/src/Models/OperationLog.php
@@ -41,6 +41,13 @@ class OperationLog extends Model
         return self::$info[$name];
     }
 
+    /**
+     * Build a new model instance and save it to the database.
+     *
+     * @param mixed $operation
+     * @return static|null
+     */
+
     public static function build($operation)
     {
         if (!\Auth::check()) {