jwed/dashboard-unifi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jwed:v1.5.1
Branches Tags
jwed:master
jwed:v1.12.1 jwed:v1.12.0 jwed:v1.11.1 jwed:v1.11.0 jwed:v1.10.4 jwed:v1.10.2 jwed:v1.10.1 jwed:v1.10.0 jwed:v1.9.1 jwed:v1.9.0 jwed:v1.8.1 jwed:v1.8.0 jwed:v1.7.1 jwed:v1.7.0 jwed:v1.6.3 jwed:v1.6.2 jwed:v1.6.1 jwed:v1.6.0 jwed:v1.5.5 jwed:v1.5.4 jwed:v1.5.3 jwed:v1.5.2 jwed:v1.5.1 jwed:v1.5.0 jwed:v1.4.0 jwed:v1.3.1 jwed:v1.3.0 jwed:v1.2.0 jwed:v1.1.0
..
compare: jwed:v1.5.3
Branches Tags
jwed:master
jwed:v1.12.1 jwed:v1.12.0 jwed:v1.11.1 jwed:v1.11.0 jwed:v1.10.4 jwed:v1.10.2 jwed:v1.10.1 jwed:v1.10.0 jwed:v1.9.1 jwed:v1.9.0 jwed:v1.8.1 jwed:v1.8.0 jwed:v1.7.1 jwed:v1.7.0 jwed:v1.6.3 jwed:v1.6.2 jwed:v1.6.1 jwed:v1.6.0 jwed:v1.5.5 jwed:v1.5.4 jwed:v1.5.3 jwed:v1.5.2 jwed:v1.5.1 jwed:v1.5.0 jwed:v1.4.0 jwed:v1.3.1 jwed:v1.3.0 jwed:v1.2.0 jwed:v1.1.0

2 Commits
v1.5.1 ... v1.5.3

Author SHA1 Message Date
jwed
8f51be8515 fix(rotate): don't skip when only PPSKs are flagged; move webhooks under /settings 
* Password rotation was short-circuiting any run that had no whole-SSID
  wlan_ids configured, even if there were PPSKs with rotate_password=true
  in the database. The PPSK rotation block lived after the early-return,
  so per-PPSK rotation never fired. Now we only skip when there's nothing
  at all to rotate (neither wlan_ids nor PPSK opt-ins).
* Webhook routes moved from /app/network/webhooks to
  /app/network/settings/webhooks so the URL reflects that this is a
  settings tab. Route names unchanged.

v1.5.3.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 17:53:48 -04:00
jwed
0490a1220b feat(access): only return granted users; add search endpoint 
Listing every user in the system on the access page didn't scale —
schools have thousands of user rows. Now:
  - index() only returns users that already have a UnifiPageGrant
    somewhere. Groups stay fully listed (few of them).
  - new searchUsers(q) endpoint returns up to 20 typeahead matches
    against name or email (min 2 chars).

v1.5.2.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-24 16:51:00 -04:00
4 changed files with 50 additions and 13 deletions
Expand all files Collapse all files

2
composer.json
View File

@@ -1,7 +1,7 @@
{ {
"name": "dashboard/unifi", "name": "dashboard/unifi",
"description": "UniFi network management, WiFi stats, and captive portal authentication for the Dashboard platform", "description": "UniFi network management, WiFi stats, and captive portal authentication for the Dashboard platform",
"version": "1.5.1", "version": "1.5.3",
"type": "library", "type": "library",
"license": "MIT", "license": "MIT",
"autoload": { "autoload": {

13
src/Console/RotatePasswords.php
View File

@@ -32,9 +32,16 @@ class RotatePasswords extends Command
$run = UnifiCronRun::record('rotate-passwords', $triggeredBy, null, function () use ($unifi, $force) { $run = UnifiCronRun::record('rotate-passwords', $triggeredBy, null, function () use ($unifi, $force) {
$wlanIdsJson = Setting::get('unifi.password_rotation.wlan_ids', '[]'); $wlanIdsJson = Setting::get('unifi.password_rotation.wlan_ids', '[]');
$wlanIds = json_decode($wlanIdsJson, true); $wlanIds = json_decode($wlanIdsJson, true);
if (! is_array($wlanIds)) $wlanIds = [];
if (empty($wlanIds) || ! is_array($wlanIds)) { $ppskQuery = UnifiPpsk::where('rotate_password', true)
return ['status' => 'skipped', 'reason' => 'no SSIDs configured for rotation']; ->where('state', 'active')
->whereNotNull('unifi_id');
// Skip only if there's nothing at all to rotate — neither
// whole-SSID rotation targets nor per-PPSK rotation opt-ins.
if (empty($wlanIds) && ! $ppskQuery->exists()) {
return ['status' => 'skipped', 'reason' => 'no SSIDs or PPSKs configured for rotation'];
} }
$wordlist = Setting::get('unifi.password_rotation.wordlist', ''); $wordlist = Setting::get('unifi.password_rotation.wordlist', '');
@@ -66,7 +73,7 @@ class RotatePasswords extends Command
$rotatedPpsks = []; $rotatedPpsks = [];
$failedPpsks = []; $failedPpsks = [];
foreach (UnifiPpsk::where('rotate_password', true)->where('state', 'active')->whereNotNull('unifi_id')->get() as $ppsk) { foreach ($ppskQuery->get() as $ppsk) {
$newPass = $passwords[array_rand($passwords)]; $newPass = $passwords[array_rand($passwords)];
try { try {
$unifi->updatePpsk($ppsk->unifi_id, ['x_passphrase' => $newPass]); $unifi->updatePpsk($ppsk->unifi_id, ['x_passphrase' => $newPass]);

31
src/Http/Controllers/UnifiPagesAccessController.php
View File

@@ -34,6 +34,12 @@ class UnifiPagesAccessController extends Controller
->get() ->get()
->groupBy('nav_item_id'); ->groupBy('nav_item_id');
// Only return users that ALREADY have grants. The full users list
// can be enormous (thousands of rows); the operator adds more via
// the searchUsers endpoint as needed.
$grantedUserIds = $grants->flatten(1)->where('grantee_type', 'user')->pluck('grantee_id')->unique();
$users = User::whereIn('id', $grantedUserIds)->orderBy('name')->get(['id', 'name', 'email']);
return response()->json([ return response()->json([
'pages' => $pages->map(fn ($p) => [ 'pages' => $pages->map(fn ($p) => [
'id' => $p->id, 'id' => $p->id,
@@ -42,11 +48,34 @@ class UnifiPagesAccessController extends Controller
'user_ids' => $grants->get($p->id, collect())->where('grantee_type', 'user')->pluck('grantee_id')->all(), 'user_ids' => $grants->get($p->id, collect())->where('grantee_type', 'user')->pluck('grantee_id')->all(),
'group_ids' => $grants->get($p->id, collect())->where('grantee_type', 'group')->pluck('grantee_id')->all(), 'group_ids' => $grants->get($p->id, collect())->where('grantee_type', 'group')->pluck('grantee_id')->all(),
])->values(), ])->values(),
'users' => User::orderBy('name')->get(['id', 'name', 'email']), 'users' => $users,
'groups' => Group::orderBy('name')->get(['id', 'name', 'is_super']), 'groups' => Group::orderBy('name')->get(['id', 'name', 'is_super']),
]); ]);
} }
/**
* Typeahead-style search for users to add to the access matrix.
* Returns up to 20 matches against name or email. Empty query returns
* an empty array — caller must enter at least 2 chars.
*/
public function searchUsers(Request $request)
{
$q = trim((string) $request->query('q', ''));
if (strlen($q) < 2) {
return response()->json(['users' => []]);
}
$users = User::where(function ($w) use ($q) {
$w->where('name', 'like', '%' . $q . '%')
->orWhere('email', 'like', '%' . $q . '%');
})
->orderBy('name')
->limit(20)
->get(['id', 'name', 'email']);
return response()->json(['users' => $users]);
}
public function update(Request $request, NavItem $navItem) public function update(Request $request, NavItem $navItem)
{ {
$app = DashboardApp::where('slug', 'unifi')->first(); $app = DashboardApp::where('slug', 'unifi')->first();

17
src/routes/unifi.php
View File

@@ -75,19 +75,20 @@ Route::middleware(['web', 'auth', 'app.access:unifi'])
// Page Access — super-admin only. Lists unifi pages and lets // Page Access — super-admin only. Lists unifi pages and lets
// operators assign per-page user/group grants. // operators assign per-page user/group grants.
Route::middleware('super.admin')->group(function () { Route::middleware('super.admin')->group(function () {
Route::get('/settings/pages-access', [UnifiPagesAccessController::class, 'index']) ->name('settings.pages-access.index'); Route::get('/settings/pages-access', [UnifiPagesAccessController::class, 'index']) ->name('settings.pages-access.index');
Route::put('/settings/pages-access/{navItem}', [UnifiPagesAccessController::class, 'update']) ->name('settings.pages-access.update'); Route::get('/settings/pages-access/users/search', [UnifiPagesAccessController::class, 'searchUsers'])->name('settings.pages-access.users.search');
Route::put('/settings/pages-access/{navItem}', [UnifiPagesAccessController::class, 'update']) ->name('settings.pages-access.update');
}); });
// Cron logs — read-only history of scheduled-task runs. // Cron logs — read-only history of scheduled-task runs.
Route::get('/settings/cron-logs', [UnifiCronLogsController::class, 'index'])->name('settings.cron-logs.index'); Route::get('/settings/cron-logs', [UnifiCronLogsController::class, 'index'])->name('settings.cron-logs.index');
// Webhooks // Webhooks — lives under /settings/* so it reads as a settings tab.
Route::get('/webhooks', [WebhookController::class, 'index']) ->name('webhooks.index'); Route::get('/settings/webhooks', [WebhookController::class, 'index']) ->name('webhooks.index');
Route::post('/webhooks', [WebhookController::class, 'store']) ->name('webhooks.store'); Route::post('/settings/webhooks', [WebhookController::class, 'store']) ->name('webhooks.store');
Route::put('/webhooks/{webhook}', [WebhookController::class, 'update']) ->name('webhooks.update'); Route::put('/settings/webhooks/{webhook}', [WebhookController::class, 'update']) ->name('webhooks.update');
Route::delete('/webhooks/{webhook}', [WebhookController::class, 'destroy'])->name('webhooks.destroy'); Route::delete('/settings/webhooks/{webhook}', [WebhookController::class, 'destroy'])->name('webhooks.destroy');
Route::post('/webhooks/{webhook}/test', [WebhookController::class, 'test']) ->name('webhooks.test'); Route::post('/settings/webhooks/{webhook}/test', [WebhookController::class, 'test']) ->name('webhooks.test');
}); });
}); });