File: controller.inc.php

package info (click to toggle)
zoph 1.4-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 16,632 kB
  • sloc: php: 28,044; javascript: 10,435; sql: 527; sh: 153; makefile: 4
file content (154 lines) | stat: -rw-r--r-- 5,238 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
<?php
/**
 * Controller for user
 *
 * This file is part of Zoph.
 *
 * Zoph is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Zoph is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with Zoph; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 * @package Zoph
 * @author Jeroen Roos
 */

namespace user;

use auth\validator;
use conf\conf;
use generic\controller as genericController;
use securityException;
use template\message;
use web\request;
use user;

/**
 * Controller for user
 */
class controller extends genericController {
    protected static $viewConfirm   = view\confirm::class;
    protected static $viewDisplay   = view\display::class;
    protected static $viewNew       = view\update::class;
    protected static $viewNotfound  = view\notfound::class;
    protected static $viewPassword  = view\password::class;
    protected static $viewPrefs     = view\prefs::class;
    protected static $viewRedirect  = \web\view\redirect::class;
    protected static $viewUpdate    = view\update::class;
    protected static $viewUsers     = view\users::class;

    /** @var array Actions that can be used in this controller */
    protected $actions = array("confirm", "delete", "display", "edit", "insert", "new", "prefs", "update", "updateprefs", "users", "password");

    public function doAction(string $action) : void {
        $user = user::getCurrent();
        if ($user->isAdmin()) {
            $this->setUserAdmin($user, $action);
        } else {
            $this->setUserNonAdmin($user, $action);
        }
        parent::doAction($action);
    }

    private function setUserAdmin(user $user, string $action) : void {
        if (!in_array($action, array("users", "new"))) {
            if (isset($this->request["user_id"])) {
                $user = new user($this->request["user_id"]);
            }
            $user->lookup();
            $user->lookupPrefs();

            if ($user->getId() == -1) {
                $prefs = new prefs(-1);
                if (!$prefs->lookup()) {
                    $prefs->insert();
                    $prefs->load(1);
                }

                $user->set("user_name", translate("Default preferences"));
                $user->prefs=$prefs;
            }

            $this->setObject($user);
        } else if ($action == "new") {
            $this->setObject(new user());
        }
    }

    private function setUserNonAdmin(user $user, string $action) : void {
        if ($user->isDefault()) {
            throw new securityException("Default user cannot change password or preferences");
        } else if (in_array($action, array("password", "update", "prefs", "updateprefs"))) {
            $this->setObject($user);
        } else {
            throw new securityException("Admin user required");
        }
    }

    protected function actionConfirm() {
        parent::actionConfirm();
        $this->view->setRedirect("user/users");
    }

    protected function actionPrefs() {
        $this->view = new static::$viewPrefs($this->request, $this->object);
    }

    /**
     * Action: update
     * The update action processes a form as generated after the "edit" action.
     * The subsequently called view displays the object.
     */
    protected function actionUpdate() {
        $msg=null;
        $password = $this->request["_password"];
        if (!empty($password)) {
            $this->object->set("password", validator::hashPassword($password));
            $this->object->update();
            $msg = new message(message::SUCCESS, translate("The password has been changed"));
        }


        if (user::getCurrent()->isAdmin()) {
            parent::actionUpdate();
            $this->view = new static::$viewUpdate($this->request, $this->object);
        } else {
            $this->view = new static::$viewPassword($this->request, $this->object);
            if (empty($password)) {
                $msg = new message(message::ERROR, translate("The password may not be null"));
            }
        }
        $this->view->setMessage($msg);
    }

    /**
     * Action: update prefs
     */
    protected function actionUpdatePrefs() {
        $prefs = $this->object->prefs;
        $prefs->setFields($this->request->getRequestVars());
        $prefs->update();

        $this->view = new static::$viewPrefs($this->request, $this->object);
        $prefs->load();
        user::getCurrent()->loadLanguage(1);
    }

    protected function actionUsers() {
        $this->view = new static::$viewUsers($this->request);
        $this->view->setObjects(user::getAll("user_name"));
    }

    protected function actionPassword() {
        $this->view = new static::$viewPassword($this->request, $this->object);
    }

}