diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-13 03:56:50 +0000 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-13 03:56:50 +0000 |
| commit | 9c24b5d94dec36e5c3c1f6450dea77f6c2c623a9 (patch) | |
| tree | 0706453686bbbd68fd5d2df132d862bcfe18c9a2 /modules/user/controllers/admin_users.php | |
| parent | b9aeec634d8aca1848233a88ab18a732e3df5914 (diff) | |
Variety of changes to the way we do user editing:
1) Allow admins to edit the admin bit of other admins
2) Don't allow admins to delete themselves (partial fix for ticket #213)
3) Inline user::update(). Don't do form processing in helper methods!
4) Inline user::_get_edit_form() so that we can treat edit forms differently.
Trying to hard to make common functions makes for weird edge cases.
Diffstat (limited to 'modules/user/controllers/admin_users.php')
| -rw-r--r-- | modules/user/controllers/admin_users.php | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index a4491a71..3ea6c2a5 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -41,6 +41,7 @@ class Admin_Users_Controller extends Controller { $user = user::create( $name, $form->add_user->full_name->value, $form->add_user->password->value); $user->email = $form->add_user->email->value; + $user->admin = $form->add_user->admin->checked; if ($form->add_user->locale) { $desired_locale = $form->add_user->locale->value; @@ -62,6 +63,10 @@ class Admin_Users_Controller extends Controller { public function delete_user($id) { access::verify_csrf(); + if ($id == user::active()->id) { + access::forbidden(); + } + $user = ORM::factory("user", $id); if (!$user->loaded) { kohana::show_404(); @@ -100,10 +105,37 @@ class Admin_Users_Controller extends Controller { $form = user::get_edit_form_admin($user); $valid = $form->validate(); if ($valid) { - $valid = user::update($user, $form); + $new_name = $form->edit_user->inputs["name"]->value; + if ($new_name != $user->name && + ORM::factory("user") + ->where("name", $new_name) + ->where("id !=", $user->id) + ->find() + ->loaded) { + $form->edit_user->inputs["name"]->add_error("in_use", 1); + $valid = false; + } else { + $user->name = $new_name; + } } if ($valid) { + $user->full_name = $form->edit_user->full_name->value; + if ($form->edit_user->password->value) { + $user->password = $form->edit_user->password->value; + } + $user->email = $form->edit_user->email->value; + if ($form->edit_user->locale) { + $desired_locale = $form->edit_user->locale->value; + $user->locale = $desired_locale == "none" ? null : $desired_locale; + } + + // An admin can change the admin status for any user but themselves + if ($user->id != user::active()->id) { + $user->admin = $form->edit_user->admin->checked; + } + $user->save(); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { @@ -118,7 +150,12 @@ class Admin_Users_Controller extends Controller { kohana::show_404(); } - print user::get_edit_form_admin($user); + $form = user::get_edit_form_admin($user); + // Don't allow the user to control their own admin bit, else you can lock yourself out + if ($user->id == user::active()->id) { + $form->edit_user->admin->disabled(1); + } + print $form; } public function add_user_to_group($user_id, $group_id) { |