diff options
| -rw-r--r-- | modules/user/controllers/admin_users.php | 3 | ||||
| -rw-r--r-- | modules/user/controllers/groups.php | 106 | ||||
| -rw-r--r-- | modules/user/controllers/users.php | 30 | ||||
| -rw-r--r-- | modules/user/helpers/group.php | 35 | ||||
| -rw-r--r-- | modules/user/helpers/user.php | 17 | ||||
| -rw-r--r-- | modules/user/views/admin_users.html.php | 58 | ||||
| -rw-r--r-- | themes/admin_default/js/ui.init.js | 2 |
7 files changed, 213 insertions, 38 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index ac328780..c39092b2 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -21,7 +21,8 @@ class Admin_Users_Controller extends Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); - $view->content->users = ORM::factory("user")->find_all(); + $view->content->users = ORM::factory("user")->orderby("name")->find_all(); + $view->content->groups = ORM::factory("group")->orderby("name")->find_all(); print $view; } diff --git a/modules/user/controllers/groups.php b/modules/user/controllers/groups.php new file mode 100644 index 00000000..96084fe2 --- /dev/null +++ b/modules/user/controllers/groups.php @@ -0,0 +1,106 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2008 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Groups_Controller extends REST_Controller { + protected $resource_type = "group"; + + /** + * Display comments based on criteria. + * @see Rest_Controller::_index() + */ + public function _index() { + throw new Exception("@todo Group_Controller::_index NOT IMPLEMENTED"); + } + + /** + * @see Rest_Controller::_create($resource) + */ + public function _create($resource) { + $form = group::get_add_form(); + if ($form->validate()) { + group::create($form->add_group->gname->value); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; + } + + /** + * @see Rest_Controller::_show($resource) + */ + public function _show($user) { + throw new Exception("@todo Group_Controller::_show NOT IMPLEMENTED"); + } + + /** + * @see Rest_Controller::_update($resource) + */ + public function _update($group) { + $form = group::get_edit_form($group); + if ($form->validate()) { + $group->name = $form->edit_group->gname->value; + $group->save(); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; + } + + /** + * @see Rest_Controller::_delete($resource) + */ + public function _delete($group) { + if (!(user::active()->admin) || $group->special) { + access::forbidden(); + } + // Prevent CSRF + $form = group::get_delete_form($group); + if ($form->validate()) { + $group->delete(); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; + } + + /** + * Present a form for editing a user + * @see Rest_Controller::form($resource) + */ + public function _form_edit($group) { + if ($group->guest || group::active()->id != $group->id) { + access::forbidden(); + } + + print group::get_edit_form( + $group, + "users/{$group->id}?_method=put&continue=" . $this->input->get("continue")); + } + + /** + * Present a form for adding a user + * @see Rest_Controller::form($resource) + */ + public function _form_add($parameters) { + throw new Exception("@todo Group_Controller::_form_add NOT IMPLEMENTED"); + } +} diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 0ea6b403..f21e9ae0 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -25,23 +25,22 @@ class Users_Controller extends REST_Controller { * @see Rest_Controller::_index() */ public function _index() { - throw new Exception("@todo Comment_Controller::_index NOT IMPLEMENTED"); + throw new Exception("@todo User_Controller::_index NOT IMPLEMENTED"); } /** * @see Rest_Controller::_create($resource) */ - public function _create($user) { - if ($user->guest || (!user::active()->admin && $user->id != user::active()->id)) { + public function _create($resource) { + if (!(user::active()->admin)) { access::forbidden(); } - $form = user::get_add_form($user, ""); + $form = user::get_add_form(); if ($form->validate()) { - $user->name = $form->edit_user->uname->value; - $user->full_name = $form->edit_user->full_name->value; - $user->password = $form->edit_user->password->value; - $user->email = $form->edit_user->email->value; + $user = user::create($form->add_user->uname->value, + $form->add_user->full_name->value, $form->add_user->password->value); + $user->email = $form->add_user->email->value; $user->save(); if ($continue = $this->input->get("continue")) { url::redirect($continue); @@ -65,7 +64,7 @@ class Users_Controller extends REST_Controller { access::forbidden(); } - $form = user::get_edit_form($user, ""); + $form = user::get_edit_form($user); $form->edit_user->password->rules("-required"); if ($form->validate()) { $user->full_name = $form->edit_user->full_name->value; @@ -83,7 +82,18 @@ class Users_Controller extends REST_Controller { * @see Rest_Controller::_delete($resource) */ public function _delete($user) { - throw new Exception("@todo User_Controller::_delete NOT IMPLEMENTED"); + if (!(user::active()->admin) || $user->id == user::active()->id) { + access::forbidden(); + } + // Prevent CSRF + $form = user::get_delete_form($user); + if ($form->validate()) { + $user->delete(); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; } /** diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index 98947794..f32e37dc 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -31,7 +31,7 @@ class group_Core { * @return Group_Model */ static function create($name) { - $group = ORM::factory("group")->where("name", $name); + $group = ORM::factory("group")->where("name", $name)->find(); if ($group->loaded) { throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); } @@ -64,4 +64,37 @@ class group_Core { static function registered_users() { return ORM::factory("group", 2); } + + /** + * This is the API for handling groups. + * @TODO incorporate rules! + */ + public static function get_edit_form($group, $action = NULL) { + $form = new Forge($action); + $form_group = $form->group("edit_group")->label(_("Edit Group")); + $form_group->input("gname")->label(_("Name"))->id("gName")->value($group->name); + $form_group->submit(_("Modify")); + $form->add_rules_from($group); + $form->edit_group->gname->rules($group->rules["name"]); + return $form; + } + + public static function get_add_form($action = NULL) { + $form = new Forge($action); + $form_group = $form->group("add_group")->label(_("Add Group")); + $form_group->input("gname")->label(_("Name"))->id("gName"); + $form_group->submit(_("Create")); + $group = ORM::factory("group"); + $form->add_rules_from($group); + $form->add_group->gname->rules($group->rules["name"]); + return $form; + } + + public static function get_delete_form($group, $action = NULL) { + $form = new Forge($action); + $form_group = $form->group("delete_group")->label(_("Delete Group")); + $form_group->label(_("Are you sure you want to delete " . $group->name . "?")); + $form_group->submit(_("Delete")); + return $form; + } }
\ No newline at end of file diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index 0f5520e7..9ffcebfc 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -24,7 +24,7 @@ * Note: by design, this class does not do any permission checking. */ class user_Core { - public static function get_edit_form($user, $action) { + public static function get_edit_form($user, $action = NULL) { $form = new Forge($action, "", "post", array("id" => "gUserForm")); $group = $form->group("edit_user")->label(_("Edit User")); $group->input("uname")->label(_("Name"))->id("gName")->value($user->name); @@ -33,18 +33,29 @@ class user_Core { $group->input("email")->label(_("Email"))->id("gEmail")->value($user->email); $group->submit(_("Modify")); $form->add_rules_from($user); + $form->edit_user->uname->rules($user->rules["name"]); return $form; } - public static function get_add_form($user, $action) { - $form = new Forge($action, "", "post", array("id" => "gUserAddForm")); + public static function get_add_form($action = NULL) { + $form = new Forge($action); $group = $form->group("add_user")->label(_("Add User")); $group->input("uname")->label(_("Name"))->id("gName"); $group->input("full_name")->label(_("Full Name"))->id("gFullName"); $group->password("password")->label(_("Password"))->id("gPassword"); $group->input("email")->label(_("Email"))->id("gEmail"); $group->submit(_("Add")); + $user = ORM::factory("user"); $form->add_rules_from($user); + $form->add_user->uname->rules($user->rules["name"]); + return $form; + } + + public static function get_delete_form($user, $action = NULL) { + $form = new Forge($action); + $group = $form->group("delete_user")->label(_("Delete User")); + $group->label(_("Are you sure you want to delete " . $user->name . "?")); + $group->submit(_("Delete")); return $form; } /** diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 9792b740..31ce7f2a 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -1,38 +1,29 @@ <? defined("SYSPATH") or die("No direct script access."); ?> <div class="gBlock"> - <a href="" class="gClose">X</a> <h2>User Administration</h2> <div class="gBlockContent"> <p>These are the users in your system</p> - <ul class="ui-accordion-container" id="gEditUserContainer"> + <ul class="ui-accordion-container"> <? foreach ($users as $i => $user): ?> - <li id="<?= 'accordion' . $user->id ?>"> - <?= $user->name ?> - <?= ($user->last_login == 0) ? "" : - "(" . date("M j, Y", $user->last_login) . ")" ?> <br /> + <li> + <?= $user->name ?> + <?= ($user->last_login == 0) ? "" : "(" . date("M j, Y", $user->last_login) . ")" ?> <a href="#">edit</a> <div> - <? - $form = user::get_edit_form($user, - "users/{$user->id}?_method=put&continue=/admin/users"); - $form->set_attr("id", "gEdit" . $user->id); - print $form; - ?> + <?= user::get_edit_form($user, "users/{$user->id}?_method=put&continue=/admin/users"); ?> </div> - <br /> - <?= (user::active()->id == $user->id) ? " " : - "<a href=\"" . url::site("admin/users/delete/$user->id") . "\">delete</a>" ?> - <br /><br /> + <? if (!(user::active()->id == $user->id || user::guest()->id == $user->id)): ?> + <a href="#">delete</a> + <div> + <?= user::get_delete_form($user, + "users/{$user->id}?_method=delete&continue=/admin/users"); ?> + </div> + <? endif ?> </li> <? endforeach ?> <li><a href="#">Add user</a> <div> - <? - $form = user::get_add_form($user, - "users/add?_method=post&continue=/admin/users"); - $form->set_attr("id", "gEdit" . $user->id); - print $form; - ?> + <?= user::get_add_form("users/add?_method=post&continue=/admin/users"); ?> </div> </li> </ul> @@ -41,4 +32,27 @@ <div class="gBlockContent"> <p>These are the groups in your system</p> </div> + <ul class="ui-accordion-container"> + <? foreach ($groups as $i => $group): ?> + <li> + <?= $group->name ?> + <a href="#">edit</a> + <div> + <?= group::get_edit_form($group, "groups/{$group->id}?_method=put&continue=/admin/users"); ?> + </div> + <? if (!$group->special): ?> + <a href="#">delete</a> + <div> + <?= group::get_delete_form($group, + "groups/{$group->id}?_method=delete&continue=/admin/users"); ?> + </div> + <? endif ?> + </li> + <? endforeach ?> + <li><a href="#">Add group</a> + <div> + <?= group::get_add_form("groups/add?_method=post&continue=/admin/users"); ?> + </div> + </li> + </ul> </div> diff --git a/themes/admin_default/js/ui.init.js b/themes/admin_default/js/ui.init.js index 2694bbf2..c3295ee2 100644 --- a/themes/admin_default/js/ui.init.js +++ b/themes/admin_default/js/ui.init.js @@ -14,5 +14,5 @@ $(document).ready(function(){ speed: 'fast' }); - $('#gEditUserContainer').accordion(); + $('.ui-accordion-container').accordion(); }); |