diff options
Diffstat (limited to 'modules/gallery')
| -rw-r--r-- | modules/gallery/controllers/admin_users.php | 291 | ||||
| -rw-r--r-- | modules/gallery/helpers/group.php | 94 | ||||
| -rw-r--r-- | modules/gallery/helpers/user.php | 14 | ||||
| -rw-r--r-- | modules/gallery/views/admin_users.html.php | 138 | ||||
| -rw-r--r-- | modules/gallery/views/admin_users_group.html.php | 38 |
5 files changed, 108 insertions, 467 deletions
diff --git a/modules/gallery/controllers/admin_users.php b/modules/gallery/controllers/admin_users.php deleted file mode 100644 index 34b3a426..00000000 --- a/modules/gallery/controllers/admin_users.php +++ /dev/null @@ -1,291 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Admin_Users_Controller extends Admin_Controller { - public function index() { - $view = new Admin_View("admin.html"); - $view->content = new View("admin_users.html"); - $view->content->writable = user::is_writable(); - $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC"))); - $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC"))); - print $view; - } - - public function add_user() { - access::verify_csrf(); - - $form = user::get_add_form_admin(); - $valid = $form->validate(); - $name = $form->add_user->inputs["name"]->value; - if ($user = user::lookup_by_name($name)) { - $form->add_user->inputs["name"]->add_error("in_use", 1); - $valid = false; - } - - if ($valid) { - $user = user::create( - $name, $form->add_user->full_name->value, $form->add_user->password->value); - $user->email = $form->add_user->email->value; - $user->admin = $form->add_user->admin->checked; - - if ($form->add_user->locale) { - $desired_locale = $form->add_user->locale->value; - $user->locale = $desired_locale == "none" ? null : $desired_locale; - } - $user->save(); - module::event("user_add_form_admin_completed", $user, $form); - - message::success(t("Created user %user_name", array("user_name" => $user->name))); - print json_encode(array("result" => "success")); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function add_user_form() { - print user::get_add_form_admin(); - } - - public function delete_user($id) { - access::verify_csrf(); - - if ($id == user::active()->id || $id == user::guest()->id) { - access::forbidden(); - } - - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - - $form = user::get_delete_form_admin($user); - if($form->validate()) { - $name = $user->name; - $user->delete(); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - - $message = t("Deleted user %user_name", array("user_name" => $name)); - log::success("user", $message); - message::success($message); - print json_encode(array("result" => "success")); - } - - public function delete_user_form($id) { - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - print user::get_delete_form_admin($user); - } - - public function edit_user($id) { - access::verify_csrf(); - - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - - $form = user::get_edit_form_admin($user); - $valid = $form->validate(); - if ($valid) { - $new_name = $form->edit_user->inputs["name"]->value; - $temp_user = user::lookup_by_name($new_name); - if ($new_name != $user->name && - ($temp_user && $temp_user->id != $user->id)) { - $form->edit_user->inputs["name"]->add_error("in_use", 1); - $valid = false; - } else { - $user->name = $new_name; - } - } - - if ($valid) { - $user->full_name = $form->edit_user->full_name->value; - if ($form->edit_user->password->value) { - $user->password = $form->edit_user->password->value; - } - $user->email = $form->edit_user->email->value; - $user->url = $form->edit_user->url->value; - if ($form->edit_user->locale) { - $desired_locale = $form->edit_user->locale->value; - $user->locale = $desired_locale == "none" ? null : $desired_locale; - } - - // An admin can change the admin status for any user but themselves - if ($user->id != user::active()->id) { - $user->admin = $form->edit_user->admin->checked; - } - $user->save(); - module::event("user_edit_form_admin_completed", $user, $form); - - message::success(t("Changed user %user_name", array("user_name" => $user->name))); - print json_encode(array("result" => "success")); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function edit_user_form($id) { - $user = user::lookup($id); - if (empty($user)) { - kohana::show_404(); - } - - $form = user::get_edit_form_admin($user); - // Don't allow the user to control their own admin bit, else you can lock yourself out - if ($user->id == user::active()->id) { - $form->edit_user->admin->disabled(1); - } - print $form; - } - - public function add_user_to_group($user_id, $group_id) { - access::verify_csrf(); - $group = group::lookup($group_id); - $user = user::lookup($user_id); - $group->add($user); - $group->save(); - } - - public function remove_user_from_group($user_id, $group_id) { - access::verify_csrf(); - $group = group::lookup($group_id); - $user = user::lookup($user_id); - $group->remove($user); - $group->save(); - } - - public function group($group_id) { - $view = new View("admin_users_group.html"); - $view->group = group::lookup($group_id); - print $view; - } - - public function add_group() { - access::verify_csrf(); - - $form = group::get_add_form_admin(); - $valid = $form->validate(); - if ($valid) { - $new_name = $form->add_group->inputs["name"]->value; - $group = group::lookup_by_name($new_name); - if (!empty($group)) { - $form->add_group->inputs["name"]->add_error("in_use", 1); - $valid = false; - } - } - - if ($valid) { - $group = group::create($new_name); - $group->save(); - message::success( - t("Created group %group_name", array("group_name" => $group->name))); - print json_encode(array("result" => "success")); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function add_group_form() { - print group::get_add_form_admin(); - } - - public function delete_group($id) { - access::verify_csrf(); - - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - $form = group::get_delete_form_admin($group); - if ($form->validate()) { - $name = $group->name; - $group->delete(); - } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - - $message = t("Deleted group %group_name", array("group_name" => $name)); - log::success("group", $message); - message::success($message); - print json_encode(array("result" => "success")); - } - - public function delete_group_form($id) { - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - print group::get_delete_form_admin($group); - } - - public function edit_group($id) { - access::verify_csrf(); - - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - $form = group::get_edit_form_admin($group); - $valid = $form->validate(); - - if ($valid) { - $new_name = $form->edit_group->inputs["name"]->value; - $group = group::lookup_by_name($name); - if ($group->loaded) { - $form->edit_group->inputs["name"]->add_error("in_use", 1); - $valid = false; - } - } - - if ($valid) { - $group->name = $form->edit_group->inputs["name"]->value; - $group->save(); - message::success( - t("Changed group %group_name", array("group_name" => $group->name))); - print json_encode(array("result" => "success")); - } else { - message::error( - t("Failed to change group %group_name", array("group_name" => $group->name))); - print json_encode(array("result" => "error", - "form" => $form->__toString())); - } - } - - public function edit_group_form($id) { - $group = group::lookup($id); - if (empty($group)) { - kohana::show_404(); - } - - print group::get_edit_form_admin($group); - } - -} diff --git a/modules/gallery/helpers/group.php b/modules/gallery/helpers/group.php index b87ed248..3369b5ab 100644 --- a/modules/gallery/helpers/group.php +++ b/modules/gallery/helpers/group.php @@ -24,6 +24,100 @@ * Note: by design, this class does not do any permission checking. */ class group_Core { + /** + * Create a new group. + * + * @param string $name + * @return Group_Model + */ + static function create($name) { + $group = ORM::factory("group")->where("name", $name)->find(); + if ($group->loaded) { + throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); + } + + $group->name = $name; + $group->save(); + + return $group; + } + + /** + * The group of all possible visitors. This includes the guest user. + * + * @return Group_Model + */ + static function everybody() { + return model_cache::get("group", 1); + } + + /** + * The group of all logged-in visitors. This does not include guest users. + * + * @return Group_Model + */ + static function registered_users() { + return model_cache::get("group", 2); + } + + /** + * Look up a user by id. + * @param integer $id the user id + * @return User_Model the user object, or null if the id was invalid. + */ + static function lookup($id) { + return self::_lookup_group_by_field("id", $id); + } + + /** + * Look up a group by name. + * @param integer $id the group name + * @return Group_Model the group object, or null if the name was invalid. + */ + static function lookup_by_name($name) { + return self::_lookup_group_by_field("name", $name); + } + + /** + * Look up a user by field value. + * @param string search field + * @param string search value + * @return Group_Model the user object, or null if the name was invalid. + */ + private static function _lookup_group_by_field($field_name, $value) { + try { + $user = model_cache::get("group", $value, $field_name); + if ($user->loaded) { + return $user; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } + + /** + * List the users + * @param mixed filters (@see Database.php + * @return array the group list. + */ + static function get_group_list($filter=array()) { + $group = ORM::factory("group"); + + foreach($filter as $method => $args) { + switch ($method) { + case "in": + $group->in($args[0], $args[1]); + break; + default: + $group->$method($args); + } + } + return $group->find_all(); + } + static function get_edit_form_admin($group) { $form = new Forge("admin/users/edit_group/$group->id", "", "post", array("id" => "g-edit-group-form")); $form_group = $form->group("edit_group")->label(t("Edit Group")); diff --git a/modules/gallery/helpers/user.php b/modules/gallery/helpers/user.php index 16d320e4..9052e932 100644 --- a/modules/gallery/helpers/user.php +++ b/modules/gallery/helpers/user.php @@ -310,4 +310,18 @@ class user_Core { static function get_edit_rules() { return Identity::instance()->get_edit_rules("user"); } + + private static function _lookup_user_by_field($field_name, $value) { + try { + $user = model_cache::get("user", $value, $field_name); + if ($user->loaded) { + return $user; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } }
\ No newline at end of file diff --git a/modules/gallery/views/admin_users.html.php b/modules/gallery/views/admin_users.html.php deleted file mode 100644 index 82d0926c..00000000 --- a/modules/gallery/views/admin_users.html.php +++ /dev/null @@ -1,138 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access.") ?> -<script type="text/javascript"> - var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>"; - $(document).ready(function(){ - $("#g-user-admin-list .g-draggable").draggable({ - helper: "clone" - }); - $("#g-group-admin .g-group").droppable({ - accept: ".core-info", - hoverClass: "g-selected", - drop: function(ev, ui) { - var user_id = $(ui.draggable).attr("id").replace("user-", ""); - var group_id = $(this).attr("id").replace("group-", ""); - $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id), - {}, - function() { - reload_group(group_id); - }); - } - }); - $("#group-1").droppable("destroy"); - $("#group-2").droppable("destroy"); - $(".g-group-disable").droppable("destroy"); - }); - - var reload_group = function(group_id) { - var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>"; - $.get(reload_group_url.replace("__GROUPID__", group_id), - {}, - function(data) { - $("#group-" + group_id).html(data); - $("#group-" + group_id + " .g-dialog-link").gallery_dialog(); - }); - } - - var remove_user = function(user_id, group_id) { - var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>"; - $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id), - {}, - function() { - reload_group(group_id); - }); - } -</script> -<div class="g-block"> - <? if (!empty($writable)): ?> - <a href="<?= url::site("admin/users/add_user_form") ?>" - class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all" - title="<?= t("Create a new user")->for_html_attr() ?>"> - <span class="ui-icon ui-icon-circle-plus"></span> - <?= t("Add a new user") ?> - </a> - <? endif ?> - - <h2> - <?= t("User Admin") ?> - </h2> - - <div class="g-block-content"> - <table id="g-user-admin-list"> - <tr> - <th><?= t("Username") ?></th> - <th><?= t("Full name") ?></th> - <th><?= t("Email") ?></th> - <th><?= t("Last login") ?></th> - <th><?= t("Actions") ?></th> - </tr> - - <? foreach ($users as $i => $user): ?> - <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>"> - <td id="user-<?= $user->id ?>" class="core-info <?= !empty($writable) ? "g-draggable" : "" ?> "> - <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>" - title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>" - alt="<?= html::clean_attribute($user->name) ?>" - width="20" - height="20" /> - <?= html::clean($user->name) ?> - </td> - <td> - <?= html::clean($user->full_name) ?> - </td> - <td> - <?= html::clean($user->email) ?> - </td> - <td> - <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?> - </td> - <td class="g-actions"> - <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>" - open_text="<?= t("close") ?>" - class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"> - <?= (!empty($writable)) ? t("edit") : t("display") ?> - </span></a> - <? if (!empty($writable)): ?> - <? if (user::active()->id != $user->id && !$user->guest): ?> - <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>" - class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a> - <? else: ?> - <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>" - class="g-button ui-state-disabled ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span> - <? endif ?> - <? endif ?> - </td> - </tr> - <? endforeach ?> - </table> - </div> -</div> - -<div id="g-group-admin" class="g-block g-clearfix"> - <? if (!empty($writable)): ?> - <a href="<?= url::site("admin/users/add_group_form") ?>" - class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all" - title="<?= t("Create a new group")->for_html_attr() ?>"> - <span class="ui-icon ui-icon-circle-plus"></span> - <?= t("Add a new group") ?> - </a> - <? endif ?> - - <h2> - <?= t("Group Admin") ?> - </h2> - - <div class="g-block-content"> - <ul> - <? foreach ($groups as $i => $group): ?> - <? $class = !empty($writable) ? "" : "g-group-disable" ?> - <li id="group-<?= $group->id ?>" class="g-group <?= $class ?> <?= ($group->special ? "g-default-group" : "") ?>" /> - <? $v = new View("admin_users_group.html"); $v->group = $group; $v->writable = !empty($writable) ?> - <?= $v ?> - </li> - <? endforeach ?> - </ul> - </div> -</div> diff --git a/modules/gallery/views/admin_users_group.html.php b/modules/gallery/views/admin_users_group.html.php deleted file mode 100644 index 539f69b7..00000000 --- a/modules/gallery/views/admin_users_group.html.php +++ /dev/null @@ -1,38 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access.") ?> -<h4> - <?= html::clean($group->name) ?> - <? if (!$group->special): ?> - <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>" - title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>" - class="g-dialog-link g-button ui-state-default ui-corner-all <?= !empty($writable) ? "" : "ui-state-disabled" ?>"> - <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a> - <? else: ?> - <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>" - class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a> - <? endif ?> -</h4> - -<? if ($group->users->count() > 0): ?> -<ul> - <? foreach ($group->users as $i => $user): ?> - <li class="g-user"> - <?= html::clean($user->name) ?> - <? if (!$group->special): ?> - <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)" - class="g-button ui-state-default ui-corner-all ui-icon-left <?= !empty($writable) ? "" : "ui-state-disabled" ?>" - title="<?= t("Remove %user from %group group", - array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>"> - <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span> - </a> - <? endif ?> - </li> - <? endforeach ?> -</ul> -<? else: ?> -<div> - <p> - <?= t("Drag & drop users from the User Admin above into this group box to add group members.") ?> - </p> -</div> -<? endif ?> |