summaryrefslogtreecommitdiff
path: root/modules/user/controllers/users.php
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/controllers/users.php')
-rw-r--r--modules/user/controllers/users.php30
1 files changed, 20 insertions, 10 deletions
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 0ea6b403..f21e9ae0 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -25,23 +25,22 @@ class Users_Controller extends REST_Controller {
* @see Rest_Controller::_index()
*/
public function _index() {
- throw new Exception("@todo Comment_Controller::_index NOT IMPLEMENTED");
+ throw new Exception("@todo User_Controller::_index NOT IMPLEMENTED");
}
/**
* @see Rest_Controller::_create($resource)
*/
- public function _create($user) {
- if ($user->guest || (!user::active()->admin && $user->id != user::active()->id)) {
+ public function _create($resource) {
+ if (!(user::active()->admin)) {
access::forbidden();
}
- $form = user::get_add_form($user, "");
+ $form = user::get_add_form();
if ($form->validate()) {
- $user->name = $form->edit_user->uname->value;
- $user->full_name = $form->edit_user->full_name->value;
- $user->password = $form->edit_user->password->value;
- $user->email = $form->edit_user->email->value;
+ $user = user::create($form->add_user->uname->value,
+ $form->add_user->full_name->value, $form->add_user->password->value);
+ $user->email = $form->add_user->email->value;
$user->save();
if ($continue = $this->input->get("continue")) {
url::redirect($continue);
@@ -65,7 +64,7 @@ class Users_Controller extends REST_Controller {
access::forbidden();
}
- $form = user::get_edit_form($user, "");
+ $form = user::get_edit_form($user);
$form->edit_user->password->rules("-required");
if ($form->validate()) {
$user->full_name = $form->edit_user->full_name->value;
@@ -83,7 +82,18 @@ class Users_Controller extends REST_Controller {
* @see Rest_Controller::_delete($resource)
*/
public function _delete($user) {
- throw new Exception("@todo User_Controller::_delete NOT IMPLEMENTED");
+ if (!(user::active()->admin) || $user->id == user::active()->id) {
+ access::forbidden();
+ }
+ // Prevent CSRF
+ $form = user::get_delete_form($user);
+ if ($form->validate()) {
+ $user->delete();
+ if ($continue = $this->input->get("continue")) {
+ url::redirect($continue);
+ }
+ }
+ print $form;
}
/**
generated by cgit v1.2.3 (git 2.51.0) at 2025-11-01 15:09:23 +0000