diff options
Diffstat (limited to 'modules/user/controllers')
| -rw-r--r-- | modules/user/controllers/admin_users.php | 3 | ||||
| -rw-r--r-- | modules/user/controllers/groups.php | 106 | ||||
| -rw-r--r-- | modules/user/controllers/users.php | 30 |
3 files changed, 128 insertions, 11 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index ac328780..c39092b2 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -21,7 +21,8 @@ class Admin_Users_Controller extends Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); - $view->content->users = ORM::factory("user")->find_all(); + $view->content->users = ORM::factory("user")->orderby("name")->find_all(); + $view->content->groups = ORM::factory("group")->orderby("name")->find_all(); print $view; } diff --git a/modules/user/controllers/groups.php b/modules/user/controllers/groups.php new file mode 100644 index 00000000..96084fe2 --- /dev/null +++ b/modules/user/controllers/groups.php @@ -0,0 +1,106 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2008 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Groups_Controller extends REST_Controller { + protected $resource_type = "group"; + + /** + * Display comments based on criteria. + * @see Rest_Controller::_index() + */ + public function _index() { + throw new Exception("@todo Group_Controller::_index NOT IMPLEMENTED"); + } + + /** + * @see Rest_Controller::_create($resource) + */ + public function _create($resource) { + $form = group::get_add_form(); + if ($form->validate()) { + group::create($form->add_group->gname->value); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; + } + + /** + * @see Rest_Controller::_show($resource) + */ + public function _show($user) { + throw new Exception("@todo Group_Controller::_show NOT IMPLEMENTED"); + } + + /** + * @see Rest_Controller::_update($resource) + */ + public function _update($group) { + $form = group::get_edit_form($group); + if ($form->validate()) { + $group->name = $form->edit_group->gname->value; + $group->save(); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; + } + + /** + * @see Rest_Controller::_delete($resource) + */ + public function _delete($group) { + if (!(user::active()->admin) || $group->special) { + access::forbidden(); + } + // Prevent CSRF + $form = group::get_delete_form($group); + if ($form->validate()) { + $group->delete(); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; + } + + /** + * Present a form for editing a user + * @see Rest_Controller::form($resource) + */ + public function _form_edit($group) { + if ($group->guest || group::active()->id != $group->id) { + access::forbidden(); + } + + print group::get_edit_form( + $group, + "users/{$group->id}?_method=put&continue=" . $this->input->get("continue")); + } + + /** + * Present a form for adding a user + * @see Rest_Controller::form($resource) + */ + public function _form_add($parameters) { + throw new Exception("@todo Group_Controller::_form_add NOT IMPLEMENTED"); + } +} diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 0ea6b403..f21e9ae0 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -25,23 +25,22 @@ class Users_Controller extends REST_Controller { * @see Rest_Controller::_index() */ public function _index() { - throw new Exception("@todo Comment_Controller::_index NOT IMPLEMENTED"); + throw new Exception("@todo User_Controller::_index NOT IMPLEMENTED"); } /** * @see Rest_Controller::_create($resource) */ - public function _create($user) { - if ($user->guest || (!user::active()->admin && $user->id != user::active()->id)) { + public function _create($resource) { + if (!(user::active()->admin)) { access::forbidden(); } - $form = user::get_add_form($user, ""); + $form = user::get_add_form(); if ($form->validate()) { - $user->name = $form->edit_user->uname->value; - $user->full_name = $form->edit_user->full_name->value; - $user->password = $form->edit_user->password->value; - $user->email = $form->edit_user->email->value; + $user = user::create($form->add_user->uname->value, + $form->add_user->full_name->value, $form->add_user->password->value); + $user->email = $form->add_user->email->value; $user->save(); if ($continue = $this->input->get("continue")) { url::redirect($continue); @@ -65,7 +64,7 @@ class Users_Controller extends REST_Controller { access::forbidden(); } - $form = user::get_edit_form($user, ""); + $form = user::get_edit_form($user); $form->edit_user->password->rules("-required"); if ($form->validate()) { $user->full_name = $form->edit_user->full_name->value; @@ -83,7 +82,18 @@ class Users_Controller extends REST_Controller { * @see Rest_Controller::_delete($resource) */ public function _delete($user) { - throw new Exception("@todo User_Controller::_delete NOT IMPLEMENTED"); + if (!(user::active()->admin) || $user->id == user::active()->id) { + access::forbidden(); + } + // Prevent CSRF + $form = user::get_delete_form($user); + if ($form->validate()) { + $user->delete(); + if ($continue = $this->input->get("continue")) { + url::redirect($continue); + } + } + print $form; } /** |