summaryrefslogtreecommitdiff
path: root/modules/user/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user/controllers')
-rw-r--r--modules/user/controllers/admin_users.php20
-rw-r--r--modules/user/controllers/users.php19
2 files changed, 34 insertions, 5 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 7325455c..4ec96a1a 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -23,4 +23,24 @@ class Admin_Users_Controller extends Controller {
$view->users = ORM::factory("user")->find_all();
return $view;
}
+
+ public function edit($id) {
+ $view = new View("admin_users_edit.html");
+ $user = ORM::factory("user", $id);
+ if (!$user->loaded) {
+ kohana::show_404();
+ }
+
+ $form = user::get_edit_form($user, "admin/users/edit/$id");
+ if (request::method() =="post" && $form->validate()) {
+ $user->name = $form->edit_user->uname->value;
+ $user->full_name = $form->edit_user->full_name->value;
+ $user->password = $form->edit_user->password->value;
+ $user->email = $form->edit_user->email->value;
+ $user->save();
+ url::redirect("admin/users/edit/$id");
+ }
+
+ return $form;
+ }
}
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index f6b77d0d..b287f685 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -46,16 +46,19 @@ class Users_Controller extends REST_Controller {
* @see Rest_Controller::_update($resource)
*/
public function _update($user) {
+ if ($user->guest || $user->id != user::active()->id) {
+ access::forbidden();
+ }
+
$form = user::get_edit_form($user);
if ($form->validate()) {
- foreach ($form->as_array() as $key => $value) {
- $user->$key = $value;
- }
+ $user->full_name = $form->edit_user->full_name->value;
+ $user->password = $form->edit_user->password->value;
+ $user->email = $form->edit_user->email->value;
$user->save();
if ($continue = $this->input->get("continue")) {
url::redirect($continue);
}
- return;
}
print $form;
}
@@ -72,7 +75,13 @@ class Users_Controller extends REST_Controller {
* @see Rest_Controller::form($resource)
*/
public function _form_edit($user) {
- print user::get_edit_form($user);
+ if ($user->guest || user::active()->id != $user->id) {
+ access::forbidden();
+ }
+
+ print user::get_edit_form(
+ $user,
+ "users/{$user->id}?_method=put&continue=" . $this->input->get("continue"));
}
/**
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 22:26:15 +0000