4 files changed, 81 insertions, 199 deletions

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index c39092b2..630b5764 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -26,6 +26,40 @@ class Admin_Users_Controller extends Controller {
     print $view;
   }
 
+  public function create() {
+    $form = user::get_add_form();
+    if ($form->validate()) {
+      $user = user::create($form->add_user->inputs["name"]->value,
+                           $form->add_user->full_name->value, $form->add_user->password->value);
+      $user->email = $form->add_user->email->value;
+      $user->save();
+      log::add(sprintf(_("Created user %s"), $user->name));
+      message::add(sprintf(_("Created user %s"), $user->name));
+      url::redirect("admin/users");
+    }
+
+    print $form;
+  }
+
+  public function delete($id) {
+    $user = ORM::factory("user", $id);
+    if (!$user->loaded) {
+      kohana::show_404();
+    }
+
+    $form = user::get_delete_form($user);
+    if ($form->validate()) {
+      $name = $user->name;
+      $user->delete();
+
+      log::add(sprintf(_("Deleted user %s"), $name));
+      message::add(sprintf(_("Deleted user %s"), $name));
+      url::redirect("admin/users");
+    }
+
+    print $form;
+  }
+
   public function edit($id) {
     $user = ORM::factory("user", $id);
     if (!$user->loaded) {
@@ -39,6 +73,7 @@ class Admin_Users_Controller extends Controller {
       $user->password = $form->edit_user->password->value;
       $user->email = $form->edit_user->email->value;
       $user->save();
+      message::add(sprintf(_("Changed user %s"), $user->name));
       url::redirect("admin/users/edit/$id");
     }
 
diff --git a/modules/user/controllers/groups.php b/modules/user/controllers/groups.php
deleted file mode 100644
index 7c68c405..00000000
--- a/modules/user/controllers/groups.php
+++ /dev/null
@@ -1,106 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2008 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Groups_Controller extends REST_Controller {
-  protected $resource_type = "group";
-
-  /**
-   * Display comments based on criteria.
-   *  @see REST_Controller::_index()
-   */
-  public function _index() {
-    throw new Exception("@todo Group_Controller::_index NOT IMPLEMENTED");
-  }
-
-  /**
-   *  @see REST_Controller::_create($resource)
-   */
-  public function _create($resource) {
-    $form = group::get_add_form();
-    if ($form->validate()) {
-      group::create($form->add_group->gname->value);
-      if ($continue = $this->input->get("continue")) {
-        url::redirect($continue);
-      }
-    }
-    print $form;
-  }
-
-  /**
-   * @see REST_Controller::_show($resource)
-   */
-  public function _show($user) {
-    throw new Exception("@todo Group_Controller::_show NOT IMPLEMENTED");
-  }
-
-  /**
-   *  @see REST_Controller::_update($resource)
-   */
-  public function _update($group) {
-    $form = group::get_edit_form($group);
-    if ($form->validate()) {
-      $group->name = $form->edit_group->gname->value;
-      $group->save();
-      if ($continue = $this->input->get("continue")) {
-        url::redirect($continue);
-      }
-    }
-    print $form;
-  }
-
-  /**
-   *  @see REST_Controller::_delete($resource)
-   */
-  public function _delete($group) {
-    if (!(user::active()->admin) || $group->special) {
-      access::forbidden();
-    }
-    // Prevent CSRF
-    $form = group::get_delete_form($group);
-    if ($form->validate()) {
-      $group->delete();
-      if ($continue = $this->input->get("continue")) {
-        url::redirect($continue);
-      }
-    }
-    print $form;
-  }
-
-  /**
-   * Present a form for editing a user
-   *  @see REST_Controller::form($resource)
-   */
-  public function _form_edit($group) {
-    if ($group->guest || group::active()->id != $group->id) {
-      access::forbidden();
-    }
-
-    print group::get_edit_form(
-      $group,
-      "users/{$group->id}?_method=put&continue=" . $this->input->get("continue"));
-  }
-
-  /**
-   * Present a form for adding a user
-   *  @see REST_Controller::form($resource)
-   */
-  public function _form_add($parameters) {
-    throw new Exception("@todo Group_Controller::_form_add NOT IMPLEMENTED");
-  }
-}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 508d282d..48527a41 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -19,26 +19,45 @@
  */
 class Login_Controller extends Controller {
   public function index() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "gLoginForm"));
-    $group = $form->group("login_form")->label(_("Login"));
-    $group->input("name")->label(_("Name"))->id("gName")->class(null);
-    $group->password("password")->label(_("Password"))->id("gPassword")->class(null);
-    $group->inputs["name"]->error_messages("invalid_login", _("Invalid name or password"));
+    if (request::method() == "post") {
+      $this->_try_login();
+    } else {
+      print $this->_login_form();
+    }
+  }
+
+  private function _try_login() {
+    $form = $this->_login_form();
 
-    if (request::method() == "post" && $form->validate()) {
-      $user = ORM::factory("user")->where("name", $group->inputs["name"]->value)->find();
-      if ($user->loaded &&
-          user::is_correct_password($user, $group->password->value)) {
-        user::login($user);
-        log::add("user", "User $user->name logged in");
-        rest::http_status(rest::ACCEPTED);
-      } else {
-        log::add("user", sprintf(_("Failed login for %s"), $group->inputs["name"]->value),
+    $valid = $form->validate();
+    if ($valid) {
+      $user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find();
+      if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) {
+        log::add("user", sprintf(_("Failed login for %s"), $form->login->inputs["name"]->value),
                  log::WARNING);
-        $group->inputs["name"]->add_error("invalid_login", 1);
+        $form->login->inputs["name"]->add_error("invalid_login", 1);
+        $valid = false;
       }
     }
 
-    print $form->render();
+    if ($valid) {
+      user::login($user);
+      log::add("user", "User $user->name logged in");
+      print json_encode(
+        array("result" => "success"));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  private function _login_form() {
+    $form = new Forge(url::current(true), "", "post", array("id" => "gLoginForm"));
+    $group = $form->group("login")->label(_("Login"));
+    $group->input("name")->label(_("Name"))->id("gName")->class(null);
+    $group->password("password")->label(_("Password"))->id("gPassword")->class(null);
+    $group->inputs["name"]->error_messages("invalid_login", _("Invalid name or password"));
+    return $form;
   }
 }
\ No newline at end of file
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index a0e89922..7ccab28f 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -20,101 +20,35 @@
 class Users_Controller extends REST_Controller {
   protected $resource_type = "user";
 
-  /**
-   * Display comments based on criteria.
-   *  @see REST_Controller::_index()
-   */
-  public function _index() {
-    throw new Exception("@todo User_Controller::_index NOT IMPLEMENTED");
-  }
-
-  /**
-   *  @see REST_Controller::_create($resource)
-   */
-  public function _create($resource) {
-    if (!(user::active()->admin)) {
-      access::forbidden();
-    }
-
-    $form = user::get_add_form();
-    if ($form->validate()) {
-      $user = user::create($form->add_user->uname->value,
-        $form->add_user->full_name->value, $form->add_user->password->value);
-      $user->email = $form->add_user->email->value;
-      $user->save();
-      if ($continue = $this->input->get("continue")) {
-        url::redirect($continue);
-      }
-    }
-    print $form;
-  }
-
-  /**
-   * @see REST_Controller::_show($resource)
-   */
-  public function _show($user) {
-    throw new Exception("@todo User_Controller::_show NOT IMPLEMENTED");
-  }
-
-  /**
-   *  @see REST_Controller::_update($resource)
-   */
   public function _update($user) {
-    if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
+    if ($user->guest || $user->id != user::active()->id) {
       access::forbidden();
     }
 
     $form = user::get_edit_form($user);
     $form->edit_user->password->rules("-required");
     if ($form->validate()) {
+      // @todo: allow the user to change their name
       $user->full_name = $form->edit_user->full_name->value;
       $user->password = $form->edit_user->password->value;
       $user->email = $form->edit_user->email->value;
       $user->save();
-      if ($continue = $this->input->get("continue")) {
-        url::redirect($continue);
-      }
-    }
-    print $form;
-  }
 
-  /**
-   *  @see REST_Controller::_delete($resource)
-   */
-  public function _delete($user) {
-    if (!user::active()->admin || $user->id == user::active()->id ) {
-      access::forbidden();
+      print json_encode(
+        array("result" => "success",
+              "resource" => url::site("users/{$user->id}")));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
     }
-    // Prevent CSRF
-    $form = user::get_delete_form($user);
-    if ($form->validate()) {
-      $user->delete();
-      if ($continue = $this->input->get("continue")) {
-        url::redirect($continue);
-      }
-    }
-    print $form;
   }
 
-  /**
-   * Present a form for editing a user
-   *  @see REST_Controller::form($resource)
-   */
   public function _form_edit($user) {
-    if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
+    if ($user->guest || $user->id != user::active()->id) {
       access::forbidden();
     }
 
-    print user::get_edit_form(
-      $user,
-      "users/{$user->id}?_method=put&continue=" . $this->input->get("continue"));
-  }
-
-  /**
-   * Present a form for adding a user
-   *  @see REST_Controller::form($resource)
-   */
-  public function _form_add($parameters) {
-    throw new Exception("@todo User_Controller::_form_add NOT IMPLEMENTED");
+    print user::get_edit_form($user);
   }
 }