diff options
Diffstat (limited to 'modules/user')
| -rw-r--r-- | modules/user/controllers/admin_users.php | 6 | ||||
| -rw-r--r-- | modules/user/controllers/users.php | 4 | ||||
| -rw-r--r-- | modules/user/helpers/group.php | 79 | ||||
| -rw-r--r-- | modules/user/helpers/user.php | 109 | ||||
| -rw-r--r-- | modules/user/views/admin_users.html.php | 2 |
5 files changed, 194 insertions, 6 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 64f19ecd..3465c4b1 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -65,7 +65,7 @@ class Admin_Users_Controller extends Admin_Controller { public function delete_user($id) { access::verify_csrf(); - if ($id == user::active()->id || $id == user::guest()->id) { + if ($id == Identity::active()->id || $id == user::guest()->id) { access::forbidden(); } @@ -132,7 +132,7 @@ class Admin_Users_Controller extends Admin_Controller { } // An admin can change the admin status for any user but themselves - if ($user->id != user::active()->id) { + if ($user->id != Identity::active()->id) { $user->admin = $form->edit_user->admin->checked; } $user->save(); @@ -154,7 +154,7 @@ class Admin_Users_Controller extends Admin_Controller { $form = $this->_get_user_edit_form_admin($user); // Don't allow the user to control their own admin bit, else you can lock yourself out - if ($user->id == user::active()->id) { + if ($user->id == Identity::active()->id) { $form->edit_user->admin->disabled(1); } print $form; diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 7c2e7833..6e666ba3 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -21,7 +21,7 @@ class Users_Controller extends Controller { public function update($id) { $user = user::lookup($id); - if ($user->guest || $user->id != user::active()->id) { + if ($user->guest || $user->id != Identity::active()->id) { access::forbidden(); } @@ -59,7 +59,7 @@ class Users_Controller extends Controller { public function form_edit($id) { $user = user::lookup($id); - if ($user->guest || $user->id != user::active()->id) { + if ($user->guest || $user->id != Identity::active()->id) { access::forbidden(); } diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php new file mode 100644 index 00000000..295e5f50 --- /dev/null +++ b/modules/user/helpers/group.php @@ -0,0 +1,79 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +/** + * This is the API for handling groups. + * + * Note: by design, this class does not do any permission checking. + */ +class group_Core { + /** + * @see Identity_Driver::create. + */ + static function create($name) { + return Identity::instance()->create_group($name); + } + + /** + * @see Identity_Driver::everbody. + */ + static function everybody() { + return Identity::instance()->everybody(); + } + + /** + * @see Identity_Driver::registered_users. + */ + static function registered_users() { + return Identity::instance()->everybody(); + } + + /** + * Look up a group by id. + * @param integer $id the user id + * @return Group_Definition the group object, or null if the id was invalid. + */ + static function lookup($id) { + return Identity::instance()->lookup_group_by_field("id", $id); + } + + /** + * Look up a group by name. + * @param integer $id the group name + * @return Group_Definition the group object, or null if the name was invalid. + */ + static function lookup_by_name($name) { + return Identity::instance()->lookup_group_by_field("name", $name); + } + + /** + * @see Identity_Driver::get_group_list. + */ + static function get_group_list($filter=array()) { + return Identity::instance()->get_group_list($filter); + } + + /** + * @see Identity_Driver::get_edit_rules. + */ + static function get_edit_rules() { + return Identity::instance()->get_edit_rules("group"); + } +} diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php new file mode 100644 index 00000000..394f8185 --- /dev/null +++ b/modules/user/helpers/user.php @@ -0,0 +1,109 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +/** + * This is the API for handling users. + * + * Note: by design, this class does not do any permission checking. + */ +class user_Core { + /** + * @see Identity_Driver::guest. + */ + static function guest() { + return Identity::guest(); + } + + /** + * @see Identity_Driver::create_user. + */ + static function create($name, $full_name, $password) { + return Identity::create_user($name, $full_name, $password); + } + + /** + * @see Identity_Driver::is_correct_password. + */ + static function is_correct_password($user, $password) { + return Identity::is_correct_password($user, $password); + } + + /** + * @see Identity_Driver::hash_password. + */ + static function hash_password($password) { + return Identity::hash_password($password); + } + + /** + * Look up a user by id. + * @param integer $id the user id + * @return User_Definition the user object, or null if the id was invalid. + */ + static function lookup($id) { + return self::_lookup_user_by_field("id", $id); + } + + /** + * Look up a user by name. + * @param integer $name the user name + * @return User_Definition the user object, or null if the name was invalid. + */ + static function lookup_by_name($name) { + return self::_lookup_user_by_field("name", $name); + } + + /** + * Look up a user by hash. + * @param string $name the user name + * @return User_Definition the user object, or null if the name was invalid. + */ + static function lookup_by_hash($hash) { + return self::_lookup_user_by_field("hash", $hash); + } + + /** + * @see Identity_Driver::get_user_list. + */ + static function get_user_list($filter=array()) { + return Identity::get_user_list($filter); + } + + /** + * @see Identity_Driver::get_edit_rules. + */ + static function get_edit_rules() { + return Identity::get_edit_rules("user"); + } + + private static function _lookup_user_by_field($field_name, $value) { + try { + $user = model_cache::get("user", $value, $field_name); + if ($user->loaded) { + return $user; + } + } catch (Exception $e) { + if (strpos($e->getMessage(), "MISSING_MODEL") === false) { + throw $e; + } + } + return null; + } +}
\ No newline at end of file diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index a29f24b1..400686cc 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -90,7 +90,7 @@ <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"> <?= t("edit") ?> </span></a> - <? if (user::active()->id != $user->id && !$user->guest): ?> + <? if (Identity::active()->id != $user->id && !$user->guest): ?> <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>" class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left"> <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a> |