From 6564007a9deb7879b67ec67e81ec91841ddd09a4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 19 Dec 2008 22:16:10 +0000 Subject: Implement admin user editing. It's still very rough. Trying to figure out how to share forms between user and admin editing. Incremental improvement --- modules/user/controllers/users.php | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'modules/user/controllers/users.php') diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index f6b77d0d..b287f685 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -46,16 +46,19 @@ class Users_Controller extends REST_Controller { * @see Rest_Controller::_update($resource) */ public function _update($user) { + if ($user->guest || $user->id != user::active()->id) { + access::forbidden(); + } + $form = user::get_edit_form($user); if ($form->validate()) { - foreach ($form->as_array() as $key => $value) { - $user->$key = $value; - } + $user->full_name = $form->edit_user->full_name->value; + $user->password = $form->edit_user->password->value; + $user->email = $form->edit_user->email->value; $user->save(); if ($continue = $this->input->get("continue")) { url::redirect($continue); } - return; } print $form; } @@ -72,7 +75,13 @@ class Users_Controller extends REST_Controller { * @see Rest_Controller::form($resource) */ public function _form_edit($user) { - print user::get_edit_form($user); + if ($user->guest || user::active()->id != $user->id) { + access::forbidden(); + } + + print user::get_edit_form( + $user, + "users/{$user->id}?_method=put&continue=" . $this->input->get("continue")); } /** -- cgit v1.2.3