From 6564007a9deb7879b67ec67e81ec91841ddd09a4 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 19 Dec 2008 22:16:10 +0000
Subject: Implement admin user editing.  It's still very rough.  Trying to
 figure out how to share forms between user and admin editing.

Incremental improvement
---
 modules/user/controllers/admin_users.php | 20 ++++++++++++++++++++
 modules/user/controllers/users.php       | 19 ++++++++++++++-----
 2 files changed, 34 insertions(+), 5 deletions(-)

(limited to 'modules/user/controllers')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 7325455c..4ec96a1a 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -23,4 +23,24 @@ class Admin_Users_Controller extends Controller {
     $view->users = ORM::factory("user")->find_all();
     return $view;
   }
+
+  public function edit($id) {
+    $view = new View("admin_users_edit.html");
+    $user = ORM::factory("user", $id);
+    if (!$user->loaded) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form($user, "admin/users/edit/$id");
+    if (request::method() =="post" && $form->validate()) {
+      $user->name = $form->edit_user->uname->value;
+      $user->full_name = $form->edit_user->full_name->value;
+      $user->password = $form->edit_user->password->value;
+      $user->email = $form->edit_user->email->value;
+      $user->save();
+      url::redirect("admin/users/edit/$id");
+    }
+
+    return $form;
+  }
 }
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index f6b77d0d..b287f685 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -46,16 +46,19 @@ class Users_Controller extends REST_Controller {
    *  @see Rest_Controller::_update($resource)
    */
   public function _update($user) {
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
     $form = user::get_edit_form($user);
     if ($form->validate()) {
-      foreach ($form->as_array() as $key => $value) {
-        $user->$key = $value;
-      }
+      $user->full_name = $form->edit_user->full_name->value;
+      $user->password = $form->edit_user->password->value;
+      $user->email = $form->edit_user->email->value;
       $user->save();
       if ($continue = $this->input->get("continue")) {
         url::redirect($continue);
       }
-      return;
     }
     print $form;
   }
@@ -72,7 +75,13 @@ class Users_Controller extends REST_Controller {
    *  @see Rest_Controller::form($resource)
    */
   public function _form_edit($user) {
-    print user::get_edit_form($user);
+    if ($user->guest || user::active()->id != $user->id) {
+      access::forbidden();
+    }
+
+    print user::get_edit_form(
+      $user,
+      "users/{$user->id}?_method=put&continue=" . $this->input->get("continue"));
   }
 
   /**
-- 
cgit v1.2.3