From 2c711d8908137b6ff25941f06fe0a3f9ac02596d Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 13 Oct 2009 12:33:00 -0700
Subject: refactor locale related functionality out of the user module and into
 the gallery module.

---
 modules/user/helpers/user_event.php | 25 -------------------------
 1 file changed, 25 deletions(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index ede4e515..93a92589 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -18,14 +18,6 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class user_event_Core {
-  /**
-   * Initialization.
-   */
-  static function gallery_ready() {
-    user::load_user();
-    self::set_request_locale();
-  }
-
   static function admin_menu($menu, $theme) {
     $menu->add_after("appearance_menu",
                      Menu::factory("link")
@@ -33,21 +25,4 @@ class user_event_Core {
                      ->label(t("Users/Groups"))
                      ->url(url::site("admin/users")));
   }
-
-  static function set_request_locale() {
-    // 1. Check the session specific preference (cookie)
-    $locale = user::cookie_locale();
-    // 2. Check the user's preference
-    if (!$locale) {
-      $locale = user::active()->locale;
-    }
-    // 3. Check the browser's / OS' preference
-    if (!$locale) {
-      $locale = locales::locale_from_http_request();
-    }
-    // If we have any preference, override the site's default locale
-    if ($locale) {
-      I18n::instance()->locale($locale);
-    }
-  }
 }
-- 
cgit v1.2.3


From 2af48060117bdf30fb48929dd8c9d22800a70843 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 13 Oct 2009 13:19:17 -0700
Subject: Refactor the ui component of the user module into the gallery core
 module.

---
 modules/gallery/controllers/admin_users.php        | 290 +++++++++++++++++++++
 modules/gallery/controllers/login.php              |  81 ++++++
 modules/gallery/controllers/logout.php             |  38 +++
 modules/gallery/controllers/password.php           | 133 ++++++++++
 modules/gallery/controllers/users.php              |  68 +++++
 modules/gallery/helpers/gallery_event.php          |   4 +
 modules/gallery/views/admin_users.html.php         | 128 +++++++++
 modules/gallery/views/admin_users_group.html.php   |  38 +++
 modules/gallery/views/login.html.php               |  22 ++
 modules/gallery/views/login_ajax.html.php          |  43 +++
 modules/gallery/views/reset_password.html.php      |  17 ++
 .../gallery/views/user_languages_block.html.php    |  19 ++
 modules/user/controllers/admin_users.php           | 290 ---------------------
 modules/user/controllers/login.php                 |  81 ------
 modules/user/controllers/logout.php                |  38 ---
 modules/user/controllers/password.php              | 133 ----------
 modules/user/controllers/users.php                 |  68 -----
 modules/user/helpers/user_event.php                |  28 --
 modules/user/views/admin_users.html.php            | 128 ---------
 modules/user/views/admin_users_group.html.php      |  38 ---
 modules/user/views/login.html.php                  |  22 --
 modules/user/views/login_ajax.html.php             |  43 ---
 modules/user/views/reset_password.html.php         |  17 --
 modules/user/views/user_languages_block.html.php   |  19 --
 24 files changed, 881 insertions(+), 905 deletions(-)
 create mode 100644 modules/gallery/controllers/admin_users.php
 create mode 100644 modules/gallery/controllers/login.php
 create mode 100644 modules/gallery/controllers/logout.php
 create mode 100644 modules/gallery/controllers/password.php
 create mode 100644 modules/gallery/controllers/users.php
 create mode 100644 modules/gallery/views/admin_users.html.php
 create mode 100644 modules/gallery/views/admin_users_group.html.php
 create mode 100644 modules/gallery/views/login.html.php
 create mode 100644 modules/gallery/views/login_ajax.html.php
 create mode 100644 modules/gallery/views/reset_password.html.php
 create mode 100644 modules/gallery/views/user_languages_block.html.php
 delete mode 100644 modules/user/controllers/admin_users.php
 delete mode 100644 modules/user/controllers/login.php
 delete mode 100644 modules/user/controllers/logout.php
 delete mode 100644 modules/user/controllers/password.php
 delete mode 100644 modules/user/controllers/users.php
 delete mode 100644 modules/user/helpers/user_event.php
 delete mode 100644 modules/user/views/admin_users.html.php
 delete mode 100644 modules/user/views/admin_users_group.html.php
 delete mode 100644 modules/user/views/login.html.php
 delete mode 100644 modules/user/views/login_ajax.html.php
 delete mode 100644 modules/user/views/reset_password.html.php
 delete mode 100644 modules/user/views/user_languages_block.html.php

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/gallery/controllers/admin_users.php b/modules/gallery/controllers/admin_users.php
new file mode 100644
index 00000000..a8a8cd95
--- /dev/null
+++ b/modules/gallery/controllers/admin_users.php
@@ -0,0 +1,290 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Admin_Users_Controller extends Admin_Controller {
+  public function index() {
+    $view = new Admin_View("admin.html");
+    $view->content = new View("admin_users.html");
+    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
+    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
+    print $view;
+  }
+
+  public function add_user() {
+    access::verify_csrf();
+
+    $form = user::get_add_form_admin();
+    $valid = $form->validate();
+    $name = $form->add_user->inputs["name"]->value;
+    if ($user = user::lookup_by_name($name)) {
+      $form->add_user->inputs["name"]->add_error("in_use", 1);
+      $valid = false;
+    }
+
+    if ($valid) {
+      $user = user::create(
+        $name, $form->add_user->full_name->value, $form->add_user->password->value);
+      $user->email = $form->add_user->email->value;
+      $user->admin = $form->add_user->admin->checked;
+
+      if ($form->add_user->locale) {
+        $desired_locale = $form->add_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+      $user->save();
+      module::event("user_add_form_admin_completed", $user, $form);
+
+      message::success(t("Created user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_user_form() {
+    print user::get_add_form_admin();
+  }
+
+  public function delete_user($id) {
+    access::verify_csrf();
+
+    if ($id == user::active()->id || $id == user::guest()->id) {
+      access::forbidden();
+    }
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_delete_form_admin($user);
+    if($form->validate()) {
+      $name = $user->name;
+      $user->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted user %user_name", array("user_name" => $name));
+    log::success("user", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+    print user::get_delete_form_admin($user);
+  }
+
+  public function edit_user($id) {
+    access::verify_csrf();
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->edit_user->inputs["name"]->value;
+      $temp_user = user::lookup_by_name($new_name);
+      if ($new_name != $user->name &&
+          ($temp_user && $temp_user->id != $user->id)) {
+        $form->edit_user->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      } else {
+        $user->name = $new_name;
+      }
+    }
+
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+
+      // An admin can change the admin status for any user but themselves
+      if ($user->id != user::active()->id) {
+        $user->admin = $form->edit_user->admin->checked;
+      }
+      $user->save();
+      module::event("user_edit_form_admin_completed", $user, $form);
+
+      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    // Don't allow the user to control their own admin bit, else you can lock yourself out
+    if ($user->id == user::active()->id) {
+      $form->edit_user->admin->disabled(1);
+    }
+    print $form;
+  }
+
+  public function add_user_to_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->add($user);
+    $group->save();
+  }
+
+  public function remove_user_from_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->remove($user);
+    $group->save();
+  }
+
+  public function group($group_id) {
+    $view = new View("admin_users_group.html");
+    $view->group = group::lookup($group_id);
+    print $view;
+  }
+
+  public function add_group() {
+    access::verify_csrf();
+
+    $form = group::get_add_form_admin();
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->add_group->inputs["name"]->value;
+      $group = group::lookup_by_name($new_name);
+      if (!empty($group)) {
+        $form->add_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group = group::create($new_name);
+      $group->save();
+      message::success(
+        t("Created group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_group_form() {
+    print group::get_add_form_admin();
+  }
+
+  public function delete_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    $form = group::get_delete_form_admin($group);
+    if ($form->validate()) {
+      $name = $group->name;
+      $group->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted group %group_name", array("group_name" => $name));
+    log::success("group", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_delete_form_admin($group);
+  }
+
+  public function edit_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+       kohana::show_404();
+    }
+
+    $form = group::get_edit_form_admin($group);
+    $valid = $form->validate();
+
+    if ($valid) {
+      $new_name = $form->edit_group->inputs["name"]->value;
+      $group = group::lookup_by_name($name);
+      if ($group->loaded) {
+        $form->edit_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group->name = $form->edit_group->inputs["name"]->value;
+      $group->save();
+      message::success(
+        t("Changed group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      message::error(
+        t("Failed to change group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_edit_form_admin($group);
+  }
+
+}
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
new file mode 100644
index 00000000..2c4bd557
--- /dev/null
+++ b/modules/gallery/controllers/login.php
@@ -0,0 +1,81 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Login_Controller extends Controller {
+
+  public function ajax() {
+    $view = new View("login_ajax.html");
+    $view->form = user::get_login_form("login/auth_ajax");
+    print $view;
+  }
+
+  public function auth_ajax() {
+    access::verify_csrf();
+
+    list ($valid, $form) = $this->_auth("login/auth_ajax");
+    if ($valid) {
+      print json_encode(
+        array("result" => "success"));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  public function html() {
+    print user::get_login_form("login/auth_html");
+  }
+
+  public function auth_html() {
+    access::verify_csrf();
+
+    list ($valid, $form) = $this->_auth("login/auth_html");
+    if ($valid) {
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $form;
+    }
+  }
+  private function _auth($url) {
+    $form = user::get_login_form($url);
+    $valid = $form->validate();
+    if ($valid) {
+      $user = user::lookup_by_name($form->login->inputs["name"]->value);
+      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
+        log::warning(
+          "user",
+          t("Failed login for %name",
+            array("name" => $form->login->inputs["name"]->value)));
+        $form->login->inputs["name"]->add_error("invalid_login", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      user::login($user);
+      log::info("user", t("User %name logged in", array("name" => $user->name)));
+    }
+
+    // Either way, regenerate the session id to avoid session trapping
+    Session::instance()->regenerate();
+
+    return array($valid, $form);
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
new file mode 100644
index 00000000..45d397ad
--- /dev/null
+++ b/modules/gallery/controllers/logout.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Logout_Controller extends Controller {
+  public function index() {
+    //access::verify_csrf();
+
+    $user = user::active();
+    user::logout();
+    log::info("user", t("User %name logged out", array("name" => $user->name)),
+              html::anchor("user/$user->id", html::clean($user->name)));
+    if ($continue_url = $this->input->get("continue")) {
+      $item = url::get_item_from_uri($continue_url);
+      if (access::can("view", $item)) {
+        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
+        header("Location: $continue_url");
+      } else {
+        url::redirect(item::root()->abs_url());
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/password.php b/modules/gallery/controllers/password.php
new file mode 100644
index 00000000..e8b08960
--- /dev/null
+++ b/modules/gallery/controllers/password.php
@@ -0,0 +1,133 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Password_Controller extends Controller {
+  public function reset() {
+    if (request::method() == "post") {
+      // @todo separate the post from get parts of this function
+      access::verify_csrf();
+      $this->_send_reset();
+    } else {
+      print $this->_reset_form();
+    }
+  }
+
+  public function do_reset() {
+    if (request::method() == "post") {
+      $this->_change_password();
+    } else {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (!empty($user)) {
+        print $this->_new_password_form($user->hash);
+      } else {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+    }
+  }
+
+  private function _send_reset() {
+    $form = $this->_reset_form();
+
+    $valid = $form->validate();
+    if ($valid) {
+      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
+      if (!$user->loaded || empty($user->email)) {
+        $form->reset->inputs["name"]->add_error("no_email", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $user->hash = md5(rand());
+      $user->save();
+      $message = new View("reset_password.html");
+      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
+      $message->user = $user;
+
+      Sendmail::factory()
+        ->to($user->email)
+        ->subject(t("Password Reset Request"))
+        ->header("Mime-Version", "1.0")
+        ->header("Content-type", "text/html; charset=iso-8859-1")
+        ->message($message->render())
+        ->send();
+
+      log::success(
+        "user",
+        t("Password reset email sent for user %name", array("name" => $user->name)));
+    } else {
+      // Don't include the username here until you're sure that it's XSS safe
+      log::warning(
+        "user", "Password reset email requested for bogus user");
+    }
+
+    message::success(t("Password reset email sent"));
+    print json_encode(
+      array("result" => "success"));
+  }
+
+  private function _reset_form() {
+    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
+    $group = $form->group("reset")->label(t("Reset Password"));
+    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
+    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
+    $group->submit("")->value(t("Reset"));
+
+    return $form;
+  }
+
+  private function _new_password_form($hash=null) {
+    $template = new Theme_View("page.html", "reset");
+
+    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
+    $group = $form->group("reset")->label(t("Change Password"));
+    $hidden = $group->hidden("hash");
+    if (!empty($hash)) {
+      $hidden->value($hash);
+    }
+    $group->password("password")->label(t("Password"))->id("g-password")
+      ->rules("required|length[1,40]");
+    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
+      ->matches($group->password);
+    $group->inputs["password2"]->error_messages(
+      "mistyped", t("The password and the confirm password must match"));
+    $group->submit("")->value(t("Update"));
+
+    $template->content = $form;
+    return $template;
+  }
+
+  private function _change_password() {
+    $view = $this->_new_password_form();
+    if ($view->content->validate()) {
+      $user = user::lookup_by_hash(Input::instance()->get("key"));
+      if (empty($user)) {
+        throw new Exception("@todo FORBIDDEN", 503);
+      }
+
+      $user->password = $view->content->reset->password->value;
+      $user->hash = null;
+      $user->save();
+      message::success(t("Password reset successfully"));
+      url::redirect(item::root()->abs_url());
+    } else {
+      print $view;
+    }
+  }
+}
\ No newline at end of file
diff --git a/modules/gallery/controllers/users.php b/modules/gallery/controllers/users.php
new file mode 100644
index 00000000..07c5a457
--- /dev/null
+++ b/modules/gallery/controllers/users.php
@@ -0,0 +1,68 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Users_Controller extends Controller {
+  public function update($id) {
+    $user = user::lookup($id);
+
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    $form = user::get_edit_form($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $new_locale = $desired_locale == "none" ? null : $desired_locale;
+        if ($new_locale != $user->locale) {
+          // Delete the session based locale preference
+          setcookie("g_locale", "", time() - 24 * 3600, "/");
+        }
+        $user->locale = $new_locale;
+      }
+      $user->save();
+      module::event("user_edit_form_completed", $user, $form);
+
+      message::success(t("User information updated."));
+      print json_encode(
+        array("result" => "success",
+              "resource" => url::site("users/{$user->id}")));
+    } else {
+      print json_encode(
+        array("result" => "error",
+              "form" => $form->__toString()));
+    }
+  }
+
+  public function form_edit($id) {
+    $user = user::lookup($id);
+    if ($user->guest || $user->id != user::active()->id) {
+      access::forbidden();
+    }
+
+    print user::get_edit_form($user);
+  }
+}
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 106aa202..e0de2152 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -187,6 +187,10 @@ class gallery_event_Core {
                         ->id("sidebar")
                         ->label(t("Manage Sidebar"))
                         ->url(url::site("admin/sidebar"))))
+      ->append(Menu::factory("link")
+               ->id("users_groups")
+               ->label(t("Users/Groups"))
+               ->url(url::site("admin/users")))
       ->append(Menu::factory("submenu")
                ->id("statistics_menu")
                ->label(t("Statistics")))
diff --git a/modules/gallery/views/admin_users.html.php b/modules/gallery/views/admin_users.html.php
new file mode 100644
index 00000000..a127bc15
--- /dev/null
+++ b/modules/gallery/views/admin_users.html.php
@@ -0,0 +1,128 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+  $(document).ready(function(){
+    $("#g-user-admin-list .core-info").draggable({
+      helper: "clone"
+    });
+    $("#g-group-admin .g-group").droppable({
+      accept: ".core-info",
+      hoverClass: "g-selected",
+      drop: function(ev, ui) {
+        var user_id = $(ui.draggable).attr("id").replace("user-", "");
+        var group_id = $(this).attr("id").replace("group-", "");
+        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+              {},
+              function() {
+                reload_group(group_id);
+              });
+      }
+    });
+    $("#group-1").droppable("destroy");
+    $("#group-2").droppable("destroy");
+  });
+
+  var reload_group = function(group_id) {
+    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
+    $.get(reload_group_url.replace("__GROUPID__", group_id),
+          {},
+          function(data) {
+            $("#group-" + group_id).html(data);
+            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
+          });
+  }
+
+  var remove_user = function(user_id, group_id) {
+    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+          {},
+          function() {
+            reload_group(group_id);
+          });
+  }
+</script>
+<div class="g-block">
+  <a href="<?= url::site("admin/users/add_user_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new user")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new user") ?>
+  </a>
+
+  <h2>
+    <?= t("User Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <table id="g-user-admin-list">
+      <tr>
+        <th><?= t("Username") ?></th>
+        <th><?= t("Full name") ?></th>
+        <th><?= t("Email") ?></th>
+        <th><?= t("Last login") ?></th>
+        <th><?= t("Actions") ?></th>
+      </tr>
+
+      <? foreach ($users as $i => $user): ?>
+      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
+        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
+          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
+               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
+               alt="<?= html::clean_attribute($user->name) ?>"
+               width="20"
+               height="20" />
+          <?= html::clean($user->name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->full_name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->email) ?>
+        </td>
+        <td>
+          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
+        </td>
+        <td class="g-actions">
+          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
+              open_text="<?= t("close") ?>"
+              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
+          <? if (user::active()->id != $user->id && !$user->guest): ?>
+          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
+              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
+          <? else: ?>
+          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
+              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
+          <? endif ?>
+        </td>
+      </tr>
+      <? endforeach ?>
+    </table>
+  </div>
+</div>
+
+<div id="g-group-admin" class="g-block g-clearfix">
+  <a href="<?= url::site("admin/users/add_group_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new group")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new group") ?>
+  </a>
+
+  <h2>
+    <?= t("Group Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <ul>
+      <? foreach ($groups as $i => $group): ?>
+      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
+        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
+        <?= $v ?>
+      </li>
+      <? endforeach ?>
+    </ul>
+  </div>
+</div>
diff --git a/modules/gallery/views/admin_users_group.html.php b/modules/gallery/views/admin_users_group.html.php
new file mode 100644
index 00000000..db3645a0
--- /dev/null
+++ b/modules/gallery/views/admin_users_group.html.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<h4>
+  <?= html::clean($group->name) ?>
+  <? if (!$group->special): ?>
+  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
+    class="g-dialog-link g-button ui-state-default ui-corner-all">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? else: ?>
+  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
+     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? endif ?>
+</h4>
+
+<? if ($group->users->count() > 0): ?>
+<ul>
+  <? foreach ($group->users as $i => $user): ?>
+  <li class="g-user">
+    <?= html::clean($user->name) ?>
+    <? if (!$group->special): ?>
+    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
+       class="g-button ui-state-default ui-corner-all ui-icon-left"
+       title="<?= t("Remove %user from %group group",
+              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
+      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
+    </a>
+    <? endif ?>
+  </li>
+  <? endforeach ?>
+</ul>
+<? else: ?>
+<div>
+  <p>
+    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
+  </p>
+</div>
+<? endif ?>
diff --git a/modules/gallery/views/login.html.php b/modules/gallery/views/login.html.php
new file mode 100644
index 00000000..049ba043
--- /dev/null
+++ b/modules/gallery/views/login.html.php
@@ -0,0 +1,22 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<ul id="g-login-menu">
+  <? if ($user->guest): ?>
+  <li class="first">
+    <a href="<?= url::site("login/ajax") ?>"
+       title="<?= t("Login to Gallery")->for_html_attr() ?>"
+       id="g-login-link"><?= t("Login") ?></a>
+  </li>
+  <? else: ?>
+  <li class="first">
+    <?= t('Logged in as %name', array('name' => html::mark_clean(
+      '<a href="' . url::site("form/edit/users/{$user->id}") .
+      '" title="' . t("Edit Your Profile")->for_html_attr() .
+      '" id="g-user-profile-link" class="g-dialog-link">' .
+      html::clean($user->display_name()) . '</a>'))) ?>
+  </li>
+  <li>
+    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
+       id="g-logout-link"><?= t("Logout") ?></a>
+  </li>
+  <? endif ?>
+</ul>
diff --git a/modules/gallery/views/login_ajax.html.php b/modules/gallery/views/login_ajax.html.php
new file mode 100644
index 00000000..d3364b46
--- /dev/null
+++ b/modules/gallery/views/login_ajax.html.php
@@ -0,0 +1,43 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  $("#g-login-form").ready(function() {
+    $("#g-password-reset").click(function() {
+      $.ajax({
+        url: "<?= url::site("password/reset") ?>",
+        success: function(data) {
+          $("#g-login").html(data);
+          $("#ui-dialog-title-g-dialog").html(<?= t("Reset Password")->for_js() ?>);
+          $(".submit").addClass("g-button ui-state-default ui-corner-all");
+          $(".submit").gallery_hover_init();
+          ajaxify_login_reset_form();
+        }
+      });
+    });
+  });
+
+  function ajaxify_login_reset_form() {
+    $("#g-login form").ajaxForm({
+      dataType: "json",
+      success: function(data) {
+        if (data.form) {
+          $("#g-login form").replaceWith(data.form);
+          ajaxify_login_reset_form();
+        }
+        if (data.result == "success") {
+          $("#g-dialog").dialog("close");
+          window.location.reload();
+        }
+      }
+    });
+  };
+</script>
+<div id="g-login">
+  <ul>
+    <li id="g-login-form">
+      <?= $form ?>
+    </li>
+    <li>
+      <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
+    </li>
+  </ul>
+</div>
diff --git a/modules/gallery/views/reset_password.html.php b/modules/gallery/views/reset_password.html.php
new file mode 100644
index 00000000..92ca4917
--- /dev/null
+++ b/modules/gallery/views/reset_password.html.php
@@ -0,0 +1,17 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<html>
+  <head>
+    <title><?= t("Password Reset Request") ?> </title>
+  </head>
+  <body>
+    <h2><?= t("Password Reset Request") ?> </h2>
+    <p>
+      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
+    </p>
+    <p>
+  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
+        array("site_url" => html::mark_clean(url::base(false, "http")),
+              "confirm_url" => $confirm_url)) ?>
+    </p>
+  </body>
+</html>
diff --git a/modules/gallery/views/user_languages_block.html.php b/modules/gallery/views/user_languages_block.html.php
new file mode 100644
index 00000000..89185967
--- /dev/null
+++ b/modules/gallery/views/user_languages_block.html.php
@@ -0,0 +1,19 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<?= form::dropdown("g-select-session-locale", $installed_locales, $selected) ?>
+<script type="text/javascript">
+  $("#g-select-session-locale").change(function() {
+    var old_locale_preference = <?= html::js_string($selected) ?>;
+    var locale = $(this).val();
+    if (old_locale_preference == locale) {
+      return;
+    }
+
+    var expires = -1;
+    if (locale) {
+      expires = 365;
+    }
+    $.cookie("g_locale", locale, {"expires": expires, "path": "/"});
+    window.location.reload(true);
+  });
+</script>
+
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
deleted file mode 100644
index a8a8cd95..00000000
--- a/modules/user/controllers/admin_users.php
+++ /dev/null
@@ -1,290 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Admin_Users_Controller extends Admin_Controller {
-  public function index() {
-    $view = new Admin_View("admin.html");
-    $view->content = new View("admin_users.html");
-    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
-    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
-    print $view;
-  }
-
-  public function add_user() {
-    access::verify_csrf();
-
-    $form = user::get_add_form_admin();
-    $valid = $form->validate();
-    $name = $form->add_user->inputs["name"]->value;
-    if ($user = user::lookup_by_name($name)) {
-      $form->add_user->inputs["name"]->add_error("in_use", 1);
-      $valid = false;
-    }
-
-    if ($valid) {
-      $user = user::create(
-        $name, $form->add_user->full_name->value, $form->add_user->password->value);
-      $user->email = $form->add_user->email->value;
-      $user->admin = $form->add_user->admin->checked;
-
-      if ($form->add_user->locale) {
-        $desired_locale = $form->add_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-      $user->save();
-      module::event("user_add_form_admin_completed", $user, $form);
-
-      message::success(t("Created user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_user_form() {
-    print user::get_add_form_admin();
-  }
-
-  public function delete_user($id) {
-    access::verify_csrf();
-
-    if ($id == user::active()->id || $id == user::guest()->id) {
-      access::forbidden();
-    }
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_delete_form_admin($user);
-    if($form->validate()) {
-      $name = $user->name;
-      $user->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted user %user_name", array("user_name" => $name));
-    log::success("user", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-    print user::get_delete_form_admin($user);
-  }
-
-  public function edit_user($id) {
-    access::verify_csrf();
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->edit_user->inputs["name"]->value;
-      $temp_user = user::lookup_by_name($new_name);
-      if ($new_name != $user->name &&
-          ($temp_user && $temp_user->id != $user->id)) {
-        $form->edit_user->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      } else {
-        $user->name = $new_name;
-      }
-    }
-
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-
-      // An admin can change the admin status for any user but themselves
-      if ($user->id != user::active()->id) {
-        $user->admin = $form->edit_user->admin->checked;
-      }
-      $user->save();
-      module::event("user_edit_form_admin_completed", $user, $form);
-
-      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == user::active()->id) {
-      $form->edit_user->admin->disabled(1);
-    }
-    print $form;
-  }
-
-  public function add_user_to_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->add($user);
-    $group->save();
-  }
-
-  public function remove_user_from_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->remove($user);
-    $group->save();
-  }
-
-  public function group($group_id) {
-    $view = new View("admin_users_group.html");
-    $view->group = group::lookup($group_id);
-    print $view;
-  }
-
-  public function add_group() {
-    access::verify_csrf();
-
-    $form = group::get_add_form_admin();
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->add_group->inputs["name"]->value;
-      $group = group::lookup_by_name($new_name);
-      if (!empty($group)) {
-        $form->add_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group = group::create($new_name);
-      $group->save();
-      message::success(
-        t("Created group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_group_form() {
-    print group::get_add_form_admin();
-  }
-
-  public function delete_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    $form = group::get_delete_form_admin($group);
-    if ($form->validate()) {
-      $name = $group->name;
-      $group->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted group %group_name", array("group_name" => $name));
-    log::success("group", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_delete_form_admin($group);
-  }
-
-  public function edit_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-       kohana::show_404();
-    }
-
-    $form = group::get_edit_form_admin($group);
-    $valid = $form->validate();
-
-    if ($valid) {
-      $new_name = $form->edit_group->inputs["name"]->value;
-      $group = group::lookup_by_name($name);
-      if ($group->loaded) {
-        $form->edit_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group->name = $form->edit_group->inputs["name"]->value;
-      $group->save();
-      message::success(
-        t("Changed group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      message::error(
-        t("Failed to change group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_edit_form_admin($group);
-  }
-
-}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
deleted file mode 100644
index 2c4bd557..00000000
--- a/modules/user/controllers/login.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Login_Controller extends Controller {
-
-  public function ajax() {
-    $view = new View("login_ajax.html");
-    $view->form = user::get_login_form("login/auth_ajax");
-    print $view;
-  }
-
-  public function auth_ajax() {
-    access::verify_csrf();
-
-    list ($valid, $form) = $this->_auth("login/auth_ajax");
-    if ($valid) {
-      print json_encode(
-        array("result" => "success"));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  public function html() {
-    print user::get_login_form("login/auth_html");
-  }
-
-  public function auth_html() {
-    access::verify_csrf();
-
-    list ($valid, $form) = $this->_auth("login/auth_html");
-    if ($valid) {
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $form;
-    }
-  }
-  private function _auth($url) {
-    $form = user::get_login_form($url);
-    $valid = $form->validate();
-    if ($valid) {
-      $user = user::lookup_by_name($form->login->inputs["name"]->value);
-      if (empty($user) || !user::is_correct_password($user, $form->login->password->value)) {
-        log::warning(
-          "user",
-          t("Failed login for %name",
-            array("name" => $form->login->inputs["name"]->value)));
-        $form->login->inputs["name"]->add_error("invalid_login", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      user::login($user);
-      log::info("user", t("User %name logged in", array("name" => $user->name)));
-    }
-
-    // Either way, regenerate the session id to avoid session trapping
-    Session::instance()->regenerate();
-
-    return array($valid, $form);
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
deleted file mode 100644
index 45d397ad..00000000
--- a/modules/user/controllers/logout.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Logout_Controller extends Controller {
-  public function index() {
-    //access::verify_csrf();
-
-    $user = user::active();
-    user::logout();
-    log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", html::clean($user->name)));
-    if ($continue_url = $this->input->get("continue")) {
-      $item = url::get_item_from_uri($continue_url);
-      if (access::can("view", $item)) {
-        // Don't use url::redirect() because it'll call url::site() and munge the continue url.
-        header("Location: $continue_url");
-      } else {
-        url::redirect(item::root()->abs_url());
-      }
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
deleted file mode 100644
index e8b08960..00000000
--- a/modules/user/controllers/password.php
+++ /dev/null
@@ -1,133 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Password_Controller extends Controller {
-  public function reset() {
-    if (request::method() == "post") {
-      // @todo separate the post from get parts of this function
-      access::verify_csrf();
-      $this->_send_reset();
-    } else {
-      print $this->_reset_form();
-    }
-  }
-
-  public function do_reset() {
-    if (request::method() == "post") {
-      $this->_change_password();
-    } else {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
-      if (!empty($user)) {
-        print $this->_new_password_form($user->hash);
-      } else {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-    }
-  }
-
-  private function _send_reset() {
-    $form = $this->_reset_form();
-
-    $valid = $form->validate();
-    if ($valid) {
-      $user = user::lockup_by_name($form->reset->inputs["name"]->value);
-      if (!$user->loaded || empty($user->email)) {
-        $form->reset->inputs["name"]->add_error("no_email", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $user->hash = md5(rand());
-      $user->save();
-      $message = new View("reset_password.html");
-      $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash");
-      $message->user = $user;
-
-      Sendmail::factory()
-        ->to($user->email)
-        ->subject(t("Password Reset Request"))
-        ->header("Mime-Version", "1.0")
-        ->header("Content-type", "text/html; charset=iso-8859-1")
-        ->message($message->render())
-        ->send();
-
-      log::success(
-        "user",
-        t("Password reset email sent for user %name", array("name" => $user->name)));
-    } else {
-      // Don't include the username here until you're sure that it's XSS safe
-      log::warning(
-        "user", "Password reset email requested for bogus user");
-    }
-
-    message::success(t("Password reset email sent"));
-    print json_encode(
-      array("result" => "success"));
-  }
-
-  private function _reset_form() {
-    $form = new Forge(url::current(true), "", "post", array("id" => "g-reset-form"));
-    $group = $form->group("reset")->label(t("Reset Password"));
-    $group->input("name")->label(t("Username"))->id("g-name")->class(null)->rules("required");
-    $group->inputs["name"]->error_messages("no_email", t("No email, unable to reset password"));
-    $group->submit("")->value(t("Reset"));
-
-    return $form;
-  }
-
-  private function _new_password_form($hash=null) {
-    $template = new Theme_View("page.html", "reset");
-
-    $form = new Forge("password/do_reset", "", "post", array("id" => "g-change-password-form"));
-    $group = $form->group("reset")->label(t("Change Password"));
-    $hidden = $group->hidden("hash");
-    if (!empty($hash)) {
-      $hidden->value($hash);
-    }
-    $group->password("password")->label(t("Password"))->id("g-password")
-      ->rules("required|length[1,40]");
-    $group->password("password2")->label(t("Confirm Password"))->id("g-password2")
-      ->matches($group->password);
-    $group->inputs["password2"]->error_messages(
-      "mistyped", t("The password and the confirm password must match"));
-    $group->submit("")->value(t("Update"));
-
-    $template->content = $form;
-    return $template;
-  }
-
-  private function _change_password() {
-    $view = $this->_new_password_form();
-    if ($view->content->validate()) {
-      $user = user::lookup_by_hash(Input::instance()->get("key"));
-      if (empty($user)) {
-        throw new Exception("@todo FORBIDDEN", 503);
-      }
-
-      $user->password = $view->content->reset->password->value;
-      $user->hash = null;
-      $user->save();
-      message::success(t("Password reset successfully"));
-      url::redirect(item::root()->abs_url());
-    } else {
-      print $view;
-    }
-  }
-}
\ No newline at end of file
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
deleted file mode 100644
index 07c5a457..00000000
--- a/modules/user/controllers/users.php
+++ /dev/null
@@ -1,68 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Users_Controller extends Controller {
-  public function update($id) {
-    $user = user::lookup($id);
-
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    $form = user::get_edit_form($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $new_locale = $desired_locale == "none" ? null : $desired_locale;
-        if ($new_locale != $user->locale) {
-          // Delete the session based locale preference
-          setcookie("g_locale", "", time() - 24 * 3600, "/");
-        }
-        $user->locale = $new_locale;
-      }
-      $user->save();
-      module::event("user_edit_form_completed", $user, $form);
-
-      message::success(t("User information updated."));
-      print json_encode(
-        array("result" => "success",
-              "resource" => url::site("users/{$user->id}")));
-    } else {
-      print json_encode(
-        array("result" => "error",
-              "form" => $form->__toString()));
-    }
-  }
-
-  public function form_edit($id) {
-    $user = user::lookup($id);
-    if ($user->guest || $user->id != user::active()->id) {
-      access::forbidden();
-    }
-
-    print user::get_edit_form($user);
-  }
-}
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
deleted file mode 100644
index 93a92589..00000000
--- a/modules/user/helpers/user_event.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class user_event_Core {
-  static function admin_menu($menu, $theme) {
-    $menu->add_after("appearance_menu",
-                     Menu::factory("link")
-                     ->id("users_groups")
-                     ->label(t("Users/Groups"))
-                     ->url(url::site("admin/users")));
-  }
-}
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
deleted file mode 100644
index a127bc15..00000000
--- a/modules/user/views/admin_users.html.php
+++ /dev/null
@@ -1,128 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-  $(document).ready(function(){
-    $("#g-user-admin-list .core-info").draggable({
-      helper: "clone"
-    });
-    $("#g-group-admin .g-group").droppable({
-      accept: ".core-info",
-      hoverClass: "g-selected",
-      drop: function(ev, ui) {
-        var user_id = $(ui.draggable).attr("id").replace("user-", "");
-        var group_id = $(this).attr("id").replace("group-", "");
-        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-              {},
-              function() {
-                reload_group(group_id);
-              });
-      }
-    });
-    $("#group-1").droppable("destroy");
-    $("#group-2").droppable("destroy");
-  });
-
-  var reload_group = function(group_id) {
-    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
-    $.get(reload_group_url.replace("__GROUPID__", group_id),
-          {},
-          function(data) {
-            $("#group-" + group_id).html(data);
-            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
-          });
-  }
-
-  var remove_user = function(user_id, group_id) {
-    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-          {},
-          function() {
-            reload_group(group_id);
-          });
-  }
-</script>
-<div class="g-block">
-  <a href="<?= url::site("admin/users/add_user_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new user")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new user") ?>
-  </a>
-
-  <h2>
-    <?= t("User Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <table id="g-user-admin-list">
-      <tr>
-        <th><?= t("Username") ?></th>
-        <th><?= t("Full name") ?></th>
-        <th><?= t("Email") ?></th>
-        <th><?= t("Last login") ?></th>
-        <th><?= t("Actions") ?></th>
-      </tr>
-
-      <? foreach ($users as $i => $user): ?>
-      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
-        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
-          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
-               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
-               alt="<?= html::clean_attribute($user->name) ?>"
-               width="20"
-               height="20" />
-          <?= html::clean($user->name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->full_name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->email) ?>
-        </td>
-        <td>
-          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
-        </td>
-        <td class="g-actions">
-          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
-              open_text="<?= t("close") ?>"
-              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
-          <? if (user::active()->id != $user->id && !$user->guest): ?>
-          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
-              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-          <? else: ?>
-          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
-              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
-          <? endif ?>
-        </td>
-      </tr>
-      <? endforeach ?>
-    </table>
-  </div>
-</div>
-
-<div id="g-group-admin" class="g-block g-clearfix">
-  <a href="<?= url::site("admin/users/add_group_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new group")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new group") ?>
-  </a>
-
-  <h2>
-    <?= t("Group Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <ul>
-      <? foreach ($groups as $i => $group): ?>
-      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
-        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
-        <?= $v ?>
-      </li>
-      <? endforeach ?>
-    </ul>
-  </div>
-</div>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
deleted file mode 100644
index db3645a0..00000000
--- a/modules/user/views/admin_users_group.html.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<h4>
-  <?= html::clean($group->name) ?>
-  <? if (!$group->special): ?>
-  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
-    class="g-dialog-link g-button ui-state-default ui-corner-all">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? else: ?>
-  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
-     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? endif ?>
-</h4>
-
-<? if ($group->users->count() > 0): ?>
-<ul>
-  <? foreach ($group->users as $i => $user): ?>
-  <li class="g-user">
-    <?= html::clean($user->name) ?>
-    <? if (!$group->special): ?>
-    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
-       class="g-button ui-state-default ui-corner-all ui-icon-left"
-       title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
-      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
-    </a>
-    <? endif ?>
-  </li>
-  <? endforeach ?>
-</ul>
-<? else: ?>
-<div>
-  <p>
-    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
-  </p>
-</div>
-<? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
deleted file mode 100644
index 049ba043..00000000
--- a/modules/user/views/login.html.php
+++ /dev/null
@@ -1,22 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<ul id="g-login-menu">
-  <? if ($user->guest): ?>
-  <li class="first">
-    <a href="<?= url::site("login/ajax") ?>"
-       title="<?= t("Login to Gallery")->for_html_attr() ?>"
-       id="g-login-link"><?= t("Login") ?></a>
-  </li>
-  <? else: ?>
-  <li class="first">
-    <?= t('Logged in as %name', array('name' => html::mark_clean(
-      '<a href="' . url::site("form/edit/users/{$user->id}") .
-      '" title="' . t("Edit Your Profile")->for_html_attr() .
-      '" id="g-user-profile-link" class="g-dialog-link">' .
-      html::clean($user->display_name()) . '</a>'))) ?>
-  </li>
-  <li>
-    <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
-       id="g-logout-link"><?= t("Logout") ?></a>
-  </li>
-  <? endif ?>
-</ul>
diff --git a/modules/user/views/login_ajax.html.php b/modules/user/views/login_ajax.html.php
deleted file mode 100644
index d3364b46..00000000
--- a/modules/user/views/login_ajax.html.php
+++ /dev/null
@@ -1,43 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  $("#g-login-form").ready(function() {
-    $("#g-password-reset").click(function() {
-      $.ajax({
-        url: "<?= url::site("password/reset") ?>",
-        success: function(data) {
-          $("#g-login").html(data);
-          $("#ui-dialog-title-g-dialog").html(<?= t("Reset Password")->for_js() ?>);
-          $(".submit").addClass("g-button ui-state-default ui-corner-all");
-          $(".submit").gallery_hover_init();
-          ajaxify_login_reset_form();
-        }
-      });
-    });
-  });
-
-  function ajaxify_login_reset_form() {
-    $("#g-login form").ajaxForm({
-      dataType: "json",
-      success: function(data) {
-        if (data.form) {
-          $("#g-login form").replaceWith(data.form);
-          ajaxify_login_reset_form();
-        }
-        if (data.result == "success") {
-          $("#g-dialog").dialog("close");
-          window.location.reload();
-        }
-      }
-    });
-  };
-</script>
-<div id="g-login">
-  <ul>
-    <li id="g-login-form">
-      <?= $form ?>
-    </li>
-    <li>
-      <a href="#" id="g-password-reset" class="g-right g-txt-small"><?= t("Forgot Your Password?") ?></a>
-    </li>
-  </ul>
-</div>
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
deleted file mode 100644
index 92ca4917..00000000
--- a/modules/user/views/reset_password.html.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<html>
-  <head>
-    <title><?= t("Password Reset Request") ?> </title>
-  </head>
-  <body>
-    <h2><?= t("Password Reset Request") ?> </h2>
-    <p>
-      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
-    </p>
-    <p>
-  <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.",
-        array("site_url" => html::mark_clean(url::base(false, "http")),
-              "confirm_url" => $confirm_url)) ?>
-    </p>
-  </body>
-</html>
diff --git a/modules/user/views/user_languages_block.html.php b/modules/user/views/user_languages_block.html.php
deleted file mode 100644
index 89185967..00000000
--- a/modules/user/views/user_languages_block.html.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<?= form::dropdown("g-select-session-locale", $installed_locales, $selected) ?>
-<script type="text/javascript">
-  $("#g-select-session-locale").change(function() {
-    var old_locale_preference = <?= html::js_string($selected) ?>;
-    var locale = $(this).val();
-    if (old_locale_preference == locale) {
-      return;
-    }
-
-    var expires = -1;
-    if (locale) {
-      expires = 365;
-    }
-    $.cookie("g_locale", locale, {"expires": expires, "path": "/"});
-    window.location.reload(true);
-  });
-</script>
-
-- 
cgit v1.2.3


From 0d5d4c81bcca44f037deb847a4c837752f774e49 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 14 Oct 2009 21:20:30 -0700
Subject: Move the ui for user adminsitration back to the user module.

---
 modules/gallery/controllers/admin_users.php      | 290 -----------------------
 modules/gallery/views/admin_users.html.php       | 128 ----------
 modules/gallery/views/admin_users_group.html.php |  38 ---
 modules/user/controllers/admin_users.php         | 290 +++++++++++++++++++++++
 modules/user/helpers/user_event.php              |  30 +++
 modules/user/views/admin_users.html.php          | 128 ++++++++++
 modules/user/views/admin_users_group.html.php    |  38 +++
 7 files changed, 486 insertions(+), 456 deletions(-)
 delete mode 100644 modules/gallery/controllers/admin_users.php
 delete mode 100644 modules/gallery/views/admin_users.html.php
 delete mode 100644 modules/gallery/views/admin_users_group.html.php
 create mode 100644 modules/user/controllers/admin_users.php
 create mode 100644 modules/user/helpers/user_event.php
 create mode 100644 modules/user/views/admin_users.html.php
 create mode 100644 modules/user/views/admin_users_group.html.php

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/gallery/controllers/admin_users.php b/modules/gallery/controllers/admin_users.php
deleted file mode 100644
index a8a8cd95..00000000
--- a/modules/gallery/controllers/admin_users.php
+++ /dev/null
@@ -1,290 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Admin_Users_Controller extends Admin_Controller {
-  public function index() {
-    $view = new Admin_View("admin.html");
-    $view->content = new View("admin_users.html");
-    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
-    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
-    print $view;
-  }
-
-  public function add_user() {
-    access::verify_csrf();
-
-    $form = user::get_add_form_admin();
-    $valid = $form->validate();
-    $name = $form->add_user->inputs["name"]->value;
-    if ($user = user::lookup_by_name($name)) {
-      $form->add_user->inputs["name"]->add_error("in_use", 1);
-      $valid = false;
-    }
-
-    if ($valid) {
-      $user = user::create(
-        $name, $form->add_user->full_name->value, $form->add_user->password->value);
-      $user->email = $form->add_user->email->value;
-      $user->admin = $form->add_user->admin->checked;
-
-      if ($form->add_user->locale) {
-        $desired_locale = $form->add_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-      $user->save();
-      module::event("user_add_form_admin_completed", $user, $form);
-
-      message::success(t("Created user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_user_form() {
-    print user::get_add_form_admin();
-  }
-
-  public function delete_user($id) {
-    access::verify_csrf();
-
-    if ($id == user::active()->id || $id == user::guest()->id) {
-      access::forbidden();
-    }
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_delete_form_admin($user);
-    if($form->validate()) {
-      $name = $user->name;
-      $user->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted user %user_name", array("user_name" => $name));
-    log::success("user", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-    print user::get_delete_form_admin($user);
-  }
-
-  public function edit_user($id) {
-    access::verify_csrf();
-
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->edit_user->inputs["name"]->value;
-      $temp_user = user::lookup_by_name($new_name);
-      if ($new_name != $user->name &&
-          ($temp_user && $temp_user->id != $user->id)) {
-        $form->edit_user->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      } else {
-        $user->name = $new_name;
-      }
-    }
-
-    if ($valid) {
-      $user->full_name = $form->edit_user->full_name->value;
-      if ($form->edit_user->password->value) {
-        $user->password = $form->edit_user->password->value;
-      }
-      $user->email = $form->edit_user->email->value;
-      $user->url = $form->edit_user->url->value;
-      if ($form->edit_user->locale) {
-        $desired_locale = $form->edit_user->locale->value;
-        $user->locale = $desired_locale == "none" ? null : $desired_locale;
-      }
-
-      // An admin can change the admin status for any user but themselves
-      if ($user->id != user::active()->id) {
-        $user->admin = $form->edit_user->admin->checked;
-      }
-      $user->save();
-      module::event("user_edit_form_admin_completed", $user, $form);
-
-      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_user_form($id) {
-    $user = user::lookup($id);
-    if (empty($user)) {
-      kohana::show_404();
-    }
-
-    $form = user::get_edit_form_admin($user);
-    // Don't allow the user to control their own admin bit, else you can lock yourself out
-    if ($user->id == user::active()->id) {
-      $form->edit_user->admin->disabled(1);
-    }
-    print $form;
-  }
-
-  public function add_user_to_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->add($user);
-    $group->save();
-  }
-
-  public function remove_user_from_group($user_id, $group_id) {
-    access::verify_csrf();
-    $group = group::lookup($group_id);
-    $user = user::lookup($user_id);
-    $group->remove($user);
-    $group->save();
-  }
-
-  public function group($group_id) {
-    $view = new View("admin_users_group.html");
-    $view->group = group::lookup($group_id);
-    print $view;
-  }
-
-  public function add_group() {
-    access::verify_csrf();
-
-    $form = group::get_add_form_admin();
-    $valid = $form->validate();
-    if ($valid) {
-      $new_name = $form->add_group->inputs["name"]->value;
-      $group = group::lookup_by_name($new_name);
-      if (!empty($group)) {
-        $form->add_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group = group::create($new_name);
-      $group->save();
-      message::success(
-        t("Created group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function add_group_form() {
-    print group::get_add_form_admin();
-  }
-
-  public function delete_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    $form = group::get_delete_form_admin($group);
-    if ($form->validate()) {
-      $name = $group->name;
-      $group->delete();
-    } else {
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-
-    $message = t("Deleted group %group_name", array("group_name" => $name));
-    log::success("group", $message);
-    message::success($message);
-    print json_encode(array("result" => "success"));
-  }
-
-  public function delete_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_delete_form_admin($group);
-  }
-
-  public function edit_group($id) {
-    access::verify_csrf();
-
-    $group = group::lookup($id);
-    if (empty($group)) {
-       kohana::show_404();
-    }
-
-    $form = group::get_edit_form_admin($group);
-    $valid = $form->validate();
-
-    if ($valid) {
-      $new_name = $form->edit_group->inputs["name"]->value;
-      $group = group::lookup_by_name($name);
-      if ($group->loaded) {
-        $form->edit_group->inputs["name"]->add_error("in_use", 1);
-        $valid = false;
-      }
-    }
-
-    if ($valid) {
-      $group->name = $form->edit_group->inputs["name"]->value;
-      $group->save();
-      message::success(
-        t("Changed group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "success"));
-    } else {
-      message::error(
-        t("Failed to change group %group_name", array("group_name" => $group->name)));
-      print json_encode(array("result" => "error",
-                              "form" => $form->__toString()));
-    }
-  }
-
-  public function edit_group_form($id) {
-    $group = group::lookup($id);
-    if (empty($group)) {
-      kohana::show_404();
-    }
-
-    print group::get_edit_form_admin($group);
-  }
-
-}
diff --git a/modules/gallery/views/admin_users.html.php b/modules/gallery/views/admin_users.html.php
deleted file mode 100644
index a127bc15..00000000
--- a/modules/gallery/views/admin_users.html.php
+++ /dev/null
@@ -1,128 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<script type="text/javascript">
-  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-  $(document).ready(function(){
-    $("#g-user-admin-list .core-info").draggable({
-      helper: "clone"
-    });
-    $("#g-group-admin .g-group").droppable({
-      accept: ".core-info",
-      hoverClass: "g-selected",
-      drop: function(ev, ui) {
-        var user_id = $(ui.draggable).attr("id").replace("user-", "");
-        var group_id = $(this).attr("id").replace("group-", "");
-        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-              {},
-              function() {
-                reload_group(group_id);
-              });
-      }
-    });
-    $("#group-1").droppable("destroy");
-    $("#group-2").droppable("destroy");
-  });
-
-  var reload_group = function(group_id) {
-    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
-    $.get(reload_group_url.replace("__GROUPID__", group_id),
-          {},
-          function(data) {
-            $("#group-" + group_id).html(data);
-            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
-          });
-  }
-
-  var remove_user = function(user_id, group_id) {
-    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
-    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
-          {},
-          function() {
-            reload_group(group_id);
-          });
-  }
-</script>
-<div class="g-block">
-  <a href="<?= url::site("admin/users/add_user_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new user")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new user") ?>
-  </a>
-
-  <h2>
-    <?= t("User Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <table id="g-user-admin-list">
-      <tr>
-        <th><?= t("Username") ?></th>
-        <th><?= t("Full name") ?></th>
-        <th><?= t("Email") ?></th>
-        <th><?= t("Last login") ?></th>
-        <th><?= t("Actions") ?></th>
-      </tr>
-
-      <? foreach ($users as $i => $user): ?>
-      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
-        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
-          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
-               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
-               alt="<?= html::clean_attribute($user->name) ?>"
-               width="20"
-               height="20" />
-          <?= html::clean($user->name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->full_name) ?>
-        </td>
-        <td>
-          <?= html::clean($user->email) ?>
-        </td>
-        <td>
-          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
-        </td>
-        <td class="g-actions">
-          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
-              open_text="<?= t("close") ?>"
-              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
-          <? if (user::active()->id != $user->id && !$user->guest): ?>
-          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
-              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
-          <? else: ?>
-          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
-              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
-            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
-          <? endif ?>
-        </td>
-      </tr>
-      <? endforeach ?>
-    </table>
-  </div>
-</div>
-
-<div id="g-group-admin" class="g-block g-clearfix">
-  <a href="<?= url::site("admin/users/add_group_form") ?>"
-      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
-      title="<?= t("Create a new group")->for_html_attr() ?>">
-    <span class="ui-icon ui-icon-circle-plus"></span>
-    <?= t("Add a new group") ?>
-  </a>
-
-  <h2>
-    <?= t("Group Admin") ?>
-  </h2>
-
-  <div class="g-block-content">
-    <ul>
-      <? foreach ($groups as $i => $group): ?>
-      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
-        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
-        <?= $v ?>
-      </li>
-      <? endforeach ?>
-    </ul>
-  </div>
-</div>
diff --git a/modules/gallery/views/admin_users_group.html.php b/modules/gallery/views/admin_users_group.html.php
deleted file mode 100644
index db3645a0..00000000
--- a/modules/gallery/views/admin_users_group.html.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.") ?>
-<h4>
-  <?= html::clean($group->name) ?>
-  <? if (!$group->special): ?>
-  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
-    class="g-dialog-link g-button ui-state-default ui-corner-all">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? else: ?>
-  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
-     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
-    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
-  <? endif ?>
-</h4>
-
-<? if ($group->users->count() > 0): ?>
-<ul>
-  <? foreach ($group->users as $i => $user): ?>
-  <li class="g-user">
-    <?= html::clean($user->name) ?>
-    <? if (!$group->special): ?>
-    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
-       class="g-button ui-state-default ui-corner-all ui-icon-left"
-       title="<?= t("Remove %user from %group group",
-              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
-      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
-    </a>
-    <? endif ?>
-  </li>
-  <? endforeach ?>
-</ul>
-<? else: ?>
-<div>
-  <p>
-    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
-  </p>
-</div>
-<? endif ?>
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
new file mode 100644
index 00000000..a8a8cd95
--- /dev/null
+++ b/modules/user/controllers/admin_users.php
@@ -0,0 +1,290 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Admin_Users_Controller extends Admin_Controller {
+  public function index() {
+    $view = new Admin_View("admin.html");
+    $view->content = new View("admin_users.html");
+    $view->content->users = user::get_user_list(array("orderby" => array("name" => "ASC")));
+    $view->content->groups = group::get_group_list(array("orderby" => array("name" => "ASC")));
+    print $view;
+  }
+
+  public function add_user() {
+    access::verify_csrf();
+
+    $form = user::get_add_form_admin();
+    $valid = $form->validate();
+    $name = $form->add_user->inputs["name"]->value;
+    if ($user = user::lookup_by_name($name)) {
+      $form->add_user->inputs["name"]->add_error("in_use", 1);
+      $valid = false;
+    }
+
+    if ($valid) {
+      $user = user::create(
+        $name, $form->add_user->full_name->value, $form->add_user->password->value);
+      $user->email = $form->add_user->email->value;
+      $user->admin = $form->add_user->admin->checked;
+
+      if ($form->add_user->locale) {
+        $desired_locale = $form->add_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+      $user->save();
+      module::event("user_add_form_admin_completed", $user, $form);
+
+      message::success(t("Created user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_user_form() {
+    print user::get_add_form_admin();
+  }
+
+  public function delete_user($id) {
+    access::verify_csrf();
+
+    if ($id == user::active()->id || $id == user::guest()->id) {
+      access::forbidden();
+    }
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_delete_form_admin($user);
+    if($form->validate()) {
+      $name = $user->name;
+      $user->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted user %user_name", array("user_name" => $name));
+    log::success("user", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+    print user::get_delete_form_admin($user);
+  }
+
+  public function edit_user($id) {
+    access::verify_csrf();
+
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->edit_user->inputs["name"]->value;
+      $temp_user = user::lookup_by_name($new_name);
+      if ($new_name != $user->name &&
+          ($temp_user && $temp_user->id != $user->id)) {
+        $form->edit_user->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      } else {
+        $user->name = $new_name;
+      }
+    }
+
+    if ($valid) {
+      $user->full_name = $form->edit_user->full_name->value;
+      if ($form->edit_user->password->value) {
+        $user->password = $form->edit_user->password->value;
+      }
+      $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
+      if ($form->edit_user->locale) {
+        $desired_locale = $form->edit_user->locale->value;
+        $user->locale = $desired_locale == "none" ? null : $desired_locale;
+      }
+
+      // An admin can change the admin status for any user but themselves
+      if ($user->id != user::active()->id) {
+        $user->admin = $form->edit_user->admin->checked;
+      }
+      $user->save();
+      module::event("user_edit_form_admin_completed", $user, $form);
+
+      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_user_form($id) {
+    $user = user::lookup($id);
+    if (empty($user)) {
+      kohana::show_404();
+    }
+
+    $form = user::get_edit_form_admin($user);
+    // Don't allow the user to control their own admin bit, else you can lock yourself out
+    if ($user->id == user::active()->id) {
+      $form->edit_user->admin->disabled(1);
+    }
+    print $form;
+  }
+
+  public function add_user_to_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->add($user);
+    $group->save();
+  }
+
+  public function remove_user_from_group($user_id, $group_id) {
+    access::verify_csrf();
+    $group = group::lookup($group_id);
+    $user = user::lookup($user_id);
+    $group->remove($user);
+    $group->save();
+  }
+
+  public function group($group_id) {
+    $view = new View("admin_users_group.html");
+    $view->group = group::lookup($group_id);
+    print $view;
+  }
+
+  public function add_group() {
+    access::verify_csrf();
+
+    $form = group::get_add_form_admin();
+    $valid = $form->validate();
+    if ($valid) {
+      $new_name = $form->add_group->inputs["name"]->value;
+      $group = group::lookup_by_name($new_name);
+      if (!empty($group)) {
+        $form->add_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group = group::create($new_name);
+      $group->save();
+      message::success(
+        t("Created group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function add_group_form() {
+    print group::get_add_form_admin();
+  }
+
+  public function delete_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    $form = group::get_delete_form_admin($group);
+    if ($form->validate()) {
+      $name = $group->name;
+      $group->delete();
+    } else {
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+
+    $message = t("Deleted group %group_name", array("group_name" => $name));
+    log::success("group", $message);
+    message::success($message);
+    print json_encode(array("result" => "success"));
+  }
+
+  public function delete_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_delete_form_admin($group);
+  }
+
+  public function edit_group($id) {
+    access::verify_csrf();
+
+    $group = group::lookup($id);
+    if (empty($group)) {
+       kohana::show_404();
+    }
+
+    $form = group::get_edit_form_admin($group);
+    $valid = $form->validate();
+
+    if ($valid) {
+      $new_name = $form->edit_group->inputs["name"]->value;
+      $group = group::lookup_by_name($name);
+      if ($group->loaded) {
+        $form->edit_group->inputs["name"]->add_error("in_use", 1);
+        $valid = false;
+      }
+    }
+
+    if ($valid) {
+      $group->name = $form->edit_group->inputs["name"]->value;
+      $group->save();
+      message::success(
+        t("Changed group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "success"));
+    } else {
+      message::error(
+        t("Failed to change group %group_name", array("group_name" => $group->name)));
+      print json_encode(array("result" => "error",
+                              "form" => $form->__toString()));
+    }
+  }
+
+  public function edit_group_form($id) {
+    $group = group::lookup($id);
+    if (empty($group)) {
+      kohana::show_404();
+    }
+
+    print group::get_edit_form_admin($group);
+  }
+
+}
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
new file mode 100644
index 00000000..78b009eb
--- /dev/null
+++ b/modules/user/helpers/user_event.php
@@ -0,0 +1,30 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+class user_event_Core {
+  static function admin_menu($menu, $theme) {
+    $menu->add_after("appearance_menu",
+                     Menu::factory("link")
+                     ->id("users_groups")
+                     ->label(t("Users/Groups"))
+                     ->url(url::site("admin/users")));
+    return $menu;
+  }
+}
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
new file mode 100644
index 00000000..a127bc15
--- /dev/null
+++ b/modules/user/views/admin_users.html.php
@@ -0,0 +1,128 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<script type="text/javascript">
+  var add_user_to_group_url = "<?= url::site("admin/users/add_user_to_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+  $(document).ready(function(){
+    $("#g-user-admin-list .core-info").draggable({
+      helper: "clone"
+    });
+    $("#g-group-admin .g-group").droppable({
+      accept: ".core-info",
+      hoverClass: "g-selected",
+      drop: function(ev, ui) {
+        var user_id = $(ui.draggable).attr("id").replace("user-", "");
+        var group_id = $(this).attr("id").replace("group-", "");
+        $.get(add_user_to_group_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+              {},
+              function() {
+                reload_group(group_id);
+              });
+      }
+    });
+    $("#group-1").droppable("destroy");
+    $("#group-2").droppable("destroy");
+  });
+
+  var reload_group = function(group_id) {
+    var reload_group_url = "<?= url::site("admin/users/group/__GROUPID__") ?>";
+    $.get(reload_group_url.replace("__GROUPID__", group_id),
+          {},
+          function(data) {
+            $("#group-" + group_id).html(data);
+            $("#group-" + group_id + " .g-dialog-link").gallery_dialog();
+          });
+  }
+
+  var remove_user = function(user_id, group_id) {
+    var remove_user_url = "<?= url::site("admin/users/remove_user_from_group/__USERID__/__GROUPID__?csrf=$csrf") ?>";
+    $.get(remove_user_url.replace("__USERID__", user_id).replace("__GROUPID__", group_id),
+          {},
+          function() {
+            reload_group(group_id);
+          });
+  }
+</script>
+<div class="g-block">
+  <a href="<?= url::site("admin/users/add_user_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new user")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new user") ?>
+  </a>
+
+  <h2>
+    <?= t("User Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <table id="g-user-admin-list">
+      <tr>
+        <th><?= t("Username") ?></th>
+        <th><?= t("Full name") ?></th>
+        <th><?= t("Email") ?></th>
+        <th><?= t("Last login") ?></th>
+        <th><?= t("Actions") ?></th>
+      </tr>
+
+      <? foreach ($users as $i => $user): ?>
+      <tr id="g-user-<?= $user->id ?>" class="<?= text::alternate("g-odd", "g-even") ?> user <?= $user->admin ? "admin" : "" ?>">
+        <td id="user-<?= $user->id ?>" class="core-info g-draggable">
+          <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
+               title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
+               alt="<?= html::clean_attribute($user->name) ?>"
+               width="20"
+               height="20" />
+          <?= html::clean($user->name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->full_name) ?>
+        </td>
+        <td>
+          <?= html::clean($user->email) ?>
+        </td>
+        <td>
+          <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
+        </td>
+        <td class="g-actions">
+          <a href="<?= url::site("admin/users/edit_user_form/$user->id") ?>"
+              open_text="<?= t("close") ?>"
+              class="g-panel-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-pencil"></span><span class="g-button-text"><?= t("edit") ?></span></a>
+          <? if (user::active()->id != $user->id && !$user->guest): ?>
+          <a href="<?= url::site("admin/users/delete_user_form/$user->id") ?>"
+              class="g-dialog-link g-button ui-state-default ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
+          <? else: ?>
+          <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
+              class="g-button ui-state-disabled ui-corner-all ui-icon-left">
+            <span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
+          <? endif ?>
+        </td>
+      </tr>
+      <? endforeach ?>
+    </table>
+  </div>
+</div>
+
+<div id="g-group-admin" class="g-block g-clearfix">
+  <a href="<?= url::site("admin/users/add_group_form") ?>"
+      class="g-dialog-link g-button g-right ui-icon-left ui-state-default ui-corner-all"
+      title="<?= t("Create a new group")->for_html_attr() ?>">
+    <span class="ui-icon ui-icon-circle-plus"></span>
+    <?= t("Add a new group") ?>
+  </a>
+
+  <h2>
+    <?= t("Group Admin") ?>
+  </h2>
+
+  <div class="g-block-content">
+    <ul>
+      <? foreach ($groups as $i => $group): ?>
+      <li id="group-<?= $group->id ?>" class="g-group <?= ($group->special ? "g-default-group" : "") ?>" />
+        <? $v = new View("admin_users_group.html"); $v->group = $group; ?>
+        <?= $v ?>
+      </li>
+      <? endforeach ?>
+    </ul>
+  </div>
+</div>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
new file mode 100644
index 00000000..db3645a0
--- /dev/null
+++ b/modules/user/views/admin_users_group.html.php
@@ -0,0 +1,38 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<h4>
+  <?= html::clean($group->name) ?>
+  <? if (!$group->special): ?>
+  <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
+    class="g-dialog-link g-button ui-state-default ui-corner-all">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? else: ?>
+  <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
+     class="g-dialog-link g-button ui-state-disabled ui-corner-all ui-icon-left">
+    <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
+  <? endif ?>
+</h4>
+
+<? if ($group->users->count() > 0): ?>
+<ul>
+  <? foreach ($group->users as $i => $user): ?>
+  <li class="g-user">
+    <?= html::clean($user->name) ?>
+    <? if (!$group->special): ?>
+    <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
+       class="g-button ui-state-default ui-corner-all ui-icon-left"
+       title="<?= t("Remove %user from %group group",
+              array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
+      <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
+    </a>
+    <? endif ?>
+  </li>
+  <? endforeach ?>
+</ul>
+<? else: ?>
+<div>
+  <p>
+    <?= t("Drag &amp; drop users from the User Admin above into this group box to add group members.") ?>
+  </p>
+</div>
+<? endif ?>
-- 
cgit v1.2.3


From c9a030dd08711f89a985504ce26378a315d7ff1f Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sun, 18 Oct 2009 09:21:34 -0700
Subject: Add a menu item to manage the Identity drivers if there is more than
 one installed

---
 modules/gallery/helpers/gallery_event.php | 18 +++++++++++++-----
 modules/gallery/libraries/Identity.php    | 22 ++++++++++++++++++++++
 modules/user/helpers/user_event.php       | 15 ++++++++++-----
 3 files changed, 45 insertions(+), 10 deletions(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index a6aa0657..84b84f7d 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -190,11 +190,19 @@ class gallery_event_Core {
                ->append(Menu::factory("link")
                         ->id("sidebar")
                         ->label(t("Manage Sidebar"))
-                        ->url(url::site("admin/sidebar"))))
-      ->append(Menu::factory("link")
-               ->id("users_groups")
-               ->label(t("Users/Groups"))
-               ->url(url::site("admin/users")))
+                        ->url(url::site("admin/sidebar"))));
+    if (count(Identity::active()) > 1) {
+      $menu
+        ->append(Menu::factory("submenu")
+                 ->id("identity_menu")
+                 ->label(t("Identity Management"))
+                 ->append(Menu::factory("link")
+                          ->id("identity_drivers")
+                          ->label(t("Identity Drivers"))
+                          ->url(url::site("admin/identity"))));
+    }
+
+    $menu
       ->append(Menu::factory("submenu")
                ->id("statistics_menu")
                ->label(t("Statistics")))
diff --git a/modules/gallery/libraries/Identity.php b/modules/gallery/libraries/Identity.php
index 9eb4b83b..9e5f0bb5 100644
--- a/modules/gallery/libraries/Identity.php
+++ b/modules/gallery/libraries/Identity.php
@@ -24,6 +24,8 @@
 class Identity_Core {
   protected static $instance;
 
+  protected static $active;
+
   // Configuration
   protected $config;
 
@@ -80,6 +82,26 @@ class Identity_Core {
     Kohana::log("debug", "Identity Library initialized");
   }
 
+  /**
+   * Return a list of installed and activated Identity Drivers.
+   *
+   * @return boolean true if the driver supports updates; false if read only
+   */
+  static function active() {
+    if (empty(self::$active)) {
+      $drivers = new ArrayObject(array(), ArrayObject::ARRAY_AS_PROPS);
+      foreach (module::active() as $module) {
+        $module_name = $module->name;
+        if (file_exists(MODPATH . "{$module->name}/config/identity.php") &&
+            ($info = module::info($module_name))) {
+          $drivers->$module_name = $info->description;
+        }
+      }
+      self::$active = $drivers;
+    }
+    return self::$active;
+  }
+
   /**
    * Determine if if the current driver supports updates.
    *
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 78b009eb..00ccbb29 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -20,11 +20,16 @@
 
 class user_event_Core {
   static function admin_menu($menu, $theme) {
-    $menu->add_after("appearance_menu",
-                     Menu::factory("link")
-                     ->id("users_groups")
-                     ->label(t("Users/Groups"))
-                     ->url(url::site("admin/users")));
+    $user_group_menu = Menu::factory("link")
+      ->id("users_groups")
+      ->label(t("Users/Groups"))
+      ->url(url::site("admin/users"));
+    $identity_menu = $menu->get("identity_menu");
+    if (empty($identity_menu)) {
+      $menu->add_after("appearance_menu", $user_group_menu);
+    }else {
+      $identity_menu->append($user_group_menu);
+    }
     return $menu;
   }
 }
-- 
cgit v1.2.3


From b49b2130729fee34b61873f20bf7822f120bc163 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 20 Oct 2009 20:29:28 -0700
Subject: Only show the user/group administration screen if the active idenity
 provider is the user module.

---
 modules/user/helpers/user_event.php | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 00ccbb29..7916047f 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -20,15 +20,18 @@
 
 class user_event_Core {
   static function admin_menu($menu, $theme) {
-    $user_group_menu = Menu::factory("link")
-      ->id("users_groups")
-      ->label(t("Users/Groups"))
-      ->url(url::site("admin/users"));
-    $identity_menu = $menu->get("identity_menu");
-    if (empty($identity_menu)) {
-      $menu->add_after("appearance_menu", $user_group_menu);
-    }else {
-      $identity_menu->append($user_group_menu);
+    $config = module::get_var("gallery", "identity_provider", "user");
+    if ($config == "user") {
+      $user_group_menu = Menu::factory("link")
+        ->id("users_groups")
+        ->label(t("Users/Groups"))
+        ->url(url::site("admin/users"));
+      $identity_menu = $menu->get("identity_menu");
+      if (empty($identity_menu)) {
+        $menu->add_after("appearance_menu", $user_group_menu);
+      }else {
+        $identity_menu->append($user_group_menu);
+      }
     }
     return $menu;
   }
-- 
cgit v1.2.3


From 9297325c2797d74aa9516e340d45d425bda85b3b Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 23 Oct 2009 06:52:08 -0700
Subject: Minor changes to more closely align this branch with master

---
 modules/gallery/helpers/locales.php | 34 +++++++++++++++++-----------------
 modules/user/helpers/user_event.php | 22 ++++++++++------------
 themes/admin_wind/css/screen.css    |  3 +--
 3 files changed, 28 insertions(+), 31 deletions(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index c2a606cd..2de029ff 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -136,23 +136,6 @@ class locales_Core {
     return in_array($language, array("he", "fa", "ar"));
   }
 
-  static function set_request_locale() {
-    // 1. Check the session specific preference (cookie)
-    $locale = self::cookie_locale();
-    // 2. Check the user's preference
-    if (!$locale) {
-      $locale = identity::active_user()->locale;
-    }
-    // 3. Check the browser's / OS' preference
-    if (!$locale) {
-      $locale = self::locale_from_http_request();
-    }
-    // If we have any preference, override the site's default locale
-    if ($locale) {
-      I18n::instance()->locale($locale);
-    }
-  }
-
   /**
    * Returns the best match comparing the HTTP accept-language header
    * with the installed locales.
@@ -237,6 +220,23 @@ class locales_Core {
     return array(null, 0);
   }
 
+  static function set_request_locale() {
+    // 1. Check the session specific preference (cookie)
+    $locale = self::cookie_locale();
+    // 2. Check the user's preference
+    if (!$locale) {
+      $locale = identity::active_user()->locale;
+    }
+    // 3. Check the browser's / OS' preference
+    if (!$locale) {
+      $locale = self::locale_from_http_request();
+    }
+    // If we have any preference, override the site's default locale
+    if ($locale) {
+      I18n::instance()->locale($locale);
+    }
+  }
+
   static function cookie_locale() {
     $cookie_data = Input::instance()->cookie("g_locale");
     $locale = null;
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 7916047f..a4a6e5da 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -20,19 +20,17 @@
 
 class user_event_Core {
   static function admin_menu($menu, $theme) {
-    $config = module::get_var("gallery", "identity_provider", "user");
-    if ($config == "user") {
-      $user_group_menu = Menu::factory("link")
-        ->id("users_groups")
-        ->label(t("Users/Groups"))
-        ->url(url::site("admin/users"));
-      $identity_menu = $menu->get("identity_menu");
-      if (empty($identity_menu)) {
-        $menu->add_after("appearance_menu", $user_group_menu);
-      }else {
-        $identity_menu->append($user_group_menu);
-      }
+    $user_group_menu = Menu::factory("link")
+      ->id("users_groups")
+      ->label(t("Users/Groups"))
+      ->url(url::site("admin/users"));
+    $identity_menu = $menu->get("identity_menu");
+    if (empty($identity_menu)) {
+      $menu->add_after("appearance_menu", $user_group_menu);
+    }else {
+      $identity_menu->append($user_group_menu);
     }
+
     return $menu;
   }
 }
diff --git a/themes/admin_wind/css/screen.css b/themes/admin_wind/css/screen.css
index 65a2f43b..a889545b 100644
--- a/themes/admin_wind/css/screen.css
+++ b/themes/admin_wind/css/screen.css
@@ -418,8 +418,7 @@ li.g-group .g-user .g-button {
   vertical-align: middle;
 }
 
-li.g-default-group h4, li.g-default-group .g-user,
-li.g-group-disable h4, li.g-group-disable .g-user {
+li.g-default-group h4, li.g-default-group .g-user {
   color: gray;
 }
 
-- 
cgit v1.2.3


From 53dd35b5c8e741511d5bdc1ed35769d4ce281fe0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 29 Oct 2009 08:30:39 -0700
Subject: Just show the Identity admin menu item all the time. This gives a
 place to hang other user related module administartion menu links.

---
 modules/gallery/helpers/gallery_event.php | 21 ++++++++-------------
 modules/user/helpers/user_event.php       | 11 +++--------
 2 files changed, 11 insertions(+), 21 deletions(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 2ee20417..c16ec67d 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -187,19 +187,14 @@ class gallery_event_Core {
                ->append(Menu::factory("link")
                         ->id("sidebar")
                         ->label(t("Manage Sidebar"))
-                        ->url(url::site("admin/sidebar"))));
-    if (count(identity::providers()) > 1) {
-      $menu
-        ->append(Menu::factory("submenu")
-                 ->id("identity_menu")
-                 ->label(t("Identity Management"))
-                 ->append(Menu::factory("link")
-                          ->id("identity_drivers")
-                          ->label(t("Identity Drivers"))
-                          ->url(url::site("admin/identity"))));
-    }
-
-    $menu
+                        ->url(url::site("admin/sidebar"))))
+      ->append(Menu::factory("submenu")
+               ->id("identity_menu")
+               ->label(t("Identity Management"))
+               ->append(Menu::factory("link")
+                        ->id("identity_drivers")
+                        ->label(t("Identity Drivers"))
+                        ->url(url::site("admin/identity"))))
       ->append(Menu::factory("submenu")
                ->id("statistics_menu")
                ->label(t("Statistics")))
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index a4a6e5da..1ac7f333 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -20,16 +20,11 @@
 
 class user_event_Core {
   static function admin_menu($menu, $theme) {
-    $user_group_menu = Menu::factory("link")
+    $menu->get("identity_menu")
+      ->append(Menu::factory("link")
       ->id("users_groups")
       ->label(t("Users/Groups"))
-      ->url(url::site("admin/users"));
-    $identity_menu = $menu->get("identity_menu");
-    if (empty($identity_menu)) {
-      $menu->add_after("appearance_menu", $user_group_menu);
-    }else {
-      $identity_menu->append($user_group_menu);
-    }
+      ->url(url::site("admin/users")));
 
     return $menu;
   }
-- 
cgit v1.2.3


From 04bf50bfb4241f7c814782c516732d927ff1f457 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 29 Oct 2009 17:09:01 -0700
Subject: Use an event 'check_user_name_exists' to validate the input name is
 already in use. The parameter is a standard class with the name and an exists
 flag.  Any event handler should or their result with the exists flag.

---
 modules/user/controllers/admin_users.php | 4 +++-
 modules/user/helpers/user_event.php      | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 269e3dc8..a7db6179 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -36,7 +36,9 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = $this->_get_user_add_form_admin();
     $valid = $form->validate();
     $name = $form->add_user->inputs["name"]->value;
-    if ($user = user::lookup_by_name($name)) {
+    $user_exists_data = (object)array("name" => $name);
+    module::event("check_username_exists", $user_exists_data);
+    if ($user_exists_data->exists) {
       $form->add_user->inputs["name"]->add_error("in_use", 1);
       $valid = false;
     }
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 1ac7f333..e3dbacb7 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -28,4 +28,9 @@ class user_event_Core {
 
     return $menu;
   }
+
+  static function check_username_exists($data) {
+    $user = user::lookup_by_name($data->name);
+    $data->exists |= $user ? true : false;
+  }
 }
-- 
cgit v1.2.3


From c3dcfd136bea8ec4b627a7d38f618ac97c9ea4a0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 31 Oct 2009 14:41:55 -0700
Subject: Move the identity provider menu item under the settings menu and make
 the User/Groups administration a first level menu item.  As discussed via
 -devel mailing list.

---
 modules/gallery/helpers/gallery_event.php | 13 +++++--------
 modules/user/helpers/user_event.php       |  9 ++++-----
 2 files changed, 9 insertions(+), 13 deletions(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index f3ad1630..582e3267 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -179,7 +179,11 @@ class gallery_event_Core {
                ->append(Menu::factory("link")
                         ->id("advanced")
                         ->label(t("Advanced"))
-                        ->url(url::site("admin/advanced_settings"))))
+                        ->url(url::site("admin/advanced_settings")))
+               ->append(Menu::factory("link")
+                        ->id("identity_drivers")
+                        ->label(t("Identity drivers"))
+                        ->url(url::site("admin/identity"))))
       ->append(Menu::factory("link")
                ->id("modules")
                ->label(t("Modules"))
@@ -202,13 +206,6 @@ class gallery_event_Core {
                         ->id("sidebar")
                         ->label(t("Manage sidebar"))
                         ->url(url::site("admin/sidebar"))))
-      ->append(Menu::factory("submenu")
-               ->id("identity_menu")
-               ->label(t("Identity management"))
-               ->append(Menu::factory("link")
-                        ->id("identity_drivers")
-                        ->label(t("Identity drivers"))
-                        ->url(url::site("admin/identity"))))
       ->append(Menu::factory("submenu")
                ->id("statistics_menu")
                ->label(t("Statistics")))
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index e3dbacb7..11b9c56c 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -20,11 +20,10 @@
 
 class user_event_Core {
   static function admin_menu($menu, $theme) {
-    $menu->get("identity_menu")
-      ->append(Menu::factory("link")
-      ->id("users_groups")
-      ->label(t("Users/Groups"))
-      ->url(url::site("admin/users")));
+    $menu->add_after("appearance_menu", Menu::factory("link")
+                     ->id("users_groups")
+                     ->label(t("Users/Groups"))
+                     ->url(url::site("admin/users")));
 
     return $menu;
   }
-- 
cgit v1.2.3


From 1c428df9e090b8e7e9dfa3ec5d924b8169190b42 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 31 Oct 2009 16:16:47 -0700
Subject: Revert "Use an event 'check_user_name_exists' to validate the input
 name is already in use. The parameter is a standard class with the name and
 an exists flag.  Any event handler should or their result with the exists
 flag."

This reverts commit 04bf50bfb4241f7c814782c516732d927ff1f457.
---
 modules/user/controllers/admin_users.php | 4 +---
 modules/user/helpers/user_event.php      | 5 -----
 2 files changed, 1 insertion(+), 8 deletions(-)

(limited to 'modules/user/helpers/user_event.php')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 209ce8ae..54541e90 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -36,9 +36,7 @@ class Admin_Users_Controller extends Admin_Controller {
     $form = $this->_get_user_add_form_admin();
     $valid = $form->validate();
     $name = $form->add_user->inputs["name"]->value;
-    $user_exists_data = (object)array("name" => $name);
-    module::event("check_username_exists", $user_exists_data);
-    if ($user_exists_data->exists) {
+    if ($user = user::lookup_by_name($name)) {
       $form->add_user->inputs["name"]->add_error("in_use", 1);
       $valid = false;
     }
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 11b9c56c..cf91812e 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -27,9 +27,4 @@ class user_event_Core {
 
     return $menu;
   }
-
-  static function check_username_exists($data) {
-    $user = user::lookup_by_name($data->name);
-    $data->exists |= $user ? true : false;
-  }
 }
-- 
cgit v1.2.3