From a691dcc63cb6403784e061997cc85606a8f953b3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 16 Jan 2010 19:58:55 -0800 Subject: Convert Admin_Users::add_user() to use model based validation. Get the rules and business logic out of the form and user::create(), and move it into User_Model::save(). --- modules/user/helpers/user.php | 26 -------------------------- 1 file changed, 26 deletions(-) (limited to 'modules/user/helpers') diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index e092aecc..3561021f 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -35,32 +35,6 @@ class user_Core { return model_cache::get("user", 1); } - /** - * Create a new user. - * - * @param string $name - * @param string $full_name - * @param string $password - * @return User_Model - */ - static function create($name, $full_name, $password) { - $user = ORM::factory("user")->where("name", "=", $name)->find(); - if ($user->loaded()) { - throw new Exception("@todo USER_ALREADY_EXISTS $name"); - } - - $user->name = $name; - $user->full_name = $full_name; - $user->password = $password; - - // Required groups - $user->add(group::everybody()); - $user->add(group::registered_users()); - - $user->save(); - return $user; - } - /** * Is the password provided correct? * -- cgit v1.2.3 From 6a4dda9bdef81bcf79abe5601fd7309e593078f3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 16 Jan 2010 21:15:12 -0800 Subject: Convert Admin_Users_Controller, User_Model and Group_Model to use model based validation. --- modules/user/controllers/admin_users.php | 115 +++++++++++++------------------ modules/user/controllers/users.php | 17 +++-- modules/user/helpers/group.php | 17 ----- modules/user/models/group.php | 39 ++++++++--- modules/user/models/user.php | 18 ++++- 5 files changed, 103 insertions(+), 103 deletions(-) (limited to 'modules/user/helpers') diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 7f08f8a1..c35eba73 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -37,10 +37,9 @@ class Admin_Users_Controller extends Admin_Controller { $user->full_name = $form->add_user->full_name->value; $user->password = $form->add_user->password->value; $user->email = $form->add_user->email->value; - - if (!empty($form->add_user->locale->value)) { - $user->locale = $form->add_user->locale->value; - } + $user->url = $form->edit_user->url->value; + $user->locale = $form->add_user->locale->value; + $user->admin = $form->edit_user->admin->checked; $user->validate(); } catch (ORM_Validation_Exception $e) { // Translate ORM validation errors into form error messages @@ -110,43 +109,34 @@ class Admin_Users_Controller extends Admin_Controller { } $form = $this->_get_user_edit_form_admin($user); - $valid = $form->validate(); - if ($valid) { - $new_name = $form->edit_user->inputs["name"]->value; - $temp_user = user::lookup_by_name($new_name); - if ($new_name != $user->name && - ($temp_user && $temp_user->id != $user->id)) { - $form->edit_user->inputs["name"]->add_error("in_use", 1); - $valid = false; - } else { - $user->name = $new_name; - } - } - - if ($valid) { + try { + $valid = $form->validate(); + $user->name = $form->edit_user->inputs["name"]->value; $user->full_name = $form->edit_user->full_name->value; - if ($form->edit_user->password->value) { - $user->password = $form->edit_user->password->value; - } + $user->password = $form->edit_user->password->value; $user->email = $form->edit_user->email->value; $user->url = $form->edit_user->url->value; - if ($form->edit_user->locale) { - $desired_locale = $form->edit_user->locale->value; - $user->locale = $desired_locale == "none" ? null : $desired_locale; - } - - // An admin can change the admin status for any user but themselves + $user->locale = $form->edit_user->locale->value; if ($user->id != identity::active_user()->id) { $user->admin = $form->edit_user->admin->checked; } + + $user->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->edit_user->inputs[$key]->add_error($error, 1); + } + $valid = false; + } + + if ($valid) { $user->save(); module::event("user_edit_form_admin_completed", $user, $form); - message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); + print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -191,25 +181,26 @@ class Admin_Users_Controller extends Admin_Controller { access::verify_csrf(); $form = $this->_get_group_add_form_admin(); - $valid = $form->validate(); - if ($valid) { - $new_name = $form->add_group->inputs["name"]->value; - $group = group::lookup_by_name($new_name); - if (!empty($group)) { - $form->add_group->inputs["name"]->add_error("in_use", 1); - $valid = false; + try { + $valid = $form->validate(); + $group = ORM::factory("group"); + $group->name = $form->add_group->inputs["name"]->value; + $group->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->add_group->inputs[$key]->add_error($error, 1); } + $valid = false; } if ($valid) { - $group = group::create($new_name); $group->save(); message::success( t("Created group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { - print json_encode(array("result" => "error", - "form" => $form->__toString())); + print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -258,19 +249,19 @@ class Admin_Users_Controller extends Admin_Controller { } $form = $this->_get_group_edit_form_admin($group); - $valid = $form->validate(); - - if ($valid) { - $new_name = $form->edit_group->inputs["name"]->value; - $group = group::lookup_by_name($name); - if ($group->loaded()) { - $form->edit_group->inputs["name"]->add_error("in_use", 1); - $valid = false; + try { + $valid = $form->validate(); + $group->name = $form->edit_group->inputs["name"]->value; + $group->validate(); + } catch (ORM_Validation_Exception $e) { + // Translate ORM validation errors into form error messages + foreach ($e->validation->errors() as $key => $error) { + $form->edit_group->inputs[$key]->add_error($error, 1); } + $valid = false; } if ($valid) { - $group->name = $form->edit_group->inputs["name"]->value; $group->save(); message::success( t("Changed group %group_name", array("group_name" => $group->name))); @@ -278,8 +269,7 @@ class Admin_Users_Controller extends Admin_Controller { } else { message::error( t("Failed to change group %group_name", array("group_name" => $group->name))); - print json_encode(array("result" => "error", - "form" => $form->__toString())); + print json_encode(array("result" => "error", "form" => (string) $form)); } } @@ -308,10 +298,6 @@ class Admin_Users_Controller extends Admin_Controller { $group->input("email")->label(t("Email"))->id("g-email")->value($user->email); $group->input("url")->label(t("URL"))->id("g-url")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("g-admin")->checked($user->admin); - $form->add_rules_from($user); - $minimum_length = module::get_var("user", "mininum_password_length", 5); - $form->edit_user->password - ->rules($minimum_length ? "length[$minimum_length, 40]" : "length[40]"); module::event("user_edit_form_admin", $user, $form); $group->submit("")->value(t("Modify User")); @@ -342,15 +328,14 @@ class Admin_Users_Controller extends Admin_Controller { foreach ($locales as $locale => $display_name) { $locales[$locale] = SafeString::of_safe_html($display_name); } - if (count($locales) > 1) { - // Put "none" at the first position in the array - $locales = array_merge(array("" => t("« none »")), $locales); - $selected_locale = ($user && $user->locale) ? $user->locale : ""; - $form->dropdown("locale") - ->label(t("Language Preference")) - ->options($locales) - ->selected($selected_locale); - } + + // Put "none" at the first position in the array + $locales = array_merge(array("" => t("« none »")), $locales); + $selected_locale = ($user && $user->locale) ? $user->locale : ""; + $form->dropdown("locale") + ->label(t("Language Preference")) + ->options($locales) + ->selected($selected_locale); } private function _get_user_delete_form_admin($user) { @@ -370,7 +355,6 @@ class Admin_Users_Controller extends Admin_Controller { $form_group->inputs["name"]->error_messages( "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Save")); - $form->add_rules_from($group); return $form; } @@ -381,7 +365,6 @@ class Admin_Users_Controller extends Admin_Controller { $form_group->inputs["name"]->error_messages( "in_use", t("There is already a group with that name")); $form_group->submit("")->value(t("Add group")); - $form->add_rules_from(ORM::factory("group")); return $form; } diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index ca218393..71f9a889 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -95,14 +95,13 @@ class Users_Controller extends Controller { foreach ($locales as $locale => $display_name) { $locales[$locale] = SafeString::of_safe_html($display_name); } - if (count($locales) > 1) { - // Put "none" at the first position in the array - $locales = array_merge(array("" => t("« none »")), $locales); - $selected_locale = ($user && $user->locale) ? $user->locale : ""; - $form->dropdown("locale") - ->label(t("Language Preference")) - ->options($locales) - ->selected($selected_locale); - } + + // Put "none" at the first position in the array + $locales = array_merge(array("" => t("« none »")), $locales); + $selected_locale = ($user && $user->locale) ? $user->locale : ""; + $form->dropdown("locale") + ->label(t("Language Preference")) + ->options($locales) + ->selected($selected_locale); } } diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index 2ada0ac1..38124b0d 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -24,23 +24,6 @@ * Note: by design, this class does not do any permission checking. */ class group_Core { - /** - * Create a new group. - * - * @param string $name - * @return Group_Definition the group object - */ - static function create($name) { - $group = ORM::factory("group")->where("name", "=", $name)->find(); - if ($group->loaded()) { - throw new Exception("@todo GROUP_ALREADY_EXISTS $name"); - } - - $group->name = $name; - $group->save(); - return $group; - } - /** * The group of all possible visitors. This includes the guest user. * diff --git a/modules/user/models/group.php b/modules/user/models/group.php index 10f6f4b3..16d6adb7 100644 --- a/modules/user/models/group.php +++ b/modules/user/models/group.php @@ -20,8 +20,7 @@ class Group_Model extends ORM implements Group_Definition { protected $has_and_belongs_to_many = array("users"); - var $form_rules = array( - "name" => "required|length[4,255]"); + var $rules = array("name" => array("rules" => array("required", "length[4,255]"))); /** * @see ORM::delete() @@ -37,18 +36,42 @@ class Group_Model extends ORM implements Group_Definition { return $this->users->find_all(); } - public function save() { - if (!$this->loaded()) { - $created = 1; + /** + * Add some custom per-instance rules. + */ + public function validate($array=null) { + // validate() is recursive, only modify the rules on the outermost call. + if (!$array) { + $this->rules["name"]["callbacks"] = array(array($this, "valid_name")); } - $original = clone $this->original(); - parent::save(); - if (isset($created)) { + parent::validate($array); + } + + public function save() { + if (!$this->loaded()) { + // New group + parent::save(); module::event("group_created", $this); } else { + // Updated group + $original = clone $this->original(); + parent::save(); module::event("group_updated", $original, $this); } + return $this; } + + /** + * Validate the user name. Make sure there are no conflicts. + */ + public function valid_name(Validation $v, $field) { + if (db::build()->from("groups") + ->where("name", "=", $this->name) + ->where("id", "<>", $this->id) + ->count_records() == 1) { + $v->add_error("name", "in_use"); + } + } } \ No newline at end of file diff --git a/modules/user/models/user.php b/modules/user/models/user.php index 12da5784..c45f88ac 100644 --- a/modules/user/models/user.php +++ b/modules/user/models/user.php @@ -78,6 +78,7 @@ class User_Model extends ORM implements User_Definition { } $this->rules["password"]["callbacks"] = array(array($this, "valid_password")); + $this->rules["admin"]["callbacks"] = array(array($this, "valid_admin")); parent::validate($array); } @@ -131,9 +132,20 @@ class User_Model extends ORM implements User_Definition { * Validate the password. */ public function valid_password(Validation $v, $field) { - $minimum_length = module::get_var("user", "mininum_password_length", 5); - if ($this->password_length < $minimum_length || $this->password_length > 40) { - $v->add_error("password", "length"); + if (!$this->loaded() || $this->password_length) { + $minimum_length = module::get_var("user", "mininum_password_length", 5); + if ($this->password_length < $minimum_length || $this->password_length > 40) { + $v->add_error("password", "length"); + } + } + } + + /** + * Validate the admin bit. + */ + public function valid_admin(Validation $v, $field) { + if ($this->id == identity::active_user()->id && !$this->admin) { + $v->add_error("admin", "locked"); } } } -- cgit v1.2.3 From cfb27dde023e4f4d04fc9de687548501e607d371 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 17 Jan 2010 13:28:24 -0800 Subject: Adjust installers to work with model based validation. --- modules/gallery/helpers/gallery_installer.php | 33 ++++++++++++++++----------- modules/user/helpers/user_installer.php | 32 ++++++++++++++++++++------ 2 files changed, 45 insertions(+), 20 deletions(-) (limited to 'modules/user/helpers') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 1e0ad28c..aa297236 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -209,19 +209,26 @@ class gallery_installer { t("Edit"); t("Add"); - $root = ORM::factory("item"); - $root->type = "album"; - $root->title = "Gallery"; - $root->description = ""; - $root->left_ptr = 1; - $root->right_ptr = 2; - $root->parent_id = 0; - $root->level = 1; - $root->thumb_dirty = 1; - $root->resize_dirty = 1; - $root->sort_column = "weight"; - $root->sort_order = "ASC"; - $root->save(); + // Hardcode the first item to sidestep ORM validation rules + $now = time(); + db::build()->insert( + "items", + array("created" => $now, + "description" => "", + "left_ptr" => 1, + "level" => 1, + "parent_id" => 0, + "resize_dirty" => 1, + "right_ptr" => 2, + "sort_column" => "weight", + "sort_order" => "ASC", + "thumb_dirty" => 1, + "title" => "Gallery", + "type" => "album", + "updated" => $now, + "weight" => 1)) + ->execute(); + $root = ORM::factory("item")->where("id", "=", 1)->find(); access::add_item($root); module::set_var("gallery", "active_site_theme", "wind"); diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index 0cba502f..70bee300 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -53,21 +53,39 @@ class user_installer { UNIQUE KEY(`user_id`, `group_id`)) DEFAULT CHARSET=utf8;"); - $everybody = group::create("Everybody"); + $everybody = ORM::factory("group"); + $everybody->name = "Everybody"; $everybody->special = true; $everybody->save(); - $registered = group::create("Registered Users"); + $registered = ORM::factory("group"); + $registered->name = "Registered Users"; $registered->special = true; $registered->save(); - $guest = user::create("guest", "Guest User", ""); - $guest->guest = true; - $guest->remove($registered); + // Avoid ORM to sidestep validation. + db::build()->insert( + "users", + array("name" => "guest", + "full_name" => "Guest User", + "guest" => true)) + ->execute(); + + $guest = ORM::factory("user")->where("id", "=", 1)->find(); + $guest->add($everybody); $guest->save(); - $admin = user::create("admin", "Gallery Administrator", "admin"); - $admin->admin = true; + db::build()->insert( + "users", + array("name" => "admin", + "full_name" => "Gallery Administrator", + "password" => "admin", + "admin" => true)) + ->execute(); + + $admin = ORM::factory("user")->where("id", "=", 2)->find(); + $admin->add($everybody); + $admin->add($registered); $admin->save(); $current_provider = module::get_var("gallery", "identity_provider"); -- cgit v1.2.3 From 5162e35d499e8f57f2cff8eefeb633538aad8a65 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 17 Jan 2010 17:54:14 -0800 Subject: Use an empty password for the guest user. --- modules/user/helpers/user_installer.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/user/helpers') diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index 70bee300..f7e3b60b 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -68,6 +68,7 @@ class user_installer { "users", array("name" => "guest", "full_name" => "Guest User", + "password" => "", "guest" => true)) ->execute(); -- cgit v1.2.3 From b6dab323ac478339b03f98430c2591562e747f43 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 25 Jan 2010 20:42:48 -0800 Subject: Use ORM to create the users since now our validation can handle doing it the right way. Set a default email address for admins. --- modules/user/helpers/user_installer.php | 33 +++++++++++---------------------- 1 file changed, 11 insertions(+), 22 deletions(-) (limited to 'modules/user/helpers') diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index f2d131ae..1d49998d 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -95,30 +95,19 @@ class user_installer { $registered->special = true; $registered->save(); - // Avoid ORM to sidestep validation. - db::build()->insert( - "users", - array("name" => "guest", - "full_name" => "Guest User", - "password" => "", - "guest" => true)) - ->execute(); - - $guest = ORM::factory("user")->where("id", "=", 1)->find(); - $guest->add($everybody); + $guest = ORM::factory("user"); + $guest->name = "guest"; + $guest->full_name = "Guest User"; + $guest->password = ""; + $guest->guest = true; $guest->save(); - db::build()->insert( - "users", - array("name" => "admin", - "full_name" => "Gallery Administrator", - "password" => "admin", - "admin" => true)) - ->execute(); - - $admin = ORM::factory("user")->where("id", "=", 2)->find(); - $admin->add($everybody); - $admin->add($registered); + $admin = ORM::factory("user"); + $admin->name = "admin"; + $admin->full_name = "Gallery Administrator"; + $admin->password = "admin"; + $admin->email = "unknown@unknown.com"; + $admin->admin = true; $admin->save(); $root = ORM::factory("item", 1); -- cgit v1.2.3 From e1bf010d89c4ef2023f204834c468793d866483c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 31 Jan 2010 20:50:52 -0800 Subject: Force all non-guest users to have an email address since that's required in model validation. Without this, any save on a user without email will fail which means that you can't log in. Bump user module to version 3. --- modules/user/helpers/user_installer.php | 16 ++++++++++++++-- modules/user/module.info | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'modules/user/helpers') diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index 1d49998d..729f087a 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -29,9 +29,21 @@ class user_installer { static function upgrade($version) { if ($version == 1) { module::set_var("user", "mininum_password_length", 5); - module::set_version("user", $version = 2); } + + if ($version == 2) { + db::build() + ->update("users") + ->set("email", "unknown@unknown.com") + ->where("guest", "=", 0) + ->and_open() + ->where("email", "IS", null) + ->or_where("email", "=", "") + ->close() + ->execute(); + module::set_version("user", $version = 3); + } } static function uninstall() { @@ -117,7 +129,7 @@ class user_installer { access::allow($registered, "view", $root); access::allow($registered, "view_full", $root); - module::set_version("user", 2); module::set_var("user", "mininum_password_length", 5); + module::set_version("user", 3); } } \ No newline at end of file diff --git a/modules/user/module.info b/modules/user/module.info index d1e02382..185a3e3a 100644 --- a/modules/user/module.info +++ b/modules/user/module.info @@ -1,4 +1,4 @@ name = "Users and Groups" description = "Gallery 3 user and group management" -version = 2 +version = 3 -- cgit v1.2.3