From 481352c382d769d9074223ae9c7b6d969f0f6e58 Mon Sep 17 00:00:00 2001
From: Felix Rabinovich <virshu@users.sourceforge.net>
Date: Thu, 25 Dec 2008 02:16:41 +0000
Subject: User administration: 1. Add users; 2. Group administration; 3.
 General cleanup

---
 modules/user/controllers/admin_users.php |   3 +-
 modules/user/controllers/groups.php      | 106 +++++++++++++++++++++++++++++++
 modules/user/controllers/users.php       |  30 ++++++---
 modules/user/helpers/group.php           |  35 +++++++++-
 modules/user/helpers/user.php            |  17 ++++-
 modules/user/views/admin_users.html.php  |  58 ++++++++++-------
 6 files changed, 212 insertions(+), 37 deletions(-)
 create mode 100644 modules/user/controllers/groups.php

(limited to 'modules')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index ac328780..c39092b2 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -21,7 +21,8 @@ class Admin_Users_Controller extends Controller {
   public function index() {
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_users.html");
-    $view->content->users = ORM::factory("user")->find_all();
+    $view->content->users = ORM::factory("user")->orderby("name")->find_all();
+    $view->content->groups = ORM::factory("group")->orderby("name")->find_all();
     print $view;
   }
 
diff --git a/modules/user/controllers/groups.php b/modules/user/controllers/groups.php
new file mode 100644
index 00000000..96084fe2
--- /dev/null
+++ b/modules/user/controllers/groups.php
@@ -0,0 +1,106 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2008 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Groups_Controller extends REST_Controller {
+  protected $resource_type = "group";
+
+  /**
+   * Display comments based on criteria.
+   *  @see Rest_Controller::_index()
+   */
+  public function _index() {
+    throw new Exception("@todo Group_Controller::_index NOT IMPLEMENTED");
+  }
+
+  /**
+   *  @see Rest_Controller::_create($resource)
+   */
+  public function _create($resource) {
+    $form = group::get_add_form();
+    if ($form->validate()) {
+      group::create($form->add_group->gname->value);
+      if ($continue = $this->input->get("continue")) {
+        url::redirect($continue);
+      }
+    }
+    print $form;
+  }
+
+  /**
+   * @see Rest_Controller::_show($resource)
+   */
+  public function _show($user) {
+    throw new Exception("@todo Group_Controller::_show NOT IMPLEMENTED");
+  }
+
+  /**
+   *  @see Rest_Controller::_update($resource)
+   */
+  public function _update($group) {
+    $form = group::get_edit_form($group);
+    if ($form->validate()) {
+      $group->name = $form->edit_group->gname->value;
+      $group->save();
+      if ($continue = $this->input->get("continue")) {
+        url::redirect($continue);
+      }
+    }
+    print $form;
+  }
+
+  /**
+   *  @see Rest_Controller::_delete($resource)
+   */
+  public function _delete($group) {
+    if (!(user::active()->admin) || $group->special) {
+      access::forbidden();
+    }
+    // Prevent CSRF
+    $form = group::get_delete_form($group);
+    if ($form->validate()) {
+      $group->delete();
+      if ($continue = $this->input->get("continue")) {
+        url::redirect($continue);
+      }
+    }
+    print $form;
+  }
+
+  /**
+   * Present a form for editing a user
+   *  @see Rest_Controller::form($resource)
+   */
+  public function _form_edit($group) {
+    if ($group->guest || group::active()->id != $group->id) {
+      access::forbidden();
+    }
+
+    print group::get_edit_form(
+      $group,
+      "users/{$group->id}?_method=put&continue=" . $this->input->get("continue"));
+  }
+
+  /**
+   * Present a form for adding a user
+   *  @see Rest_Controller::form($resource)
+   */
+  public function _form_add($parameters) {
+    throw new Exception("@todo Group_Controller::_form_add NOT IMPLEMENTED");
+  }
+}
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 0ea6b403..f21e9ae0 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -25,23 +25,22 @@ class Users_Controller extends REST_Controller {
    *  @see Rest_Controller::_index()
    */
   public function _index() {
-    throw new Exception("@todo Comment_Controller::_index NOT IMPLEMENTED");
+    throw new Exception("@todo User_Controller::_index NOT IMPLEMENTED");
   }
 
   /**
    *  @see Rest_Controller::_create($resource)
    */
-  public function _create($user) {
-    if ($user->guest || (!user::active()->admin && $user->id != user::active()->id)) {
+  public function _create($resource) {
+    if (!(user::active()->admin)) {
       access::forbidden();
     }
 
-    $form = user::get_add_form($user, "");
+    $form = user::get_add_form();
     if ($form->validate()) {
-      $user->name = $form->edit_user->uname->value;
-      $user->full_name = $form->edit_user->full_name->value;
-      $user->password = $form->edit_user->password->value;
-      $user->email = $form->edit_user->email->value;
+      $user = user::create($form->add_user->uname->value, 
+        $form->add_user->full_name->value, $form->add_user->password->value);
+      $user->email = $form->add_user->email->value;
       $user->save();
       if ($continue = $this->input->get("continue")) {
         url::redirect($continue);
@@ -65,7 +64,7 @@ class Users_Controller extends REST_Controller {
       access::forbidden();
     }
 
-    $form = user::get_edit_form($user, "");
+    $form = user::get_edit_form($user);
     $form->edit_user->password->rules("-required");
     if ($form->validate()) {
       $user->full_name = $form->edit_user->full_name->value;
@@ -83,7 +82,18 @@ class Users_Controller extends REST_Controller {
    *  @see Rest_Controller::_delete($resource)
    */
   public function _delete($user) {
-    throw new Exception("@todo User_Controller::_delete NOT IMPLEMENTED");
+    if (!(user::active()->admin) || $user->id == user::active()->id) {
+      access::forbidden();
+    }
+    // Prevent CSRF
+    $form = user::get_delete_form($user);
+    if ($form->validate()) {
+      $user->delete();
+      if ($continue = $this->input->get("continue")) {
+        url::redirect($continue);
+      }
+    }
+    print $form;
   }
 
   /**
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
index 98947794..f32e37dc 100644
--- a/modules/user/helpers/group.php
+++ b/modules/user/helpers/group.php
@@ -31,7 +31,7 @@ class group_Core {
    * @return Group_Model
    */
   static function create($name) {
-    $group = ORM::factory("group")->where("name", $name);
+    $group = ORM::factory("group")->where("name", $name)->find();
     if ($group->loaded) {
       throw new Exception("@todo GROUP_ALREADY_EXISTS $name");
     }
@@ -64,4 +64,37 @@ class group_Core {
   static function registered_users() {
     return ORM::factory("group", 2);
   }
+  
+  /**
+   * This is the API for handling groups.
+   * @TODO incorporate rules!
+   */
+  public static function get_edit_form($group, $action = NULL) {
+    $form = new Forge($action);
+    $form_group = $form->group("edit_group")->label(_("Edit Group"));
+    $form_group->input("gname")->label(_("Name"))->id("gName")->value($group->name);
+    $form_group->submit(_("Modify"));
+    $form->add_rules_from($group);
+    $form->edit_group->gname->rules($group->rules["name"]);
+    return $form;
+  }
+  
+  public static function get_add_form($action = NULL) {
+    $form = new Forge($action);
+    $form_group = $form->group("add_group")->label(_("Add Group"));
+    $form_group->input("gname")->label(_("Name"))->id("gName");
+    $form_group->submit(_("Create"));
+    $group = ORM::factory("group");
+    $form->add_rules_from($group);
+    $form->add_group->gname->rules($group->rules["name"]);
+    return $form;
+  }
+  
+  public static function get_delete_form($group, $action = NULL) {
+    $form = new Forge($action);
+    $form_group = $form->group("delete_group")->label(_("Delete Group"));
+    $form_group->label(_("Are you sure you want to delete " . $group->name . "?"));
+    $form_group->submit(_("Delete"));
+    return $form;
+  }
 }
\ No newline at end of file
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index 0f5520e7..9ffcebfc 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -24,7 +24,7 @@
  * Note: by design, this class does not do any permission checking.
  */
 class user_Core {
-  public static function get_edit_form($user, $action) {
+  public static function get_edit_form($user, $action = NULL) {
     $form = new Forge($action, "", "post", array("id" => "gUserForm"));
     $group = $form->group("edit_user")->label(_("Edit User"));
     $group->input("uname")->label(_("Name"))->id("gName")->value($user->name);
@@ -33,18 +33,29 @@ class user_Core {
     $group->input("email")->label(_("Email"))->id("gEmail")->value($user->email);
     $group->submit(_("Modify"));
     $form->add_rules_from($user);
+    $form->edit_user->uname->rules($user->rules["name"]);
     return $form;
   }
 
-  public static function get_add_form($user, $action) {
-    $form = new Forge($action, "", "post", array("id" => "gUserAddForm"));
+  public static function get_add_form($action = NULL) {
+    $form = new Forge($action);
     $group = $form->group("add_user")->label(_("Add User"));
     $group->input("uname")->label(_("Name"))->id("gName");
     $group->input("full_name")->label(_("Full Name"))->id("gFullName");
     $group->password("password")->label(_("Password"))->id("gPassword");
     $group->input("email")->label(_("Email"))->id("gEmail");
     $group->submit(_("Add"));
+    $user = ORM::factory("user");
     $form->add_rules_from($user);
+    $form->add_user->uname->rules($user->rules["name"]);
+    return $form;
+  }
+  
+  public static function get_delete_form($user, $action = NULL) {
+    $form = new Forge($action);
+    $group = $form->group("delete_user")->label(_("Delete User"));
+    $group->label(_("Are you sure you want to delete " . $user->name . "?"));
+    $group->submit(_("Delete"));
     return $form;
   }
   /**
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 9792b740..31ce7f2a 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -1,38 +1,29 @@
 <? defined("SYSPATH") or die("No direct script access."); ?>
 <div class="gBlock">
-  <a href="" class="gClose">X</a>
   <h2>User Administration</h2>
   <div class="gBlockContent">
     <p>These are the users in your system</p>
-    <ul class="ui-accordion-container" id="gEditUserContainer">
+    <ul class="ui-accordion-container">
       <? foreach ($users as $i => $user): ?>
-        <li id="<?= 'accordion' . $user->id ?>">
-            <?= $user->name ?>
-            <?= ($user->last_login == 0) ? "" :
-            "(" . date("M j, Y", $user->last_login) . ")" ?> <br />
+        <li>
+          <?= $user->name ?>
+          <?= ($user->last_login == 0) ? "" : "(" . date("M j, Y", $user->last_login) . ")" ?> 
           <a href="#">edit</a>
           <div>
-          <?
-            $form = user::get_edit_form($user,
-              "users/{$user->id}?_method=put&continue=/admin/users");
-            $form->set_attr("id", "gEdit" . $user->id);
-            print $form;
-          ?>
+          <?= user::get_edit_form($user, "users/{$user->id}?_method=put&continue=/admin/users"); ?>
           </div>
-          <br />
-          <?= (user::active()->id == $user->id) ? "&nbsp;" :
-          "<a href=\"" . url::site("admin/users/delete/$user->id") . "\">delete</a>" ?>
-          <br /><br />
+          <? if (!(user::active()->id == $user->id || user::guest()->id == $user->id)): ?>
+            <a href="#">delete</a>
+            <div>
+              <?= user::get_delete_form($user, 
+                "users/{$user->id}?_method=delete&continue=/admin/users"); ?>
+            </div>
+          <? endif ?>
         </li>
       <? endforeach ?>
       <li><a href="#">Add user</a>
           <div>
-          <?
-            $form = user::get_add_form($user,
-              "users/add?_method=post&continue=/admin/users");
-            $form->set_attr("id", "gEdit" . $user->id);
-            print $form;
-          ?>
+          <?= user::get_add_form("users/add?_method=post&continue=/admin/users"); ?>
           </div>
       </li>
     </ul>
@@ -41,4 +32,27 @@
   <div class="gBlockContent">
     <p>These are the groups in your system</p>
   </div>
+    <ul class="ui-accordion-container">
+      <? foreach ($groups as $i => $group): ?>
+        <li>
+          <?= $group->name ?>
+          <a href="#">edit</a>
+          <div>
+          <?= group::get_edit_form($group, "groups/{$group->id}?_method=put&continue=/admin/users"); ?>
+          </div>
+          <? if (!$group->special): ?>
+            <a href="#">delete</a>
+            <div>
+              <?= group::get_delete_form($group, 
+                "groups/{$group->id}?_method=delete&continue=/admin/users"); ?>
+            </div>
+          <? endif ?>
+        </li>
+      <? endforeach ?>
+      <li><a href="#">Add group</a>
+          <div>
+            <?= group::get_add_form("groups/add?_method=post&continue=/admin/users"); ?>
+          </div>
+      </li>
+    </ul>
 </div>
-- 
cgit v1.2.3