blob: a0e89922ac7444afbe15ab8b794444788e3ceb4e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2008 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class Users_Controller extends REST_Controller {
protected $resource_type = "user";
/**
* Display comments based on criteria.
* @see REST_Controller::_index()
*/
public function _index() {
throw new Exception("@todo User_Controller::_index NOT IMPLEMENTED");
}
/**
* @see REST_Controller::_create($resource)
*/
public function _create($resource) {
if (!(user::active()->admin)) {
access::forbidden();
}
$form = user::get_add_form();
if ($form->validate()) {
$user = user::create($form->add_user->uname->value,
$form->add_user->full_name->value, $form->add_user->password->value);
$user->email = $form->add_user->email->value;
$user->save();
if ($continue = $this->input->get("continue")) {
url::redirect($continue);
}
}
print $form;
}
/**
* @see REST_Controller::_show($resource)
*/
public function _show($user) {
throw new Exception("@todo User_Controller::_show NOT IMPLEMENTED");
}
/**
* @see REST_Controller::_update($resource)
*/
public function _update($user) {
if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
access::forbidden();
}
$form = user::get_edit_form($user);
$form->edit_user->password->rules("-required");
if ($form->validate()) {
$user->full_name = $form->edit_user->full_name->value;
$user->password = $form->edit_user->password->value;
$user->email = $form->edit_user->email->value;
$user->save();
if ($continue = $this->input->get("continue")) {
url::redirect($continue);
}
}
print $form;
}
/**
* @see REST_Controller::_delete($resource)
*/
public function _delete($user) {
if (!user::active()->admin || $user->id == user::active()->id ) {
access::forbidden();
}
// Prevent CSRF
$form = user::get_delete_form($user);
if ($form->validate()) {
$user->delete();
if ($continue = $this->input->get("continue")) {
url::redirect($continue);
}
}
print $form;
}
/**
* Present a form for editing a user
* @see REST_Controller::form($resource)
*/
public function _form_edit($user) {
if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
access::forbidden();
}
print user::get_edit_form(
$user,
"users/{$user->id}?_method=put&continue=" . $this->input->get("continue"));
}
/**
* Present a form for adding a user
* @see REST_Controller::form($resource)
*/
public function _form_add($parameters) {
throw new Exception("@todo User_Controller::_form_add NOT IMPLEMENTED");
}
}
|
