mirror_php/formwork
1
0
Fork 0
mirror of https://github.com/getformwork/formwork.git synced 2025-02-24 09:42:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add role option to users

Browse Source
This commit is contained in:
Giuseppe Criscione 2018-10-09 23:41:27 +02:00
parent 3089c29728
commit de0cb89850
3 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
admin/src/Controllers/Register.php
View File

@ -39,7 +39,8 @@ class Register extends AbstractController
'hash' => Password::hash($this->data->get('password')),
'email' => $this->data->get('email'),
'language' => $this->data->get('language'),
'avatar' => null
'avatar' => null,
'role' => 'admin'
);
$fileContent = YAML::encode($userdata);

9
admin/src/Controllers/Users.php
View File

@ -55,7 +55,8 @@ class Users extends AbstractController
'hash' => Password::hash($this->data->get('password')),
'email' => $this->data->get('email'),
'language' => $this->data->get('language'),
'avatar' => null
'avatar' => null,
'role' => 'user'
);
$fileContent = YAML::encode($userdata);
@ -73,8 +74,8 @@ class Users extends AbstractController
if (!$user) {
throw new LocalizedException('User ' . $params->get('user') . ' not found', 'users.user.not-found');
}
if ($user->isLogged()) {
throw new LocalizedException('Cannot delete currently logged user', 'users.user.cannot-delete.logged');
if (!$this->user()->canDeleteUser($user)) {
throw new LocalizedException('Cannot delete user, you must be an administrator and the user must not be logged in', 'users.user.cannot-delete');
}
$this->deleteAvatar($user);
FileSystem::delete(ACCOUNTS_PATH . $params->get('user') . '.yml');
@ -104,7 +105,7 @@ class Users extends AbstractController
unset($postData['csrf-token']);
if (!empty($postData['password'])) {
if (!$user->isLogged()) {
if (!$this->user()->canChangePasswordOf($user)) {
$this->notify($this->label('users.user.cannot-change-password'), 'error');
$this->redirect('/users/' . $user->username() . '/profile/', 302, true);
}

28
admin/src/Users/User.php
View File

@ -22,6 +22,8 @@ class User extends DataGetter
protected $avatar;
protected $role;
protected $lastAccess;
public function __construct($data)
@ -30,6 +32,7 @@ class User extends DataGetter
foreach (array('username', 'fullname', 'hash', 'email', 'language', 'avatar') as $key) {
$this->$key = $data[$key];
}
$this->role = isset($data['role']) ? $data['role'] : 'user';
$this->avatar = new UserAvatar($this->avatar);
}
@ -43,6 +46,31 @@ class User extends DataGetter
return Session::get('FORMWORK_USERNAME') === $this->username;
}
public function isAdmin()
{
return $this->role === 'admin';
}
public function canDeleteUser(User $user)
{
return $this->isAdmin() && !$user->isLogged();
}
public function canChangeOptionsOf(User $user)
{
return $this->isAdmin() || $user->isLogged();
}
public function canChangePasswordOf(User $user)
{
return ($this->isAdmin() && !$user->isAdmin()) || $user->isLogged();
}
public function canChangeRoleOf(User $user)
{
return $this->isAdmin() && !$user->isLogged();
}
public function lastAccess()
{
if (!is_null($this->lastAccess)) {