mirror_php/humhub
1
0
Fork 0
mirror of https://github.com/humhub/humhub.git synced 2025-03-03 14:49:31 +01:00
Code Issues Projects Releases Wiki Activity

User editable profile fields must not be visible on profile about page

Browse Source
This commit is contained in:
Lucas Bartholemy 2016-05-05 15:55:44 +02:00
parent 9ea94d3892
commit dc7c348b7f
2 changed files with 28 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
protected/humhub/modules/user/controllers/AccountController.php
View File

@ -55,6 +55,7 @@ class AccountController extends BaseAccountController
public function actionEdit()
{
$user = Yii::$app->user->getIdentity();
$user->profile->scenario = 'editProfile';
// Get Form Definition
$definition = $user->profile->getFormDefinition();

58
protected/humhub/modules/user/models/Profile.php
View File

@ -67,34 +67,33 @@ class Profile extends \yii\db\ActiveRecord
];
foreach (ProfileField::find()->all() as $profileField) {
// Not visible fields: Admin Only
if (!$profileField->visible && $this->scenario != 'editAdmin')
continue;
// Not Editable: only visibible on Admin Edit or Registration (if enabled)
if (!$profileField->editable && $this->scenario != 'editAdmin' && $this->scenario != 'registration')
continue;
if ($this->scenario == 'registration' && !$profileField->show_at_registration)
continue;
$rules = array_merge($rules, $profileField->getFieldType()->getFieldRules());
}
return $rules;
}
/**
* @inheritdoc
*/
public function scenarios()
{
$scenarios = parent::scenarios();
$scenarios['editAdmin'] = array();
$scenarios['registration'] = array();
$scenarios['editProfile'] = array();
$scenarios['editAdmin'] = [];
$scenarios['registration'] = [];
$scenarios['editProfile'] = [];
// Get synced attributes if user is set
$syncAttributes = [];
if ($this->user !== null) {
$syncAttributes = \humhub\modules\user\authclient\AuthClientHelpers::getSyncAttributesByUser($this->user);
}
$fields = array();
foreach (ProfileField::find()->all() as $profileField) {
$scenarios['editAdmin'][] = $profileField->internal_name;
if ($profileField->editable) {
if ($profileField->editable && !in_array($profileField->internal_name, $syncAttributes)) {
$scenarios['editProfile'][] = $profileField->internal_name;
}
if ($profileField->show_at_registration) {
@ -174,6 +173,8 @@ class Profile extends \yii\db\ActiveRecord
$syncAttributes = \humhub\modules\user\authclient\AuthClientHelpers::getSyncAttributesByUser($this->user);
}
$safeAttributes = $this->safeAttributes();
foreach (ProfileFieldCategory::find()->orderBy('sort_order')->all() as $profileFieldCategory) {
$category = array(
@ -183,27 +184,22 @@ class Profile extends \yii\db\ActiveRecord
);
foreach (ProfileField::find()->orderBy('sort_order')->where(['profile_field_category_id' => $profileFieldCategory->id])->all() as $profileField) {
if (!$profileField->visible && $this->scenario != 'editAdmin')
continue;
if ($this->scenario == 'registration' && !$profileField->show_at_registration)
continue;
// Mark field as editable when we are on register scenario and field should be shown at registration
if ($this->scenario == 'registration' && $profileField->show_at_registration)
$profileField->editable = true;
// Mark field as editable when we are on adminEdit scenario
if ($this->scenario == 'editAdmin') {
$profileField->editable = true;
$profileField->editable = true;
if (!in_array($profileField->internal_name, $safeAttributes)) {
if ($profileField->visible && $this->scenario != 'registration') {
$profileField->editable = false;
} else {
continue;
}
}
// Dont allow editing of ldap syned fields - will be overwritten on next ldap sync.
if (in_array($profileField->internal_name, $syncAttributes)) {
$profileField->editable = false;
}
$fieldDefinition = $profileField->fieldType->getFieldFormDefinition();
$category['elements'] = array_merge($category['elements'], $fieldDefinition);