mirror of
https://github.com/wintercms/winter.git
synced 2024-06-28 05:33:29 +02:00
246 lines
6.1 KiB
PHP
246 lines
6.1 KiB
PHP
<?php namespace Backend\Controllers;
|
|
|
|
use Lang;
|
|
use Flash;
|
|
use Backend;
|
|
use Redirect;
|
|
use BackendMenu;
|
|
use BackendAuth;
|
|
use Backend\Models\UserGroup;
|
|
use Backend\Classes\Controller;
|
|
use System\Classes\SettingsManager;
|
|
|
|
/**
|
|
* Backend user controller
|
|
*
|
|
* @package october\backend
|
|
* @author Alexey Bobkov, Samuel Georges
|
|
*
|
|
*/
|
|
class Users extends Controller
|
|
{
|
|
/**
|
|
* @var array Extensions implemented by this controller.
|
|
*/
|
|
public $implement = [
|
|
\Backend\Behaviors\FormController::class,
|
|
\Backend\Behaviors\ListController::class
|
|
];
|
|
|
|
/**
|
|
* @var array `FormController` configuration.
|
|
*/
|
|
public $formConfig = 'config_form.yaml';
|
|
|
|
/**
|
|
* @var array `ListController` configuration.
|
|
*/
|
|
public $listConfig = 'config_list.yaml';
|
|
|
|
/**
|
|
* @var array Permissions required to view this page.
|
|
*/
|
|
public $requiredPermissions = ['backend.manage_users'];
|
|
|
|
/**
|
|
* @var string HTML body tag class
|
|
*/
|
|
public $bodyClass = 'compact-container';
|
|
|
|
/**
|
|
* Constructor.
|
|
*/
|
|
public function __construct()
|
|
{
|
|
parent::__construct();
|
|
|
|
if ($this->action == 'myaccount') {
|
|
$this->requiredPermissions = null;
|
|
}
|
|
|
|
BackendMenu::setContext('October.System', 'system', 'users');
|
|
SettingsManager::setContext('October.System', 'administrators');
|
|
}
|
|
|
|
/**
|
|
* Extends the list query to hide superusers if the current user is not a superuser themselves
|
|
*/
|
|
public function listExtendQuery($query)
|
|
{
|
|
if (!$this->user->isSuperUser()) {
|
|
$query->where('is_superuser', false);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Prevents non-superusers from even seeing the is_superuser filter
|
|
*/
|
|
public function listFilterExtendScopes($filterWidget)
|
|
{
|
|
if (!$this->user->isSuperUser()) {
|
|
$filterWidget->removeScope('is_superuser');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Strike out deleted records
|
|
*/
|
|
public function listInjectRowClass($record, $definition = null)
|
|
{
|
|
if ($record->trashed()) {
|
|
return 'strike';
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Extends the form query to prevent non-superusers from accessing superusers at all
|
|
*/
|
|
public function formExtendQuery($query)
|
|
{
|
|
if (!$this->user->isSuperUser()) {
|
|
$query->where('is_superuser', false);
|
|
}
|
|
|
|
// Ensure soft-deleted records can still be managed
|
|
$query->withTrashed();
|
|
}
|
|
|
|
/**
|
|
* Update controller
|
|
*/
|
|
public function update($recordId, $context = null)
|
|
{
|
|
// Users cannot edit themselves, only use My Settings
|
|
if ($context != 'myaccount' && $recordId == $this->user->id) {
|
|
return Backend::redirect('backend/users/myaccount');
|
|
}
|
|
|
|
return $this->asExtension('FormController')->update($recordId, $context);
|
|
}
|
|
|
|
/**
|
|
* Handle restoring users
|
|
*/
|
|
public function update_onRestore($recordId)
|
|
{
|
|
$this->formFindModelObject($recordId)->restore();
|
|
|
|
Flash::success(Lang::get('backend::lang.form.restore_success', ['name' => Lang::get('backend::lang.user.name')]));
|
|
|
|
return Redirect::refresh();
|
|
}
|
|
|
|
/**
|
|
* Impersonate this user
|
|
*/
|
|
public function update_onImpersonateUser($recordId)
|
|
{
|
|
if (!$this->user->hasAccess('backend.impersonate_users')) {
|
|
return Response::make(Lang::get('backend::lang.page.access_denied.label'), 403);
|
|
}
|
|
|
|
$model = $this->formFindModelObject($recordId);
|
|
|
|
BackendAuth::impersonate($model);
|
|
|
|
Flash::success(Lang::get('backend::lang.account.impersonate_success'));
|
|
|
|
return Backend::redirect('backend/users/myaccount');
|
|
}
|
|
|
|
/**
|
|
* Unsuspend this user
|
|
*/
|
|
public function update_onUnsuspendUser($recordId)
|
|
{
|
|
$model = $this->formFindModelObject($recordId);
|
|
|
|
$model->unsuspend();
|
|
|
|
Flash::success(Lang::get('backend::lang.account.unsuspend_success'));
|
|
|
|
return Redirect::refresh();
|
|
}
|
|
|
|
/**
|
|
* My Settings controller
|
|
*/
|
|
public function myaccount()
|
|
{
|
|
SettingsManager::setContext('October.Backend', 'myaccount');
|
|
|
|
$this->pageTitle = 'backend::lang.myaccount.menu_label';
|
|
return $this->update($this->user->id, 'myaccount');
|
|
}
|
|
|
|
/**
|
|
* Proxy update onSave event
|
|
*/
|
|
public function myaccount_onSave()
|
|
{
|
|
$result = $this->asExtension('FormController')->update_onSave($this->user->id, 'myaccount');
|
|
|
|
/*
|
|
* If the password or login name has been updated, reauthenticate the user
|
|
*/
|
|
$loginChanged = $this->user->login != post('User[login]');
|
|
$passwordChanged = strlen(post('User[password]'));
|
|
if ($loginChanged || $passwordChanged) {
|
|
BackendAuth::login($this->user->reload(), true);
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
/**
|
|
* Add available permission fields to the User form.
|
|
* Mark default groups as checked for new Users.
|
|
*/
|
|
public function formExtendFields($form)
|
|
{
|
|
if ($form->getContext() == 'myaccount') {
|
|
return;
|
|
}
|
|
|
|
if (!$this->user->isSuperUser()) {
|
|
$form->removeField('is_superuser');
|
|
}
|
|
|
|
/*
|
|
* Add permissions tab
|
|
*/
|
|
$form->addTabFields($this->generatePermissionsField());
|
|
|
|
/*
|
|
* Mark default groups
|
|
*/
|
|
if (!$form->model->exists) {
|
|
$defaultGroupIds = UserGroup::where('is_new_user_default', true)->lists('id');
|
|
|
|
$groupField = $form->getField('groups');
|
|
if ($groupField) {
|
|
$groupField->value = $defaultGroupIds;
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Adds the permissions editor widget to the form.
|
|
* @return array
|
|
*/
|
|
protected function generatePermissionsField()
|
|
{
|
|
return [
|
|
'permissions' => [
|
|
'tab' => 'backend::lang.user.permissions',
|
|
'type' => 'Backend\FormWidgets\PermissionEditor',
|
|
'trigger' => [
|
|
'action' => 'disable',
|
|
'field' => 'is_superuser',
|
|
'condition' => 'checked'
|
|
]
|
|
]
|
|
];
|
|
}
|
|
}
|