Skip to content

Commit

Permalink
remove theme from user creation/editing for now
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexweissman
alexweissman committed Jan 16, 2017
1 parent 6e071df commit e814f5b
Show file tree
Hide file tree
Showing 9 changed files with 61 additions and 100 deletions.
2 changes: 2 additions & 0 deletions app/sprinkles/account/src/Model/User.php
View file
Expand Up @@ -29,13 +29,15 @@
* @property string last_name
* @property string email
* @property string locale
* @property string theme
* @property int group_id
* @property bool flag_verified
* @property bool flag_enabled
* @property int last_activity_id
* @property timestamp created_at
* @property timestamp updated_at
* @property string password
* @property timestamp deleted_at
*/
class User extends UFModel
{
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/admin/assets/local/widgets/js/users.js
View file
Expand Up @@ -56,7 +56,7 @@ function toggleChangePasswordMode(el, userName, changePasswordMode) {
// Form submits direct password update
el.find("form")
.prop('method', 'PUT')
.prop('action', site.uri.public + '/api/users/u/' + userName);
.prop('action', site.uri.public + '/api/users/u/' + userName + '/password');
}
}

Expand Down
15 changes: 4 additions & 11 deletions app/sprinkles/admin/schema/user/create.json
View file
Expand Up @@ -75,18 +75,11 @@
}
}
},
"theme" : {
"default" : "default",
"group_id" : {
"validators" : {
"required" : {
"label" : "&THEME",
"message" : "VALIDATE.REQUIRED"
},
"length" : {
"label" : "&THEME",
"min" : 1,
"max" : 100,
"message" : "VALIDATE.LENGTH_RANGE"
"integer" : {
"label" : "&GROUP",
"message" : "VALIDATE.INTEGER"
}
}
}
Expand Down
10 changes: 0 additions & 10 deletions app/sprinkles/admin/schema/user/edit-field.json
View file
Expand Up @@ -42,16 +42,6 @@
}
}
},
"theme" : {
"validators" : {
"length" : {
"label" : "&THEME",
"min" : 1,
"max" : 100,
"message" : "VALIDATE.LENGTH_RANGE"
}
}
},
"group_id" : {
"validators" : {
"integer" : {
Expand Down
11 changes: 1 addition & 10 deletions app/sprinkles/admin/schema/user/edit-info.json
View file
Expand Up @@ -42,19 +42,10 @@
}
}
},
"theme" : {
"validators" : {
"length" : {
"label" : "&THEME",
"min" : 1,
"max" : 100,
"message" : "VALIDATE.LENGTH_RANGE"
}
}
},
"group_id" : {
"validators" : {
"integer" : {
"label" : "&GROUP",
"message" : "VALIDATE.INTEGER"
}
}
Expand Down
4 changes: 2 additions & 2 deletions app/sprinkles/admin/schema/user/edit-password.json
View file
@@ -1,5 +1,5 @@
{
"password" : {
"value" : {
"validators" : {
"required" : {
"domain": "client",
Expand All @@ -24,7 +24,7 @@
},
"matches" : {
"domain": "client",
"field" : "password",
"field" : "value",
"label" : "&PASSWORD.CONFIRM",
"message" : "VALIDATE.PASSWORD_MISMATCH"
},
Expand Down
114 changes: 49 additions & 65 deletions app/sprinkles/admin/src/Controller/UserController.php
View file
Expand Up @@ -53,7 +53,7 @@ class UserController extends SimpleController
*/
public function create($request, $response, $args)
{
// Get POST parameters: user_name, first_name, last_name, email, theme, locale, csrf_token, (group)
// Get POST parameters: user_name, first_name, last_name, email, locale, (group)
$params = $request->getParsedBody();

/** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
Expand Down Expand Up @@ -104,40 +104,24 @@ public function create($request, $response, $args)
return $response->withStatus(400);
}

// Determine if currentUser has permission to set the group. Otherwise, use default group.

/** @var Config $config */
$config = $this->ci->config;

/*
// Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
$primaryGroup = Group::where('is_default', GROUP_DEFAULT_PRIMARY)->first();
// Set default values if not specified or not authorized
if (!isset($data['locale']) || !$this->_app->user->checkAccess("update_account_setting", ["property' => 'locale']))
$data['locale'] = $this->_app->site->default_locale;
if (!isset($data['primary_group_id']) || !$this->_app->user->checkAccess('update_account_setting', ['property' => 'primary_group_id'])) {
$data['primary_group_id'] = $primaryGroup->id;
// If currentUser does not have permission to set the group, but they try to set it to something other than their own group,
// throw an exception.
if (!$authorizer->checkAccess($currentUser, 'create_user_field', [
'fields' => ['group']
])) {
if (isset($data['group_id']) && $data['group_id'] != $currentUser->group_id) {
throw new ForbiddenException();
}
}
*/

// Load default group
$groupSlug = $config['site.registration.user_defaults.group'];
$defaultGroup = $classMapper->staticMethod('group', 'where', 'slug', $groupSlug)->first();

if (!$defaultGroup) {
$e = new HttpException("Account registration is not working because the default group '$groupSlug' does not exist.");
$e->addUserMessage('ACCOUNT.REGISTRATION_BROKEN');
throw $e;
// In any case, set the group id if not otherwise set
if (!isset($data['group_id'])) {
$data['group_id'] = $currentUser->group_id;
}

// Set default group
$data['group_id'] = $defaultGroup->id;

// Set default locale
$data['locale'] = $config['site.registration.user_defaults.locale'];

$data['flag_verified'] = 1;
// Set password as empty on initial creation. We will then send email so new user can set it themselves via a verification token
$data['password'] = '';
Expand Down Expand Up @@ -505,33 +489,40 @@ public function getModalCreate($request, $response, $args)
/** @var UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;

// Get a list of all groups
$groups = $classMapper->staticMethod('group', 'all');

/** @var Config $config */
$config = $this->ci->config;

// Determine form fields to hide/disable
// TODO: come back to this when we finish implementing theming
$fields = [
'hidden' => ['theme'],
'disabled' => []
];

// Get a list of all locales
$locales = $config['site.locales.available'];

/*
// Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
$primary_group = Group::where('is_default', GROUP_DEFAULT_PRIMARY)->first();
// Set default locale
$data['locale'] = $this->_app->site->default_locale;
*/
// Determine if currentUser has permission to modify the group. If so, show the 'group' dropdown.
// Otherwise, set to the currentUser's group and disable the dropdown.
if ($authorizer->checkAccess($currentUser, 'create_user_field', [
'fields' => ['group']
])) {
// Get a list of all groups
$groups = $classMapper->staticMethod('group', 'all');
} else {
// Get the current user's group
$groups = $classMapper->staticMethod('group', 'where', 'id', $currentUser->group_id);
$fields['disabled'][] = 'group';
}

// Create a dummy user to prepopulate fields
$user = $classMapper->createInstance('user', []);

$fieldNames = ['name', 'email', 'theme', 'locale', 'group'];
$fields = [
'hidden' => [],
'disabled' => []
$data = [
'group_id' => $currentUser->group_id,
'locale' => $config['site.registration.user_defaults.locale'],
'theme' => ''
];

// TODO: determine if currentUser has permission to set the group. Otherwise, we'll just apply the default group.
$user = $classMapper->createInstance('user', $data);

// Load validation rules
$schema = new RequestSchema('schema://user/create.json');
Expand Down Expand Up @@ -591,8 +582,8 @@ public function getModalEdit($request, $response, $args)
/** @var UserFrosting\Sprinkle\Account\Model\User $currentUser */
$currentUser = $this->ci->currentUser;

// Access-controlled resource - check that currentUser has permission to edit basic fields "name", "email", "theme", "locale" for this user
$fieldNames = ['name', 'email', 'theme', 'locale'];
// Access-controlled resource - check that currentUser has permission to edit basic fields "name", "email", "locale" for this user
$fieldNames = ['name', 'email', 'locale'];
if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
'user' => $user,
'fields' => $fieldNames
Expand All @@ -611,16 +602,16 @@ public function getModalEdit($request, $response, $args)

// Generate form
$fields = [
'hidden' => [],
'hidden' => ['theme'],
'disabled' => ['user_name']
];

// Hide group field if currentUser doesn't have permission to modify group
// Disable group field if currentUser doesn't have permission to modify group
if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
'user' => $user,
'fields' => ['group']
])) {
$fields['hidden'][] = 'group';
$fields['disabled'][] = 'group';
}

// Load validation rules
Expand Down Expand Up @@ -813,14 +804,13 @@ public function pageInfo($request, $response, $args)
// Get a list of all locales
$locales = $config['site.locales.available'];

$themes = [];

// Determine fields that currentUser is authorized to view
$fieldNames = ['name', 'email', 'locale', 'theme'];
$fieldNames = ['name', 'email', 'locale'];

// Generate form
$fields = [
'hidden' => ['user_name', 'group'],
// Always hide these
'hidden' => ['user_name', 'group', 'theme'],
'disabled' => []
];

Expand Down Expand Up @@ -856,7 +846,6 @@ public function pageInfo($request, $response, $args)
* Actions typically include: edit user details, activate user, enable/disable user, delete user.
* This page requires authentication.
* Request type: GET
* @todo implement interface to modify user-assigned authorization hooks and permissions
*/
public function pageList($request, $response, $args)
{
Expand All @@ -875,7 +864,7 @@ public function pageList($request, $response, $args)
}

/**
* Processes the request to update an existing user's basic details.
* Processes the request to update an existing user's basic details (first_name, last_name, email, locale, group_id)
*
* Processes the request from the user update form, checking that:
* 1. The target user's new email address, if specified, is not already in use;
Expand All @@ -896,7 +885,7 @@ public function updateInfo($request, $response, $args)
/** @var Config $config */
$config = $this->ci->config;

// Get PUT parameters: (first_name, last_name, email, theme, locale, password, group_id)
// Get PUT parameters
$params = $request->getParsedBody();

/** @var MessageStream $ms */
Expand Down Expand Up @@ -969,11 +958,6 @@ public function updateInfo($request, $response, $args)
return $response->withStatus(400);
}

// Hash password, if a new password was specified
if (isset($data['password'])) {
$data['password'] = Password::hash($data['password']);
}

// Update the user and generate success messages
foreach ($data as $name => $value) {
if ($value != $user->$name){
Expand All @@ -990,8 +974,9 @@ public function updateInfo($request, $response, $args)
}

/**
* Processes the request to update a specific field for an existing user, including enabled/disabled status and verification status.
* Processes the request to update a specific field for an existing user.
*
* Supports editing all user fields, including password, enabled/disabled status and verification status.
* Processes the request from the user update form, checking that:
* 1. The logged-in user has the necessary permissions to update the putted field(s);
* 2. We're not trying to disable the master account;
Expand Down Expand Up @@ -1043,12 +1028,11 @@ public function updateField($request, $response, $args)
throw new BadRequestException();
}

// Create and validate key -> value pair
$params = [
$fieldName => $put['value']
];

// Validate key -> value pair

// Load the request schema
$schema = new RequestSchema('schema://user/edit-field.json');

Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/admin/templates/components/modals/user-set-password.html.twig
View file
Expand Up @@ -32,7 +32,7 @@
<label>{{translate('PASSWORD')}}</label>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-key"></i></span>
<input type="password" class="form-control" name="password" autocomplete="off" value="" placeholder="12-50 characters">
<input type="password" class="form-control" name="value" autocomplete="off" value="" placeholder="12-50 characters">
</div>
</div>
<div class="form-group">
Expand Down
1 change: 1 addition & 0 deletions public/index.php
View file
Expand Up @@ -61,6 +61,7 @@

// Middleware
// Hacky fix to prevent sessions from being hit too much: ignore CSRF middleware for requests for raw assets ;-)
// See https://github.com/laravel/framework/issues/8172#issuecomment-99112012 for more information on why it's bad to hit Laravel sessions multiple times in rapid succession.
$request = $container->request;
$path = $request->getUri()->getPath();
$csrfBlacklist = [
Expand Down

0 comments on commit e814f5b

Please sign in to comment.