2008-11-11 07:39:20 +00:00
|
|
|
<?php defined("SYSPATH") or die("No direct script access.");
|
|
|
|
|
/**
|
|
|
|
|
* Gallery - a web based photo album viewer and editor
|
|
|
|
|
* Copyright (C) 2000-2008 Bharat Mediratta
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or (at
|
|
|
|
|
* your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
*/
|
2008-11-18 08:10:14 +00:00
|
|
|
class Users_Controller extends REST_Controller {
|
2008-11-12 03:40:49 +00:00
|
|
|
protected $resource_type = "user";
|
|
|
|
|
|
2008-11-15 06:23:09 +00:00
|
|
|
/**
|
2008-11-18 08:28:32 +00:00
|
|
|
* Display comments based on criteria.
|
2008-12-25 02:38:53 +00:00
|
|
|
* @see REST_Controller::_index()
|
2008-11-15 06:23:09 +00:00
|
|
|
*/
|
2008-11-18 15:48:08 +00:00
|
|
|
public function _index() {
|
2008-12-25 02:16:41 +00:00
|
|
|
throw new Exception("@todo User_Controller::_index NOT IMPLEMENTED");
|
2008-11-18 08:28:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2008-12-25 02:38:53 +00:00
|
|
|
* @see REST_Controller::_create($resource)
|
2008-11-18 08:28:32 +00:00
|
|
|
*/
|
2008-12-25 02:16:41 +00:00
|
|
|
public function _create($resource) {
|
|
|
|
|
if (!(user::active()->admin)) {
|
2008-12-24 19:59:12 +00:00
|
|
|
access::forbidden();
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-25 02:16:41 +00:00
|
|
|
$form = user::get_add_form();
|
2008-12-24 19:59:12 +00:00
|
|
|
if ($form->validate()) {
|
2008-12-25 02:42:48 +00:00
|
|
|
$user = user::create($form->add_user->uname->value,
|
2008-12-25 02:16:41 +00:00
|
|
|
$form->add_user->full_name->value, $form->add_user->password->value);
|
|
|
|
|
$user->email = $form->add_user->email->value;
|
2008-12-24 19:59:12 +00:00
|
|
|
$user->save();
|
|
|
|
|
if ($continue = $this->input->get("continue")) {
|
|
|
|
|
url::redirect($continue);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
print $form;
|
2008-11-15 06:23:09 +00:00
|
|
|
}
|
|
|
|
|
|
2008-11-12 03:40:49 +00:00
|
|
|
/**
|
2008-12-25 02:38:53 +00:00
|
|
|
* @see REST_Controller::_show($resource)
|
2008-11-12 03:40:49 +00:00
|
|
|
*/
|
2008-11-19 04:20:35 +00:00
|
|
|
public function _show($user) {
|
2008-11-18 08:28:32 +00:00
|
|
|
throw new Exception("@todo User_Controller::_show NOT IMPLEMENTED");
|
2008-11-12 03:40:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2008-12-25 02:38:53 +00:00
|
|
|
* @see REST_Controller::_update($resource)
|
2008-11-12 03:40:49 +00:00
|
|
|
*/
|
2008-11-18 08:28:32 +00:00
|
|
|
public function _update($user) {
|
2008-12-25 02:42:48 +00:00
|
|
|
if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
|
2008-12-19 22:16:10 +00:00
|
|
|
access::forbidden();
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-25 02:16:41 +00:00
|
|
|
$form = user::get_edit_form($user);
|
2008-12-23 21:44:35 +00:00
|
|
|
$form->edit_user->password->rules("-required");
|
2008-11-15 06:23:09 +00:00
|
|
|
if ($form->validate()) {
|
2008-12-19 22:16:10 +00:00
|
|
|
$user->full_name = $form->edit_user->full_name->value;
|
|
|
|
|
$user->password = $form->edit_user->password->value;
|
|
|
|
|
$user->email = $form->edit_user->email->value;
|
2008-11-15 08:15:00 +00:00
|
|
|
$user->save();
|
|
|
|
|
if ($continue = $this->input->get("continue")) {
|
|
|
|
|
url::redirect($continue);
|
|
|
|
|
}
|
2008-11-15 06:23:09 +00:00
|
|
|
}
|
2008-11-16 19:12:01 +00:00
|
|
|
print $form;
|
2008-11-16 19:26:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2008-12-25 02:38:53 +00:00
|
|
|
* @see REST_Controller::_delete($resource)
|
2008-11-16 19:26:44 +00:00
|
|
|
*/
|
2008-11-18 08:28:32 +00:00
|
|
|
public function _delete($user) {
|
2008-12-25 02:48:07 +00:00
|
|
|
if (!user::active()->admin || $user->id == user::active()->id ) {
|
2008-12-25 02:16:41 +00:00
|
|
|
access::forbidden();
|
|
|
|
|
}
|
|
|
|
|
// Prevent CSRF
|
|
|
|
|
$form = user::get_delete_form($user);
|
|
|
|
|
if ($form->validate()) {
|
|
|
|
|
$user->delete();
|
|
|
|
|
if ($continue = $this->input->get("continue")) {
|
|
|
|
|
url::redirect($continue);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
print $form;
|
2008-11-11 07:39:20 +00:00
|
|
|
}
|
|
|
|
|
|
2008-11-12 03:40:49 +00:00
|
|
|
/**
|
2008-11-18 08:28:32 +00:00
|
|
|
* Present a form for editing a user
|
2008-12-25 02:38:53 +00:00
|
|
|
* @see REST_Controller::form($resource)
|
2008-11-12 03:40:49 +00:00
|
|
|
*/
|
2008-11-18 23:40:47 +00:00
|
|
|
public function _form_edit($user) {
|
2008-12-25 02:42:48 +00:00
|
|
|
if (!user::active()->admin && ($user->guest || $user->id != user::active()->id)) {
|
2008-12-19 22:16:10 +00:00
|
|
|
access::forbidden();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
print user::get_edit_form(
|
|
|
|
|
$user,
|
|
|
|
|
"users/{$user->id}?_method=put&continue=" . $this->input->get("continue"));
|
2008-11-18 23:40:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Present a form for adding a user
|
2008-12-25 02:38:53 +00:00
|
|
|
* @see REST_Controller::form($resource)
|
2008-11-18 23:40:47 +00:00
|
|
|
*/
|
|
|
|
|
public function _form_add($parameters) {
|
|
|
|
|
throw new Exception("@todo User_Controller::_form_add NOT IMPLEMENTED");
|
2008-11-11 07:39:20 +00:00
|
|
|
}
|
2008-11-18 08:28:32 +00:00
|
|
|
}
|
