2015-06-30 23:27:17 +08:00
|
|
|
<?php
|
|
|
|
App::uses('AppController', 'Controller');
|
|
|
|
/**
|
|
|
|
* Users Controller
|
|
|
|
*
|
|
|
|
* @property User $User
|
|
|
|
*/
|
|
|
|
class UsersController extends AppController {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Components
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
2021-04-23 00:25:13 +08:00
|
|
|
public $components = array( 'Paginator', 'RequestHandler');
|
2015-06-30 23:27:17 +08:00
|
|
|
|
2020-07-30 23:03:24 +08:00
|
|
|
public function beforeFilter() {
|
|
|
|
parent::beforeFilter();
|
|
|
|
|
|
|
|
global $user;
|
|
|
|
# We already tested for auth in appController, so we just need to test for specific permission
|
|
|
|
$canView = (!$user) || ($user['System'] != 'None');
|
2021-04-23 00:25:13 +08:00
|
|
|
if (!$canView) {
|
2020-07-30 23:03:24 +08:00
|
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-30 23:27:17 +08:00
|
|
|
/**
|
|
|
|
* index method
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function index() {
|
|
|
|
$this->User->recursive = 0;
|
|
|
|
|
2020-07-30 23:03:24 +08:00
|
|
|
global $user;
|
|
|
|
# We should actually be able to list our own user, but I'm not bothering at this time.
|
2021-04-23 00:25:13 +08:00
|
|
|
if ($user['System'] == 'None' ) {
|
2020-07-30 23:03:24 +08:00
|
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
|
|
return;
|
|
|
|
}
|
2015-06-30 23:27:17 +08:00
|
|
|
$users = $this->Paginator->paginate('User');
|
|
|
|
|
|
|
|
$this->set(compact('users'));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* view method
|
|
|
|
*
|
|
|
|
* @throws NotFoundException
|
|
|
|
* @param string $id
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function view($id = null) {
|
|
|
|
$this->User->recursive = 1;
|
2020-07-30 23:03:24 +08:00
|
|
|
|
|
|
|
global $user;
|
|
|
|
# We can view ourselves
|
|
|
|
$canView = ($user['System'] != 'None') or ($user['Id'] == $id);
|
2021-04-23 00:25:13 +08:00
|
|
|
if (!$canView) {
|
2020-07-30 23:03:24 +08:00
|
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-04-23 00:25:13 +08:00
|
|
|
if (!$this->User->exists($id)) {
|
2015-06-30 23:27:17 +08:00
|
|
|
throw new NotFoundException(__('Invalid user'));
|
|
|
|
}
|
2020-07-30 23:03:24 +08:00
|
|
|
|
2015-06-30 23:27:17 +08:00
|
|
|
$options = array('conditions' => array('User.' . $this->User->primaryKey => $id));
|
|
|
|
$user = $this->User->find('first', $options);
|
|
|
|
|
|
|
|
$this->set(array(
|
|
|
|
'user' => $user,
|
|
|
|
'_serialize' => array('user')
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* add method
|
|
|
|
*
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function add() {
|
2021-04-23 00:25:13 +08:00
|
|
|
ZM\Debug(1, "in add");
|
|
|
|
if ($this->request->is('post')) {
|
|
|
|
ZM\Debug(1, "is post");
|
2020-07-30 23:03:24 +08:00
|
|
|
|
|
|
|
global $user;
|
2021-04-23 00:25:13 +08:00
|
|
|
if ($user['System'] != 'Edit') {
|
2020-07-30 23:03:24 +08:00
|
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-04-23 00:25:13 +08:00
|
|
|
$this->User->create();
|
|
|
|
if ($this->User->save($this->request->data)) {
|
|
|
|
$message = 'Saved';
|
|
|
|
} else {
|
|
|
|
$message = 'Error';
|
|
|
|
// if there is a validation message, use it
|
|
|
|
if (!$this->User->validates()) {
|
|
|
|
$message = $this->User->validationErrors;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$message = 'Add without post data';
|
|
|
|
}
|
|
|
|
$this->set(array(
|
|
|
|
'user' => $this->User,
|
|
|
|
'message' => $message,
|
|
|
|
'_serialize' => array('message')
|
|
|
|
));
|
2015-06-30 23:27:17 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* edit method
|
|
|
|
*
|
|
|
|
* @throws NotFoundException
|
|
|
|
* @param string $id
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function edit($id = null) {
|
|
|
|
$this->User->id = $id;
|
|
|
|
|
2020-07-30 23:03:24 +08:00
|
|
|
global $user;
|
|
|
|
$canEdit = ($user['System'] == 'Edit') or (($user['Id'] == $id) and ZM_USER_SELF_EDIT);
|
2021-04-23 00:25:13 +08:00
|
|
|
if (!$canEdit) {
|
2020-07-30 23:03:24 +08:00
|
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-04-23 00:25:13 +08:00
|
|
|
if (!$this->User->exists($id)) {
|
2015-06-30 23:27:17 +08:00
|
|
|
throw new NotFoundException(__('Invalid user'));
|
|
|
|
}
|
|
|
|
|
2021-04-23 00:25:13 +08:00
|
|
|
if ($this->request->is('post') || $this->request->is('put')) {
|
2020-07-20 05:51:28 +08:00
|
|
|
if ( $this->User->save($this->request->data) ) {
|
2015-06-30 23:27:17 +08:00
|
|
|
$message = 'Saved';
|
|
|
|
} else {
|
|
|
|
$message = 'Error';
|
2021-04-23 00:25:13 +08:00
|
|
|
if (!$this->User->validates()) {
|
|
|
|
$message = $this->User->validationErrors;
|
|
|
|
}
|
2015-06-30 23:27:17 +08:00
|
|
|
}
|
|
|
|
} else {
|
2020-07-30 23:03:24 +08:00
|
|
|
# What is this doing? Resetting the request data? I understand clearing the password field
|
|
|
|
# but generally I feel like the request data should be read only
|
2020-07-20 05:51:28 +08:00
|
|
|
$this->request->data = $this->User->read(null, $id);
|
2020-07-30 23:03:24 +08:00
|
|
|
unset($this->request->data['User']['Password']);
|
2020-07-20 05:51:28 +08:00
|
|
|
}
|
2015-06-30 23:27:17 +08:00
|
|
|
|
|
|
|
$this->set(array(
|
|
|
|
'message' => $message,
|
|
|
|
'_serialize' => array('message')
|
|
|
|
));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* delete method
|
|
|
|
*
|
|
|
|
* @throws NotFoundException
|
|
|
|
* @param string $id
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function delete($id = null) {
|
|
|
|
$this->User->id = $id;
|
2020-07-30 23:03:24 +08:00
|
|
|
|
|
|
|
global $user;
|
|
|
|
# Can't delete ourselves
|
|
|
|
if ( ($user['System'] != 'Edit') or ($user['Id'] == $id) ) {
|
|
|
|
throw new UnauthorizedException(__('Insufficient Privileges'));
|
|
|
|
return;
|
|
|
|
}
|
2020-07-20 05:51:28 +08:00
|
|
|
if ( !$this->User->exists() ) {
|
2015-06-30 23:27:17 +08:00
|
|
|
throw new NotFoundException(__('Invalid user'));
|
|
|
|
}
|
|
|
|
$this->request->allowMethod('post', 'delete');
|
2021-04-23 00:25:13 +08:00
|
|
|
if ($this->User->delete()) {
|
2015-06-30 23:27:17 +08:00
|
|
|
$message = 'The user has been deleted.';
|
|
|
|
} else {
|
|
|
|
$message = 'The user could not be deleted. Please, try again.';
|
|
|
|
}
|
|
|
|
$this->set(array(
|
|
|
|
'message' => $message,
|
|
|
|
'_serialize' => array('message')
|
|
|
|
));
|
|
|
|
}
|
2020-07-30 23:03:24 +08:00
|
|
|
} # end class UsersController
|