From 16749fec8c4f3344421e51568f0b527f2333fd7f Mon Sep 17 00:00:00 2001
From: Dmitriy Simushev <simushevds@ossg.ru>
Date: Thu, 22 May 2014 15:49:41 +0000
Subject: [PATCH] Replace "operator/opgroups.php" with a controller

---
 .../Controller/Operator/GroupsController.php  | 161 ++++++++++++++++++
 src/mibew/libs/operator_settings.php          |   2 +-
 src/mibew/libs/routing.yml                    |  19 +++
 src/mibew/operator/opgroups.php               |  95 -----------
 .../server_side/operator_groups.handlebars    |   2 +-
 5 files changed, 182 insertions(+), 97 deletions(-)
 create mode 100644 src/mibew/libs/classes/Mibew/Controller/Operator/GroupsController.php
 delete mode 100644 src/mibew/operator/opgroups.php

diff --git a/src/mibew/libs/classes/Mibew/Controller/Operator/GroupsController.php b/src/mibew/libs/classes/Mibew/Controller/Operator/GroupsController.php
new file mode 100644
index 00000000..7cb77701
--- /dev/null
+++ b/src/mibew/libs/classes/Mibew/Controller/Operator/GroupsController.php
@@ -0,0 +1,161 @@
+<?php
+/*
+ * Copyright 2005-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Mibew\Controller\Operator;
+
+use Mibew\Controller\AbstractController;
+use Mibew\Http\Exception\AccessDeniedException;
+use Mibew\Http\Exception\BadRequestException;
+use Mibew\Http\Exception\NotFoundException;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * Contains all actions which are related with operator's profile.
+ */
+class GroupsController extends AbstractController
+{
+    /**
+     * Builds a page with form for edit operator's groups.
+     *
+     * @param Request $request Incoming request.
+     * @return string Rendered page content.
+     * @throws NotFoundException If the operator with specified ID is not found
+     *   in the system.
+     * @throws AccessDeniedException If the current operator has not enough
+     *   rights to view the page.
+     */
+    public function showFormAction(Request $request)
+    {
+        set_csrf_token();
+
+        $operator = $request->attributes->get('_operator');
+        $operator_in_isolation = in_isolation($operator);
+        $op_id = $request->attributes->getInt('operator_id');
+
+        // Check if the curent operator has enough rights to access the page
+        if ($op_id != $operator['operatorid'] && !is_capable(CAN_ADMINISTRATE, $operator)) {
+            throw new AccessDeniedException();
+        }
+
+        // Check if the target user exists
+        $op = operator_by_id($op_id);
+        if (!$op) {
+            throw new NotFoundException('The operator is not found.');
+        }
+
+        $page = array(
+            'opid' => $op_id,
+            'errors' => array()
+        );
+
+        $groups = $operator_in_isolation
+            ? get_all_groups_for_operator($operator)
+            : get_all_groups();
+
+        $can_modify = is_capable(CAN_ADMINISTRATE, $operator);
+
+        $page['currentop'] = $op
+            ? get_operator_name($op) . ' (' . $op['vclogin'] . ')'
+            : getlocal('not_found');
+        $page['canmodify'] = $can_modify ? '1' : '';
+
+        // Get IDs of groups the operator belongs to.
+        $checked_groups = array();
+        if ($op) {
+            foreach (get_operator_group_ids($op_id) as $rel) {
+                $checked_groups[] = $rel['groupid'];
+            }
+        }
+
+        // Get all available groups
+        $page['groups'] = array();
+        foreach ($groups as $group) {
+            $group['vclocalname'] = $group['vclocalname'];
+            $group['vclocaldescription'] = $group['vclocaldescription'];
+            $group['checked'] = in_array($group['groupid'], $checked_groups);
+
+            $page['groups'][] = $group;
+        }
+
+        $page['stored'] = $request->query->has('stored');
+        $page['title'] = getlocal('operator.groups.title');
+        $page['menuid'] = ($operator['operatorid'] == $op_id) ? 'profile' : 'operators';
+        $page = array_merge($page, prepare_menu($operator));
+        $page['tabs'] = setup_operator_settings_tabs($op_id, 2);
+
+        return $this->render('operator_groups', $page);
+    }
+
+    /**
+     * Processes submitting of the form which is generated in
+     * {@link \Mibew\Controller\Operator\GroupsController::showFormAction()}
+     * method.
+     *
+     * @param Request $request Incoming request.
+     * @return string Rendered page content.
+     * @throws NotFoundException If the operator with specified ID is not found
+     *   in the system.
+     * @throws BadRequestException If the "op" field of the form is in wrong
+     *   format.
+     */
+    public function submitFormAction(Request $request)
+    {
+        csrf_check_token($request);
+
+        $operator = $request->attributes->get('_operator');
+        $operator_in_isolation = in_isolation($operator);
+
+        // Use value from the form and not from the path to make sure it is
+        // correct. If not, throw an exception.
+        $op_id = $request->request->get('op');
+        if (!preg_match("/^\d{1,10}$/", $op_id)) {
+            throw new BadRequestException('Wrong value of "op" form field.');
+        }
+
+        // Check if the target operator exists
+        $op = operator_by_id($op_id);
+        if (!$op) {
+            throw new NotFoundException('The operator is not found.');
+        }
+
+        // Get all groups that are available for the target operator.
+        $groups = $operator_in_isolation
+            ? get_all_groups_for_operator($operator)
+            : get_all_groups();
+
+        // Build list of operator's new groups.
+        $new_groups = array();
+        foreach ($groups as $group) {
+            if ($request->request->get('group' . $group['groupid']) == 'on') {
+                $new_groups[] = $group['groupid'];
+            }
+        }
+
+        // Update operator's group and redirect the current operator to the same
+        // page using GET method.
+        update_operator_groups($op['operatorid'], $new_groups);
+        $redirect_to = $this->generateUrl(
+            'operator_groups',
+            array(
+                'operator_id' => $op_id,
+                'stored' => true,
+            )
+        );
+
+        return $this->redirect($redirect_to);
+    }
+}
diff --git a/src/mibew/libs/operator_settings.php b/src/mibew/libs/operator_settings.php
index 24119b1b..b2759c8f 100644
--- a/src/mibew/libs/operator_settings.php
+++ b/src/mibew/libs/operator_settings.php
@@ -37,7 +37,7 @@ function setup_operator_settings_tabs($operator_id, $active)
                 ? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/avatar")
                 : ""),
             getlocal("page_agent.tab.groups") => ($active != 2
-                ? (MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . $operator_id)
+                ? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/groups")
                 : ""),
             getlocal("page_agent.tab.permissions") => ($active != 3
                 ? (MIBEW_WEB_ROOT . "/operator/permissions.php?op=" . $operator_id)
diff --git a/src/mibew/libs/routing.yml b/src/mibew/libs/routing.yml
index b87b88e8..c4717b02 100644
--- a/src/mibew/libs/routing.yml
+++ b/src/mibew/libs/routing.yml
@@ -255,6 +255,25 @@ operator_disable:
     requirements:
         operator_id: \d{1,10}
 
+operator_groups:
+    path: /operator/operator/{operator_id}/groups
+    defaults:
+        _controller: Mibew\Controller\Operator\GroupsController::showFormAction
+        _access_check: Mibew\AccessControl\Check\LoggedInCheck
+    requirements:
+        operator_id: \d{1,10}
+    methods: [GET]
+
+operator_groups_save:
+    path: /operator/operator/{operator_id}/groups
+    defaults:
+        _controller: Mibew\Controller\Operator\GroupsController::submitFormAction
+        _access_check: Mibew\AccessControl\Check\PermissionsCheck
+        _access_permissions: [CAN_ADMINISTRATE]
+    requirements:
+        operator_id: \d{1,10}
+    methods: [POST]
+
 operators:
     path: /operator/operator
     defaults:
diff --git a/src/mibew/operator/opgroups.php b/src/mibew/operator/opgroups.php
deleted file mode 100644
index f26f7843..00000000
--- a/src/mibew/operator/opgroups.php
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-/*
- * Copyright 2005-2014 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// Import namespaces and classes of the core
-use Mibew\Style\PageStyle;
-
-// Initialize libraries
-require_once(dirname(dirname(__FILE__)) . '/libs/init.php');
-
-$operator = check_login();
-csrf_check_token();
-
-$operator_in_isolation = in_isolation($operator);
-
-$op_id = verify_param("op", "/^\d{1,9}$/");
-$page = array(
-    'opid' => $op_id,
-    'errors' => array()
-);
-
-$groups = $operator_in_isolation
-    ? get_all_groups_for_operator($operator)
-    : get_all_groups();
-
-$can_modify = is_capable(CAN_ADMINISTRATE, $operator);
-
-$op = operator_by_id($op_id);
-
-if (!$op) {
-    $page['errors'][] = getlocal("no_such_operator");
-} elseif (isset($_POST['op'])) {
-
-    if (!$can_modify) {
-        $page['errors'][] = getlocal('page_agent.cannot_modify');
-    }
-
-    if (count($page['errors']) == 0) {
-        $new_groups = array();
-        foreach ($groups as $group) {
-            if (verify_param("group" . $group['groupid'], "/^on$/", "") == "on") {
-                $new_groups[] = $group['groupid'];
-            }
-        }
-
-        update_operator_groups($op['operatorid'], $new_groups);
-        header("Location: " . MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . intval($op_id) . "&stored");
-        exit;
-    }
-}
-
-$page['currentop'] = $op
-    ? get_operator_name($op) . " (" . $op['vclogin'] . ")"
-    : getlocal("not_found");
-$page['canmodify'] = $can_modify ? "1" : "";
-
-$checked_groups = array();
-if ($op) {
-    foreach (get_operator_group_ids($op_id) as $rel) {
-        $checked_groups[] = $rel['groupid'];
-    }
-}
-
-$page['groups'] = array();
-foreach ($groups as $group) {
-    $group['vclocalname'] = $group['vclocalname'];
-    $group['vclocaldescription'] = $group['vclocaldescription'];
-    $group['checked'] = in_array($group['groupid'], $checked_groups);
-
-    $page['groups'][] = $group;
-}
-
-$page['stored'] = isset($_GET['stored']);
-$page['title'] = getlocal("operator.groups.title");
-$page['menuid'] = ($operator['operatorid'] == $op_id) ? "profile" : "operators";
-
-$page = array_merge($page, prepare_menu($operator));
-
-$page['tabs'] = setup_operator_settings_tabs($op_id, 2);
-
-$page_style = new PageStyle(PageStyle::getCurrentStyle());
-$page_style->render('operator_groups', $page);
diff --git a/src/mibew/styles/pages/default/templates_src/server_side/operator_groups.handlebars b/src/mibew/styles/pages/default/templates_src/server_side/operator_groups.handlebars
index 92c9e14a..d7619d21 100644
--- a/src/mibew/styles/pages/default/templates_src/server_side/operator_groups.handlebars
+++ b/src/mibew/styles/pages/default/templates_src/server_side/operator_groups.handlebars
@@ -13,7 +13,7 @@
             <div id="formmessage">{{l10n "data.saved"}}</div>
         {{/if}}
 
-        <form name="opgroupsForm" method="post" action="{{mibewRoot}}/operator/opgroups.php">
+        <form name="opgroupsForm" method="post" action="{{mibewRoot}}/operator/operator/{{opid}}/groups">
             {{csrfTokenInput}}
             <input type="hidden" name="op" value="{{opid}}"/>