mirror of
				https://github.com/Mibew/mibew.git
				synced 2025-10-26 00:06:55 +03:00 
			
		
		
		
	Replace "operator/opgroups.php" with a controller
This commit is contained in:
		
							parent
							
								
									8a4da51366
								
							
						
					
					
						commit
						16749fec8c
					
				| @ -0,0 +1,161 @@ | |||||||
|  | <?php | ||||||
|  | /* | ||||||
|  |  * Copyright 2005-2014 the original author or authors. | ||||||
|  |  * | ||||||
|  |  * Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
|  |  * you may not use this file except in compliance with the License. | ||||||
|  |  * You may obtain a copy of the License at | ||||||
|  |  * | ||||||
|  |  *     http://www.apache.org/licenses/LICENSE-2.0 | ||||||
|  |  * | ||||||
|  |  * Unless required by applicable law or agreed to in writing, software | ||||||
|  |  * distributed under the License is distributed on an "AS IS" BASIS, | ||||||
|  |  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
|  |  * See the License for the specific language governing permissions and | ||||||
|  |  * limitations under the License. | ||||||
|  |  */ | ||||||
|  | 
 | ||||||
|  | namespace Mibew\Controller\Operator; | ||||||
|  | 
 | ||||||
|  | use Mibew\Controller\AbstractController; | ||||||
|  | use Mibew\Http\Exception\AccessDeniedException; | ||||||
|  | use Mibew\Http\Exception\BadRequestException; | ||||||
|  | use Mibew\Http\Exception\NotFoundException; | ||||||
|  | use Symfony\Component\HttpFoundation\Request; | ||||||
|  | 
 | ||||||
|  | /** | ||||||
|  |  * Contains all actions which are related with operator's profile. | ||||||
|  |  */ | ||||||
|  | class GroupsController extends AbstractController | ||||||
|  | { | ||||||
|  |     /** | ||||||
|  |      * Builds a page with form for edit operator's groups. | ||||||
|  |      * | ||||||
|  |      * @param Request $request Incoming request. | ||||||
|  |      * @return string Rendered page content. | ||||||
|  |      * @throws NotFoundException If the operator with specified ID is not found | ||||||
|  |      *   in the system. | ||||||
|  |      * @throws AccessDeniedException If the current operator has not enough | ||||||
|  |      *   rights to view the page. | ||||||
|  |      */ | ||||||
|  |     public function showFormAction(Request $request) | ||||||
|  |     { | ||||||
|  |         set_csrf_token(); | ||||||
|  | 
 | ||||||
|  |         $operator = $request->attributes->get('_operator'); | ||||||
|  |         $operator_in_isolation = in_isolation($operator); | ||||||
|  |         $op_id = $request->attributes->getInt('operator_id'); | ||||||
|  | 
 | ||||||
|  |         // Check if the curent operator has enough rights to access the page
 | ||||||
|  |         if ($op_id != $operator['operatorid'] && !is_capable(CAN_ADMINISTRATE, $operator)) { | ||||||
|  |             throw new AccessDeniedException(); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         // Check if the target user exists
 | ||||||
|  |         $op = operator_by_id($op_id); | ||||||
|  |         if (!$op) { | ||||||
|  |             throw new NotFoundException('The operator is not found.'); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         $page = array( | ||||||
|  |             'opid' => $op_id, | ||||||
|  |             'errors' => array() | ||||||
|  |         ); | ||||||
|  | 
 | ||||||
|  |         $groups = $operator_in_isolation | ||||||
|  |             ? get_all_groups_for_operator($operator) | ||||||
|  |             : get_all_groups(); | ||||||
|  | 
 | ||||||
|  |         $can_modify = is_capable(CAN_ADMINISTRATE, $operator); | ||||||
|  | 
 | ||||||
|  |         $page['currentop'] = $op | ||||||
|  |             ? get_operator_name($op) . ' (' . $op['vclogin'] . ')' | ||||||
|  |             : getlocal('not_found'); | ||||||
|  |         $page['canmodify'] = $can_modify ? '1' : ''; | ||||||
|  | 
 | ||||||
|  |         // Get IDs of groups the operator belongs to.
 | ||||||
|  |         $checked_groups = array(); | ||||||
|  |         if ($op) { | ||||||
|  |             foreach (get_operator_group_ids($op_id) as $rel) { | ||||||
|  |                 $checked_groups[] = $rel['groupid']; | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         // Get all available groups
 | ||||||
|  |         $page['groups'] = array(); | ||||||
|  |         foreach ($groups as $group) { | ||||||
|  |             $group['vclocalname'] = $group['vclocalname']; | ||||||
|  |             $group['vclocaldescription'] = $group['vclocaldescription']; | ||||||
|  |             $group['checked'] = in_array($group['groupid'], $checked_groups); | ||||||
|  | 
 | ||||||
|  |             $page['groups'][] = $group; | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         $page['stored'] = $request->query->has('stored'); | ||||||
|  |         $page['title'] = getlocal('operator.groups.title'); | ||||||
|  |         $page['menuid'] = ($operator['operatorid'] == $op_id) ? 'profile' : 'operators'; | ||||||
|  |         $page = array_merge($page, prepare_menu($operator)); | ||||||
|  |         $page['tabs'] = setup_operator_settings_tabs($op_id, 2); | ||||||
|  | 
 | ||||||
|  |         return $this->render('operator_groups', $page); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     /** | ||||||
|  |      * Processes submitting of the form which is generated in | ||||||
|  |      * {@link \Mibew\Controller\Operator\GroupsController::showFormAction()} | ||||||
|  |      * method. | ||||||
|  |      * | ||||||
|  |      * @param Request $request Incoming request. | ||||||
|  |      * @return string Rendered page content. | ||||||
|  |      * @throws NotFoundException If the operator with specified ID is not found | ||||||
|  |      *   in the system. | ||||||
|  |      * @throws BadRequestException If the "op" field of the form is in wrong | ||||||
|  |      *   format. | ||||||
|  |      */ | ||||||
|  |     public function submitFormAction(Request $request) | ||||||
|  |     { | ||||||
|  |         csrf_check_token($request); | ||||||
|  | 
 | ||||||
|  |         $operator = $request->attributes->get('_operator'); | ||||||
|  |         $operator_in_isolation = in_isolation($operator); | ||||||
|  | 
 | ||||||
|  |         // Use value from the form and not from the path to make sure it is
 | ||||||
|  |         // correct. If not, throw an exception.
 | ||||||
|  |         $op_id = $request->request->get('op'); | ||||||
|  |         if (!preg_match("/^\d{1,10}$/", $op_id)) { | ||||||
|  |             throw new BadRequestException('Wrong value of "op" form field.'); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         // Check if the target operator exists
 | ||||||
|  |         $op = operator_by_id($op_id); | ||||||
|  |         if (!$op) { | ||||||
|  |             throw new NotFoundException('The operator is not found.'); | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         // Get all groups that are available for the target operator.
 | ||||||
|  |         $groups = $operator_in_isolation | ||||||
|  |             ? get_all_groups_for_operator($operator) | ||||||
|  |             : get_all_groups(); | ||||||
|  | 
 | ||||||
|  |         // Build list of operator's new groups.
 | ||||||
|  |         $new_groups = array(); | ||||||
|  |         foreach ($groups as $group) { | ||||||
|  |             if ($request->request->get('group' . $group['groupid']) == 'on') { | ||||||
|  |                 $new_groups[] = $group['groupid']; | ||||||
|  |             } | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|  |         // Update operator's group and redirect the current operator to the same
 | ||||||
|  |         // page using GET method.
 | ||||||
|  |         update_operator_groups($op['operatorid'], $new_groups); | ||||||
|  |         $redirect_to = $this->generateUrl( | ||||||
|  |             'operator_groups', | ||||||
|  |             array( | ||||||
|  |                 'operator_id' => $op_id, | ||||||
|  |                 'stored' => true, | ||||||
|  |             ) | ||||||
|  |         ); | ||||||
|  | 
 | ||||||
|  |         return $this->redirect($redirect_to); | ||||||
|  |     } | ||||||
|  | } | ||||||
| @ -37,7 +37,7 @@ function setup_operator_settings_tabs($operator_id, $active) | |||||||
|                 ? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/avatar") |                 ? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/avatar") | ||||||
|                 : ""), |                 : ""), | ||||||
|             getlocal("page_agent.tab.groups") => ($active != 2 |             getlocal("page_agent.tab.groups") => ($active != 2 | ||||||
|                 ? (MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . $operator_id) |                 ? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/groups") | ||||||
|                 : ""), |                 : ""), | ||||||
|             getlocal("page_agent.tab.permissions") => ($active != 3 |             getlocal("page_agent.tab.permissions") => ($active != 3 | ||||||
|                 ? (MIBEW_WEB_ROOT . "/operator/permissions.php?op=" . $operator_id) |                 ? (MIBEW_WEB_ROOT . "/operator/permissions.php?op=" . $operator_id) | ||||||
|  | |||||||
| @ -255,6 +255,25 @@ operator_disable: | |||||||
|     requirements: |     requirements: | ||||||
|         operator_id: \d{1,10} |         operator_id: \d{1,10} | ||||||
| 
 | 
 | ||||||
|  | operator_groups: | ||||||
|  |     path: /operator/operator/{operator_id}/groups | ||||||
|  |     defaults: | ||||||
|  |         _controller: Mibew\Controller\Operator\GroupsController::showFormAction | ||||||
|  |         _access_check: Mibew\AccessControl\Check\LoggedInCheck | ||||||
|  |     requirements: | ||||||
|  |         operator_id: \d{1,10} | ||||||
|  |     methods: [GET] | ||||||
|  | 
 | ||||||
|  | operator_groups_save: | ||||||
|  |     path: /operator/operator/{operator_id}/groups | ||||||
|  |     defaults: | ||||||
|  |         _controller: Mibew\Controller\Operator\GroupsController::submitFormAction | ||||||
|  |         _access_check: Mibew\AccessControl\Check\PermissionsCheck | ||||||
|  |         _access_permissions: [CAN_ADMINISTRATE] | ||||||
|  |     requirements: | ||||||
|  |         operator_id: \d{1,10} | ||||||
|  |     methods: [POST] | ||||||
|  | 
 | ||||||
| operators: | operators: | ||||||
|     path: /operator/operator |     path: /operator/operator | ||||||
|     defaults: |     defaults: | ||||||
|  | |||||||
| @ -1,95 +0,0 @@ | |||||||
| <?php |  | ||||||
| /* |  | ||||||
|  * Copyright 2005-2014 the original author or authors. |  | ||||||
|  * |  | ||||||
|  * Licensed under the Apache License, Version 2.0 (the "License"); |  | ||||||
|  * you may not use this file except in compliance with the License. |  | ||||||
|  * You may obtain a copy of the License at |  | ||||||
|  * |  | ||||||
|  *     http://www.apache.org/licenses/LICENSE-2.0 |  | ||||||
|  * |  | ||||||
|  * Unless required by applicable law or agreed to in writing, software |  | ||||||
|  * distributed under the License is distributed on an "AS IS" BASIS, |  | ||||||
|  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |  | ||||||
|  * See the License for the specific language governing permissions and |  | ||||||
|  * limitations under the License. |  | ||||||
|  */ |  | ||||||
| 
 |  | ||||||
| // Import namespaces and classes of the core
 |  | ||||||
| use Mibew\Style\PageStyle; |  | ||||||
| 
 |  | ||||||
| // Initialize libraries
 |  | ||||||
| require_once(dirname(dirname(__FILE__)) . '/libs/init.php'); |  | ||||||
| 
 |  | ||||||
| $operator = check_login(); |  | ||||||
| csrf_check_token(); |  | ||||||
| 
 |  | ||||||
| $operator_in_isolation = in_isolation($operator); |  | ||||||
| 
 |  | ||||||
| $op_id = verify_param("op", "/^\d{1,9}$/"); |  | ||||||
| $page = array( |  | ||||||
|     'opid' => $op_id, |  | ||||||
|     'errors' => array() |  | ||||||
| ); |  | ||||||
| 
 |  | ||||||
| $groups = $operator_in_isolation |  | ||||||
|     ? get_all_groups_for_operator($operator) |  | ||||||
|     : get_all_groups(); |  | ||||||
| 
 |  | ||||||
| $can_modify = is_capable(CAN_ADMINISTRATE, $operator); |  | ||||||
| 
 |  | ||||||
| $op = operator_by_id($op_id); |  | ||||||
| 
 |  | ||||||
| if (!$op) { |  | ||||||
|     $page['errors'][] = getlocal("no_such_operator"); |  | ||||||
| } elseif (isset($_POST['op'])) { |  | ||||||
| 
 |  | ||||||
|     if (!$can_modify) { |  | ||||||
|         $page['errors'][] = getlocal('page_agent.cannot_modify'); |  | ||||||
|     } |  | ||||||
| 
 |  | ||||||
|     if (count($page['errors']) == 0) { |  | ||||||
|         $new_groups = array(); |  | ||||||
|         foreach ($groups as $group) { |  | ||||||
|             if (verify_param("group" . $group['groupid'], "/^on$/", "") == "on") { |  | ||||||
|                 $new_groups[] = $group['groupid']; |  | ||||||
|             } |  | ||||||
|         } |  | ||||||
| 
 |  | ||||||
|         update_operator_groups($op['operatorid'], $new_groups); |  | ||||||
|         header("Location: " . MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . intval($op_id) . "&stored"); |  | ||||||
|         exit; |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| $page['currentop'] = $op |  | ||||||
|     ? get_operator_name($op) . " (" . $op['vclogin'] . ")" |  | ||||||
|     : getlocal("not_found"); |  | ||||||
| $page['canmodify'] = $can_modify ? "1" : ""; |  | ||||||
| 
 |  | ||||||
| $checked_groups = array(); |  | ||||||
| if ($op) { |  | ||||||
|     foreach (get_operator_group_ids($op_id) as $rel) { |  | ||||||
|         $checked_groups[] = $rel['groupid']; |  | ||||||
|     } |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| $page['groups'] = array(); |  | ||||||
| foreach ($groups as $group) { |  | ||||||
|     $group['vclocalname'] = $group['vclocalname']; |  | ||||||
|     $group['vclocaldescription'] = $group['vclocaldescription']; |  | ||||||
|     $group['checked'] = in_array($group['groupid'], $checked_groups); |  | ||||||
| 
 |  | ||||||
|     $page['groups'][] = $group; |  | ||||||
| } |  | ||||||
| 
 |  | ||||||
| $page['stored'] = isset($_GET['stored']); |  | ||||||
| $page['title'] = getlocal("operator.groups.title"); |  | ||||||
| $page['menuid'] = ($operator['operatorid'] == $op_id) ? "profile" : "operators"; |  | ||||||
| 
 |  | ||||||
| $page = array_merge($page, prepare_menu($operator)); |  | ||||||
| 
 |  | ||||||
| $page['tabs'] = setup_operator_settings_tabs($op_id, 2); |  | ||||||
| 
 |  | ||||||
| $page_style = new PageStyle(PageStyle::getCurrentStyle()); |  | ||||||
| $page_style->render('operator_groups', $page); |  | ||||||
| @ -13,7 +13,7 @@ | |||||||
|             <div id="formmessage">{{l10n "data.saved"}}</div> |             <div id="formmessage">{{l10n "data.saved"}}</div> | ||||||
|         {{/if}} |         {{/if}} | ||||||
| 
 | 
 | ||||||
|         <form name="opgroupsForm" method="post" action="{{mibewRoot}}/operator/opgroups.php"> |         <form name="opgroupsForm" method="post" action="{{mibewRoot}}/operator/operator/{{opid}}/groups"> | ||||||
|             {{csrfTokenInput}} |             {{csrfTokenInput}} | ||||||
|             <input type="hidden" name="op" value="{{opid}}"/> |             <input type="hidden" name="op" value="{{opid}}"/> | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user