Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-01-31 21:34:42 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace "operator/opgroups.php" with a controller

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-05-22 15:49:41 +00:00
parent 8a4da51366
commit 16749fec8c
5 changed files with 182 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
src/mibew/libs/classes/Mibew/Controller/Operator/GroupsController.php Normal file
View File

@ -0,0 +1,161 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Mibew\Controller\Operator;
use Mibew\Controller\AbstractController;
use Mibew\Http\Exception\AccessDeniedException;
use Mibew\Http\Exception\BadRequestException;
use Mibew\Http\Exception\NotFoundException;
use Symfony\Component\HttpFoundation\Request;
/**
* Contains all actions which are related with operator's profile.
*/
class GroupsController extends AbstractController
{
/**
* Builds a page with form for edit operator's groups.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
* @throws AccessDeniedException If the current operator has not enough
* rights to view the page.
*/
public function showFormAction(Request $request)
{
set_csrf_token();
$operator = $request->attributes->get('_operator');
$operator_in_isolation = in_isolation($operator);
$op_id = $request->attributes->getInt('operator_id');
// Check if the curent operator has enough rights to access the page
if ($op_id != $operator['operatorid'] && !is_capable(CAN_ADMINISTRATE, $operator)) {
throw new AccessDeniedException();
}
// Check if the target user exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
$page = array(
'opid' => $op_id,
'errors' => array()
);
$groups = $operator_in_isolation
? get_all_groups_for_operator($operator)
: get_all_groups();
$can_modify = is_capable(CAN_ADMINISTRATE, $operator);
$page['currentop'] = $op
? get_operator_name($op) . ' (' . $op['vclogin'] . ')'
: getlocal('not_found');
$page['canmodify'] = $can_modify ? '1' : '';
// Get IDs of groups the operator belongs to.
$checked_groups = array();
if ($op) {
foreach (get_operator_group_ids($op_id) as $rel) {
$checked_groups[] = $rel['groupid'];
}
}
// Get all available groups
$page['groups'] = array();
foreach ($groups as $group) {
$group['vclocalname'] = $group['vclocalname'];
$group['vclocaldescription'] = $group['vclocaldescription'];
$group['checked'] = in_array($group['groupid'], $checked_groups);
$page['groups'][] = $group;
}
$page['stored'] = $request->query->has('stored');
$page['title'] = getlocal('operator.groups.title');
$page['menuid'] = ($operator['operatorid'] == $op_id) ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 2);
return $this->render('operator_groups', $page);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\Operator\GroupsController::showFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
* @throws BadRequestException If the "op" field of the form is in wrong
* format.
*/
public function submitFormAction(Request $request)
{
csrf_check_token($request);
$operator = $request->attributes->get('_operator');
$operator_in_isolation = in_isolation($operator);
// Use value from the form and not from the path to make sure it is
// correct. If not, throw an exception.
$op_id = $request->request->get('op');
if (!preg_match("/^\d{1,10}$/", $op_id)) {
throw new BadRequestException('Wrong value of "op" form field.');
}
// Check if the target operator exists
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
// Get all groups that are available for the target operator.
$groups = $operator_in_isolation
? get_all_groups_for_operator($operator)
: get_all_groups();
// Build list of operator's new groups.
$new_groups = array();
foreach ($groups as $group) {
if ($request->request->get('group' . $group['groupid']) == 'on') {
$new_groups[] = $group['groupid'];
}
}
// Update operator's group and redirect the current operator to the same
// page using GET method.
update_operator_groups($op['operatorid'], $new_groups);
$redirect_to = $this->generateUrl(
'operator_groups',
array(
'operator_id' => $op_id,
'stored' => true,
)
);
return $this->redirect($redirect_to);
}
}

2
src/mibew/libs/operator_settings.php
View File

@ -37,7 +37,7 @@ function setup_operator_settings_tabs($operator_id, $active)
? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/avatar")
: ""),
getlocal("page_agent.tab.groups") => ($active != 2
? (MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . $operator_id)
? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/groups")
: ""),
getlocal("page_agent.tab.permissions") => ($active != 3
? (MIBEW_WEB_ROOT . "/operator/permissions.php?op=" . $operator_id)

19
src/mibew/libs/routing.yml
View File

@ -255,6 +255,25 @@ operator_disable:
requirements:
operator_id: \d{1,10}
operator_groups:
path: /operator/operator/{operator_id}/groups
defaults:
_controller: Mibew\Controller\Operator\GroupsController::showFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
requirements:
operator_id: \d{1,10}
methods: [GET]
operator_groups_save:
path: /operator/operator/{operator_id}/groups
defaults:
_controller: Mibew\Controller\Operator\GroupsController::submitFormAction
_access_check: Mibew\AccessControl\Check\PermissionsCheck
_access_permissions: [CAN_ADMINISTRATE]
requirements:
operator_id: \d{1,10}
methods: [POST]
operators:
path: /operator/operator
defaults:

95
src/mibew/operator/opgroups.php
View File

@ -1,95 +0,0 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Import namespaces and classes of the core
use Mibew\Style\PageStyle;
// Initialize libraries
require_once(dirname(dirname(__FILE__)) . '/libs/init.php');
$operator = check_login();
csrf_check_token();
$operator_in_isolation = in_isolation($operator);
$op_id = verify_param("op", "/^\d{1,9}$/");
$page = array(
'opid' => $op_id,
'errors' => array()
);
$groups = $operator_in_isolation
? get_all_groups_for_operator($operator)
: get_all_groups();
$can_modify = is_capable(CAN_ADMINISTRATE, $operator);
$op = operator_by_id($op_id);
if (!$op) {
$page['errors'][] = getlocal("no_such_operator");
} elseif (isset($_POST['op'])) {
if (!$can_modify) {
$page['errors'][] = getlocal('page_agent.cannot_modify');
}
if (count($page['errors']) == 0) {
$new_groups = array();
foreach ($groups as $group) {
if (verify_param("group" . $group['groupid'], "/^on$/", "") == "on") {
$new_groups[] = $group['groupid'];
}
}
update_operator_groups($op['operatorid'], $new_groups);
header("Location: " . MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . intval($op_id) . "&stored");
exit;
}
}
$page['currentop'] = $op
? get_operator_name($op) . " (" . $op['vclogin'] . ")"
: getlocal("not_found");
$page['canmodify'] = $can_modify ? "1" : "";
$checked_groups = array();
if ($op) {
foreach (get_operator_group_ids($op_id) as $rel) {
$checked_groups[] = $rel['groupid'];
}
}
$page['groups'] = array();
foreach ($groups as $group) {
$group['vclocalname'] = $group['vclocalname'];
$group['vclocaldescription'] = $group['vclocaldescription'];
$group['checked'] = in_array($group['groupid'], $checked_groups);
$page['groups'][] = $group;
}
$page['stored'] = isset($_GET['stored']);
$page['title'] = getlocal("operator.groups.title");
$page['menuid'] = ($operator['operatorid'] == $op_id) ? "profile" : "operators";
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 2);
$page_style = new PageStyle(PageStyle::getCurrentStyle());
$page_style->render('operator_groups', $page);

2
src/mibew/styles/pages/default/templates_src/server_side/operator_groups.handlebars
View File

@ -13,7 +13,7 @@
<div id="formmessage">{{l10n "data.saved"}}</div>
{{/if}}
<form name="opgroupsForm" method="post" action="{{mibewRoot}}/operator/opgroups.php">
<form name="opgroupsForm" method="post" action="{{mibewRoot}}/operator/operator/{{opid}}/groups">
{{csrfTokenInput}}
<input type="hidden" name="op" value="{{opid}}"/>