Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-04-18 12:57:24 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace "operator/avatar.php" with a controller

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-05-22 12:48:17 +00:00
parent 9fb205bc2b
commit 9f70aa80d2
5 changed files with 230 additions and 123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

215
src/mibew/libs/classes/Mibew/Controller/OperatorController.php
View File

@ -18,6 +18,7 @@
namespace Mibew\Controller; namespace Mibew\Controller;
use Mibew\Database; use Mibew\Database;
use Mibew\Settings;
use Mibew\Http\Exception\AccessDeniedException; use Mibew\Http\Exception\AccessDeniedException;
use Mibew\Http\Exception\NotFoundException; use Mibew\Http\Exception\NotFoundException;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
@ -30,8 +31,8 @@ class OperatorController extends AbstractController
/** /**
* Generates list of all operators in the system. * Generates list of all operators in the system.
* *
* @param Request $request * @param Request $request Incoming request.
* @return string Rendered page content * @return string Rendered page content.
*/ */
public function indexAction(Request $request) public function indexAction(Request $request)
{ {
@ -96,8 +97,8 @@ class OperatorController extends AbstractController
/** /**
* Removes an operator from the database. * Removes an operator from the database.
* *
* @param Request $request * @param Request $request Incoming request.
* @return string Rendered page content * @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found * @throws NotFoundException If the operator with specified ID is not found
* in the system. * in the system.
*/ */
@ -137,8 +138,8 @@ class OperatorController extends AbstractController
/** /**
* Disables an operator. * Disables an operator.
* *
* @param Request $request * @param Request $request Incoming request.
* @return string Rendered page content * @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found * @throws NotFoundException If the operator with specified ID is not found
* in the system. * in the system.
*/ */
@ -183,8 +184,8 @@ class OperatorController extends AbstractController
/** /**
* Enables an operator. * Enables an operator.
* *
* @param Request $request * @param Request $request Incoming request.
* @return string Rendered page content * @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found * @throws NotFoundException If the operator with specified ID is not found
* in the system. * in the system.
*/ */
@ -211,8 +212,10 @@ class OperatorController extends AbstractController
/** /**
* Builds a page with form for add/edit operator. * Builds a page with form for add/edit operator.
* *
* @param Request $request * @param Request $request Incoming request.
* @return string Rendered page content * @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/ */
public function showEditFormAction(Request $request) public function showEditFormAction(Request $request)
{ {
@ -297,8 +300,10 @@ class OperatorController extends AbstractController
* Processes submitting of the form which is generated in * Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method. * {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
* *
* @param Request $request * @param Request $request Incoming request.
* @return string Rendered page content * @return string Rendered page content.
* @throws AccessDeniedException If the current operator has no rights to
* modify choosen profile.
*/ */
public function submitEditFormAction(Request $request) public function submitEditFormAction(Request $request)
{ {
@ -392,8 +397,10 @@ class OperatorController extends AbstractController
// Create new operator and redirect the current operator to avatar // Create new operator and redirect the current operator to avatar
// page. // page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code); $new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $request->getBasePath() . '/operator/avatar.php?op=' $redirect_to = $this->generateUrl(
. intval($new_operator['operatorid']); 'operator_avatar',
array('operator_id' => $new_operator['operatorid'])
);
return $this->redirect($redirect_to); return $this->redirect($redirect_to);
} }
@ -430,4 +437,184 @@ class OperatorController extends AbstractController
return $this->redirect($redirect_to); return $this->redirect($redirect_to);
} }
/**
* Builds a page with form for edit operator's avatar.
*
* @param Request $request incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
*/
public function showAvatarFormAction(Request $request)
{
set_csrf_token();
$operator = $request->attributes->get('_operator');
$op_id = $request->attributes->get('operator_id');
$page = array(
'opid' => $op_id,
// Use errors list stored in the request. We need to do so to have
// an ability to pass the request from the "submitAvatarForm" action.
'errors' => $request->attributes->get('errors', array()),
);
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
// Try to load the target operator.
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found');
}
$page['avatar'] = $op['vcavatar'];
$page['currentop'] = $op
? get_operator_name($op) . ' (' . $op['vclogin'] . ')'
: getlocal('not_found');
$page['canmodify'] = $can_modify ? '1' : '';
$page['title'] = getlocal('page_avatar.title');
$page['menuid'] = ($operator['operatorid'] == $op_id) ? 'profile' : 'operators';
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 1);
return $this->render('operator_avatar', $page);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showAvatarFormAction()}
* method.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
* @throws AccessDeniedException If the current operator has no rights to
* modify choosen profile.
*/
public function submitAvatarFormAction(Request $request)
{
csrf_check_token($request);
$operator = $request->attributes->get('_operator');
$op_id = $request->attributes->getInt('operator_id');
$errors = array();
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
if (!$can_modify) {
throw new AccessDeniedException('Cannot modify avatar.');
}
// Try to load the target operator.
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found');
}
$avatar = $op['vcavatar'];
$file = $request->files->get('avatarFile');
if ($file) {
// Process uploaded file.
$valid_types = array("gif", "jpg", "png", "tif", "jpeg");
$ext = $file->getClientOriginalExtension();
$orig_filename = $file->getClientOriginalName();
$new_file_name = intval($op_id) . ".$ext";
$file_size = $file->getSize();
if ($file_size == 0 || $file_size > Settings::get('max_uploaded_file_size')) {
$errors[] = failed_uploading_file($orig_filename, "errors.file.size.exceeded");
} elseif (!in_array($ext, $valid_types)) {
$errors[] = failed_uploading_file($orig_filename, "errors.invalid.file.type");
} else {
// Remove avatar if it already exists
$avatar_local_dir = MIBEW_FS_ROOT . '/files/avatar/';
$full_file_path = $avatar_local_dir . $new_file_name;
if (file_exists($full_file_path)) {
unlink($full_file_path);
}
// Move uploaded file to avatar directory
try {
$file->move($avatar_local_dir, $new_file_name);
$avatar = MIBEW_WEB_ROOT . "/files/avatar/$new_file_name";
} catch (Exception $e) {
$errors[] = failed_uploading_file($orig_filename, "errors.file.move.error");
}
}
} else {
$errors[] = "No file selected";
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showAvatarFormAction($request);
}
// Update path to avatar in the database
update_operator_avatar($op['operatorid'], $avatar);
// Operator's data are cached in the session thus we need to update them
// manually.
if ($avatar && $operator['operatorid'] == $op_id) {
$operator['vcavatar'] = $avatar;
$_SESSION[SESSION_PREFIX . 'operator'] = $operator;
$request->attributes->set('_operator', $operator);
}
// Redirect the operator to the same page using GET method.
$redirect_to = $this->generateUrl(
'operator_avatar',
array('operator_id' => $op_id)
);
return $this->redirect($redirect_to);
}
/**
* Removes operator's avatar from the database.
*
* @param Request $request Incoming request.
* @return string Rendered page content.
* @throws NotFoundException If the operator with specified ID is not found
* in the system.
* @throws AccessDeniedException If the current operator has no rights to
* modify choosen profile.
*/
public function deleteAvatarAction(Request $request)
{
csrf_check_token($request);
$operator = $request->attributes->get('_operator');
$op_id = $request->attributes->getInt('operator_id');
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
if (!$can_modify) {
throw new AccessDeniedException('Cannot modify avatar.');
}
// Try to load the target operator.
if (!operator_by_id($op_id)) {
throw new NotFoundException('The operator is not found');
}
// Update avatar value in database
update_operator_avatar($op_id, '');
// Redirect the current operator to the same page using GET method.
$redirect_to = $this->generateUrl(
'operator_avatar',
array('operator_id' => $op_id)
);
return $this->redirect($redirect_to);
}
} }

2
src/mibew/libs/operator_settings.php
View File

@ -34,7 +34,7 @@ function setup_operator_settings_tabs($operator_id, $active)
? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/edit") ? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/edit")
: ""), : ""),
getlocal("page_agent.tab.avatar") => ($active != 1 getlocal("page_agent.tab.avatar") => ($active != 1
? (MIBEW_WEB_ROOT . "/operator/avatar.php?op=" . $operator_id) ? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/avatar")
: ""), : ""),
getlocal("page_agent.tab.groups") => ($active != 2 getlocal("page_agent.tab.groups") => ($active != 2
? (MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . $operator_id) ? (MIBEW_WEB_ROOT . "/operator/opgroups.php?op=" . $operator_id)

26
src/mibew/libs/routing.yml
View File

@ -184,6 +184,32 @@ operator_add_save:
_access_check: Mibew\AccessControl\Check\LoggedInCheck _access_check: Mibew\AccessControl\Check\LoggedInCheck
methods: [POST] methods: [POST]
operator_avatar:
path: /operator/operator/{operator_id}/avatar
defaults:
_controller: Mibew\Controller\OperatorController::showAvatarFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
requirements:
operator_id: \d{1,10}
methods: [GET]
operator_avatar_delete:
path: /operator/operator/{operator_id}/avatar/delete
defaults:
_controller: Mibew\Controller\OperatorController::deleteAvatarAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
requirements:
operator_id: \d{1,10}
operator_avatar_save:
path: /operator/operator/{operator_id}/avatar
defaults:
_controller: Mibew\Controller\OperatorController::submitAvatarFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
requirements:
operator_id: \d{1,10}
methods: [POST]
operator_edit: operator_edit:
path: /operator/operator/{operator_id}/edit path: /operator/operator/{operator_id}/edit
defaults: defaults:

106
src/mibew/operator/avatar.php
View File

@ -1,106 +0,0 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Import namespaces and classes of the core
use Mibew\Settings;
use Mibew\Style\PageStyle;
// Initialize libraries
require_once(dirname(dirname(__FILE__)) . '/libs/init.php');
$operator = check_login();
csrf_check_token();
$op_id = verify_param("op", "/^\d{1,9}$/");
$page = array(
'opid' => $op_id,
'avatar' => '',
'errors' => array(),
);
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
$op = operator_by_id($op_id);
if (!$op) {
$page['errors'][] = getlocal("no_such_operator");
} elseif (isset($_POST['op'])) {
$avatar = $op['vcavatar'];
if (!$can_modify) {
$page['errors'][] = getlocal('page_agent.cannot_modify');
} elseif (isset($_FILES['avatarFile']) && $_FILES['avatarFile']['name']) {
$valid_types = array("gif", "jpg", "png", "tif", "jpeg");
$orig_filename = $_FILES['avatarFile']['name'];
$tmp_file_name = $_FILES['avatarFile']['tmp_name'];
$ext = preg_replace('/\//', '', strtolower(substr($orig_filename, 1 + strrpos($orig_filename, "."))));
$new_file_name = intval($op_id) . ".$ext";
$file_size = $_FILES['avatarFile']['size'];
if ($file_size == 0 || $file_size > Settings::get('max_uploaded_file_size')) {
$page['errors'][] = failed_uploading_file($orig_filename, "errors.file.size.exceeded");
} elseif (!in_array($ext, $valid_types)) {
$page['errors'][] = failed_uploading_file($orig_filename, "errors.invalid.file.type");
} else {
$avatar_local_dir = MIBEW_FS_ROOT . '/files/avatar/';
$full_file_path = $avatar_local_dir . $new_file_name;
if (file_exists($full_file_path)) {
unlink($full_file_path);
}
if (!@move_uploaded_file($_FILES['avatarFile']['tmp_name'], $full_file_path)) {
$page['errors'][] = failed_uploading_file($orig_filename, "errors.file.move.error");
} else {
$avatar = MIBEW_WEB_ROOT . "/files/avatar/$new_file_name";
}
}
} else {
$page['errors'][] = "No file selected";
}
if (count($page['errors']) == 0) {
update_operator_avatar($op['operatorid'], $avatar);
if ($op_id && $avatar && $_SESSION[SESSION_PREFIX . "operator"] && $operator['operatorid'] == $op_id) {
$_SESSION[SESSION_PREFIX . "operator"]['vcavatar'] = $avatar;
}
header("Location: " . MIBEW_WEB_ROOT . "/operator/avatar.php?op=" . intval($op_id));
exit;
} else {
$page['avatar'] = $op['vcavatar'];
}
} else {
if (isset($_GET['delete']) && $_GET['delete'] == "true" && $can_modify) {
update_operator_avatar($op['operatorid'], '');
header("Location: " . MIBEW_WEB_ROOT . "/operator/avatar.php?op=" . intval($op_id));
exit;
}
$page['avatar'] = $op['vcavatar'];
}
$page['currentop'] = $op ? get_operator_name($op) . " (" . $op['vclogin'] . ")" : getlocal("not_found");
$page['canmodify'] = $can_modify ? "1" : "";
$page['title'] = getlocal("page_avatar.title");
$page['menuid'] = ($operator['operatorid'] == $op_id) ? "profile" : "operators";
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 1);
$page_style = new PageStyle(PageStyle::getCurrentStyle());
$page_style->render('avatar', $page);

4
src/mibew/styles/pages/default/templates_src/server_side/avatar.handlebars → src/mibew/styles/pages/default/templates_src/server_side/operator_avatar.handlebars
View File

@ -9,7 +9,7 @@
{{> _errors}} {{> _errors}}
<form name="avatarForm" method="post" action="{{mibewRoot}}/operator/avatar.php" enctype="multipart/form-data"> <form name="avatarForm" method="post" action="{{mibewRoot}}/operator/operator/{{opid}}/avatar" enctype="multipart/form-data">
{{csrfTokenInput}} {{csrfTokenInput}}
<input type="hidden" name="op" value="{{opid}}"/> <input type="hidden" name="op" value="{{opid}}"/>
@ -31,7 +31,7 @@
<div class="fvalue"> <div class="fvalue">
<img src="{{avatar}}" alt="cannot load avatar"/><br/> <img src="{{avatar}}" alt="cannot load avatar"/><br/>
{{#if canmodify}} {{#if canmodify}}
<a class="formauth" href="{{mibewRoot}}/operator/avatar.php?op={{opid}}&amp;delete=true"> <a class="formauth" href="{{mibewRoot}}/operator/operator/{{opid}}/avatar/delete?{{csrfTokenInUrl}}">
{{l10n "page_agent.clear_avatar"}} {{l10n "page_agent.clear_avatar"}}
</a> </a>
{{/if}} {{/if}}