Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-07 16:24:43 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Replace "operator/operator.php" with a controller

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-05-22 10:12:11 +00:00
parent 1af5e68bd0
commit 9fb205bc2b
12 changed files with 267 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

224
src/mibew/libs/classes/Mibew/Controller/OperatorController.php
View File

@ -18,6 +18,7 @@
namespace Mibew\Controller;
use Mibew\Database;
use Mibew\Http\Exception\AccessDeniedException;
use Mibew\Http\Exception\NotFoundException;
use Symfony\Component\HttpFoundation\Request;
@ -206,4 +207,227 @@ class OperatorController extends AbstractController
// Redirect the current operator to the page with operators list
return $this->redirect($this->generateUrl('operators'));
}
/**
* Builds a page with form for add/edit operator.
*
* @param Request $request
* @return string Rendered page content
*/
public function showEditFormAction(Request $request)
{
set_csrf_token();
$operator = $request->attributes->get('_operator');
$page = array(
'opid' => false,
// Use errors list stored in the request. We need to do so to have
// an ability to pass the request from the "submitEditForm" action.
'errors' => $request->attributes->get('errors', array()),
);
$op_id = false;
if ($request->attributes->has('operator_id')) {
// Load and validate an operator to edit
$op_id = $request->attributes->getInt('operator_id');
$op = operator_by_id($op_id);
if (!$op) {
throw new NotFoundException('The operator is not found.');
}
// Show an error if the admin password hasn't been set yet.
$no_password = check_password_hash($operator['vclogin'], '', $operator['vcpassword'])
&& !$request->query->has('stored');
if ($no_password) {
$page['errors'][] = getlocal('my_settings.error.no_password');
}
$page['formlogin'] = $op['vclogin'];
$page['formname'] = $op['vclocalename'];
$page['formemail'] = $op['vcemail'];
$page['formcommonname'] = $op['vccommonname'];
$page['formcode'] = $op['code'];
$page['opid'] = $op['operatorid'];
}
// Override group's fields from the request if it's needed. This
// case will take place when a save handler fails and passes the request
// to this action.
if ($request->isMethod('POST')) {
// The login field can be disabled in the form. In that case it will
// not has a value. Thus we should override login field only when it
// is set.
if ($request->request->has('login')) {
$page['formlogin'] = $request->request->get('login');
}
$page['formname'] = $request->request->get('name');
$page['formemail'] = $request->request->get('email');
$page['formcommonname'] = $request->request->get('commonname');
$page['formcode'] = $request->request->get('code');
}
// Operator without CAN_ADMINISTRATE permission can neither create new
// operators nor view/edit other operator's profile.
$access_restricted = !is_capable(CAN_ADMINISTRATE, $operator)
&& (!$op_id || ($operator['operatorid'] != $op_id));
if ($access_restricted) {
throw new AccessDeniedException();
}
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
$page['stored'] = $request->query->has('stored');
$page['canmodify'] = $can_modify ? '1' : '';
$page['canchangelogin'] = is_capable(CAN_ADMINISTRATE, $operator);
$page['needChangePassword'] = check_password_hash($operator['vclogin'], '', $operator['vcpassword']);
$page['title'] = getlocal('page_agent.title');
$page['menuid'] = ($op_id == $operator['operatorid']) ? 'profile' : 'operators';
$page['requirePassword'] = (!$op_id || $page['needChangePassword']);
$page['formaction'] = $request->getBaseUrl() . $request->getPathInfo();
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 0);
return $this->render('operator_edit', $page);
}
/**
* Processes submitting of the form which is generated in
* {@link \Mibew\Controller\OperatorController::showEditFormAction()} method.
*
* @param Request $request
* @return string Rendered page content
*/
public function submitEditFormAction(Request $request)
{
csrf_check_token($request);
$errors = array();
$operator = $request->attributes->get('_operator');
// Use value from the form and not from the path to make sure it is
// correct. If not, treat the param as empty one.
$op_id = $request->request->getInt('opid', false);
if (is_capable(CAN_ADMINISTRATE, $operator)) {
$login = $request->request->get('login');
} else {
$login = $operator['vclogin'];
}
$email = $request->request->get('email');
$password = $request->request->get('password');
$password_confirm = $request->request->get('passwordConfirm');
$local_name = $request->request->get('name');
$common_name = $request->request->get('commonname');
$code = $request->request->get('code');
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
if (!$can_modify) {
throw new AccessDeniedException('Cannot modify profile.');
}
if (!$local_name) {
$errors[] = no_field('form.field.agent_name');
}
if (!$common_name) {
$errors[] = no_field('form.field.agent_commonname');
}
if (!$login) {
$errors[] = no_field('form.field.login');
} elseif (!preg_match("/^[\w_\.]+$/", $login)) {
$errors[] = getlocal('page_agent.error.wrong_login');
}
if (!$email || !is_valid_email($email)) {
$errors[] = wrong_field('form.field.mail');
}
if ($code && (!preg_match("/^[A-Za-z0-9_]+$/", $code))) {
$errors[] = getlocal('page_agent.error.wrong_agent_code');
}
if (!$op_id && !$password) {
$errors[] = no_field('form.field.password');
}
if ($password != $password_confirm) {
$errors[] = getlocal('my_settings.error.password_match');
}
$existing_operator = operator_by_login($login);
$duplicate_login = (!$op_id && $existing_operator)
|| ($op_id
&& $existing_operator
&& $op_id != $existing_operator['operatorid']);
if ($duplicate_login) {
$errors[] = getlocal('page_agent.error.duplicate_login');
}
// Check if operator with specified email already exists in the database.
$existing_operator = operator_by_email($email);
$duplicate_email =
// Create operator with email already in database.
(!$op_id && $existing_operator)
// Update operator email to existing one.
|| ($op_id
&& $existing_operator
&& $op_id != $existing_operator['operatorid']);
if ($duplicate_email) {
$errors[] = getlocal('page_agent.error.duplicate_email');
}
if (count($errors) != 0) {
$request->attributes->set('errors', $errors);
// The form should be rebuild. Invoke appropriate action.
return $this->showEditFormAction($request);
}
if (!$op_id) {
// Create new operator and redirect the current operator to avatar
// page.
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, '', $code);
$redirect_to = $request->getBasePath() . '/operator/avatar.php?op='
. intval($new_operator['operatorid']);
return $this->redirect($redirect_to);
}
// Update existing operator
update_operator($op_id, $login, $email, $password, $local_name, $common_name, $code);
// Operator data are cached in the session, thus we need to manually
// update them.
if (!empty($password) && $op_id == $operator['operatorid']) {
// Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($login, '', $operator['vcpassword']) && $password != '';
// Update operator's password.
$operator['vcpassword'] = calculate_password_hash($login, $password);
$_SESSION[SESSION_PREFIX . 'operator'] = $operator;
$request->attributes->set('_operator', $operator);
// Redirect the admin to the home page if needed.
if ($to_dashboard) {
return $this->redirect($request->getBasePath() . '/operator/index.php');
}
}
// Redirect the operator to edit page again to use GET method instead of
// POST.
$redirect_to = $this->generateUrl(
'operator_edit',
array(
'operator_id' => $op_id,
'stored' => true,
)
);
return $this->redirect($redirect_to);
}
}

2
src/mibew/libs/operator.php
View File

@ -589,7 +589,7 @@ function check_login($redirect = true)
function force_password($operator)
{
if (check_password_hash($operator['vclogin'], $operator['vcpassword'], '')) {
header("Location: " . MIBEW_WEB_ROOT . "/operator/operator.php?op=1");
header("Location: " . MIBEW_WEB_ROOT . "/operator/operator/1/edit");
exit;
}
}

3
src/mibew/libs/operator_settings.php
View File

@ -22,6 +22,7 @@
* @param int $operator_id ID of the operator whose settings page is displayed.
* @param int $active Number of the active tab. The count starts from 0.
* @return array Tabs list
* @deprecated
*/
function setup_operator_settings_tabs($operator_id, $active)
{
@ -30,7 +31,7 @@ function setup_operator_settings_tabs($operator_id, $active)
if ($operator_id) {
$tabs = array(
getlocal("page_agent.tab.main") => ($active != 0
? (MIBEW_WEB_ROOT . "/operator/operator.php?op=" . $operator_id)
? (MIBEW_WEB_ROOT . "/operator/operator/" . $operator_id . "/edit")
: ""),
getlocal("page_agent.tab.avatar") => ($active != 1
? (MIBEW_WEB_ROOT . "/operator/avatar.php?op=" . $operator_id)

32
src/mibew/libs/routing.yml
View File

@ -170,6 +170,38 @@ invite:
_access_check: Mibew\AccessControl\Check\LoggedInCheck
## Operators
operator_add:
path: /operator/operator/add
defaults:
_controller: Mibew\Controller\OperatorController::showEditFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
methods: [GET]
operator_add_save:
path: /operator/operator/add
defaults:
_controller: Mibew\Controller\OperatorController::submitEditFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
methods: [POST]
operator_edit:
path: /operator/operator/{operator_id}/edit
defaults:
_controller: Mibew\Controller\OperatorController::showEditFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
requirements:
operator_id: \d{1,10}
methods: [GET]
operator_edit_save:
path: /operator/operator/{operator_id}/edit
defaults:
_controller: Mibew\Controller\OperatorController::submitEditFormAction
_access_check: Mibew\AccessControl\Check\LoggedInCheck
requirements:
operator_id: \d{1,10}
methods: [POST]
operator_enable:
path: /operator/operator/{operator_id}/enable
defaults:

2
src/mibew/operator/index.php
View File

@ -32,7 +32,7 @@ $page = array(
'localeLinks' => get_locale_links(),
'needUpdate' => Settings::get('dbversion') != DB_VERSION,
'needChangePassword' => check_password_hash($operator['vclogin'], '', $operator['vcpassword']),
'profilePage' => MIBEW_WEB_ROOT . "/operator/operator.php?op=" . $operator['operatorid'],
'profilePage' => MIBEW_WEB_ROOT . "/operator/operator/" . $operator['operatorid'] . '/edit',
'updateWizard' => MIBEW_WEB_ROOT . "/install/",
'newFeatures' => Settings::get('featuresversion') != FEATURES_VERSION,
'featuresPage' => MIBEW_WEB_ROOT . "/operator/features.php",

2
src/mibew/operator/login.php
View File

@ -40,7 +40,7 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
if ($operator_can_login) {
$target = $password == ''
? MIBEW_WEB_ROOT . "/operator/operator.php?op=" . intval($operator['operatorid'])
? MIBEW_WEB_ROOT . "/operator/operator/" . intval($operator['operatorid']) . '/edit'
: (isset($_SESSION['backpath']) ? $_SESSION['backpath'] : MIBEW_WEB_ROOT . "/operator/index.php");
login_operator($operator, $remember, is_secure_request());

175
src/mibew/operator/operator.php
View File

@ -1,175 +0,0 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Import namespaces and classes of the core
use Mibew\Style\PageStyle;
// Initialize libraries
require_once(dirname(dirname(__FILE__)) . '/libs/init.php');
$operator = check_login();
csrf_check_token();
$page = array(
'opid' => '',
'errors' => array(),
);
$op_id = '';
if ((isset($_POST['login']) || !is_capable(CAN_ADMINISTRATE, $operator)) && isset($_POST['password'])) {
$op_id = verify_param("opid", "/^(\d{1,9})?$/", "");
if (is_capable(CAN_ADMINISTRATE, $operator)) {
$login = get_param('login');
} else {
$login = $operator['vclogin'];
}
$email = get_param('email');
$password = get_param('password');
$password_confirm = get_param('passwordConfirm');
$local_name = get_param('name');
$common_name = get_param('commonname');
$code = get_param('code');
if (!$local_name) {
$page['errors'][] = no_field("form.field.agent_name");
}
if (!$common_name) {
$page['errors'][] = no_field("form.field.agent_commonname");
}
if (!$login) {
$page['errors'][] = no_field("form.field.login");
} elseif (!preg_match("/^[\w_\.]+$/", $login)) {
$page['errors'][] = getlocal("page_agent.error.wrong_login");
}
if ($email == '' || !is_valid_email($email)) {
$page['errors'][] = wrong_field("form.field.mail");
}
if ($code != '' && (!preg_match("/^[A-z0-9_]+$/", $code))) {
$page['errors'][] = getlocal("page_agent.error.wrong_agent_code");
}
if (!$op_id && !$password) {
$page['errors'][] = no_field("form.field.password");
}
if ($password != $password_confirm) {
$page['errors'][] = getlocal("my_settings.error.password_match");
}
$existing_operator = operator_by_login($login);
$duplicate_login = (!$op_id && $existing_operator)
|| ($op_id
&& $existing_operator
&& $op_id != $existing_operator['operatorid']);
if ($duplicate_login) {
$page['errors'][] = getlocal("page_agent.error.duplicate_login");
}
// Check if operator with specified email already exists in the database
$existing_operator = operator_by_email($email);
$duplicate_email =
// Create operator with email already in database
(!$op_id && $existing_operator)
// Update operator email to existing one
|| ($op_id
&& $existing_operator
&& $op_id != $existing_operator['operatorid']);
if ($duplicate_email) {
$page['errors'][] = getlocal("page_agent.error.duplicate_email");
}
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
if (!$can_modify) {
$page['errors'][] = getlocal('page_agent.cannot_modify');
}
if (count($page['errors']) == 0) {
if (!$op_id) {
$new_operator = create_operator($login, $email, $password, $local_name, $common_name, "", $code);
header("Location: " . MIBEW_WEB_ROOT . "/operator/avatar.php?op=" . intval($new_operator['operatorid']));
exit;
} else {
update_operator($op_id, $login, $email, $password, $local_name, $common_name, $code);
// update the session password
if (!empty($password) && $op_id == $operator['operatorid']) {
$to_dashboard = check_password_hash($login, '', $operator['vcpassword']) && $password != '';
$_SESSION[SESSION_PREFIX . "operator"]['vcpassword'] = calculate_password_hash($login, $password);
if ($to_dashboard) {
header("Location: " . MIBEW_WEB_ROOT . "/operator/index.php");
exit;
}
}
header("Location: " . MIBEW_WEB_ROOT . "/operator/operator.php?op=" . intval($op_id) . "&stored");
exit;
}
} else {
$page['formlogin'] = $login;
$page['formname'] = $local_name;
$page['formemail'] = $email;
$page['formcommonname'] = $common_name;
$page['formcode'] = $code;
$page['opid'] = $op_id;
}
} elseif (isset($_GET['op'])) {
$op_id = verify_param('op', "/^\d{1,9}$/");
$op = operator_by_id($op_id);
if (!$op) {
$page['errors'][] = getlocal("no_such_operator");
$page['opid'] = $op_id;
} else {
//show an error if the admin password hasn't been set yet.
if (check_password_hash($operator['vclogin'], '', $operator['vcpassword']) && !isset($_GET['stored'])) {
$page['errors'][] = getlocal("my_settings.error.no_password");
}
$page['formlogin'] = $op['vclogin'];
$page['formname'] = $op['vclocalename'];
$page['formemail'] = $op['vcemail'];
$page['formcommonname'] = $op['vccommonname'];
$page['formcode'] = $op['code'];
$page['opid'] = $op['operatorid'];
}
}
if (!$op_id && !is_capable(CAN_ADMINISTRATE, $operator)) {
$page['errors'][] = getlocal("page_agent.error.forbidden_create");
}
$can_modify = ($op_id == $operator['operatorid'] && is_capable(CAN_MODIFYPROFILE, $operator))
|| is_capable(CAN_ADMINISTRATE, $operator);
$page['stored'] = isset($_GET['stored']);
$page['canmodify'] = $can_modify ? "1" : "";
$page['canchangelogin'] = is_capable(CAN_ADMINISTRATE, $operator);
$page['needChangePassword'] = check_password_hash($operator['vclogin'], '', $operator['vcpassword']);
$page['title'] = getlocal("page_agent.title");
$page['menuid'] = ($op_id == $operator['operatorid']) ? "profile" : "operators";
$page['requirePassword'] = (!$op_id || $page['needChangePassword']);
$page = array_merge($page, prepare_menu($operator));
$page['tabs'] = setup_operator_settings_tabs($op_id, 0);
$page_style = new PageStyle(PageStyle::getCurrentStyle());
$page_style->render('operator', $page);

2
src/mibew/styles/pages/default/templates_src/server_side/_menu.handlebars
View File

@ -36,7 +36,7 @@
<li{{#ifEqual menuid "updates"}} class="active"{{/ifEqual}}><a href="{{mibewRoot}}/operator/updates">{{l10n "menu.updates"}}</a></li>
{{/if}}
{{#if currentopid}}
<li{{#ifEqual menuid "profile"}} class="active"{{/ifEqual}}><a href="{{mibewRoot}}/operator/operator.php?op={{currentopid}}">{{l10n "menu.profile"}}</a></li>
<li{{#ifEqual menuid "profile"}} class="active"{{/ifEqual}}><a href="{{mibewRoot}}/operator/operator/{{currentopid}}/edit">{{l10n "menu.profile"}}</a></li>
{{/if}}
</ul>
</li>

2
src/mibew/styles/pages/default/templates_src/server_side/group_members.handlebars
View File

@ -32,7 +32,7 @@
<div class="field">
<div class="fvaluenodesc">
<input id="op{{operatorid}}" type="checkbox" name="op{{operatorid}}" value="on"{{#if checked}} checked="checked"{{/if}}/>
<label for="op{{operatorid}}">{{vclocalename}} (<a href="operator.php?op={{operatorid}}">{{vclogin}}</a>)</label>
<label for="op{{operatorid}}">{{vclocalename}} (<a href="operator/{{operatorid}}/edit">{{vclogin}}</a>)</label>
</div>
</div>
{{/each}}

2
src/mibew/styles/pages/default/templates_src/server_side/index.handlebars
View File

@ -126,7 +126,7 @@
<div class="dashitem">
<div class="dashitem-content">
<img src="{{stylePath}}/images/dash/profile.gif" alt=""/>
<a href="{{mibewRoot}}/operator/operator.php?op={{currentopid}}">
<a href="{{mibewRoot}}/operator/operator/{{currentopid}}/edit">
{{l10n "menu.profile"}}
</a>
{{l10n "menu.profile.content"}}

2
src/mibew/styles/pages/default/templates_src/server_side/operator.handlebars → src/mibew/styles/pages/default/templates_src/server_side/operator_edit.handlebars
View File

@ -23,7 +23,7 @@
{{/if}}
{{#ifAny opid canmodify}}
<form name="agentForm" method="post" action="{{mibewRoot}}/operator/operator.php">
<form name="agentForm" method="post" action="{{formaction}}">
{{csrfTokenInput}}
<input type="hidden" name="opid" value="{{opid}}"/>

4
src/mibew/styles/pages/default/templates_src/server_side/operators.handlebars
View File

@ -63,7 +63,7 @@
{{#if canmodify}}
<div class="tabletool">
<img src="{{stylePath}}/images/buttons/createagent.gif" border="0" alt="" />
<a href="{{mibewRoot}}/operator/operator.php" title="{{l10n "page_agents.new_agent"}}">
<a href="{{mibewRoot}}/operator/operator/add" title="{{l10n "page_agents.new_agent"}}">
{{l10n "page_agents.new_agent"}}
</a>
</div>
@ -87,7 +87,7 @@
{{#each allowedAgents}}
<tr>
<td class="notlast">
<a id="ti{{operatorid}}" href="{{../mibewRoot}}/operator/operator.php?op={{operatorid}}" class="man">
<a id="ti{{operatorid}}" href="{{../mibewRoot}}/operator/operator/{{operatorid}}/edit" class="man">
{{vclogin}}
</a>
</td>