From cf14306c2b3f82a81f8d56669a71633b4d4b5fce Mon Sep 17 00:00:00 2001
From: marvin-borner@live.com
Date: Mon, 16 Apr 2018 21:09:05 +0200
Subject: Main merge to user management system - files are now at /main/public/

---
 .../src/Controller/MemberController.php            | 123 +++++++++++++++++++++
 1 file changed, 123 insertions(+)
 create mode 100755 main/app/sprinkles/extend-user/src/Controller/MemberController.php

(limited to 'main/app/sprinkles/extend-user/src/Controller/MemberController.php')

diff --git a/main/app/sprinkles/extend-user/src/Controller/MemberController.php b/main/app/sprinkles/extend-user/src/Controller/MemberController.php
new file mode 100755
index 0000000..c584286
--- /dev/null
+++ b/main/app/sprinkles/extend-user/src/Controller/MemberController.php
@@ -0,0 +1,123 @@
+<?php
+namespace UserFrosting\Sprinkle\ExtendUser\Controller;
+
+use Illuminate\Database\Capsule\Manager as Capsule;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use UserFrosting\Sprinkle\Admin\Controller\UserController;
+use UserFrosting\Sprinkle\Core\Facades\Debug;
+use UserFrosting\Support\Exception\ForbiddenException;
+
+class MemberController extends UserController
+{
+    /**
+     * Renders a page displaying a user's information, in read-only mode.
+     *
+     * This checks that the currently logged-in user has permission to view the requested user's info.
+     * It checks each field individually, showing only those that you have permission to view.
+     * This will also try to show buttons for activating, disabling/enabling, deleting, and editing the user.
+     * This page requires authentication.
+     * Request type: GET
+     */
+    public function pageInfo($request, $response, $args)
+    {
+        $user = $this->getUserFromParams($args);
+
+        // If the user no longer exists, forward to main user listing page
+        if (!$user) {
+            $usersPage = $this->ci->router->pathFor('uri_users');
+            return $response->withRedirect($usersPage, 404);
+        }
+
+        /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var UserFrosting\Sprinkle\Account\Database\Models\User $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'uri_user', [
+            'user' => $user
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        /** @var UserFrosting\Config\Config $config */
+        $config = $this->ci->config;
+
+        // Get a list of all locales
+        $locales = $config->getDefined('site.locales.available');
+
+        // Determine fields that currentUser is authorized to view
+        $fieldNames = ['user_name', 'name', 'email', 'locale', 'group', 'roles', 'address'];
+
+        // Generate form
+        $fields = [
+            // Always hide these
+            'hidden' => ['theme']
+        ];
+
+        // Determine which fields should be hidden
+        foreach ($fieldNames as $field) {
+            if (!$authorizer->checkAccess($currentUser, 'view_user_field', [
+                'user' => $user,
+                'property' => $field
+            ])) {
+                $fields['hidden'][] = $field;
+            }
+        }
+
+        // Determine buttons to display
+        $editButtons = [
+            'hidden' => []
+        ];
+
+        if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
+            'user' => $user,
+            'fields' => ['name', 'email', 'locale']
+        ])) {
+            $editButtons['hidden'][] = 'edit';
+        }
+
+        if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
+            'user' => $user,
+            'fields' => ['flag_enabled']
+        ])) {
+            $editButtons['hidden'][] = 'enable';
+        }
+
+        if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
+            'user' => $user,
+            'fields' => ['flag_verified']
+        ])) {
+            $editButtons['hidden'][] = 'activate';
+        }
+
+        if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
+            'user' => $user,
+            'fields' => ['password']
+        ])) {
+            $editButtons['hidden'][] = 'password';
+        }
+
+        if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
+            'user' => $user,
+            'fields' => ['roles']
+        ])) {
+            $editButtons['hidden'][] = 'roles';
+        }
+
+        if (!$authorizer->checkAccess($currentUser, 'delete_user', [
+            'user' => $user
+        ])) {
+            $editButtons['hidden'][] = 'delete';
+        }
+
+        return $this->ci->view->render($response, 'pages/user.html.twig', [
+            'user' => $user,
+            'locales' => $locales,
+            'fields' => $fields,
+            'tools' => $editButtons
+        ]);
+    }
+}
-- 
cgit v1.2.3