diff options
author | Jesús <heckyel@hyperbola.info> | 2019-08-18 21:14:58 -0500 |
---|---|---|
committer | Jesús <heckyel@hyperbola.info> | 2019-08-18 21:14:58 -0500 |
commit | 2eed7b082f83630301e51f57ca8394de228a8605 (patch) | |
tree | 1d19962d22d30f99317d9276e4bae7744fc93fc2 /public/admin/controller/user | |
download | librecart-2eed7b082f83630301e51f57ca8394de228a8605.tar.lz librecart-2eed7b082f83630301e51f57ca8394de228a8605.tar.xz librecart-2eed7b082f83630301e51f57ca8394de228a8605.zip |
first commit
Diffstat (limited to 'public/admin/controller/user')
-rw-r--r-- | public/admin/controller/user/api.php | 417 | ||||
-rw-r--r-- | public/admin/controller/user/user.php | 495 | ||||
-rw-r--r-- | public/admin/controller/user/user_permission.php | 409 |
3 files changed, 1321 insertions, 0 deletions
diff --git a/public/admin/controller/user/api.php b/public/admin/controller/user/api.php new file mode 100644 index 0000000..c07c628 --- /dev/null +++ b/public/admin/controller/user/api.php @@ -0,0 +1,417 @@ +<?php +class ControllerUserApi extends Controller { + private $error = array(); + + public function index() { + $this->load->language('user/api'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/api'); + + $this->getList(); + } + + public function add() { + $this->load->language('user/api'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/api'); + + if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validateForm()) { + $this->model_user_api->addApi($this->request->post); + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getForm(); + } + + public function edit() { + $this->load->language('user/api'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/api'); + + if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validateForm()) { + $this->model_user_api->editApi($this->request->get['api_id'], $this->request->post); + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getForm(); + } + + public function delete() { + $this->load->language('user/api'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/api'); + + if (isset($this->request->post['selected']) && $this->validateDelete()) { + foreach ($this->request->post['selected'] as $api_id) { + $this->model_user_api->deleteApi($api_id); + } + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getList(); + } + + protected function getList() { + if (isset($this->request->get['sort'])) { + $sort = $this->request->get['sort']; + } else { + $sort = 'username'; + } + + if (isset($this->request->get['order'])) { + $order = $this->request->get['order']; + } else { + $order = 'ASC'; + } + + if (isset($this->request->get['page'])) { + $page = $this->request->get['page']; + } else { + $page = 1; + } + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . $url, true) + ); + + $data['add'] = $this->url->link('user/api/add', 'user_token=' . $this->session->data['user_token'] . $url, true); + $data['delete'] = $this->url->link('user/api/delete', 'user_token=' . $this->session->data['user_token'] . $url, true); + + $data['apis'] = array(); + + $filter_data = array( + 'sort' => $sort, + 'order' => $order, + 'start' => ($page - 1) * $this->config->get('config_limit_admin'), + 'limit' => $this->config->get('config_limit_admin') + ); + + $user_total = $this->model_user_api->getTotalApis(); + + $results = $this->model_user_api->getApis($filter_data); + + foreach ($results as $result) { + $data['apis'][] = array( + 'api_id' => $result['api_id'], + 'username' => $result['username'], + 'status' => ($result['status'] ? $this->language->get('text_enabled') : $this->language->get('text_disabled')), + 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])), + 'date_modified' => date($this->language->get('date_format_short'), strtotime($result['date_modified'])), + 'edit' => $this->url->link('user/api/edit', 'user_token=' . $this->session->data['user_token'] . '&api_id=' . $result['api_id'] . $url, true) + ); + } + + if (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->session->data['success'])) { + $data['success'] = $this->session->data['success']; + + unset($this->session->data['success']); + } else { + $data['success'] = ''; + } + + if (isset($this->request->post['selected'])) { + $data['selected'] = (array)$this->request->post['selected']; + } else { + $data['selected'] = array(); + } + + $url = ''; + + if ($order == 'ASC') { + $url .= '&order=DESC'; + } else { + $url .= '&order=ASC'; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['sort_username'] = $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . '&sort=username' . $url, true); + $data['sort_status'] = $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . '&sort=status' . $url, true); + $data['sort_date_added'] = $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url, true); + $data['sort_date_modified'] = $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . '&sort=date_modified' . $url, true); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + $pagination = new Pagination(); + $pagination->total = $user_total; + $pagination->page = $page; + $pagination->limit = $this->config->get('config_limit_admin'); + $pagination->url = $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true); + + $data['pagination'] = $pagination->render(); + + $data['results'] = sprintf($this->language->get('text_pagination'), ($user_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($user_total - $this->config->get('config_limit_admin'))) ? $user_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $user_total, ceil($user_total / $this->config->get('config_limit_admin'))); + + $data['sort'] = $sort; + $data['order'] = $order; + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('user/api_list', $data)); + } + + protected function getForm() { + $data['text_form'] = !isset($this->request->get['api_id']) ? $this->language->get('text_add') : $this->language->get('text_edit'); + $data['text_ip'] = sprintf($this->language->get('text_ip'), $this->request->server['REMOTE_ADDR']); + + $data['user_token'] = $this->session->data['user_token']; + + if (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->error['username'])) { + $data['error_username'] = $this->error['username']; + } else { + $data['error_username'] = ''; + } + + if (isset($this->error['key'])) { + $data['error_key'] = $this->error['key']; + } else { + $data['error_key'] = ''; + } + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . $url, true) + ); + + if (!isset($this->request->get['api_id'])) { + $data['action'] = $this->url->link('user/api/add', 'user_token=' . $this->session->data['user_token'] . $url, true); + } else { + $data['action'] = $this->url->link('user/api/edit', 'user_token=' . $this->session->data['user_token'] . '&api_id=' . $this->request->get['api_id'] . $url, true); + } + + $data['cancel'] = $this->url->link('user/api', 'user_token=' . $this->session->data['user_token'] . $url, true); + + if (isset($this->request->get['api_id']) && ($this->request->server['REQUEST_METHOD'] != 'POST')) { + $api_info = $this->model_user_api->getApi($this->request->get['api_id']); + } + + if (isset($this->request->post['username'])) { + $data['username'] = $this->request->post['username']; + } elseif (!empty($api_info)) { + $data['username'] = $api_info['username']; + } else { + $data['username'] = ''; + } + + if (isset($this->request->post['key'])) { + $data['key'] = $this->request->post['key']; + } elseif (!empty($api_info)) { + $data['key'] = $api_info['key']; + } else { + $data['key'] = ''; + } + + if (isset($this->request->post['status'])) { + $data['status'] = $this->request->post['status']; + } elseif (!empty($api_info)) { + $data['status'] = $api_info['status']; + } else { + $data['status'] = 0; + } + + // IP + if (isset($this->request->post['api_ip'])) { + $data['api_ips'] = $this->request->post['api_ip']; + } elseif (isset($this->request->get['api_id'])) { + $data['api_ips'] = $this->model_user_api->getApiIps($this->request->get['api_id']); + } else { + $data['api_ips'] = array(); + } + + // Session + $data['api_sessions'] = array(); + + if (isset($this->request->get['api_id'])) { + $results = $this->model_user_api->getApiSessions($this->request->get['api_id']); + + foreach ($results as $result) { + $data['api_sessions'][] = array( + 'api_session_id' => $result['api_session_id'], + 'session_id' => $result['session_id'], + 'ip' => $result['ip'], + 'date_added' => date($this->language->get('datetime_format'), strtotime($result['date_added'])), + 'date_modified' => date($this->language->get('datetime_format'), strtotime($result['date_modified'])) + ); + } + } + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('user/api_form', $data)); + } + + protected function validateForm() { + if (!$this->user->hasPermission('modify', 'user/user')) { + $this->error['warning'] = $this->language->get('error_permission'); + } + + if ((utf8_strlen(trim($this->request->post['username'])) < 3) || (utf8_strlen(trim($this->request->post['username'])) > 64)) { + $this->error['username'] = $this->language->get('error_username'); + } + + if ((utf8_strlen($this->request->post['key']) < 64) || (utf8_strlen($this->request->post['key']) > 256)) { + $this->error['key'] = $this->language->get('error_key'); + } + + if (!isset($this->error['warning']) && !isset($this->request->post['api_ip'])) { + $this->error['warning'] = $this->language->get('error_ip'); + } + + return !$this->error; + } + + protected function validateDelete() { + if (!$this->user->hasPermission('modify', 'user/api')) { + $this->error['warning'] = $this->language->get('error_permission'); + } + + return !$this->error; + } + + public function deleteSession() { + $this->load->language('user/api'); + + $json = array(); + + if (!$this->user->hasPermission('modify', 'user/api')) { + $json['error'] = $this->language->get('error_permission'); + } else { + $this->load->model('user/api'); + + $this->model_user_api->deleteApiSession($this->request->get['api_session_id']); + + $json['success'] = $this->language->get('text_success'); + } + + $this->response->addHeader('Content-Type: application/json'); + $this->response->setOutput(json_encode($json)); + } +} diff --git a/public/admin/controller/user/user.php b/public/admin/controller/user/user.php new file mode 100644 index 0000000..7bf4c61 --- /dev/null +++ b/public/admin/controller/user/user.php @@ -0,0 +1,495 @@ +<?php +class ControllerUserUser extends Controller { + private $error = array(); + + public function index() { + $this->load->language('user/user'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user'); + + $this->getList(); + } + + public function add() { + $this->load->language('user/user'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user'); + + if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validateForm()) { + $this->model_user_user->addUser($this->request->post); + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getForm(); + } + + public function edit() { + $this->load->language('user/user'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user'); + + if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validateForm()) { + $this->model_user_user->editUser($this->request->get['user_id'], $this->request->post); + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getForm(); + } + + public function delete() { + $this->load->language('user/user'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user'); + + if (isset($this->request->post['selected']) && $this->validateDelete()) { + foreach ($this->request->post['selected'] as $user_id) { + $this->model_user_user->deleteUser($user_id); + } + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getList(); + } + + protected function getList() { + if (isset($this->request->get['sort'])) { + $sort = $this->request->get['sort']; + } else { + $sort = 'username'; + } + + if (isset($this->request->get['order'])) { + $order = $this->request->get['order']; + } else { + $order = 'ASC'; + } + + if (isset($this->request->get['page'])) { + $page = $this->request->get['page']; + } else { + $page = 1; + } + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . $url, true) + ); + + $data['add'] = $this->url->link('user/user/add', 'user_token=' . $this->session->data['user_token'] . $url, true); + $data['delete'] = $this->url->link('user/user/delete', 'user_token=' . $this->session->data['user_token'] . $url, true); + + $data['users'] = array(); + + $filter_data = array( + 'sort' => $sort, + 'order' => $order, + 'start' => ($page - 1) * $this->config->get('config_limit_admin'), + 'limit' => $this->config->get('config_limit_admin') + ); + + $user_total = $this->model_user_user->getTotalUsers(); + + $results = $this->model_user_user->getUsers($filter_data); + + foreach ($results as $result) { + $data['users'][] = array( + 'user_id' => $result['user_id'], + 'username' => $result['username'], + 'status' => ($result['status'] ? $this->language->get('text_enabled') : $this->language->get('text_disabled')), + 'date_added' => date($this->language->get('date_format_short'), strtotime($result['date_added'])), + 'edit' => $this->url->link('user/user/edit', 'user_token=' . $this->session->data['user_token'] . '&user_id=' . $result['user_id'] . $url, true) + ); + } + + if (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->session->data['success'])) { + $data['success'] = $this->session->data['success']; + + unset($this->session->data['success']); + } else { + $data['success'] = ''; + } + + if (isset($this->request->post['selected'])) { + $data['selected'] = (array)$this->request->post['selected']; + } else { + $data['selected'] = array(); + } + + $url = ''; + + if ($order == 'ASC') { + $url .= '&order=DESC'; + } else { + $url .= '&order=ASC'; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['sort_username'] = $this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . '&sort=username' . $url, true); + $data['sort_status'] = $this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . '&sort=status' . $url, true); + $data['sort_date_added'] = $this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . '&sort=date_added' . $url, true); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + $pagination = new Pagination(); + $pagination->total = $user_total; + $pagination->page = $page; + $pagination->limit = $this->config->get('config_limit_admin'); + $pagination->url = $this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true); + + $data['pagination'] = $pagination->render(); + + $data['results'] = sprintf($this->language->get('text_pagination'), ($user_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($user_total - $this->config->get('config_limit_admin'))) ? $user_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $user_total, ceil($user_total / $this->config->get('config_limit_admin'))); + + $data['sort'] = $sort; + $data['order'] = $order; + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('user/user_list', $data)); + } + + protected function getForm() { + $data['text_form'] = !isset($this->request->get['user_id']) ? $this->language->get('text_add') : $this->language->get('text_edit'); + + if (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->error['username'])) { + $data['error_username'] = $this->error['username']; + } else { + $data['error_username'] = ''; + } + + if (isset($this->error['password'])) { + $data['error_password'] = $this->error['password']; + } else { + $data['error_password'] = ''; + } + + if (isset($this->error['confirm'])) { + $data['error_confirm'] = $this->error['confirm']; + } else { + $data['error_confirm'] = ''; + } + + if (isset($this->error['firstname'])) { + $data['error_firstname'] = $this->error['firstname']; + } else { + $data['error_firstname'] = ''; + } + + if (isset($this->error['lastname'])) { + $data['error_lastname'] = $this->error['lastname']; + } else { + $data['error_lastname'] = ''; + } + + if (isset($this->error['email'])) { + $data['error_email'] = $this->error['email']; + } else { + $data['error_email'] = ''; + } + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . $url, true) + ); + + if (!isset($this->request->get['user_id'])) { + $data['action'] = $this->url->link('user/user/add', 'user_token=' . $this->session->data['user_token'] . $url, true); + } else { + $data['action'] = $this->url->link('user/user/edit', 'user_token=' . $this->session->data['user_token'] . '&user_id=' . $this->request->get['user_id'] . $url, true); + } + + $data['cancel'] = $this->url->link('user/user', 'user_token=' . $this->session->data['user_token'] . $url, true); + + if (isset($this->request->get['user_id']) && ($this->request->server['REQUEST_METHOD'] != 'POST')) { + $user_info = $this->model_user_user->getUser($this->request->get['user_id']); + } + + if (isset($this->request->post['username'])) { + $data['username'] = $this->request->post['username']; + } elseif (!empty($user_info)) { + $data['username'] = $user_info['username']; + } else { + $data['username'] = ''; + } + + if (isset($this->request->post['user_group_id'])) { + $data['user_group_id'] = $this->request->post['user_group_id']; + } elseif (!empty($user_info)) { + $data['user_group_id'] = $user_info['user_group_id']; + } else { + $data['user_group_id'] = ''; + } + + $this->load->model('user/user_group'); + + $data['user_groups'] = $this->model_user_user_group->getUserGroups(); + + if (isset($this->request->post['password'])) { + $data['password'] = $this->request->post['password']; + } else { + $data['password'] = ''; + } + + if (isset($this->request->post['confirm'])) { + $data['confirm'] = $this->request->post['confirm']; + } else { + $data['confirm'] = ''; + } + + if (isset($this->request->post['firstname'])) { + $data['firstname'] = $this->request->post['firstname']; + } elseif (!empty($user_info)) { + $data['firstname'] = $user_info['firstname']; + } else { + $data['firstname'] = ''; + } + + if (isset($this->request->post['lastname'])) { + $data['lastname'] = $this->request->post['lastname']; + } elseif (!empty($user_info)) { + $data['lastname'] = $user_info['lastname']; + } else { + $data['lastname'] = ''; + } + + if (isset($this->request->post['email'])) { + $data['email'] = $this->request->post['email']; + } elseif (!empty($user_info)) { + $data['email'] = $user_info['email']; + } else { + $data['email'] = ''; + } + + if (isset($this->request->post['image'])) { + $data['image'] = $this->request->post['image']; + } elseif (!empty($user_info)) { + $data['image'] = $user_info['image']; + } else { + $data['image'] = ''; + } + + $this->load->model('tool/image'); + + if (isset($this->request->post['image']) && is_file(DIR_IMAGE . $this->request->post['image'])) { + $data['thumb'] = $this->model_tool_image->resize($this->request->post['image'], 100, 100); + } elseif (!empty($user_info) && $user_info['image'] && is_file(DIR_IMAGE . $user_info['image'])) { + $data['thumb'] = $this->model_tool_image->resize($user_info['image'], 100, 100); + } else { + $data['thumb'] = $this->model_tool_image->resize('no_image.png', 100, 100); + } + + $data['placeholder'] = $this->model_tool_image->resize('no_image.png', 100, 100); + + if (isset($this->request->post['status'])) { + $data['status'] = $this->request->post['status']; + } elseif (!empty($user_info)) { + $data['status'] = $user_info['status']; + } else { + $data['status'] = 0; + } + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('user/user_form', $data)); + } + + protected function validateForm() { + if (!$this->user->hasPermission('modify', 'user/user')) { + $this->error['warning'] = $this->language->get('error_permission'); + } + + if ((utf8_strlen($this->request->post['username']) < 3) || (utf8_strlen($this->request->post['username']) > 20)) { + $this->error['username'] = $this->language->get('error_username'); + } + + $user_info = $this->model_user_user->getUserByUsername($this->request->post['username']); + + if (!isset($this->request->get['user_id'])) { + if ($user_info) { + $this->error['warning'] = $this->language->get('error_exists_username'); + } + } else { + if ($user_info && ($this->request->get['user_id'] != $user_info['user_id'])) { + $this->error['warning'] = $this->language->get('error_exists_username'); + } + } + + if ((utf8_strlen(trim($this->request->post['firstname'])) < 1) || (utf8_strlen(trim($this->request->post['firstname'])) > 32)) { + $this->error['firstname'] = $this->language->get('error_firstname'); + } + + if ((utf8_strlen(trim($this->request->post['lastname'])) < 1) || (utf8_strlen(trim($this->request->post['lastname'])) > 32)) { + $this->error['lastname'] = $this->language->get('error_lastname'); + } + + if ((utf8_strlen($this->request->post['email']) > 96) || !filter_var($this->request->post['email'], FILTER_VALIDATE_EMAIL)) { + $this->error['email'] = $this->language->get('error_email'); + } + + $user_info = $this->model_user_user->getUserByEmail($this->request->post['email']); + + if (!isset($this->request->get['user_id'])) { + if ($user_info) { + $this->error['warning'] = $this->language->get('error_exists_email'); + } + } else { + if ($user_info && ($this->request->get['user_id'] != $user_info['user_id'])) { + $this->error['warning'] = $this->language->get('error_exists_email'); + } + } + + if ($this->request->post['password'] || (!isset($this->request->get['user_id']))) { + if ((utf8_strlen(html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8')) < 4) || (utf8_strlen(html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8')) > 40)) { + $this->error['password'] = $this->language->get('error_password'); + } + + if ($this->request->post['password'] != $this->request->post['confirm']) { + $this->error['confirm'] = $this->language->get('error_confirm'); + } + } + + return !$this->error; + } + + protected function validateDelete() { + if (!$this->user->hasPermission('modify', 'user/user')) { + $this->error['warning'] = $this->language->get('error_permission'); + } + + foreach ($this->request->post['selected'] as $user_id) { + if ($this->user->getId() == $user_id) { + $this->error['warning'] = $this->language->get('error_account'); + } + } + + return !$this->error; + } +}
\ No newline at end of file diff --git a/public/admin/controller/user/user_permission.php b/public/admin/controller/user/user_permission.php new file mode 100644 index 0000000..d13dc57 --- /dev/null +++ b/public/admin/controller/user/user_permission.php @@ -0,0 +1,409 @@ +<?php +class ControllerUserUserPermission extends Controller { + private $error = array(); + + public function index() { + $this->load->language('user/user_group'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user_group'); + + $this->getList(); + } + + public function add() { + $this->load->language('user/user_group'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user_group'); + + if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validateForm()) { + $this->model_user_user_group->addUserGroup($this->request->post); + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getForm(); + } + + public function edit() { + $this->load->language('user/user_group'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user_group'); + + if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validateForm()) { + $this->model_user_user_group->editUserGroup($this->request->get['user_group_id'], $this->request->post); + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getForm(); + } + + public function delete() { + $this->load->language('user/user_group'); + + $this->document->setTitle($this->language->get('heading_title')); + + $this->load->model('user/user_group'); + + if (isset($this->request->post['selected']) && $this->validateDelete()) { + foreach ($this->request->post['selected'] as $user_group_id) { + $this->model_user_user_group->deleteUserGroup($user_group_id); + } + + $this->session->data['success'] = $this->language->get('text_success'); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $this->response->redirect($this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url, true)); + } + + $this->getList(); + } + + protected function getList() { + if (isset($this->request->get['sort'])) { + $sort = $this->request->get['sort']; + } else { + $sort = 'name'; + } + + if (isset($this->request->get['order'])) { + $order = $this->request->get['order']; + } else { + $order = 'ASC'; + } + + if (isset($this->request->get['page'])) { + $page = $this->request->get['page']; + } else { + $page = 1; + } + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url, true) + ); + + $data['add'] = $this->url->link('user/user_permission/add', 'user_token=' . $this->session->data['user_token'] . $url, true); + $data['delete'] = $this->url->link('user/user_permission/delete', 'user_token=' . $this->session->data['user_token'] . $url, true); + + $data['user_groups'] = array(); + + $filter_data = array( + 'sort' => $sort, + 'order' => $order, + 'start' => ($page - 1) * $this->config->get('config_limit_admin'), + 'limit' => $this->config->get('config_limit_admin') + ); + + $user_group_total = $this->model_user_user_group->getTotalUserGroups(); + + $results = $this->model_user_user_group->getUserGroups($filter_data); + + foreach ($results as $result) { + $data['user_groups'][] = array( + 'user_group_id' => $result['user_group_id'], + 'name' => $result['name'], + 'edit' => $this->url->link('user/user_permission/edit', 'user_token=' . $this->session->data['user_token'] . '&user_group_id=' . $result['user_group_id'] . $url, true) + ); + } + + if (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->session->data['success'])) { + $data['success'] = $this->session->data['success']; + + unset($this->session->data['success']); + } else { + $data['success'] = ''; + } + + if (isset($this->request->post['selected'])) { + $data['selected'] = (array)$this->request->post['selected']; + } else { + $data['selected'] = array(); + } + + $url = ''; + + if ($order == 'ASC') { + $url .= '&order=DESC'; + } else { + $url .= '&order=ASC'; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['sort_name'] = $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . '&sort=name' . $url, true); + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + $pagination = new Pagination(); + $pagination->total = $user_group_total; + $pagination->page = $page; + $pagination->limit = $this->config->get('config_limit_admin'); + $pagination->url = $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url . '&page={page}', true); + + $data['pagination'] = $pagination->render(); + + $data['results'] = sprintf($this->language->get('text_pagination'), ($user_group_total) ? (($page - 1) * $this->config->get('config_limit_admin')) + 1 : 0, ((($page - 1) * $this->config->get('config_limit_admin')) > ($user_group_total - $this->config->get('config_limit_admin'))) ? $user_group_total : ((($page - 1) * $this->config->get('config_limit_admin')) + $this->config->get('config_limit_admin')), $user_group_total, ceil($user_group_total / $this->config->get('config_limit_admin'))); + + $data['sort'] = $sort; + $data['order'] = $order; + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('user/user_group_list', $data)); + } + + protected function getForm() { + $data['text_form'] = !isset($this->request->get['user_group_id']) ? $this->language->get('text_add') : $this->language->get('text_edit'); + + if (isset($this->error['warning'])) { + $data['error_warning'] = $this->error['warning']; + } else { + $data['error_warning'] = ''; + } + + if (isset($this->error['name'])) { + $data['error_name'] = $this->error['name']; + } else { + $data['error_name'] = ''; + } + + $url = ''; + + if (isset($this->request->get['sort'])) { + $url .= '&sort=' . $this->request->get['sort']; + } + + if (isset($this->request->get['order'])) { + $url .= '&order=' . $this->request->get['order']; + } + + if (isset($this->request->get['page'])) { + $url .= '&page=' . $this->request->get['page']; + } + + $data['breadcrumbs'] = array(); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('text_home'), + 'href' => $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true) + ); + + $data['breadcrumbs'][] = array( + 'text' => $this->language->get('heading_title'), + 'href' => $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url, true) + ); + + if (!isset($this->request->get['user_group_id'])) { + $data['action'] = $this->url->link('user/user_permission/add', 'user_token=' . $this->session->data['user_token'] . $url, true); + } else { + $data['action'] = $this->url->link('user/user_permission/edit', 'user_token=' . $this->session->data['user_token'] . '&user_group_id=' . $this->request->get['user_group_id'] . $url, true); + } + + $data['cancel'] = $this->url->link('user/user_permission', 'user_token=' . $this->session->data['user_token'] . $url, true); + + if (isset($this->request->get['user_group_id']) && $this->request->server['REQUEST_METHOD'] != 'POST') { + $user_group_info = $this->model_user_user_group->getUserGroup($this->request->get['user_group_id']); + } + + if (isset($this->request->post['name'])) { + $data['name'] = $this->request->post['name']; + } elseif (!empty($user_group_info)) { + $data['name'] = $user_group_info['name']; + } else { + $data['name'] = ''; + } + + $ignore = array( + 'common/dashboard', + 'common/startup', + 'common/login', + 'common/logout', + 'common/forgotten', + 'common/reset', + 'common/footer', + 'common/header', + 'error/not_found', + 'error/permission' + ); + + $data['permissions'] = array(); + + $files = array(); + + // Make path into an array + $path = array(DIR_APPLICATION . 'controller/*'); + + // While the path array is still populated keep looping through + while (count($path) != 0) { + $next = array_shift($path); + + foreach (glob($next) as $file) { + // If directory add to path array + if (is_dir($file)) { + $path[] = $file . '/*'; + } + + // Add the file to the files to be deleted array + if (is_file($file)) { + $files[] = $file; + } + } + } + + // Sort the file array + sort($files); + + foreach ($files as $file) { + $controller = substr($file, strlen(DIR_APPLICATION . 'controller/')); + + $permission = substr($controller, 0, strrpos($controller, '.')); + + if (!in_array($permission, $ignore)) { + $data['permissions'][] = $permission; + } + } + + if (isset($this->request->post['permission']['access'])) { + $data['access'] = $this->request->post['permission']['access']; + } elseif (isset($user_group_info['permission']['access'])) { + $data['access'] = $user_group_info['permission']['access']; + } else { + $data['access'] = array(); + } + + if (isset($this->request->post['permission']['modify'])) { + $data['modify'] = $this->request->post['permission']['modify']; + } elseif (isset($user_group_info['permission']['modify'])) { + $data['modify'] = $user_group_info['permission']['modify']; + } else { + $data['modify'] = array(); + } + + $data['header'] = $this->load->controller('common/header'); + $data['column_left'] = $this->load->controller('common/column_left'); + $data['footer'] = $this->load->controller('common/footer'); + + $this->response->setOutput($this->load->view('user/user_group_form', $data)); + } + + protected function validateForm() { + if (!$this->user->hasPermission('modify', 'user/user_permission')) { + $this->error['warning'] = $this->language->get('error_permission'); + } + + if ((utf8_strlen($this->request->post['name']) < 3) || (utf8_strlen($this->request->post['name']) > 64)) { + $this->error['name'] = $this->language->get('error_name'); + } + + return !$this->error; + } + + protected function validateDelete() { + if (!$this->user->hasPermission('modify', 'user/user_permission')) { + $this->error['warning'] = $this->language->get('error_permission'); + } + + $this->load->model('user/user'); + + foreach ($this->request->post['selected'] as $user_group_id) { + $user_total = $this->model_user_user->getTotalUsersByGroupId($user_group_id); + + if ($user_total) { + $this->error['warning'] = sprintf($this->language->get('error_user'), $user_total); + } + } + + return !$this->error; + } +}
\ No newline at end of file |