/**
* Optimizes the given css content.
*
* @access public
* @param array $accessLevels
* @param \Zepi\Web\AccessControl\Entity\User $editedGroup
* @param \Zepi\Web\AccessControl\Entity\Group $editedGroup
* @return string
*/
public function transformAccessLevels($accessLevels, User $user, Group $editedGroup = null)
{
$selectorItems = array();
foreach ($accessLevels as $accessLevel) {
$disabled = false;
if (!$user->hasAccess($accessLevel->getKey()) || $editedGroup !== null && $this->isEditedGroup($accessLevel->getKey(), $editedGroup)) {
$disabled = true;
}
$name = $accessLevel->getName();
$description = $accessLevel->getDescription();
if ($accessLevel instanceof GroupAccessLevel) {
$icon = 'mdi mdi-group';
} else {
$icon = 'mdi mdi-toll';
$name = $this->translationManager->translate($name, $accessLevel->getNamespace());
$description = $this->translationManager->translate($description, $accessLevel->getNamespace());
}
$selectorItems[] = new SelectorItem($accessLevel->getKey(), $name, $description, $icon, $disabled);
}
return $selectorItems;
}
/**
* Generates the layout
*
* @return \Zepi\Web\UserInterface\Layout\AbstractContainer
*
* @throws \Zepi\Web\AccessControl\Exception User is not set.
*/
protected function generateLayout()
{
if ($this->user === null) {
throw new Exception('User is not set.');
}
$request = $this->framework->getRequest();
$accessLevelSelectorItems = $this->accessLevelHelper->transformAccessLevels($this->accessLevelManager->getAccessLevels(), $request->getSession()->getUser());
$rawPermissionsForUuid = $this->accessControlManager->getPermissionsRawForUuid($this->user->getUuid());
if ($rawPermissionsForUuid === false) {
$rawPermissionsForUuid = array();
}
$page = new Page(array(new Form('edit-user', $request->getFullRoute(), 'post', array(new ErrorBox('edit-user-errors'), new Tabs(array(new Tab(array(new Row(array(new Column(array(new Group('required-data', $this->translate('Required data', '\\Zepi\\Web\\AccessControl'), array(new Text('username', $this->translate('Username', '\\Zepi\\Web\\AccessControl'), true, $this->user->getName(), $this->translate('The username must be unique. Only one user can use an username.', '\\Zepi\\Web\\AccessControl')), new Password('password', $this->translate('Password', '\\Zepi\\Web\\AccessControl'), $this->user->isNew()), new Password('password-confirmed', $this->translate('Confirm password', '\\Zepi\\Web\\AccessControl'), $this->user->isNew())), 1)), array('col-md-6')), new Column(array(new Group('optional-data', $this->translate('Optional data', '\\Zepi\\Web\\AccessControl'), array(new Text('email', $this->translate('Email address', '\\Zepi\\Web\\AccessControl'), false, $this->user->getMetaData('email')), new Text('location', $this->translate('Location', '\\Zepi\\Web\\AccessControl'), false, $this->user->getMetaData('location')), new Text('website', $this->translate('Website', '\\Zepi\\Web\\AccessControl'), false, $this->user->getMetaData('website')), new Text('twitter', $this->translate('Twitter', '\\Zepi\\Web\\AccessControl'), false, $this->user->getMetaData('twitter')), new Textarea('biography', $this->translate('Biography', '\\Zepi\\Web\\AccessControl'), false, $this->user->getMetaData('biography'))), 2)), array('col-md-6'))))), array(), 'user-tab', $this->translate('User informations', '\\Zepi\\Web\\AccessControl')), new Tab(array(new Selector('access-levels', $this->translate('Access Level Selector', '\\Zepi\\Web\\AccessControl'), false, $rawPermissionsForUuid, $accessLevelSelectorItems, $this->translate('Available Access Levels', '\\Zepi\\Web\\AccessControl'), $this->translate('Granted Access Levels', '\\Zepi\\Web\\AccessControl'), '\\Zepi\\Web\\AccessControl\\Templates\\Form\\Snippet\\AccessLevel')), array(), 'access-tab', $this->translate('Permissions', '\\Zepi\\Web\\AccessControl')))), new Row(array(new Column(array(new ButtonGroup('buttons-left', array(new Button('back', $this->translate('Back', '\\Zepi\\Web\\AccessControl'), array('btn-default'), '', 'a', $request->getFullRoute('/administration/users/'))), 1000, array('text-left'))), array('col-md-4')), new Column(array(new ButtonGroup('buttons', array(new Submit('submit', $this->translate('Save', '\\Zepi\\Web\\AccessControl'), array('btn-large', 'btn-primary'), 'mdi mdi-save')), 1000)), array('col-md-4'))))))));
return $page;
}
/**
* Initializes the user session
*
* @access public
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
* @param \Zepi\Web\AccessControl\Entity\User $user
*/
public function initializeUserSession(WebRequest $request, Response $response, User $user)
{
// If the session already has user data ...
if ($request->getSessionData('userUuid') !== false) {
$sessionToken = $request->getSessionData('userSessionToken');
$sessionTokenLifetime = $request->getSessionData('userSessionTokenLifetime');
// Cleanup the session
$this->cleanupSession($request);
// Save the old session token for some requests in the next 60 seconds
if ($sessionToken !== false) {
$request->setSessionData('oldUserSessionToken', $sessionToken);
$request->setSessionData('oldUserSessionTokenLifetime', $sessionTokenLifetime);
}
}
// Regenerate the session
$this->regenerateSession($request);
$sessionToken = md5($user->getUuid()) . '-' . md5(uniqid());
$sessionTokenLifeTime = time() + 300;
$request->setSessionData('userUuid', $user->getUuid());
$request->setSessionData('userSessionToken', $sessionToken);
$request->setSessionData('userSessionTokenLifetime', $sessionTokenLifeTime);
setcookie($sessionToken, $sessionTokenLifeTime, 0, '/', '', $request->isSsl());
}
/**
* Returns true if the password should be validated.
*
* @param \Zepi\Web\AccessControl\Entity\User $user
* @param string $password
* @return boolean
*/
protected function shouldValidatePassword(User $user, $password)
{
return $user->isNew() || $password != '';
}
/**
* Validates the data for the change password function.
*
* @access protected
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Web\AccessControl\Entity\User $user
* @param string $oldPassword
* @param string $newPassword
* @param string $newPasswordConfirmed
*/
protected function validateData(Framework $framework, User $user, $oldPassword, $newPassword, $newPasswordConfirmed)
{
// Old password
if (!$user->comparePasswords($oldPassword)) {
return $this->translate('The old password is not valid.', '\\Zepi\\Web\\AccessControl');
}
// New password
if (strlen($newPassword) < 8) {
return $this->translate('The new password needs at least 8 characters.', '\\Zepi\\Web\\AccessControl');
}
if ($newPassword != $newPasswordConfirmed) {
return $this->translate('The new password are not equal.', '\\Zepi\\Web\\AccessControl');
}
return true;
}
/**
* Deletes the user with the given uuid
*
* @param \Zepi\Web\AccessControl\Entity\User $user
* @return boolean
*
* @throws \Zepi\Core\AccessControl\Exception Cannot delete the user. User does not exist.
*/
public function deleteUser($user)
{
// If the uuid does not exists we cannot delete the user
if (!$this->accessControlManager->hasAccessEntityForUuid(self::ACCESS_ENTITY_TYPE, $user->getUuid())) {
throw new Exception('Cannot delete the user. User does not exist.');
}
// Delete the access entity
return $this->accessControlManager->deleteAccessEntity($user);
}
/**
* Authorizes the user with his username and password. Initializes
* the user session if the user data are valid.
*
* @access protected
* @param \Zepi\Web\UserInterface\Form\Form $registrationForm
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\RequestAbstract $request
* @param \Zepi\Turbo\Response\Response $response
* @return string|boolean
*/
protected function createUser(Form $registrationForm, Framework $framework, RequestAbstract $request, Response $response)
{
$group = $registrationForm->searchPartByKeyAndType('user-data');
$username = trim($group->getPart('username')->getValue());
$email = trim($group->getPart('email')->getValue());
$password = trim($group->getPart('password')->getValue());
$tos = $group->getPart('tos-accepted')->getValue();
$result = $this->validateData($framework, $username, $email, $password, $tos);
// If the validate function returned a string there was an error in the validation.
if ($result !== true) {
return $result;
}
// Create the new user
$user = new User('', '', $username, '', array('email' => $email));
$user->setNewPassword($password);
// Generate an activation code
$activationToken = uniqid(md5($email), true);
$user->setMetaData('activationToken', $activationToken);
$user = $this->userManager->addUser($user);
// Add the disabled access level
$this->accessControlManager->grantPermission($user->getUuid(), '\\Zepi\\Web\\AccessControl\\Entity\\User', '\\Global\\Disabled', 'Registration');
// Send the registration mail
$activationLink = $request->getFullRoute('/activate/' . $user->getUuid() . '/' . $activationToken . '/');
$this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('Your registration', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\Registration', array('user' => $user, 'activationLink' => $activationLink)));
return true;
}
/**
* Returns true if the user of this session has acces
* to the given access level, return false otherwise.
*
* @access public
* @param string $accessLevel
* @return boolean
*/
public function hasAccess($accessLevel)
{
return $this->user->hasAccess($accessLevel);
}