/** * Save user. * * @param integer $id */ public function saveAction($id) { $this->addCrumb($this->translate('edit'), $this->generateUrl('admin_edit_user')); // Fetch and update user $user = User::find($id); $params = $this->modelParams(); // Update password. if (!empty($params['password'])) { $user->setPassword($params['password']); } // Remove password from params unset($params['password']); // Set the rest of the params $user->set($params); if ($user->save()) { return $this->redirectTo('admin_users'); } else { $this->set('user', $user); return $this->respondTo(function ($format) use($user) { if ($format == "html") { return $this->render('admin/users/edit.phtml'); } elseif ($format == "json") { return $this->jsonResponse($user); } }); } }
/** * Create session. */ public function createAction() { $user = User::find('username', Request::$post->get('username')); if ($user && $user->authenticate(Request::$post->get('password'))) { return $this->redirectTo('root')->addCookie('traq', $user['session_hash']); } else { return $this->render('sessions/new.phtml', ['error' => true]); } }
/** * User profile page. * * @param integer $id */ public function showAction($id) { // If the user doesn't exist, display the 404 page. if (!($user = User::find($id))) { return $this->show404(); } // Set the title $this->title($this->translate('users')); $this->title($user->name); $this->set('profile', $user); return $this->render("profile/show.phtml"); }
/** * Create session */ public function createAction() { $user = User::find('username', Request::$post->get('username')); if ($user && $user->authenticate(Request::$post->get('password'))) { // Check account activation if (setting('email_validation') && !$user->isActivated()) { return $this->render("sessions/new.phtml", ['activationRequired' => true]); } $response = new RedirectResponse(routeUrl('root')); $response->addCookie('traq', $user->login_hash, time() + 2 * 4 * 7 * 24 * 60 * 60 * 60, '/'); return $response; } else { return $this->render('sessions/new.phtml', ['error' => true]); } }
/** * Add project member. * * @return \Avalon\Http\RedirectResponse|\Avalon\Http\Response */ public function createAction() { $errors = []; $user = User::find('username', Request::$post->get('username')); $role = ProjectRole::find(Request::$post->get('role_id')); // Check if they entered a username if (!Request::$post->has('username') || Request::$post->get('username') == '') { $errors['username'] = $this->translate('errors.validations.required', ['field' => $this->translate('username')]); } elseif (!$user) { $errors['username'] = $this->translate('errors.users.doesnt_exist'); } // Check if the user is already a member of the project if ($user) { $member = UserRole::select('id')->where('project_id = ?')->setParameter(0, $this->currentProject['id'])->andWhere('user_id = ?')->setParameter(1, $user->id)->execute(); } if ($user && isset($member) && $member->rowCount() > 0) { $errors['username'] = $this->translate('errors.users.already_a_project_member'); } // Check if they chose a role if (Request::$post->get('role_id', '') == '') { $errors['role_id'] = $this->translate('errors.validations.required', ['field' => $this->translate('role')]); } // Check if the role exists if (!$role) { $errors['role'] = $this->translate('errors.roles.doesnt_exist'); } // Check if the role belongs to the project if ($role && ($role->project_id != 0 && $role->project_id != $this->currentProject['id'])) { $errors['role'] = $this->translate('errors.roles.invalid_role'); } if (count($errors)) { return $this->render('project_settings/members/new.phtml', ['errors' => $errors]); } else { $userRole = new UserRole(['project_id' => $this->currentProject['id'], 'project_role_id' => $role->id, 'user_id' => $user->id]); $userRole->save(); return $this->redirectTo('project_settings_members'); } }
/** * Update password. * * @return \Avalon\Http\Response */ public function savePasswordAction() { $user = User::find($this->currentUser['id']); $this->set(compact('user')); // Authenticate current password if (!$user->authenticate(Request::$post->get('current_password'))) { $user->addError('password', $this->translate('errors.incorrect_password')); } else { // Confirm passwords if (Request::$post->get('password') !== Request::$post->get('password_confirmation')) { $user->addError('password', $this->translate('errors.validations.confirm', ['field' => $this->translate('password')])); } else { $user->password = Request::$post->get('password'); // Save and redirect if ($user->validate()) { // Update password $user->setPassword(Request::$post->get('password')); $user->password_ver = 'crypt'; $user->save(); return $this->redirectTo('usercp_password'); } } } // Incorrect password or new passwords don't match. return $this->render('usercp/password.phtml'); }
/** * Always call this when defining `__construct()` in sub-classes. */ public function __construct() { $this->db = ConnectionManager::getConnection(); // Modal? if (Request::$headers->has('X-Modal')) { $this->isModal = Request::$headers->get('X-Modal') == true; } // Get current project. if (Request::$properties->has('pslug')) { $this->currentProject = Project::find('slug', Request::$properties->get('pslug')) ?: null; $GLOBALS['current_project'] = $this->currentProject; $this->before('*', function () { if (!$this->hasPermission('view', $this->currentProject)) { return $this->show404(); } }); } else { $GLOBALS['current_project'] = null; } // Get current user. if ($sessionHash = Request::$cookies->get('traq')) { if ($this->currentProject) { $user = User::select('u.*')->addSelect('pur.project_role_id')->leftJoin('u', UserRole::tableName(), 'pur', 'pur.project_id = :project_id AND pur.user_id = u.id'); $user->where('u.session_hash = :session_hash'); $user->setParameter('project_id', $this->currentProject['id']); $user->setParameter('session_hash', $sessionHash); $this->currentUser = $user->fetch() ?: null; } else { $this->currentUser = User::find('session_hash', $sessionHash) ?: null; } $GLOBALS['current_user'] = $this->currentUser; } else { $GLOBALS['current_user'] = null; } $GLOBALS['permissions'] = Permission::getPermissions($this->currentUser, $this->currentProject); // Add Traq as first breadcrumb. $this->addCrumb(setting('title'), $this->generateUrl('root')); // Check if the user has permission to view the current project if (isset($this->currentProject)) { $this->before('*', function () { if (!$this->hasPermission('view')) { return $this->show403(); } }); } // If the user has a `sha1` hashed password, require them to change it because // as of Traq 4.1, only mcrypt passwords will work. if ($this->currentUser['password_ver'] == 'sha1') { $this->before('*', function () { if (Request::$properties['controller'] != 'Traq\\Controllers\\UserCP' && Request::$properties['controller'] != 'Traq\\Controllers\\Sessions') { return $this->redirectTo('usercp_password'); } }); } }
/** * Make the ticket history changes array. * * @param Ticket $ticket * @param array $data * * @return array */ protected function makeChanges($ticket, $data) { $changes = []; foreach ($data as $field => $value) { $fieldNoId = str_replace('_id', '', $field); if ($value != $ticket[$field]) { switch ($field) { case 'summary': $from = $ticket[$field]; $to = $data[$field]; break; case 'type_id': case 'status_id': case 'milestone_id': case 'version_id': case 'component_id': case 'priority_id': case 'severity_id': $model = '\\Traq\\Models\\' . ucfirst($fieldNoId == 'version' ? 'milestone' : $fieldNoId); $from = $ticket[$fieldNoId . '_name']; if ($data[$field] == 0) { $to = null; } else { $to = $model::find($data[$field])->name; } break; case 'assigned_to_id': $from = $ticket['assigned_to_name']; if ($value == 0) { $to = null; } else { $user = User::find($value); $to = $user->name; } break; } $changes[] = ['property' => $fieldNoId, 'from' => $from, 'to' => $to]; } } return $changes; }