function __construct()
{
parent::__construct('some_table', array('defaultOrder' => array('id' => 1)));
$this->before('select', function ($dataSource, &$filter) {
});
$this->on('calcFields', function ($dataSource, &$row) {
});
// DML
$this->before('insert', function ($dataSource, &$row, $transientData) {
});
$this->before('update', function ($dataSource, &$row, $transientData, $old) {
});
$this->before('remove', function ($dataSource, &$row, $transientData) {
});
$this->after('insert', function ($dataSource, &$row, $transientData) {
});
$this->after('update', function ($dataSource, &$row, $transientData, $old) {
});
$this->after('remove', function ($dataSource, &$row, $transientData) {
});
// commands
$this->on('someCommand', function ($dataSource, $params) {
throw new Exception('Not implemented');
});
}
function __construct()
{
$usersTable = br()->auth()->getAttr('usersTable.name');
$loginField = br()->auth()->getAttr('usersTable.loginField');
parent::__construct($usersTable, array('defaultOrder' => $loginField));
$this->on('signup', function ($dataSource, $params) {
$loginField = br()->auth()->getAttr('usersTable.loginField');
$passwordField = br()->auth()->getAttr('usersTable.passwordField');
$emailField = br()->auth()->getAttr('usersTable.emailField');
if (br()->auth()->getAttr('signup.enabled')) {
$data = array();
$row = $dataSource->insert($params, $data);
br()->log()->writeLn('User registered:');
br()->log()->writeLn($row);
br()->log()->writeLn($data);
if ($mailTemplate = br()->auth()->getAttr('signup.mail.template')) {
if ($email = br($row, $emailField)) {
$user = $row;
$user[$passwordField] = br($data, 'password');
$message = br()->renderer()->fetch($mailTemplate, $user);
br()->log()->writeLn('Sending signup mail to ' . $email);
if (br()->sendMail($email, br()->auth()->getAttr('signup.mail.subject'), $message, array('sender' => br()->auth()->getAttr('mail.from')))) {
br()->log()->writeLn('Sent');
} else {
throw new Exception('Mail was not sent because of unknown error');
}
} else {
br()->log()->writeLn('Signup mail was not sent - email field not found or empty');
}
} else {
br()->log()->writeLn('Signup mail was not sent - mail template not found or empty');
}
br()->auth()->setLogin($row);
$row = $dataSource->selectOne(br()->db()->rowidValue($row));
unset($row[$passwordField]);
br()->auth()->trigger('after:signup', $row);
return $row;
} else {
throw new Exception('Sorry. Signup is currently disabled.');
}
});
$this->on('login', function ($dataSource, $params) {
$loginField = br()->auth()->getAttr('usersTable.loginField');
$passwordField = br()->auth()->getAttr('usersTable.passwordField');
$plainPasswords = br()->auth()->getAttr('plainPasswords');
$filter = array();
try {
if (br($params, $loginField) && br($params, $passwordField)) {
if (!$plainPasswords) {
$params[$passwordField] = md5($params[$passwordField]);
}
$filter = array($loginField => $params[$loginField], $passwordField => $params[$passwordField]);
$dataSource->callEvent('before:loginSelectUser', $params, $filter);
if ($row = $dataSource->selectOne($filter)) {
$row[$passwordField] = $params[$passwordField];
$row = $dataSource->loginUser($row, $params);
return $row;
} else {
throw new BrAppException('Invalid login/password or user not found');
}
} else {
throw new BrAppException('Please enter login/password');
}
} catch (BrAppException $e) {
$params['filter'] = $filter;
$params['error'] = $e->getMessage();
$dataSource->callEvent('loginError', $params);
throw new BrAppException($params['error']);
} catch (Exception $e) {
$params['filter'] = $filter;
$params['error'] = $e->getMessage();
$dataSource->callEvent('loginError', $params);
throw new Exception($params['error']);
}
});
$this->on('logout', function ($dataSource, $params) {
br()->auth()->clearLogin();
return true;
});
$this->on('getCurrentUser', function ($dataSource, $params) {
if ($login = br()->auth()->getLogin()) {
return $dataSource->selectOne($login['id']);
}
return false;
});
$this->on('remindPassword', function ($dataSource, $params) {
if (br()->auth()->getAttr('passwordReminder.enabled')) {
$usersTable = br()->auth()->getAttr('usersTable.name');
$loginField = br()->auth()->getAttr('usersTable.loginField');
$loginFieldLabel = br()->auth()->getAttr('usersTable.loginFieldLabel');
$passwordResetField = br()->auth()->getAttr('usersTable.passwordResetField');
$emailField = br()->auth()->getAttr('usersTable.emailField');
$plainPasswords = br()->auth()->getAttr('plainPasswords');
if ($login = br($params, $loginField)) {
if ($user = $dataSource->selectOne(array($loginField => $login))) {
if ($email = br($user, $emailField)) {
if ($mailTemplate = br()->auth()->getAttr('passwordReminder.verificationMail.template')) {
$user[$passwordResetField] = br()->guid();
$user['passwordResetUrl'] = br()->request()->host() . br()->request()->baseUrl() . 'api/users/resetPassword/' . $user[$passwordResetField];
if ($message = br()->renderer()->fetch($mailTemplate, $user)) {
if (br()->sendMail($email, br()->auth()->getAttr('passwordReminder.verificationMail.subject'), $message, array('sender' => br()->auth()->getAttr('passwordReminder.verificationMail.from')))) {
br()->db()->runQuery('UPDATE ' . $usersTable . ' SET ' . $passwordResetField . ' = ? WHERE id = ?', $user[$passwordResetField], br()->db()->rowidValue($user));
br()->log()->writeLn('Password reset verification sent to ' . $email);
br()->log()->writeLn($user);
return true;
} else {
throw new Exception('Mail was not sent because of unknown error');
}
} else {
throw new Exception('We can not send you new password because mail template is empty');
}
} else {
throw new Exception('We can not reset your password - there is no mail template for this');
}
} else {
throw new Exception('We can not reset your password - email field not found or empty');
}
} else {
throw new Exception('User not found');
}
} else {
throw new BrAppException('Please enter ' . $loginFieldLabel);
}
} else {
throw new BrAppException('Sorry. Password reminder is currently disabled.');
}
});
// DML Events
$this->before('select', function ($dataSource, &$filter, $t, $options) {
// add security checks only for REST calls
if (br($options, 'source') == 'RESTBinder') {
if ($security = br()->auth()->getAttr('usersAPI.select')) {
} else {
$security = 'login';
}
if (strpos($security, 'login') !== false) {
if ($login = br()->auth()->getLogin()) {
} else {
throw new Exception('You are not allowed to see users');
}
if (strpos($security, 'anyone') === false) {
$filter[br()->db()->rowidField()] = br()->db()->rowid($login);
}
} else {
if (strpos($security, 'anyone') === false) {
throw new Exception('You are not allowed to see users');
}
}
}
});
$this->on('calcFields', function ($dataSource, &$row) {
$passwordField = br()->auth()->getAttr('usersTable.passwordField');
unset($row[$passwordField]);
$row['__permissions'] = array('canUpdate' => $dataSource->canUpdate($row), 'canRemove' => $dataSource->canRemove($row));
});
$this->before('insert', function ($dataSource, &$row, &$data) {
$loginField = br()->auth()->getAttr('usersTable.loginField');
$loginFieldLabel = br()->auth()->getAttr('usersTable.loginFieldLabel');
$emailField = br()->auth()->getAttr('usersTable.emailField');
$passwordField = br()->auth()->getAttr('usersTable.passwordField');
$passwordFieldLabel = br()->auth()->getAttr('usersTable.passwordFieldLabel');
$passwordRequired = br()->auth()->getAttr('signup.passwordRequired');
$emailRequired = br()->auth()->getAttr('signup.emailRequired');
if ($security = br()->auth()->getAttr('usersAPI.insert')) {
} else {
$security = 'login';
}
if (strpos($security, 'login') !== false) {
if ($login = br()->auth()->getLogin()) {
} else {
throw new BrAppException('Access denied');
}
if (strpos($security, 'anyone') === false) {
throw new BrAppException('Access denied');
}
} else {
if (strpos($security, 'anyone') === false) {
throw new BrAppException('Access denied');
}
}
if ($email = trim(br($row, $emailField))) {
} else {
if ($emailRequired) {
throw new BrAppException('Please enter e-mail');
}
}
if ($login = trim(br()->html2text(br($row, $loginField)))) {
} else {
throw new BrAppException('Please enter ' . $loginFieldLabel);
}
if ($password = trim(br($row, $passwordField))) {
} else {
if ($passwordRequired) {
throw new BrAppException('Please enter ' . $passwordFieldLabel);
}
}
// we are here so let's work
if ($login = trim(br()->html2text(br($row, $loginField)))) {
$row[$loginField] = $login;
if ($user = $dataSource->selectOne(array($loginField => $login))) {
throw new BrAppException('Such user already exists');
} else {
if ($password) {
$data['password'] = $password;
} else {
$data['password'] = substr(br()->guid(), 0, 8);
}
$row[$passwordField] = md5($data['password']);
}
} else {
throw new BrAppException('Please enter ' . $loginFieldLabel);
}
});
$this->before('update', function ($dataSource, &$row, $t, $old) {
if ($login = br()->auth()->getLogin()) {
$security = br()->auth()->getAttr('usersAPI.update');
if (strpos($security, 'anyone') === false) {
if (br()->db()->rowid($login) != br()->db()->rowid($row)) {
throw new BrAppException('Access denied');
}
}
} else {
throw new BrAppException('Access denied');
}
$loginField = br()->auth()->getAttr('usersTable.loginField');
$loginFieldLabel = br()->auth()->getAttr('usersTable.loginFieldLabel');
$passwordField = br()->auth()->getAttr('usersTable.passwordField');
$plainPasswords = br()->auth()->getAttr('plainPasswords');
if (array_key_exists($loginField, $row)) {
if ($login = trim(br()->html2text($row[$loginField]))) {
$row[$loginField] = $login;
if ($user = $dataSource->selectOne(array($loginField => $login, br()->db()->rowidField() => array('$ne' => br()->db()->rowid($row))))) {
throw new Exception('Such user already exists');
} else {
}
} else {
throw new Exception('Please enter ' . $loginFieldLabel);
}
}
if (array_key_exists($passwordField, $row)) {
if ($row[$passwordField]) {
if ($row[$passwordField] != br($old, $passwordField)) {
if ($plainPasswords) {
} else {
$row[$passwordField] = md5($row[$passwordField]);
}
}
} else {
$row[$passwordField] = $old[$passwordField];
}
}
});
$this->before('remove', function ($dataSource, $row) {
if ($login = br()->auth()->getLogin()) {
$security = br()->auth()->getAttr('usersAPI.remove');
if (strpos($security, 'anyone') === false) {
if (br()->db()->rowid($login) != br()->db()->rowid($row)) {
throw new BrAppException('Access denied');
}
}
} else {
throw new BrAppException('Access denied');
}
});
}
