public function addGroup($group_id) { // First, load current groups for user $this->getGroups(); // Return if user already in group if (isset($this->_groups[$group_id])) { return $this; } // Next, check that the requested group actually exists if (!GroupLoader::exists($group_id)) { throw new \Exception("The specified group_id ({$group_id}) does not exist."); } // Ok, add to the list of groups $this->_groups[$group_id] = GroupLoader::fetch($group_id); return $this; }
/** * Processes the request to update an existing group's details. * * Processes the request from the group update form, checking that: * 1. The group name is not already in use; * 2. The user has the necessary permissions to update the posted field(s); * 3. The submitted data is valid. * This route requires authentication (and should generally be limited to admins or the root user). * Request type: POST * @param int $group_id the id of the group to edit. * @see formGroupEdit */ public function updateGroup($group_id) { $post = $this->_app->request->post(); // DEBUG: view posted data //error_log(print_r($post, true)); // Load the request schema $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/group-update.json"); // Get the alert message stream $ms = $this->_app->alerts; // Get the target group $group = GroupLoader::fetch($group_id); // If desired, put route-level authorization check here // Remove csrf_token unset($post['csrf_token']); // Check authorization for submitted fields, if the value has been changed foreach ($post as $name => $value) { if (isset($group->{$name}) && $post[$name] != $group->{$name}) { // Check authorization if (!$this->_app->user->checkAccess('update_group_setting', ['group' => $group, 'property' => $name])) { $ms->addMessageTranslated("danger", "ACCESS_DENIED"); $this->_app->halt(403); } } else { if (!isset($group->{$name})) { $ms->addMessageTranslated("danger", "NO_DATA"); $this->_app->halt(400); } } } // Check that name is not already in use if (isset($post['name']) && $post['name'] != $group->name && GroupLoader::exists($post['name'], 'name')) { $ms->addMessageTranslated("danger", "GROUP_NAME_IN_USE", $post); $this->_app->halt(400); } // TODO: validate landing page route, theme, icon? // Set up Fortress to process the request $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post); // Sanitize $rf->sanitize(); // Validate, and halt on validation errors. if (!$rf->validate()) { $this->_app->halt(400); } // Get the filtered data $data = $rf->data(); // Update the group and generate success messages foreach ($data as $name => $value) { if ($value != $group->{$name}) { $group->{$name} = $value; // Add any custom success messages here } } $ms->addMessageTranslated("success", "GROUP_UPDATE", ["name" => $group->name]); $group->store(); }