/** * View users profile */ public function action_index() { $id = $this->request->param('id'); $user = ORM::factory('User', $id); if (!$user->loaded()) { throw HTTP_Exception::Factory('404', 'No such user'); } $container = new Tabs(); $about = new Tab('About me'); $about->add_content(new Tab_Text($user->get_property('about'))); $about->add_content(new Tab_Text($user->get_property('signature'))); $container->add_tab($about); Event::fire('user.profile_tabs', array($user, $container)); $this->view = new View_User_Profile(); $this->view->user = $user; $this->view->tabs = $container->render(); /* // @TODO, This belongs to the pet module, better to use events? $pets = ORM::factory('User_Pet') ->where('user_id', '=', $user->id) ->order_by('active', 'desc'); $paginate = Paginate::factory($pets) ->execute(); $this->view = new View_User_Profile; $this->view->pagination = $paginate->render(); $this->view->profile_user = $user; // $this->view->pets = ORM::factory('User_Pet')->where('user_id', '=', $user->id)->order_by('active', 'desc')->find_all()->as_array(); $this->view->pets = $paginate->result(); */ }
/** * Check to ensure POST requests contains CSRF. * @throws HTTP_Exception */ private function _validate_csrf() { if ($this->request->method() == HTTP_Request::POST) { $validation = Validation::factory($this->request->post())->rule('csrf', 'not_empty')->rule('csrf', 'Security::check'); if (!$validation->check()) { throw HTTP_Exception::Factory(403, 'CSRF check failed!'); } } }
/** * Show company profile */ public function action_profile() { // Defaults to ID = 1 $id = $this->request->param('id'); if ($id == '') { $id = 1; } $company = Model::factory('Company'); $company_data = $company->load($id); if ($company_data === FALSE) { throw HTTP_Exception::Factory(404, "File not found!"); } $view = View::factory('company/profile'); $view->set('id', $id); $view->set('company_data', $company_data); $this->response->body($view); }
/** * View message */ public function action_index() { $id = $this->request->param('id'); $message = ORM::factory('Message', $id); if (!$message->loaded()) { throw HTTP_Exception::Factory('404', 'No such message'); } if (!$this->user->can('Message_View_Index', array('message' => $message))) { throw HTTP_Exception::Factory('403', 'Message does not belong to you'); } if (!$message->read) { $message->read = 1; $message->save(); } if ($message->sent) { $message->sender = $message->receiver; } $this->view = new View_Message_View(); $this->view->message = $message; }
/** * Ensure the user is logged in, else throw a 403 Exception. * * @throws HTTP_Exception */ protected function logged_in_required() { if ($this->auth->logged_in() == FALSE) { throw HTTP_Exception::Factory(401, 'Login to access this page!'); } }
public function action_view() { $id = $this->request->param('id'); $shop = ORM::factory('User_Shop', $id); if (!$shop->loaded()) { throw HTTP_Exception::Factory('404', 'No such user shop.'); } $this->view = new View_Item_Shop_View(); $this->view->shop = $shop->as_array(); $this->view->owner = $shop->user->as_array(); $inventory = Item::location('shop', FALSE, NULL, $shop->user)->where('parameter', '>', '0')->find_all(); $this->view->items = $inventory; }