/**
* Verifies the current user cannot delete his role.
*
* Request current user password before deletion of any User Roles.
*
* @param Request $request Current router request.
*
* @return void
*/
protected function beforeDelete(Request $request)
{
if (!$request->post('password') || !Crypt::hashCompare($this->user->password, $request->post('password'))) {
if (!$request->is('xhr')) {
Helpers\FlashMessage::set($this->labels['general']['not_authorized'], 'danger');
}
$request->redirectTo('index');
}
if ($this->user->role_id == $this->resource->getPrimaryKeyValue()) {
if (!$request->is('xhr')) {
Helpers\FlashMessage::set($this->labels['errors']['delete']['self'], 'danger');
}
$request->redirectTo('index');
}
parent::beforeDelete($request);
}
/**
* Preview action.
*
* @param Request $request Request instance.
*
* @return void
*/
public function preview(Request $request)
{
if ($request->is('xhr')) {
$this->renderer->setLayout(null);
$this->renderer->setView(null);
$parser = new Parsedown();
$this->renderer->setOutput($parser->text($request->post('content')));
}
}
/**
* Prevents Association of not owned resource.
*
* @param \Core\Modules\Router\Request $request Request object.
*
* @return void
*/
private function preventAssociationOfNotOwnedResource(Request $request)
{
foreach ($this->attributes as $attribute => $options) {
if ($request->post($attribute)) {
$association = $this->resource->getAssociationMetaDataByKey($attribute);
if (!$association && isset($this->resource->hasAndBelongsToMany[$attribute])) {
$association = $this->resource->hasAndBelongsToMany[$attribute];
}
if ($association && $this->user->owns($association['class_name'])) {
if (!Helpers\Ownership::checkIds($request->post($attribute), $association['class_name'])) {
$this->resource->setError($attribute, 'not_exists');
}
}
}
}
}
/**
* Password reset action.
*
* @param Request $request Current router request.
*
* @return void
*/
public function reset(Request $request)
{
if ($request->is('post')) {
$this->errors = array();
$user = new Models\CMSUser();
if ($this->captcha && !Helpers\Captcha::isValid($this->captcha)) {
$this->errors['captcha'] = true;
} elseif (filter_var($request->post('email'), FILTER_VALIDATE_EMAIL) === false) {
$this->errors['email'] = true;
} elseif (!($user = Models\CMSUser::find()->where('email = ?', array($request->post('email')))->first())) {
$this->errors['email'] = true;
}
if (!$this->errors) {
$user->save(array('updated_on' => gmdate('Y-m-d H:i:s')), true);
$this->name = $user->name;
$this->password_reset_link = Core\Router()->toFullUrl(array('controller' => 'authentication', 'action' => 'renew', 'id' => sha1($user->password . Core\Config()->USER_AUTH['cookie_salt'] . $user->email)));
$mailForPasswordReset = array('from' => array(Core\Config()->MAILER['identity']['email'] => Core\Config()->MAILER['identity']['name']), 'to' => array($user->email => $user->name), 'subject' => $this->labels['mails']['reset']['subject'], 'content' => $this->getPartialOutput('authentication/mails/password_reset'));
Core\Helpers\Mailer::send($mailForPasswordReset);
Helpers\FlashMessage::set($this->labels['reset']['success'], 'success');
Core\Session()->remove('authentication_error');
Core\Session()->remove('captcha');
} else {
if ($this->captcha) {
Helpers\FlashMessage::set($this->labels['captcha']['error'], 'danger');
} else {
Helpers\FlashMessage::set($this->labels['reset']['error'], 'danger');
}
Core\Session()->set('authentication_error', true);
if (Core\Config()->CAPTCHA['enabled']) {
$this->loadCaptcha(Core\Config()->CAPTCHA);
}
}
}
}
