public function delete_user($id) {
access::verify_csrf();
if ($id == user::active()->id || $id == user::guest()->id) {
access::forbidden();
}
$user = ORM::factory("user", $id);
if (!$user->loaded) {
kohana::show_404();
}
$form = user::get_delete_form_admin($user);
if($form->validate()) {
$name = $user->name;
$user->delete();
} else {
print json_encode(array("result" => "error",
"form" => $form->__toString()));
}
$message = t("Deleted user %user_name", array("user_name" => p::clean($name)));
log::success("user", $message);
message::success($message);
print json_encode(array("result" => "success"));
}
public function create_comment_for_guest_test()
{
$rand = rand();
$root = ORM::factory("item", 1);
$comment = comment::create($root, user::guest(), "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}");
$this->assert_equal("name_{$rand}", $comment->author_name());
$this->assert_equal("email_{$rand}", $comment->author_email());
$this->assert_equal("url_{$rand}", $comment->author_url());
$this->assert_equal("text_{$rand}", $comment->text);
$this->assert_equal(1, $comment->item_id);
$this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr);
$this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent);
$this->assert_equal("HTTP_ACCEPT", $comment->server_http_accept);
$this->assert_equal("HTTP_ACCEPT_CHARSET", $comment->server_http_accept_charset);
$this->assert_equal("HTTP_ACCEPT_ENCODING", $comment->server_http_accept_encoding);
$this->assert_equal("HTTP_ACCEPT_LANGUAGE", $comment->server_http_accept_language);
$this->assert_equal("HTTP_CONNECTION", $comment->server_http_connection);
$this->assert_equal("HTTP_HOST", $comment->server_http_host);
$this->assert_equal("HTTP_REFERER", $comment->server_http_referer);
$this->assert_equal("HTTP_USER_AGENT", $comment->server_http_user_agent);
$this->assert_equal("QUERY_STRING", $comment->server_query_string);
$this->assert_equal("REMOTE_ADDR", $comment->server_remote_addr);
$this->assert_equal("REMOTE_HOST", $comment->server_remote_host);
$this->assert_equal("REMOTE_PORT", $comment->server_remote_port);
$this->assert_true(!empty($comment->created));
}
public function deleting_an_item_deletes_its_comments_too_test()
{
$rand = rand();
$album = album::create(ORM::factory("item", 1), "test_{$rand}", "test_{$rand}");
$comment = comment::create($album, user::guest(), "text_{$rand}", "name_{$rand}", "email_{$rand}", "url_{$rand}");
$album->delete();
$deleted_comment = ORM::factory("comment", $comment->id);
$this->assert_false($deleted_comment->loaded);
}
/**
* Return the active user. If there's no active user, return the guest user.
*
* @return User_Model
*/
static function active()
{
// @todo (maybe) cache this object so we're not always doing session lookups.
$user = Session::instance()->get("user", null);
if (!isset($user)) {
// Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
// work.
$user = user::guest();
}
return $user;
}
public function viewable_test()
{
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), rand(), rand());
$item = self::_create_random_item($album);
user::set_active(user::guest());
// We can see the item when permissions are granted
access::allow(group::everybody(), "view", $album);
$this->assert_equal(1, ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
// We can't see the item when permissions are denied
access::deny(group::everybody(), "view", $album);
$this->assert_equal(0, ORM::factory("item")->viewable()->where("id", $item->id)->count_all());
}
public function cant_view_comments_for_unviewable_items_test()
{
$root = ORM::factory("item", 1);
$album = album::create($root, rand(), rand(), rand());
$comment = comment::create($album, user::guest(), "text", "name", "email", "url");
user::set_active(user::guest());
// We can see the comment when permissions are granted on the album
access::allow(group::everybody(), "view", $album);
$this->assert_equal(1, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
// We can't see the comment when permissions are denied on the album
access::deny(group::everybody(), "view", $album);
$this->assert_equal(0, ORM::factory("comment")->viewable()->where("comments.id", $comment->id)->count_all());
}
public function setup()
{
Input::instance()->ip_address = "1.1.1.1";
Kohana::$user_agent = "Akismet_Helper_Test";
$root = ORM::factory("item", 1);
$this->_comment = comment::create($root, user::guest(), "This is a comment", "John Doe", "*****@*****.**", "http://gallery2.org");
foreach ($this->_comment->list_fields("comments") as $name => $field) {
if (strpos($name, "server_") === 0) {
$this->_comment->{$name} = substr($name, strlen("server_"));
}
}
$this->_comment->save();
module::set_var("akismet", "api_key", "TEST_KEY");
}
public function delete_postage_band($id)
{
access::verify_csrf();
if ($id == user::active()->id || $id == user::guest()->id) {
access::forbidden();
}
$postage = ORM::factory("postage_band", $id);
if (!$postage->loaded()) {
throw new Kohana_404_Exception();
}
$form = postage_band::get_delete_form_admin($postage);
if ($form->validate()) {
$name = $postage->name;
$postage->delete();
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
$message = t("Deleted user %postage_band", array("postage_band" => html::clean($name)));
log::success("user", $message);
message::success($message);
json::reply(array("result" => "success"));
}
public function delete_product($id)
{
access::verify_csrf();
if ($id == user::active()->id || $id == user::guest()->id) {
access::forbidden();
}
$product = ORM::factory("product", $id);
if (!$product->loaded()) {
throw new Kohana_404_Exception();
}
$form = product::get_delete_form_admin($product);
if ($form->validate()) {
$name = $product->name;
$product->delete();
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
$message = t("Deleted user %product_name", array("product_name" => html::clean($name)));
log::success("user", $message);
message::success($message);
print json_encode(array("result" => "success"));
}
public function delete_user($id)
{
access::verify_csrf();
if ($id == identity::active_user()->id || $id == user::guest()->id) {
access::forbidden();
}
$user = user::lookup($id);
if (empty($user)) {
kohana::show_404();
}
$form = $this->_get_user_delete_form_admin($user);
if ($form->validate()) {
$name = $user->name;
$user->delete();
} else {
print json_encode(array("result" => "error", "form" => $form->__toString()));
}
$message = t("Deleted user %user_name", array("user_name" => $name));
log::success("user", $message);
message::success($message);
print json_encode(array("result" => "success"));
}
/**
* Import a single user.
*/
static function import_user(&$queue)
{
$g2_user_id = array_shift($queue);
if (self::map($g2_user_id)) {
return t("User with id: %id already imported, skipping", array("id" => $g2_user_id));
}
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
self::set_map($g2_user_id, user::guest()->id);
return t("Skipping Anonymous User");
}
$g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
try {
$g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
} catch (Exception $e) {
return t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => $e->__toString()));
}
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
try {
$user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
$message = t("Created user: '******'.", array("name" => $user->name));
} catch (Exception $e) {
// @todo For now we assume this is a "duplicate user" exception
$user = user::lookup_by_name($g2_user->getUsername());
$message = t("Loaded existing user: '******'.", array("name" => $user->name));
}
$user->hashed_password = $g2_user->getHashedPassword();
$user->email = $g2_user->getEmail();
$user->locale = $g2_user->getLanguage();
foreach ($g2_groups as $g2_group_id => $g2_group_name) {
if ($g2_group_id == $g2_admin_group_id) {
$user->admin = true;
$message .= t("\n\tAdded 'admin' flag to user");
} else {
$group = ORM::factory("group", self::map($g2_group_id));
$user->add($group);
$message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name));
}
}
$user->save();
self::set_map($g2_user->getId(), $user->id);
return $message;
}
/**
* Import a single user.
*/
static function import_user(&$queue)
{
$g2_user_id = array_shift($queue);
if (self::map($g2_user_id)) {
return;
}
if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) {
self::set_map($g2_user_id, user::guest()->id);
return;
}
$g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup"));
try {
$g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id));
} catch (Exception $e) {
g2_import::log(t("Failed to import Gallery 2 user with id: %id", array("id" => $g2_user_id)));
return;
}
$g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId()));
try {
$user = user::create($g2_user->getUsername(), $g2_user->getfullname(), "");
} catch (Exception $e) {
// @todo For now we assume this is a "duplicate user" exception
$user = user::lookup_by_name($g2_user->getUsername());
}
$user->hashed_password = $g2_user->getHashedPassword();
$user->email = $g2_user->getEmail();
$user->locale = $g2_user->getLanguage();
foreach ($g2_groups as $g2_group_id => $g2_group_name) {
if ($g2_group_id == $g2_admin_group_id) {
$user->admin = true;
} else {
$user->add(ORM::factory("group", self::map($g2_group_id)));
}
}
$user->save();
self::set_map($g2_user->getId(), $user->id);
}
public function setup()
{
user::set_active(user::guest());
}
/**
* @see IdentityProvider_Driver::guest.
*/
public function guest()
{
return user::guest();
}
/**
* Make sure that we have a session and group_ids cached in the session.
*/
static function load_user()
{
$session = Session::instance();
if (!($user = $session->get("user"))) {
$session->set("user", $user = user::guest());
}
// The installer cannot set a user into the session, so it just sets an id which we should
// upconvert into a user.
if ($user === 2) {
$user = model_cache::get("user", 2);
$session->set("user", $user);
}
if (!$session->get("group_ids")) {
$ids = array();
foreach ($user->groups as $group) {
$ids[] = $group->id;
}
$session->set("group_ids", $ids);
}
}
public function delete_user($id)
{
access::verify_csrf();
if ($id == identity::active_user()->id || $id == user::guest()->id) {
access::forbidden();
}
$user = user::lookup($id);
if (empty($user)) {
throw new Kohana_404_Exception();
}
$form = $this->_get_user_delete_form_admin($user);
if ($form->validate()) {
$name = $user->name;
$user->delete();
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
$message = t("Deleted user %user_name", array("user_name" => $name));
log::success("user", $message);
message::success($message);
json::reply(array("result" => "success"));
}
/**
* Make sure that we have a session and group_ids cached in the session.
*/
static function load_user()
{
// This is one of the first session operations that we'll do, so it may fail if there's no
// install yet. Try to handle this situation gracefully expecting that the scaffolding will
// Do The Right Thing.
//
// @todo get rid of this extra error checking when we have an installer.
try {
$session = Session::instance();
} catch (Exception $e) {
return;
}
if (!($user = $session->get("user"))) {
$session->set("user", $user = user::guest());
}
if (!$session->get("group_ids")) {
$ids = array();
foreach ($user->groups as $group) {
$ids[] = $group->id;
}
$session->set("group_ids", $ids);
}
}