/** * Edit a comment (wrapper for PostController::Comment). * * Will throw an error if both params are blank. * * @since 2.0.0 * @access public * * @param int $CommentID Unique ID of the comment to edit. * @param int $DraftID Unique ID of the draft to edit. */ public function editComment($CommentID = '', $DraftID = '') { if (is_numeric($CommentID) && $CommentID > 0) { $this->Form->setModel($this->CommentModel); $this->Comment = $this->CommentModel->getID($CommentID); } else { $this->Form->setModel($this->DraftModel); $this->Comment = $this->DraftModel->getID($DraftID); } if (c('Garden.ForceInputFormatter')) { $this->Form->removeFormValue('Format'); } $this->View = 'editcomment'; $this->Comment($this->Comment->DiscussionID); }
/** * Manage current user's invitations. * * @since 2.0.0 * @access public */ public function invitations($UserReference = '', $Username = '', $UserID = '') { $this->permission('Garden.SignIn.Allow'); $this->editMode(false); $this->getUserInfo($UserReference, $Username, $UserID, $this->Form->authenticatedPostBack()); $this->setTabView('Invitations'); $InvitationModel = new InvitationModel(); $this->Form->setModel($InvitationModel); if ($this->Form->authenticatedPostBack()) { // Remove insecure invitation data. $this->Form->removeFormValue(array('Name', 'DateExpires', 'RoleIDs')); // Send the invitation if ($this->Form->save($this->UserModel)) { $this->informMessage(t('Your invitation has been sent.')); $this->Form->clearInputs(); } } $Session = Gdn::session(); $this->InvitationCount = $this->UserModel->getInvitationCount($Session->UserID); $this->InvitationData = $InvitationModel->getByUserID($Session->UserID); $this->render(); }
/** * Edit a user account. * * @since 2.0.0 * @access public * @param int $UserID Unique ID. */ public function edit($UserID) { $this->permission('Garden.Users.Edit'); // Page setup $this->addJsFile('user.js'); $this->title(t('Edit User')); $this->addSideMenu('dashboard/user'); // Only admins can reassign roles $RoleModel = new RoleModel(); $AllRoles = $RoleModel->getArray(); $RoleData = $RoleModel->getAssignable(); $UserModel = new UserModel(); $User = $UserModel->getID($UserID, DATASET_TYPE_ARRAY); // Determine if username can be edited $CanEditUsername = (bool) c("Garden.Profile.EditUsernames") || Gdn::session()->checkPermission('Garden.Users.Edit'); $this->setData('_CanEditUsername', $CanEditUsername); // Determine if emails can be edited $CanEditEmail = Gdn::session()->checkPermission('Garden.Users.Edit'); $this->setData('_CanEditEmail', $CanEditEmail); // Decide if they have ability to confirm users $Confirmed = (bool) valr('Confirmed', $User); $CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::session()->checkPermission('Garden.Users.Edit'); $this->setData('_CanConfirmEmail', $CanConfirmEmail); $this->setData('_EmailConfirmed', $Confirmed); $User['ConfirmEmail'] = (int) $Confirmed; // Determine whether user being edited is privileged (can escalate permissions) $UserModel = new UserModel(); $EditingPrivilegedUser = $UserModel->checkPermission($User, 'Garden.Settings.Manage'); // Determine our password reset options // Anyone with user editing my force reset over email $this->ResetOptions = array(0 => t('Keep current password.'), 'Auto' => t('Force user to reset their password and send email notification.')); // Only admins may manually reset passwords for other admins if (checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) { $this->ResetOptions['Manual'] = t('Manually set user password. No email notification.'); } // Set the model on the form. $this->Form->setModel($UserModel); // Make sure the form knows which item we are editing. $this->Form->addHidden('UserID', $UserID); try { $AllowEditing = true; $this->EventArguments['AllowEditing'] =& $AllowEditing; $this->EventArguments['TargetUser'] =& $User; // These are all the 'effective' roles for this edit action. This list can // be trimmed down from the real list to allow subsets of roles to be // edited. $this->EventArguments['RoleData'] =& $RoleData; $UserRoleData = $UserModel->getRoles($UserID)->resultArray(); $RoleIDs = array_column($UserRoleData, 'RoleID'); $RoleNames = array_column($UserRoleData, 'Name'); $UserRoleData = arrayCombine($RoleIDs, $RoleNames); $this->EventArguments['UserRoleData'] =& $UserRoleData; $this->fireEvent("BeforeUserEdit"); $this->setData('AllowEditing', $AllowEditing); $this->Form->setData($User); if ($this->Form->authenticatedPostBack()) { if (!$CanEditUsername) { $this->Form->setFormValue("Name", $User['Name']); } // Allow mods to confirm/unconfirm emails $this->Form->removeFormValue('Confirmed'); $Confirmation = $this->Form->getFormValue('ConfirmEmail', null); $Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null; if ($CanConfirmEmail && is_bool($Confirmation)) { $this->Form->setFormValue('Confirmed', (int) $Confirmation); } $ResetPassword = $this->Form->getValue('ResetPassword', false); // If we're an admin or this isn't a privileged user, allow manual setting of password $AllowManualReset = checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser; if ($ResetPassword == 'Manual' && $AllowManualReset) { // If a new password was specified, add it to the form's collection $NewPassword = $this->Form->getValue('NewPassword', ''); $this->Form->setFormValue('Password', $NewPassword); } // Role changes // These are the new roles the editing user wishes to apply to the target // user, adjusted for his ability to affect those roles $RequestedRoles = $this->Form->getFormValue('RoleID'); if (!is_array($RequestedRoles)) { $RequestedRoles = array(); } $RequestedRoles = array_flip($RequestedRoles); $UserNewRoles = array_intersect_key($RoleData, $RequestedRoles); // These roles will stay turned on regardless of the form submission contents // because the editing user does not have permission to modify them $ImmutableRoles = array_diff_key($AllRoles, $RoleData); $UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData); // Apply immutable roles foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) { $UserNewRoles[$IMRoleID] = $IMRoleName; } // Put the data back into the forum object as if the user had submitted // this themselves $this->Form->setFormValue('RoleID', array_keys($UserNewRoles)); if ($this->Form->save(array('SaveRoles' => true)) !== false) { if ($this->Form->getValue('ResetPassword', '') == 'Auto') { $UserModel->PasswordRequest($User['Email']); $UserModel->setField($UserID, 'HashMethod', 'Reset'); } $this->informMessage(t('Your changes have been saved.')); } $UserRoleData = $UserNewRoles; } } catch (Exception $Ex) { $this->Form->addError($Ex); } $this->setData('User', $User); $this->setData('Roles', $RoleData); $this->setData('UserRoles', $UserRoleData); $this->render(); }