/** * Changes the password for the logged in user. * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\AccessControl\Entity\User $user */ protected function saveUser(WebRequest $request, User $user) { $formValues = $this->layout->getFormValues(); // Set the username $user->setName($formValues['required-data.username']); // Set the password to a new user or if the user has changed the password if ($user->isNew() || $formValues['required-data.password'] != '') { $user->setNewPassword($formValues['required-data.password']); } // Set the optional data $user->setMetaData('email', $formValues['optional-data.email']); $user->setMetaData('location', $formValues['optional-data.location']); $user->setMetaData('website', $formValues['optional-data.website']); $user->setMetaData('twitter', $formValues['optional-data.twitter']); $user->setMetaData('biography', $formValues['optional-data.biography']); // Save the user if ($user->isNew()) { $user = $this->userManager->addUser($user); } else { $this->userManager->updateUser($user); } if ($user === false) { return false; } // Save the access levels $this->accessControlManager->updatePermissions($user, $formValues['access-levels'], $request->getSession()->getUser()); return true; }
/** * Verifies a protected menu entry. * * @access protected * @param \Zepi\Web\General\Entity\ProtectedMenuEntry $protectedEntry * @param \Zepi\Turbo\Request\WebRequest $request * @return boolean */ protected function verifyProtectedEntry(ProtectedMenuEntry $protectedEntry, WebRequest $request) { // If the user has no session we do not have to check the permissions if (!$request->hasSession()) { return false; } // If the access level key is empty but the user has a // session everything is fine with this entry. if ($request->hasSession() && $protectedEntry->getAccessLevelKey() === '') { return true; } // Check the permissions if ($request->getSession()->hasAccess($protectedEntry->getAccessLevelKey())) { return true; } // If the user has no access to the database we return false return false; }
/** * Changes the password for the logged in user. * * @access protected * @param \Zepi\Web\UserInterface\Form\Form $form * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ protected function changePassword(Form $form, Framework $framework, WebRequest $request, Response $response) { // Get the logged in user $session = $request->getSession(); $user = $session->getUser(); // Get the password data $oldPassword = trim($form->getField('change-password', 'old-password')->getValue()); $newPassword = trim($form->getField('change-password', 'new-password')->getValue()); $newPasswordConfirmed = trim($form->getField('change-password', 'new-password-confirmed')->getValue()); $result = $this->validateData($framework, $user, $oldPassword, $newPassword, $newPasswordConfirmed); // If the validate function returned a string there was an error in the validation. if ($result !== true) { return $result; } // Change the password $user->setNewPassword($newPassword); // Get the UserManager to update the user $result = $this->userManager->updateUser($user); return $result; }
/** * Saves the group * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\AccessControl\Entity\EntityGroup $group */ protected function saveGroup(WebRequest $request, EntityGroup $group) { $formValues = $this->layout->getFormValues(); // Set the groupname $group->setName($formValues['required-data.groupname']); // Set the optional data $group->setMetaData('description', $formValues['optional-data.description']); // Save the group if ($group->isNew()) { $group = $this->groupManager->addGroup($group); } else { $this->groupManager->updateGroup($group); } if ($group === false) { return false; } // Save the access levels $accessLevels = $this->cleanAccessLevels($group->getUuid(), $formValues['access-levels']); $this->accessControlManager->updatePermissions($group, $accessLevels, $request->getSession()->getUser()); return true; }