Get the roles that the current user is allowed to assign to another user.
| public getAssignable ( ) : array | ||
| 리턴 | array | Returns an array in the format `[RoleID => 'Role Name']`. |
/**
* Do permission check.
*
* @since 2.0.0
* @access protected
*/
protected function _permission($RoleID = null)
{
$this->permission(array('Garden.Settings.Manage', 'Garden.Roles.Manage'), false);
if ($RoleID && !checkPermission('Garden.Settings.Manage')) {
// Make sure the user can assign this role.
$Assignable = $this->RoleModel->getAssignable();
if (!isset($Assignable[$RoleID])) {
throw permissionException('@' . t("You don't have permission to modify this role."));
}
}
return true;
}
/**
* Edit a user account.
*
* @since 2.0.0
* @access public
* @param int $UserID Unique ID.
*/
public function edit($UserID)
{
$this->permission('Garden.Users.Edit');
// Page setup
$this->addJsFile('user.js');
$this->title(t('Edit User'));
$this->addSideMenu('dashboard/user');
// Only admins can reassign roles
$RoleModel = new RoleModel();
$AllRoles = $RoleModel->getArray();
$RoleData = $RoleModel->getAssignable();
$UserModel = new UserModel();
$User = $UserModel->getID($UserID, DATASET_TYPE_ARRAY);
// Determine if username can be edited
$CanEditUsername = (bool) c("Garden.Profile.EditUsernames") || Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanEditUsername', $CanEditUsername);
// Determine if emails can be edited
$CanEditEmail = Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanEditEmail', $CanEditEmail);
// Decide if they have ability to confirm users
$Confirmed = (bool) valr('Confirmed', $User);
$CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::session()->checkPermission('Garden.Users.Edit');
$this->setData('_CanConfirmEmail', $CanConfirmEmail);
$this->setData('_EmailConfirmed', $Confirmed);
$User['ConfirmEmail'] = (int) $Confirmed;
// Determine whether user being edited is privileged (can escalate permissions)
$UserModel = new UserModel();
$EditingPrivilegedUser = $UserModel->checkPermission($User, 'Garden.Settings.Manage');
// Determine our password reset options
// Anyone with user editing my force reset over email
$this->ResetOptions = array(0 => t('Keep current password.'), 'Auto' => t('Force user to reset their password and send email notification.'));
// Only admins may manually reset passwords for other admins
if (checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) {
$this->ResetOptions['Manual'] = t('Manually set user password. No email notification.');
}
// Set the model on the form.
$this->Form->setModel($UserModel);
// Make sure the form knows which item we are editing.
$this->Form->addHidden('UserID', $UserID);
try {
$AllowEditing = true;
$this->EventArguments['AllowEditing'] =& $AllowEditing;
$this->EventArguments['TargetUser'] =& $User;
// These are all the 'effective' roles for this edit action. This list can
// be trimmed down from the real list to allow subsets of roles to be
// edited.
$this->EventArguments['RoleData'] =& $RoleData;
$UserRoleData = $UserModel->getRoles($UserID)->resultArray();
$RoleIDs = array_column($UserRoleData, 'RoleID');
$RoleNames = array_column($UserRoleData, 'Name');
$UserRoleData = arrayCombine($RoleIDs, $RoleNames);
$this->EventArguments['UserRoleData'] =& $UserRoleData;
$this->fireEvent("BeforeUserEdit");
$this->setData('AllowEditing', $AllowEditing);
$this->Form->setData($User);
if ($this->Form->authenticatedPostBack()) {
if (!$CanEditUsername) {
$this->Form->setFormValue("Name", $User['Name']);
}
// Allow mods to confirm/unconfirm emails
$this->Form->removeFormValue('Confirmed');
$Confirmation = $this->Form->getFormValue('ConfirmEmail', null);
$Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null;
if ($CanConfirmEmail && is_bool($Confirmation)) {
$this->Form->setFormValue('Confirmed', (int) $Confirmation);
}
$ResetPassword = $this->Form->getValue('ResetPassword', false);
// If we're an admin or this isn't a privileged user, allow manual setting of password
$AllowManualReset = checkPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser;
if ($ResetPassword == 'Manual' && $AllowManualReset) {
// If a new password was specified, add it to the form's collection
$NewPassword = $this->Form->getValue('NewPassword', '');
$this->Form->setFormValue('Password', $NewPassword);
}
// Role changes
// These are the new roles the editing user wishes to apply to the target
// user, adjusted for his ability to affect those roles
$RequestedRoles = $this->Form->getFormValue('RoleID');
if (!is_array($RequestedRoles)) {
$RequestedRoles = array();
}
$RequestedRoles = array_flip($RequestedRoles);
$UserNewRoles = array_intersect_key($RoleData, $RequestedRoles);
// These roles will stay turned on regardless of the form submission contents
// because the editing user does not have permission to modify them
$ImmutableRoles = array_diff_key($AllRoles, $RoleData);
$UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData);
// Apply immutable roles
foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) {
$UserNewRoles[$IMRoleID] = $IMRoleName;
}
// Put the data back into the forum object as if the user had submitted
// this themselves
$this->Form->setFormValue('RoleID', array_keys($UserNewRoles));
if ($this->Form->save(array('SaveRoles' => true)) !== false) {
if ($this->Form->getValue('ResetPassword', '') == 'Auto') {
$UserModel->PasswordRequest($User['Email']);
$UserModel->setField($UserID, 'HashMethod', 'Reset');
}
$this->informMessage(t('Your changes have been saved.'));
}
$UserRoleData = $UserNewRoles;
}
} catch (Exception $Ex) {
$this->Form->addError($Ex);
}
$this->setData('User', $User);
$this->setData('Roles', $RoleData);
$this->setData('UserRoles', $UserRoleData);
$this->render();
}
