/** * Constructor. */ function UserManagementForm($userId = null) { parent::Form('manager/people/userProfileForm.tpl'); $journal =& Request::getJournal(); if ($userId && !Validation::canAdminister($journal->getId(), $userId)) { $userId = null; } $this->userId = isset($userId) ? (int) $userId : null; $site =& Request::getSite(); // Validation checks for this form if ($userId == null) { $this->addCheck(new FormValidator($this, 'username', 'required', 'user.profile.form.usernameRequired')); $this->addCheck(new FormValidatorCustom($this, 'username', 'required', 'user.register.form.usernameExists', array(DAORegistry::getDAO('UserDAO'), 'userExistsByUsername'), array($this->userId, true), true)); $this->addCheck(new FormValidatorAlphaNum($this, 'username', 'required', 'user.register.form.usernameAlphaNumeric')); if (!Config::getVar('security', 'implicit_auth')) { $this->addCheck(new FormValidator($this, 'password', 'required', 'user.profile.form.passwordRequired')); $this->addCheck(new FormValidatorLength($this, 'password', 'required', 'user.register.form.passwordLengthTooShort', '>=', $site->getMinPasswordLength())); $this->addCheck(new FormValidatorCustom($this, 'password', 'required', 'user.register.form.passwordsDoNotMatch', create_function('$password,$form', 'return $password == $form->getData(\'password2\');'), array(&$this))); } } else { $this->addCheck(new FormValidatorLength($this, 'password', 'optional', 'user.register.form.passwordLengthTooShort', '>=', $site->getMinPasswordLength())); $this->addCheck(new FormValidatorCustom($this, 'password', 'optional', 'user.register.form.passwordsDoNotMatch', create_function('$password,$form', 'return $password == $form->getData(\'password2\');'), array(&$this))); } $this->addCheck(new FormValidator($this, 'firstName', 'required', 'user.profile.form.firstNameRequired')); $this->addCheck(new FormValidator($this, 'lastName', 'required', 'user.profile.form.lastNameRequired')); $this->addCheck(new FormValidatorUrl($this, 'userUrl', 'optional', 'user.profile.form.urlInvalid')); $this->addCheck(new FormValidatorEmail($this, 'email', 'required', 'user.profile.form.emailRequired')); $this->addCheck(new FormValidatorCustom($this, 'email', 'required', 'user.register.form.emailExists', array(DAORegistry::getDAO('UserDAO'), 'userExistsByEmail'), array($this->userId, true), true)); $this->addCheck(new FormValidatorPost($this)); }
/** * Sign in as another user. * @param $args array ($userId) */ function signInAsUser($args) { $this->addCheck(new HandlerValidatorConference($this)); $this->addCheck(new HandlerValidatorRoles($this, true, null, null, array(ROLE_ID_SITE_ADMIN, ROLE_ID_CONFERENCE_MANAGER))); $this->validate(); if (isset($args[0]) && !empty($args[0])) { $userId = (int) $args[0]; $conference =& Request::getConference(); if (!Validation::canAdminister($conference->getId(), $userId)) { $this->setupTemplate(); // We don't have administrative rights // over this user. Display an error. $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('pageTitle', 'manager.people'); $templateMgr->assign('errorMsg', 'manager.people.noAdministrativeRights'); $templateMgr->assign('backLink', Request::url(null, null, null, 'people', 'all')); $templateMgr->assign('backLinkLabel', 'manager.people.allUsers'); return $templateMgr->display('common/error.tpl'); } $userDao =& DAORegistry::getDAO('UserDAO'); $newUser =& $userDao->getUser($userId); $session =& Request::getSession(); // FIXME Support "stack" of signed-in-as user IDs? if (isset($newUser) && $session->getUserId() != $newUser->getId()) { $session->setSessionVar('signedInAs', $session->getUserId()); $session->setSessionVar('userId', $userId); $session->setUserId($userId); $session->setSessionVar('username', $newUser->getUsername()); Request::redirect(null, null, 'user'); } } Request::redirect(null, null, Request::getRequestedPage()); }
/** * @copydoc GridRow::initialize() */ function initialize($request, $template = null) { // Do the default initialization parent::initialize($request, $template); // Is this a new row or an existing row? $rowId = $this->getId(); if (!empty($rowId) && is_numeric($rowId)) { // Only add row actions if this is an existing row. $router = $request->getRouter(); import('lib.pkp.classes.linkAction.request.RemoteActionConfirmationModal'); if ($this->_canAdminister) { $this->addAction(new LinkAction('delete', new RemoteActionConfirmationModal(__('editor.submission.removeStageParticipant.description'), __('editor.submission.removeStageParticipant'), $router->url($request, null, null, 'deleteParticipant', null, $this->getRequestArgs()), 'modal_delete'), __('grid.action.remove'), 'delete')); } import('lib.pkp.controllers.grid.users.stageParticipant.linkAction.NotifyLinkAction'); $submission = $this->getSubmission(); $stageId = $this->getStageId(); $stageAssignment = $this->getData(); $userId = $stageAssignment->getUserId(); $this->addAction(new NotifyLinkAction($request, $submission, $stageId, $userId)); $user = $request->getUser(); if (!Validation::isLoggedInAs() && $user->getId() != $rowId && Validation::canAdminister($rowId, $user->getId())) { $dispatcher = $router->getDispatcher(); import('lib.pkp.classes.linkAction.request.RedirectConfirmationModal'); $this->addAction(new LinkAction('logInAs', new RedirectConfirmationModal(__('grid.user.confirmLogInAs'), __('grid.action.logInAs'), $dispatcher->url($request, ROUTE_PAGE, null, 'login', 'signInAsUser', $userId)), __('grid.action.logInAs'), 'enroll_user')); } } }
/** * @copydoc GridRow::initialize() */ function initialize($request, $template = null) { parent::initialize($request, $template); // Is this a new row or an existing row? $element =& $this->getData(); assert(is_a($element, 'User')); $rowId = $this->getId(); if (!empty($rowId) && is_numeric($rowId)) { // Only add row actions if this is an existing row $router = $request->getRouter(); $actionArgs = array('gridId' => $this->getGridId(), 'rowId' => $rowId); $actionArgs = array_merge($actionArgs, $this->getRequestArgs()); $this->addAction(new LinkAction('email', new AjaxModal($router->url($request, null, null, 'editEmail', null, $actionArgs), __('grid.user.email'), 'modal_email', true), __('grid.user.email'), 'notify')); $this->addAction(new LinkAction('edit', new AjaxModal($router->url($request, null, null, 'editUser', null, $actionArgs), __('grid.user.edit'), 'modal_edit', true), __('grid.user.edit'), 'edit')); if ($element->getDisabled()) { $actionArgs['enable'] = true; $this->addAction(new LinkAction('enable', new AjaxModal($router->url($request, null, null, 'editDisableUser', null, $actionArgs), __('common.enable'), 'enable', true), __('common.enable'), 'enable')); } else { $actionArgs['enable'] = false; $this->addAction(new LinkAction('disable', new AjaxModal($router->url($request, null, null, 'editDisableUser', null, $actionArgs), __('grid.user.disable'), 'disable', true), __('grid.user.disable'), 'disable')); } $this->addAction(new LinkAction('remove', new RemoteActionConfirmationModal(__('manager.people.confirmRemove'), __('common.remove'), $router->url($request, null, null, 'removeUser', null, $actionArgs), 'modal_delete'), __('grid.action.remove'), 'delete')); $sessionManager = SessionManager::getManager(); $session = $sessionManager->getUserSession(); $canAdminister = Validation::canAdminister($this->getId(), $session->user->getId()); if (!Validation::isLoggedInAs() and $session->user->getId() != $this->getId() and $canAdminister) { $dispatcher = $router->getDispatcher(); $this->addAction(new LinkAction('logInAs', new RedirectConfirmationModal(__('grid.user.confirmLogInAs'), __('grid.action.logInAs'), $dispatcher->url($request, ROUTE_PAGE, null, 'login', 'signInAsUser', $this->getId())), __('grid.action.logInAs'), 'enroll_user')); } $oldUserId = $this->getOldUserId(); $userDao = DAORegistry::getDAO('UserDAO'); $oldUser = $userDao->getById($this->getOldUserId()); if ($oldUser) { $actionArgs['oldUserId'] = $this->getOldUserId(); $actionArgs['newUserId'] = $rowId; // Don't merge a user in itself if ($actionArgs['oldUserId'] != $actionArgs['newUserId']) { $userDao = DAORegistry::getDAO('UserDAO'); $oldUser = $userDao->getById($this->getOldUserId()); $this->addAction(new LinkAction('mergeUser', new RemoteActionConfirmationModal(__('grid.user.mergeUsers.confirm', array('oldUsername' => $oldUser->getUsername(), 'newUsername' => $element->getUsername())), null, $router->url($request, null, null, 'mergeUsers', null, $actionArgs), 'modal_merge_users'), __('grid.user.mergeUsers.mergeIntoUser'), 'merge_users')); } } else { // do not allow the deletion of the admin account. if ($rowId > 1 && $canAdminister) { $this->addAction(new LinkAction('mergeUser', new JsEventConfirmationModal(__('grid.user.mergeUsers.mergeUserSelect.confirm'), 'confirmationModalConfirmed', array('oldUserId' => $rowId), null, 'modal_merge_users'), __('grid.user.mergeUsers.mergeUser'), 'merge_users')); } } } }
/** * Save changes to a user profile. */ function updateUser() { $this->validate(); $this->setupTemplate(true); $conference =& Request::getConference(); $userId = Request::getUserVar('userId'); if (!empty($userId) && !Validation::canAdminister($conference->getId(), $userId)) { // We don't have administrative rights // over this user. Display an error. $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('pageTitle', 'manager.people'); $templateMgr->assign('errorMsg', 'manager.people.noAdministrativeRights'); $templateMgr->assign('backLink', Request::url(null, null, null, 'people', 'all')); $templateMgr->assign('backLinkLabel', 'manager.people.allUsers'); return $templateMgr->display('common/error.tpl'); } import('classes.manager.form.UserManagementForm'); if (checkPhpVersion('5.0.0')) { // WARNING: This form needs $this in constructor $userForm = new UserManagementForm($userId); } else { $userForm =& new UserManagementForm($userId); } $userForm->readInputData(); if ($userForm->validate()) { $userForm->execute(); if (Request::getUserVar('createAnother')) { $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('currentUrl', Request::url(null, null, null, 'people', 'all')); $templateMgr->assign('userCreated', true); unset($userForm); if (checkPhpVersion('5.0.0')) { // WARNING: This form needs $this in constructor $userForm = new UserManagementForm(); } else { $userForm =& new UserManagementForm(); } $userForm->initData(); $userForm->display(); } else { if ($source = Request::getUserVar('source')) { Request::redirectUrl($source); } else { Request::redirect(null, null, null, 'people', 'all'); } } } else { $userForm->display(); } }
/** * Sign in as another user. * @param $args array ($userId) * @param $request PKPRequest */ function signInAsUser($args, $request) { if (isset($args[0]) && !empty($args[0])) { $userId = (int) $args[0]; $session = $request->getSession(); if (!Validation::canAdminister($userId, $session->getUserId())) { $this->setupTemplate($request); // We don't have administrative rights // over this user. Display an error. $templateMgr = TemplateManager::getManager($request); $templateMgr->assign(array('pageTitle' => 'manager.people', 'errorMsg' => 'manager.people.noAdministrativeRights', 'backLink' => $request->url(null, null, 'people', 'all'), 'backLinkLabel' => 'manager.people.allUsers')); return $templateMgr->display('frontend/pages/error.tpl'); } $userDao = DAORegistry::getDAO('UserDAO'); $newUser = $userDao->getById($userId); if (isset($newUser) && $session->getUserId() != $newUser->getId()) { $session->setSessionVar('signedInAs', $session->getUserId()); $session->setSessionVar('userId', $userId); $session->setUserId($userId); $session->setSessionVar('username', $newUser->getUsername()); $this->sendHome($request); } } $request->redirect(null, $request->getRequestedPage()); }
/** * Sign in as another user. * @param $args array ($userId) */ function signInAsUser($args, &$request) { $this->validate(); if (isset($args[0]) && !empty($args[0])) { $userId = (int) $args[0]; if (!Validation::canAdminister($userId)) { // We don't have administrative rights // over this user. Display an error. $templateMgr =& TemplateManager::getManager($request); $templateMgr->assign('pageTitle', 'admin.people'); $templateMgr->assign('errorMsg', 'admin.people.noAdministrativeRights'); $templateMgr->assign('backLink', $request->url(null, null, 'people', 'all')); $templateMgr->assign('backLinkLabel', 'admin.people.allUsers'); return $templateMgr->display('common/error.tpl'); } $userDao = DAORegistry::getDAO('UserDAO'); $newUser =& $userDao->getById($userId); $session =& $request->getSession(); // FIXME Support "stack" of signed-in-as user IDs? if (isset($newUser) && $session->getUserId() != $newUser->getId()) { $session->setSessionVar('signedInAs', $session->getUserId()); $session->setSessionVar('userId', $userId); $session->setUserId($userId); $session->setSessionVar('username', $newUser->getUsername()); $request->redirect('user'); } } $request->redirect($request->getRequestedPage()); }
/** * Send the user email and close the modal * @param $args array * @param $request PKPRequest * @return string Serialized JSON object */ function sendEmail($args, &$request) { // Identify the press $press =& $request->getPress(); // Identify the user Id $userId = $request->getUserVar('userId'); if ($userId !== null && !Validation::canAdminister($press->getId(), $userId)) { // We don't have administrative rights over this user. $json = new JSON('false', Locale::translate('grid.user.cannotAdminister')); } else { // Form handling import('controllers.grid.users.user.form.UserEmailForm'); $userEmailForm = new UserEmailForm($userId); $userEmailForm->readInputData(); if ($userEmailForm->validate()) { $userEmailForm->execute($args, $request); $json = new JSON('true'); } else { $json = new JSON('false', $userEmailForm->display($args, $request)); } } return $json->getString(); }
/** * Remove all user group assignments for a press for a given user * @param $args array * @param $request PKPRequest * @return string Serialized JSON object */ function removeUser($args, &$request) { // Identify the press $press =& $request->getPress(); $pressId = $press->getId(); // Identify the user Id $userId = $request->getUserVar('rowId'); if ($userId !== null && !Validation::canAdminister($press->getId(), $userId)) { // We don't have administrative rights over this user. $json = new JSON('false', Locale::translate('grid.user.cannotAdminister')); } else { // Remove user from all user group assignments for this press $userGroupDao =& DAORegistry::getDAO('UserGroupDAO'); // Check if this user has any user group assignments for this press if (!$userGroupDao->userInAnyGroup($userId, $pressId)) { $json = new JSON('false', Locale::translate('grid.user.userNoRoles')); } else { $userGroupDao->deleteAssignmentsByContextId($pressId, $userId); // Successfully removed user's user group assignments // Refresh the grid row data to indicate this $userDao =& DAORegistry::getDAO('UserDAO'); $user =& $userDao->getUser($userId); $row =& $this->getRowInstance(); $row->setGridId($this->getId()); $row->setId($user->getId()); $row->setData($user); $row->initialize($request); $json = new JSON('true', $this->_renderRowInternally($request, $row)); } } return $json->getString(); }
/** * Send the user email and close the modal. * @param $args array * @param $request PKPRequest * @return string Serialized JSON object */ function sendEmail($args, $request) { $user = $request->getUser(); // Identify the user Id. $userId = $request->getUserVar('userId'); if ($userId !== null && !Validation::canAdminister($userId, $user->getId())) { // We don't have administrative rights over this user. $json = new JSONMessage(false, __('grid.user.cannotAdminister')); } else { // Form handling. import('lib.pkp.controllers.grid.settings.user.form.UserEmailForm'); $userEmailForm = new UserEmailForm($userId); $userEmailForm->readInputData(); if ($userEmailForm->validate()) { $userEmailForm->execute($args, $request); $json = new JSONMessage(true); } else { $json = new JSONMessage(false, $userEmailForm->display($args, $request)); } } return $json->getString(); }
/** * Allow user account merging, including attributed submissions etc. * @param $args array * @param $request PKPRequest * @return JSONMessage JSON object */ function mergeUsers($args, $request) { // if there is a $newUserId, this is the second time through, so merge the users. $newUserId = (int) $request->getUserVar('newUserId'); $oldUserId = (int) $request->getUserVar('oldUserId'); $user = $request->getUser(); if ($newUserId > 0 && $oldUserId > 0 && Validation::canAdminister($oldUserId, $user->getId())) { import('classes.user.UserAction'); $userAction = new UserAction(); $userAction->mergeUsers($oldUserId, $newUserId); return DAO::getDataChangedEvent(); } else { // The grid shouldn't have presented an action in this // case. return new JSONMessage(false, __('grid.user.cannotAdminister')); } }
/** * Sign in as another user. * @param $args array ($userId) * @param $request PKPRequest */ function signInAsUser($args, $request) { $this->addCheck(new HandlerValidatorRoles($this, true, null, null, array(ROLE_ID_SITE_ADMIN, ROLE_ID_MANAGER))); $this->validate(); if (isset($args[0]) && !empty($args[0])) { $userId = (int) $args[0]; $session = $request->getSession(); if (!Validation::canAdminister($userId, $session->getUserId())) { $this->setupTemplate($request); // We don't have administrative rights // over this user. Display an error. $templateMgr = TemplateManager::getManager($request); $templateMgr->assign('pageTitle', 'manager.people'); $templateMgr->assign('errorMsg', 'manager.people.noAdministrativeRights'); $templateMgr->assign('backLink', $request->url(null, null, 'people', 'all')); $templateMgr->assign('backLinkLabel', 'manager.people.allUsers'); return $templateMgr->display('common/error.tpl'); } $userDao = DAORegistry::getDAO('UserDAO'); $newUser = $userDao->getById($userId); if (isset($newUser) && $session->getUserId() != $newUser->getId()) { $session->setSessionVar('signedInAs', $session->getUserId()); $session->setSessionVar('userId', $userId); $session->setUserId($userId); $session->setSessionVar('username', $newUser->getUsername()); $request->redirect(null, 'dashboard'); } } $request->redirect(null, $request->getRequestedPage()); }