/**
* Save user.
*
* @param integer $id
*/
public function saveAction($id)
{
$this->addCrumb($this->translate('edit'), $this->generateUrl('admin_edit_user'));
// Fetch and update user
$user = User::find($id);
$params = $this->modelParams();
// Update password.
if (!empty($params['password'])) {
$user->setPassword($params['password']);
}
// Remove password from params
unset($params['password']);
// Set the rest of the params
$user->set($params);
if ($user->save()) {
return $this->redirectTo('admin_users');
} else {
$this->set('user', $user);
return $this->respondTo(function ($format) use($user) {
if ($format == "html") {
return $this->render('admin/users/edit.phtml');
} elseif ($format == "json") {
return $this->jsonResponse($user);
}
});
}
}
/**
* Create session.
*/
public function createAction()
{
$user = User::find('username', Request::$post->get('username'));
if ($user && $user->authenticate(Request::$post->get('password'))) {
return $this->redirectTo('root')->addCookie('traq', $user['session_hash']);
} else {
return $this->render('sessions/new.phtml', ['error' => true]);
}
}
/**
* User profile page.
*
* @param integer $id
*/
public function showAction($id)
{
// If the user doesn't exist, display the 404 page.
if (!($user = User::find($id))) {
return $this->show404();
}
// Set the title
$this->title($this->translate('users'));
$this->title($user->name);
$this->set('profile', $user);
return $this->render("profile/show.phtml");
}
/**
* Create session
*/
public function createAction()
{
$user = User::find('username', Request::$post->get('username'));
if ($user && $user->authenticate(Request::$post->get('password'))) {
// Check account activation
if (setting('email_validation') && !$user->isActivated()) {
return $this->render("sessions/new.phtml", ['activationRequired' => true]);
}
$response = new RedirectResponse(routeUrl('root'));
$response->addCookie('traq', $user->login_hash, time() + 2 * 4 * 7 * 24 * 60 * 60 * 60, '/');
return $response;
} else {
return $this->render('sessions/new.phtml', ['error' => true]);
}
}
/**
* Add project member.
*
* @return \Avalon\Http\RedirectResponse|\Avalon\Http\Response
*/
public function createAction()
{
$errors = [];
$user = User::find('username', Request::$post->get('username'));
$role = ProjectRole::find(Request::$post->get('role_id'));
// Check if they entered a username
if (!Request::$post->has('username') || Request::$post->get('username') == '') {
$errors['username'] = $this->translate('errors.validations.required', ['field' => $this->translate('username')]);
} elseif (!$user) {
$errors['username'] = $this->translate('errors.users.doesnt_exist');
}
// Check if the user is already a member of the project
if ($user) {
$member = UserRole::select('id')->where('project_id = ?')->setParameter(0, $this->currentProject['id'])->andWhere('user_id = ?')->setParameter(1, $user->id)->execute();
}
if ($user && isset($member) && $member->rowCount() > 0) {
$errors['username'] = $this->translate('errors.users.already_a_project_member');
}
// Check if they chose a role
if (Request::$post->get('role_id', '') == '') {
$errors['role_id'] = $this->translate('errors.validations.required', ['field' => $this->translate('role')]);
}
// Check if the role exists
if (!$role) {
$errors['role'] = $this->translate('errors.roles.doesnt_exist');
}
// Check if the role belongs to the project
if ($role && ($role->project_id != 0 && $role->project_id != $this->currentProject['id'])) {
$errors['role'] = $this->translate('errors.roles.invalid_role');
}
if (count($errors)) {
return $this->render('project_settings/members/new.phtml', ['errors' => $errors]);
} else {
$userRole = new UserRole(['project_id' => $this->currentProject['id'], 'project_role_id' => $role->id, 'user_id' => $user->id]);
$userRole->save();
return $this->redirectTo('project_settings_members');
}
}
/**
* Update password.
*
* @return \Avalon\Http\Response
*/
public function savePasswordAction()
{
$user = User::find($this->currentUser['id']);
$this->set(compact('user'));
// Authenticate current password
if (!$user->authenticate(Request::$post->get('current_password'))) {
$user->addError('password', $this->translate('errors.incorrect_password'));
} else {
// Confirm passwords
if (Request::$post->get('password') !== Request::$post->get('password_confirmation')) {
$user->addError('password', $this->translate('errors.validations.confirm', ['field' => $this->translate('password')]));
} else {
$user->password = Request::$post->get('password');
// Save and redirect
if ($user->validate()) {
// Update password
$user->setPassword(Request::$post->get('password'));
$user->password_ver = 'crypt';
$user->save();
return $this->redirectTo('usercp_password');
}
}
}
// Incorrect password or new passwords don't match.
return $this->render('usercp/password.phtml');
}
/**
* Always call this when defining `__construct()` in sub-classes.
*/
public function __construct()
{
$this->db = ConnectionManager::getConnection();
// Modal?
if (Request::$headers->has('X-Modal')) {
$this->isModal = Request::$headers->get('X-Modal') == true;
}
// Get current project.
if (Request::$properties->has('pslug')) {
$this->currentProject = Project::find('slug', Request::$properties->get('pslug')) ?: null;
$GLOBALS['current_project'] = $this->currentProject;
$this->before('*', function () {
if (!$this->hasPermission('view', $this->currentProject)) {
return $this->show404();
}
});
} else {
$GLOBALS['current_project'] = null;
}
// Get current user.
if ($sessionHash = Request::$cookies->get('traq')) {
if ($this->currentProject) {
$user = User::select('u.*')->addSelect('pur.project_role_id')->leftJoin('u', UserRole::tableName(), 'pur', 'pur.project_id = :project_id AND pur.user_id = u.id');
$user->where('u.session_hash = :session_hash');
$user->setParameter('project_id', $this->currentProject['id']);
$user->setParameter('session_hash', $sessionHash);
$this->currentUser = $user->fetch() ?: null;
} else {
$this->currentUser = User::find('session_hash', $sessionHash) ?: null;
}
$GLOBALS['current_user'] = $this->currentUser;
} else {
$GLOBALS['current_user'] = null;
}
$GLOBALS['permissions'] = Permission::getPermissions($this->currentUser, $this->currentProject);
// Add Traq as first breadcrumb.
$this->addCrumb(setting('title'), $this->generateUrl('root'));
// Check if the user has permission to view the current project
if (isset($this->currentProject)) {
$this->before('*', function () {
if (!$this->hasPermission('view')) {
return $this->show403();
}
});
}
// If the user has a `sha1` hashed password, require them to change it because
// as of Traq 4.1, only mcrypt passwords will work.
if ($this->currentUser['password_ver'] == 'sha1') {
$this->before('*', function () {
if (Request::$properties['controller'] != 'Traq\\Controllers\\UserCP' && Request::$properties['controller'] != 'Traq\\Controllers\\Sessions') {
return $this->redirectTo('usercp_password');
}
});
}
}
/**
* Make the ticket history changes array.
*
* @param Ticket $ticket
* @param array $data
*
* @return array
*/
protected function makeChanges($ticket, $data)
{
$changes = [];
foreach ($data as $field => $value) {
$fieldNoId = str_replace('_id', '', $field);
if ($value != $ticket[$field]) {
switch ($field) {
case 'summary':
$from = $ticket[$field];
$to = $data[$field];
break;
case 'type_id':
case 'status_id':
case 'milestone_id':
case 'version_id':
case 'component_id':
case 'priority_id':
case 'severity_id':
$model = '\\Traq\\Models\\' . ucfirst($fieldNoId == 'version' ? 'milestone' : $fieldNoId);
$from = $ticket[$fieldNoId . '_name'];
if ($data[$field] == 0) {
$to = null;
} else {
$to = $model::find($data[$field])->name;
}
break;
case 'assigned_to_id':
$from = $ticket['assigned_to_name'];
if ($value == 0) {
$to = null;
} else {
$user = User::find($value);
$to = $user->name;
}
break;
}
$changes[] = ['property' => $fieldNoId, 'from' => $from, 'to' => $to];
}
}
return $changes;
}
