/** * Edit a comment (wrapper for PostController::Comment). * * Will throw an error if both params are blank. * * @since 2.0.0 * @access public * * @param int $CommentID Unique ID of the comment to edit. * @param int $DraftID Unique ID of the draft to edit. */ public function EditComment($CommentID = '', $DraftID = '') { if (is_numeric($CommentID) && $CommentID > 0) { $this->Form->SetModel($this->CommentModel); $this->Comment = $this->CommentModel->GetID($CommentID); } else { $this->Form->SetModel($this->DraftModel); $this->Comment = $this->DraftModel->GetID($DraftID); } $this->Form->RemoveFormValue('Format'); $this->View = 'editcomment'; $this->Comment($this->Comment->DiscussionID); }
/** * Manage current user's invitations. * * @since 2.0.0 * @access public */ public function Invitations($UserReference = '', $Username = '', $UserID = '') { $this->Permission('Garden.SignIn.Allow'); $this->EditMode(FALSE); $this->GetUserInfo($UserReference, $Username, $UserID, $this->Form->AuthenticatedPostBack()); $this->SetTabView('Invitations'); $InvitationModel = new InvitationModel(); $this->Form->SetModel($InvitationModel); if ($this->Form->AuthenticatedPostBack()) { // Remove insecure invitation data. $this->Form->RemoveFormValue(array('Name', 'DateExpires', 'RoleIDs')); // Send the invitation if ($this->Form->Save($this->UserModel)) { $this->InformMessage(T('Your invitation has been sent.')); $this->Form->ClearInputs(); } } $Session = Gdn::Session(); $this->InvitationCount = $this->UserModel->GetInvitationCount($Session->UserID); $this->InvitationData = $InvitationModel->GetByUserID($Session->UserID); $this->Render(); }
/** * Edit a user account. * * @since 2.0.0 * @access public * @param int $UserID Unique ID. */ public function Edit($UserID) { $this->Permission('Garden.Users.Edit'); // Page setup $this->AddJsFile('user.js'); $this->Title(T('Edit User')); $this->AddSideMenu('dashboard/user'); // Only admins can reassign roles $RoleModel = new RoleModel(); $AllRoles = $RoleModel->GetArray(); $RoleData = CheckPermission('Garden.Settings.Manage') ? $AllRoles : array(); $UserModel = new UserModel(); $User = $UserModel->GetID($UserID, DATASET_TYPE_ARRAY); // Determine if username can be edited $CanEditUsername = (bool) C("Garden.Profile.EditUsernames") || Gdn::Session()->CheckPermission('Garden.Users.Edit'); $this->SetData('_CanEditUsername', $CanEditUsername); // Determine if emails can be edited $CanEditEmail = Gdn::Session()->CheckPermission('Garden.Users.Edit'); $this->SetData('_CanEditEmail', $CanEditEmail); // Decide if they have ability to confirm users $Confirmed = (bool) GetValueR('Confirmed', $User); $CanConfirmEmail = UserModel::RequireConfirmEmail() && Gdn::Session()->CheckPermission('Garden.Users.Edit'); $this->SetData('_CanConfirmEmail', $CanConfirmEmail); $this->SetData('_EmailConfirmed', $Confirmed); $User['ConfirmEmail'] = (int) $Confirmed; // Determine whether user being edited is privileged (can escalate permissions) $UserModel = new UserModel(); $EditingPrivilegedUser = $UserModel->CheckPermission($User, 'Garden.Settings.Manage'); // Determine our password reset options // Anyone with user editing my force reset over email $this->ResetOptions = array(0 => T('Keep current password.'), 'Auto' => T('Force user to reset their password and send email notification.')); // Only admins may manually reset passwords for other admins if (CheckPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser) { $this->ResetOptions['Manual'] = T('Manually set user password. No email notification.'); } // Set the model on the form. $this->Form->SetModel($UserModel); // Make sure the form knows which item we are editing. $this->Form->AddHidden('UserID', $UserID); try { $AllowEditing = TRUE; $this->EventArguments['AllowEditing'] =& $AllowEditing; $this->EventArguments['TargetUser'] =& $User; // These are all the 'effective' roles for this edit action. This list can // be trimmed down from the real list to allow subsets of roles to be // edited. $this->EventArguments['RoleData'] =& $RoleData; $UserRoleData = $UserModel->GetRoles($UserID)->ResultArray(); $RoleIDs = ConsolidateArrayValuesByKey($UserRoleData, 'RoleID'); $RoleNames = ConsolidateArrayValuesByKey($UserRoleData, 'Name'); $UserRoleData = ArrayCombine($RoleIDs, $RoleNames); $this->EventArguments['UserRoleData'] =& $UserRoleData; $this->FireEvent("BeforeUserEdit"); $this->SetData('AllowEditing', $AllowEditing); $this->Form->SetData($User); if ($this->Form->AuthenticatedPostBack()) { if (!$CanEditUsername) { $this->Form->SetFormValue("Name", $User['Name']); } // Allow mods to confirm/unconfirm emails $this->Form->RemoveFormValue('Confirmed'); $Confirmation = $this->Form->GetFormValue('ConfirmEmail', null); $Confirmation = !is_null($Confirmation) ? (bool) $Confirmation : null; if ($CanConfirmEmail && is_bool($Confirmation)) { $this->Form->SetFormValue('Confirmed', (int) $Confirmation); } $ResetPassword = $this->Form->GetValue('ResetPassword', FALSE); // If we're an admin or this isn't a privileged user, allow manual setting of password $AllowManualReset = CheckPermission('Garden.Settings.Manage') || !$EditingPrivilegedUser; if ($ResetPassword == 'Manual' && $AllowManualReset) { // If a new password was specified, add it to the form's collection $NewPassword = $this->Form->GetValue('NewPassword', ''); $this->Form->SetFormValue('Password', $NewPassword); } // Role changes // These are the new roles the editing user wishes to apply to the target // user, adjusted for his ability to affect those roles $RequestedRoles = $this->Form->GetFormValue('RoleID'); if (!is_array($RequestedRoles)) { $RequestedRoles = array(); } $RequestedRoles = array_flip($RequestedRoles); $UserNewRoles = array_intersect_key($RoleData, $RequestedRoles); // These roles will stay turned on regardless of the form submission contents // because the editing user does not have permission to modify them $ImmutableRoles = array_diff_key($AllRoles, $RoleData); $UserImmutableRoles = array_intersect_key($ImmutableRoles, $UserRoleData); // Apply immutable roles foreach ($UserImmutableRoles as $IMRoleID => $IMRoleName) { $UserNewRoles[$IMRoleID] = $IMRoleName; } // Put the data back into the forum object as if the user had submitted // this themselves $this->Form->SetFormValue('RoleID', array_keys($UserNewRoles)); if ($this->Form->Save(array('SaveRoles' => TRUE)) !== FALSE) { if ($this->Form->GetValue('ResetPassword', '') == 'Auto') { $UserModel->PasswordRequest($User['Email']); $UserModel->SetField($UserID, 'HashMethod', 'Reset'); } $this->InformMessage(T('Your changes have been saved.')); } $UserRoleData = $UserNewRoles; } } catch (Exception $Ex) { $this->Form->AddError($Ex); } $this->SetData('User', $User); $this->SetData('Roles', $RoleData); $this->SetData('UserRoles', $UserRoleData); $this->Render(); }