[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / data / user / UserAction.class.php

<?php
namespace wcf\data\user;
use wcf\data\AbstractDatabaseObjectAction;
use wcf\data\user\group\UserGroup;
use wcf\system\database\util\PreparedStatementConditionBuilder;
use wcf\system\exception\ValidateActionException;
use wcf\system\WCF;

/**
 * Executes user-related actions.
 * 
 * @author	Alexander Ebert
 * @copyright	2001-2011 WoltLab GmbH
 * @license	GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 * @package	com.woltlab.wcf
 * @subpackage	data.user
 * @category 	Community Framework
 */
class UserAction extends AbstractDatabaseObjectAction {
	/**
	 * @see	wcf\data\AbstractDatabaseObjectAction::$className
	 */
	public $className = 'wcf\data\user\UserEditor';
	
	/**
	 * @see	wcf\data\AbstractDatabaseObjectAction::$permissionsCreate
	 */
	protected $permissionsCreate = array('admin.user.canAddUser');
	
	/**
	 * @see	wcf\data\AbstractDatabaseObjectAction::$permissionsDelete
	 */
	protected $permissionsDelete = array('admin.user.canDeleteUser');
	
	/**
	 * @see	wcf\data\AbstractDatabaseObjectAction::$permissionsUpdate
	 */
	protected $permissionsUpdate = array('admin.user.canEditUser');
	
	/**
	 * Validates permissions and parameters.
	 */
	public function validateCreate() {
		if (!isset($this->parameters['data']['password'])) {
			throw new ValidateActionException("Missing parameter 'password'");
		}
	}
	
	/**
	 * Validates permissions and parameters.
	 */
	public function validateDelete() {
		// read and validate user objects
		parent::validateDelete();
		
		$userIDs = array();
		foreach ($this->users as $user) $userIDs[] = $user->userID;
		
		// validate groups
		$conditions = new PreparedStatementConditionBuilder();
		$conditions->add("userID IN (?)", array($userIDs));
		
		$sql = "SELECT	DISTINCT groupID
			FROM	wcf".WCF_N."_user_to_group
			".$conditions;
		$statement = WCF::getDB()->prepareStatement($sql);
		$statement->execute($conditions->getParameters());
		
		$groupIDs = array();
		while ($row = $statement->fetchArray()) {
			$groupIDs[] = $row['groupID'];
		}
		
		if (!UserGroup::isAccessibleGroup($groupIDs)) {
			throw new ValidateActionException('Insufficient permissions');
		}
	}
	
	/**
	 * Validates permissions and parameters.
	 * 
	 * @todo	Handle multiple users?
	 */
	public function validateUpdate() {
		// read and validate user objects
		parent::validateUpdate();
		
		// editing own user
		if (count($this->objectIDs) == 1 && WCF::getUser()->userID == $this->objects[0]->userID) return;
		
		throw new ValidateActionException('Insufficient permissions');
	}
	
	/**
	 * Creates a new user.
	 * 
	 * @return	User
	 */
	public function create() {
		$user = parent::create();
		$userEditor = new UserEditor($user);
		
		// updates user options
		if (isset($this->parameters['options'])) {
			$userEditor->updateUserOptions($this->parameters['options']);
		}
		
		// insert user groups
		$groupIDs = (isset($this->parameters['groups'])) ? $this->parameters['groups'] : array();
		$userEditor->addToGroups($groupIDs, false);
		
		// insert visible languages
		$languageIDs = (isset($this->parameters['languages'])) ? $this->parameters['languages'] : array();
		$userEditor->addToLanguages($languageIDs);
		
		return $user;
	}
}
Commit	Line	Data
11ade432 AE	1	<?php
	2	namespace wcf\data\user;
	3	use wcf\data\AbstractDatabaseObjectAction;
	4	use wcf\data\user\group\UserGroup;
	5	use wcf\system\database\util\PreparedStatementConditionBuilder;
	6	use wcf\system\exception\ValidateActionException;
	7	use wcf\system\WCF;
	8
	9	/**
	10	* Executes user-related actions.
	11	*
	12	* @author Alexander Ebert
	13	* @copyright 2001-2011 WoltLab GmbH
	14	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
	15	* @package com.woltlab.wcf
	16	* @subpackage data.user
	17	* @category Community Framework
	18	*/
	19	class UserAction extends AbstractDatabaseObjectAction {
	20	/**
73df94ae	21	* @see wcf\data\AbstractDatabaseObjectAction::$className
11ade432 AE	22	*/
	23	public $className = 'wcf\data\user\UserEditor';
	24
	25	/**
73df94ae	26	* @see wcf\data\AbstractDatabaseObjectAction::$permissionsCreate
11ade432 AE	27	*/
	28	protected $permissionsCreate = array('admin.user.canAddUser');
	29
	30	/**
73df94ae	31	* @see wcf\data\AbstractDatabaseObjectAction::$permissionsDelete
11ade432 AE	32	*/
	33	protected $permissionsDelete = array('admin.user.canDeleteUser');
	34
	35	/**
73df94ae	36	* @see wcf\data\AbstractDatabaseObjectAction::$permissionsUpdate
11ade432 AE	37	*/
	38	protected $permissionsUpdate = array('admin.user.canEditUser');
	39
	40	/**
	41	* Validates permissions and parameters.
	42	*/
	43	public function validateCreate() {
	44	if (!isset($this->parameters['data']['password'])) {
	45	throw new ValidateActionException("Missing parameter 'password'");
	46	}
	47	}
	48
	49	/**
	50	* Validates permissions and parameters.
	51	*/
	52	public function validateDelete() {
	53	// read and validate user objects
	54	parent::validateDelete();
	55
	56	$userIDs = array();
	57	foreach ($this->users as $user) $userIDs[] = $user->userID;
	58
	59	// validate groups
	60	$conditions = new PreparedStatementConditionBuilder();
	61	$conditions->add("userID IN (?)", array($userIDs));
	62
	63	$sql = "SELECT DISTINCT groupID
	64	FROM wcf".WCF_N."_user_to_group
	65	".$conditions;
	66	$statement = WCF::getDB()->prepareStatement($sql);
	67	$statement->execute($conditions->getParameters());
	68
	69	$groupIDs = array();
	70	while ($row = $statement->fetchArray()) {
	71	$groupIDs[] = $row['groupID'];
	72	}
	73
	74	if (!UserGroup::isAccessibleGroup($groupIDs)) {
	75	throw new ValidateActionException('Insufficient permissions');
	76	}
	77	}
	78
	79	/**
	80	* Validates permissions and parameters.
	81	*
	82	* @todo Handle multiple users?
	83	*/
	84	public function validateUpdate() {
	85	// read and validate user objects
	86	parent::validateUpdate();
	87
	88	// editing own user
	89	if (count($this->objectIDs) == 1 && WCF::getUser()->userID == $this->objects[0]->userID) return;
	90
	91	throw new ValidateActionException('Insufficient permissions');
	92	}
	93
	94	/**
	95	* Creates a new user.
	96	*
	97	* @return User
	98	*/
	99	public function create() {
	100	$user = parent::create();
101	$userEditor = new UserEditor($user);
102
103	// updates user options
104	if (isset($this->parameters['options'])) {
105	$userEditor->updateUserOptions($this->parameters['options']);
106	}
107
108	// insert user groups
109	$groupIDs = (isset($this->parameters['groups'])) ? $this->parameters['groups'] : array();
110	$userEditor->addToGroups($groupIDs, false);
111
112	// insert visible languages
113	$languageIDs = (isset($this->parameters['languages'])) ? $this->parameters['languages'] : array();
114	$userEditor->addToLanguages($languageIDs);
115
116	return $user;
117	}
118	}