Commit | Line | Data |
---|---|---|
11ade432 AE |
1 | <?php |
2 | namespace wcf\data\user; | |
3 | use wcf\data\AbstractDatabaseObjectAction; | |
4 | use wcf\data\user\group\UserGroup; | |
5 | use wcf\system\database\util\PreparedStatementConditionBuilder; | |
6 | use wcf\system\exception\ValidateActionException; | |
7 | use wcf\system\WCF; | |
8 | ||
9 | /** | |
10 | * Executes user-related actions. | |
11 | * | |
12 | * @author Alexander Ebert | |
13 | * @copyright 2001-2011 WoltLab GmbH | |
14 | * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | |
15 | * @package com.woltlab.wcf | |
16 | * @subpackage data.user | |
17 | * @category Community Framework | |
18 | */ | |
19 | class UserAction extends AbstractDatabaseObjectAction { | |
20 | /** | |
73df94ae | 21 | * @see wcf\data\AbstractDatabaseObjectAction::$className |
11ade432 AE |
22 | */ |
23 | public $className = 'wcf\data\user\UserEditor'; | |
24 | ||
25 | /** | |
73df94ae | 26 | * @see wcf\data\AbstractDatabaseObjectAction::$permissionsCreate |
11ade432 AE |
27 | */ |
28 | protected $permissionsCreate = array('admin.user.canAddUser'); | |
29 | ||
30 | /** | |
73df94ae | 31 | * @see wcf\data\AbstractDatabaseObjectAction::$permissionsDelete |
11ade432 AE |
32 | */ |
33 | protected $permissionsDelete = array('admin.user.canDeleteUser'); | |
34 | ||
35 | /** | |
73df94ae | 36 | * @see wcf\data\AbstractDatabaseObjectAction::$permissionsUpdate |
11ade432 AE |
37 | */ |
38 | protected $permissionsUpdate = array('admin.user.canEditUser'); | |
39 | ||
40 | /** | |
41 | * Validates permissions and parameters. | |
42 | */ | |
43 | public function validateCreate() { | |
44 | if (!isset($this->parameters['data']['password'])) { | |
45 | throw new ValidateActionException("Missing parameter 'password'"); | |
46 | } | |
47 | } | |
48 | ||
49 | /** | |
50 | * Validates permissions and parameters. | |
51 | */ | |
52 | public function validateDelete() { | |
53 | // read and validate user objects | |
54 | parent::validateDelete(); | |
55 | ||
56 | $userIDs = array(); | |
57 | foreach ($this->users as $user) $userIDs[] = $user->userID; | |
58 | ||
59 | // validate groups | |
60 | $conditions = new PreparedStatementConditionBuilder(); | |
61 | $conditions->add("userID IN (?)", array($userIDs)); | |
62 | ||
63 | $sql = "SELECT DISTINCT groupID | |
64 | FROM wcf".WCF_N."_user_to_group | |
65 | ".$conditions; | |
66 | $statement = WCF::getDB()->prepareStatement($sql); | |
67 | $statement->execute($conditions->getParameters()); | |
68 | ||
69 | $groupIDs = array(); | |
70 | while ($row = $statement->fetchArray()) { | |
71 | $groupIDs[] = $row['groupID']; | |
72 | } | |
73 | ||
74 | if (!UserGroup::isAccessibleGroup($groupIDs)) { | |
75 | throw new ValidateActionException('Insufficient permissions'); | |
76 | } | |
77 | } | |
78 | ||
79 | /** | |
80 | * Validates permissions and parameters. | |
81 | * | |
82 | * @todo Handle multiple users? | |
83 | */ | |
84 | public function validateUpdate() { | |
85 | // read and validate user objects | |
86 | parent::validateUpdate(); | |
87 | ||
88 | // editing own user | |
89 | if (count($this->objectIDs) == 1 && WCF::getUser()->userID == $this->objects[0]->userID) return; | |
90 | ||
91 | throw new ValidateActionException('Insufficient permissions'); | |
92 | } | |
93 | ||
94 | /** | |
95 | * Creates a new user. | |
96 | * | |
97 | * @return User | |
98 | */ | |
99 | public function create() { | |
100 | $user = parent::create(); | |
101 | $userEditor = new UserEditor($user); | |
102 | ||
103 | // updates user options | |
104 | if (isset($this->parameters['options'])) { | |
105 | $userEditor->updateUserOptions($this->parameters['options']); | |
106 | } | |
107 | ||
108 | // insert user groups | |
2bb10466 | 109 | $addDefaultGroups = (isset($this->parameters['addDefaultGroups'])) ? $this->parameters['addDefaultGroups'] : true; |
11ade432 | 110 | $groupIDs = (isset($this->parameters['groups'])) ? $this->parameters['groups'] : array(); |
2bb10466 | 111 | $userEditor->addToGroups($groupIDs, false, $addDefaultGroups); |
11ade432 AE |
112 | |
113 | // insert visible languages | |
114 | $languageIDs = (isset($this->parameters['languages'])) ? $this->parameters['languages'] : array(); | |
115 | $userEditor->addToLanguages($languageIDs); | |
116 | ||
117 | return $user; | |
118 | } | |
835fa8c2 AE |
119 | |
120 | /** | |
121 | * @see wcf\data\AbstractDatabaseObjectAction::update() | |
122 | */ | |
123 | public function update() { | |
124 | parent::update(); | |
125 | ||
126 | $groupIDs = (isset($this->parameters['groups'])) ? $this->parameters['groups'] : array(); | |
127 | $removeGroups = (isset($this->parameters['removeGroups'])) ? $this->parameters['removeGroups'] : array(); | |
128 | ||
129 | foreach ($this->objects as $userEditor) { | |
130 | if (count($groupIDs)) { | |
02a0f61d | 131 | $userEditor->addToGroups($groupIDs); |
835fa8c2 AE |
132 | } |
133 | ||
134 | if (count($removeGroups)) { | |
135 | $userEditor->removeFromGroups($removeGroups); | |
136 | } | |
137 | } | |
138 | } | |
11ade432 | 139 | } |