ORIENT/modules/backend/controllers/Users.php

<?php namespace Backend\Controllers;

use Backend;
use BackendMenu;
use BackendAuth;
use Backend\Models\UserGroup;
use Backend\Classes\Controller;
use System\Classes\SettingsManager;

/**
 * Backend user controller
 *
 * @package october\backend
 * @author Alexey Bobkov, Samuel Georges
 *
 */
class Users extends Controller
{
    public $implement = [
        'Backend.Behaviors.FormController',
        'Backend.Behaviors.ListController'
    ];

    public $formConfig = 'config_form.yaml';
    public $listConfig = 'config_list.yaml';

    public $requiredPermissions = ['backend.manage_users'];

    public $bodyClass = 'compact-container';

    public function __construct()
    {
        parent::__construct();

        if ($this->action == 'myaccount') {
            $this->requiredPermissions = null;
        }

        BackendMenu::setContext('October.System', 'system', 'users');
        SettingsManager::setContext('October.System', 'administrators');
    }

    /**
     * Update controller
     */
    public function update($recordId, $context = null)
    {
        // Users cannot edit themselves, only use My Settings
        if ($context != 'myaccount' && $recordId == $this->user->id) {
            return Backend::redirect('backend/users/myaccount');
        }

        return $this->asExtension('FormController')->update($recordId, $context);
    }

    /**
     * My Settings controller
     */
    public function myaccount()
    {
        SettingsManager::setContext('October.Backend', 'myaccount');

        $this->pageTitle = 'backend::lang.myaccount.menu_label';
        return $this->update($this->user->id, 'myaccount');
    }

    /**
     * Proxy update onSave event
     */
    public function myaccount_onSave()
    {
        $result = $this->asExtension('FormController')->update_onSave($this->user->id, 'myaccount');

        /*
         * If the password or login name has been updated, reauthenticate the user
         */
        $loginChanged = $this->user->login != post('User[login]');
        $passwordChanged = strlen(post('User[password]'));
        if ($loginChanged || $passwordChanged) {
            BackendAuth::login($this->user->reload(), true);
        }

        return $result;
    }

    /**
     * Add available permission fields to the User form.
     * Mark default groups as checked for new Users.
     */
    public function formExtendFields($form)
    {
        if ($form->getContext() == 'myaccount') {
            return;
        }

        if (!$this->user->isSuperUser()) {
            $form->removeField('is_superuser');
            $form->removeField('role');
        }

        /*
         * Add permissions tab
         */
        $form->addTabFields($this->generatePermissionsField());

        /*
         * Mark default groups
         */
        if (!$form->model->exists) {
            $defaultGroupIds = UserGroup::where('is_new_user_default', true)->lists('id');

            $groupField = $form->getField('groups');
            $groupField->value = $defaultGroupIds;
        }
    }

    /**
     * Adds the permissions editor widget to the form.
     * @return array
     */
    protected function generatePermissionsField()
    {
        return [
            'permissions' => [
                'tab' => 'backend::lang.user.permissions',
                'type' => 'Backend\FormWidgets\PermissionEditor',
                'trigger' => [
                    'action' => 'disable',
                    'field' => 'is_superuser',
                    'condition' => 'checked'
                ]
            ]
        ];
    }
}
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`<?php namespace Backend\Controllers;`

			`use Backend;`
			`use BackendMenu;`
			`use BackendAuth;`
Back-end user groups can now be marked to add new administrators by default Streamline naming of backend user groups Add description field to backend user group table 2014-12-16 01:39:38 +00:00			`use Backend\Models\UserGroup;`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`use Backend\Classes\Controller;`
System page navigation improvements, not finished 2014-07-24 04:19:00 +00:00			`use System\Classes\SettingsManager;`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00
			`/**`
			`* Backend user controller`
			`*`
			`* @package october\backend`
			`* @author Alexey Bobkov, Samuel Georges`
			`*`
			`*/`
			`class Users extends Controller`
			`{`
			`public $implement = [`
			`'Backend.Behaviors.FormController',`
			`'Backend.Behaviors.ListController'`
			`];`

			`public $formConfig = 'config_form.yaml';`
			`public $listConfig = 'config_list.yaml';`

			`public $requiredPermissions = ['backend.manage_users'];`

			`public $bodyClass = 'compact-container';`

			`public function __construct()`
			`{`
			`parent::__construct();`

Updating backend/controllers 2014-10-10 21:26:57 +00:00			`if ($this->action == 'myaccount') {`
Ref #306 - mysettings should be unrestricted by permissions 2014-06-16 11:12:50 +00:00			`$this->requiredPermissions = null;`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`}`
Ref #306 - mysettings should be unrestricted by permissions 2014-06-16 11:12:50 +00:00
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`BackendMenu::setContext('October.System', 'system', 'users');`
Updated the settings pages UX 2014-07-27 04:07:22 +00:00			`SettingsManager::setContext('October.System', 'administrators');`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`}`

			`/**`
			`* Update controller`
			`*/`
			`public function update($recordId, $context = null)`
			`{`
			`// Users cannot edit themselves, only use My Settings`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`if ($context != 'myaccount' && $recordId == $this->user->id) {`
Popup control now supports several sizes via `data-size` attribute: giant, huge, large, small, tiny. Fixes various bugs in RC version 2015-02-11 07:35:39 +00:00			`return Backend::redirect('backend/users/myaccount');`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`}`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00
getClassExtension -> asExtension (shorter syntax) 2014-08-22 23:41:48 +00:00			`return $this->asExtension('FormController')->update($recordId, $context);`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`}`

			`/**`
			`* My Settings controller`
			`*/`
EditorSettings -> EditorPreferences (System has settings, User has preferences, App has configuration) Create a My Settings page, now linked when clicking a User Create backend preferences form for setting locale Dropdown options now support an image or icon in their options 2014-07-01 07:17:53 +00:00			`public function myaccount()`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`{`
System page navigation improvements, not finished 2014-07-24 04:19:00 +00:00			`SettingsManager::setContext('October.Backend', 'myaccount');`

BackendSettings -> BrandSettings pageTitle is now translated at the end of the line Fixed unit tests so they pass SettingsModels are now cached 2014-10-15 08:53:44 +00:00			`$this->pageTitle = 'backend::lang.myaccount.menu_label';`
EditorSettings -> EditorPreferences (System has settings, User has preferences, App has configuration) Create a My Settings page, now linked when clicking a User Create backend preferences form for setting locale Dropdown options now support an image or icon in their options 2014-07-01 07:17:53 +00:00			`return $this->update($this->user->id, 'myaccount');`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`}`

			`/**`
			`* Proxy update onSave event`
			`*/`
EditorSettings -> EditorPreferences (System has settings, User has preferences, App has configuration) Create a My Settings page, now linked when clicking a User Create backend preferences form for setting locale Dropdown options now support an image or icon in their options 2014-07-01 07:17:53 +00:00			`public function myaccount_onSave()`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`{`
getClassExtension -> asExtension (shorter syntax) 2014-08-22 23:41:48 +00:00			`$result = $this->asExtension('FormController')->update_onSave($this->user->id, 'myaccount');`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00
			`/*`
			`* If the password or login name has been updated, reauthenticate the user`
			`*/`
			`$loginChanged = $this->user->login != post('User[login]');`
			`$passwordChanged = strlen(post('User[password]'));`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`if ($loginChanged \|\| $passwordChanged) {`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`BackendAuth::login($this->user->reload(), true);`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`}`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00
			`return $result;`
			`}`

			`/**`
			`* Add available permission fields to the User form.`
Back-end user groups can now be marked to add new administrators by default Streamline naming of backend user groups Add description field to backend user group table 2014-12-16 01:39:38 +00:00			`* Mark default groups as checked for new Users.`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`*/`
Fix protection level on formExtendFields Improve styling on collapsible sections 2015-09-10 10:42:24 +00:00			`public function formExtendFields($form)`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`{`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`if ($form->getContext() == 'myaccount') {`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`return;`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`}`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00
Remove superuser field for non-superusers If an admin user has permission to manage other users, they are able to set others as superuser, or even create their own superuser account. That's not really what we want. 2015-09-24 11:04:26 +00:00			`if (!$this->user->isSuperUser()) {`
Move the superuser flag out of permissions array - fixes #1503 2015-11-27 23:21:41 +00:00			`$form->removeField('is_superuser');`
Introduce concept of system roles These are roles defined by a special API code, once a system role code is detected, the role becomes locked and its permissions are sourced from the AuthManager. All permissions are granted to system roles by default, unless otherwise specified. This should make it easier to create client accounts as "Publishers", hiding developer tools like the CMS and Builder plugins by default. 2017-07-13 09:29:50 +00:00			`$form->removeField('role');`
Remove superuser field for non-superusers If an admin user has permission to manage other users, they are able to set others as superuser, or even create their own superuser account. That's not really what we want. 2015-09-24 11:04:26 +00:00			`}`

Restyle Administrator pages 2015-05-21 12:54:44 +00:00			`/*`
			`* Add permissions tab`
			`*/`
UI updates 2016-02-20 06:12:41 +00:00			`$form->addTabFields($this->generatePermissionsField());`
Back-end user groups can now be marked to add new administrators by default Streamline naming of backend user groups Add description field to backend user group table 2014-12-16 01:39:38 +00:00
			`/*`
			`* Mark default groups`
			`*/`
			`if (!$form->model->exists) {`
			`$defaultGroupIds = UserGroup::where('is_new_user_default', true)->lists('id');`

			`$groupField = $form->getField('groups');`
			`$groupField->value = $defaultGroupIds;`
			`}`
Welcome to the world, October :-) 2014-05-14 13:24:20 +00:00			`}`
Restyle Administrator pages 2015-05-21 12:54:44 +00:00
			`/**`
UI updates 2016-02-20 06:12:41 +00:00			`* Adds the permissions editor widget to the form.`
Restyle Administrator pages 2015-05-21 12:54:44 +00:00			`* @return array`
			`*/`
UI updates 2016-02-20 06:12:41 +00:00			`protected function generatePermissionsField()`
Restyle Administrator pages 2015-05-21 12:54:44 +00:00			`{`
UI updates 2016-02-20 06:12:41 +00:00			`return [`
			`'permissions' => [`
Restyle Administrator pages 2015-05-21 12:54:44 +00:00			`'tab' => 'backend::lang.user.permissions',`
UI updates 2016-02-20 06:12:41 +00:00			`'type' => 'Backend\FormWidgets\PermissionEditor',`
			`'trigger' => [`
			`'action' => 'disable',`
			`'field' => 'is_superuser',`
			`'condition' => 'checked'`
			`]`
			`]`
			`];`
Restyle Administrator pages 2015-05-21 12:54:44 +00:00			`}`
Updating backend/controllers 2014-10-10 21:26:57 +00:00			`}`