82df35a59b
This is a major change for the next release of Miniflux. - There is now only one database that can supports multiple users - There is no automated schema migration for this release - A migration procedure is available in the ChangeLog file
134 lines
4.2 KiB
PHP
134 lines
4.2 KiB
PHP
<?php
|
|
|
|
namespace Miniflux\Controller;
|
|
|
|
use Miniflux\Model;
|
|
use Miniflux\Router;
|
|
use Miniflux\Response;
|
|
use Miniflux\Request;
|
|
use Miniflux\Session\SessionStorage;
|
|
use Miniflux\Template;
|
|
use Miniflux\Helper;
|
|
use Miniflux\Validator;
|
|
|
|
Router\get_action('users', function () {
|
|
if (! SessionStorage::getInstance()->isAdmin()) {
|
|
Response\text('Access Forbidden', 403);
|
|
}
|
|
|
|
Response\html(Template\layout('users', array(
|
|
'users' => Model\User\get_all_users(),
|
|
'menu' => 'config',
|
|
'title' => t('Users'),
|
|
)));
|
|
});
|
|
|
|
Router\get_action('new-user', function () {
|
|
if (! SessionStorage::getInstance()->isAdmin()) {
|
|
Response\text('Access Forbidden', 403);
|
|
}
|
|
|
|
Response\html(Template\layout('new_user', array(
|
|
'values' => array('csrf' => Helper\generate_csrf()),
|
|
'errors' => array(),
|
|
'menu' => 'config',
|
|
'title' => t('New User'),
|
|
)));
|
|
});
|
|
|
|
Router\post_action('new-user', function () {
|
|
if (! SessionStorage::getInstance()->isAdmin()) {
|
|
Response\text('Access Forbidden', 403);
|
|
}
|
|
|
|
$values = Request\values() + array('is_admin' => 0);
|
|
Helper\check_csrf_values($values);
|
|
list($valid, $errors) = Validator\User\validate_creation($values);
|
|
|
|
if ($valid) {
|
|
if (Model\User\create_user($values['username'], $values['password'], (bool) $values['is_admin'])) {
|
|
SessionStorage::getInstance()->setFlashMessage(t('New user created successfully.'));
|
|
} else {
|
|
SessionStorage::getInstance()->setFlashErrorMessage(t('Unable to create this user.'));
|
|
}
|
|
|
|
Response\redirect('?action=users');
|
|
}
|
|
|
|
Response\html(Template\layout('new_user', array(
|
|
'values' => $values + array('csrf' => Helper\generate_csrf()),
|
|
'errors' => $errors,
|
|
'menu' => 'config',
|
|
'title' => t('New User'),
|
|
)));
|
|
});
|
|
|
|
Router\get_action('edit-user', function () {
|
|
if (! SessionStorage::getInstance()->isAdmin()) {
|
|
Response\text('Access Forbidden', 403);
|
|
}
|
|
|
|
$user = Model\User\get_user_by_id_without_password(Request\int_param('user_id'));
|
|
|
|
if (empty($user)) {
|
|
Response\redirect('?action=users');
|
|
}
|
|
|
|
Response\html(Template\layout('edit_user', array(
|
|
'values' => $user + array('csrf' => Helper\generate_csrf()),
|
|
'errors' => array(),
|
|
'menu' => 'config',
|
|
'title' => t('Edit User'),
|
|
)));
|
|
});
|
|
|
|
Router\post_action('edit-user', function () {
|
|
if (! SessionStorage::getInstance()->isAdmin()) {
|
|
Response\text('Access Forbidden', 403);
|
|
}
|
|
|
|
$values = Request\values() + array('is_admin' => 0);
|
|
Helper\check_csrf_values($values);
|
|
list($valid, $errors) = Validator\User\validate_modification($values);
|
|
|
|
if ($valid) {
|
|
$new_password = empty($values['password']) ? null : $values['password'];
|
|
$is_admin = $values['is_admin'] == 1 ? 1 : 0;
|
|
if (Model\User\update_user($values['id'], $values['username'], $new_password, $is_admin)) {
|
|
SessionStorage::getInstance()->setFlashMessage(t('User modified successfully.'));
|
|
} else {
|
|
SessionStorage::getInstance()->setFlashErrorMessage(t('Unable to edit this user.'));
|
|
}
|
|
|
|
Response\redirect('?action=users');
|
|
}
|
|
|
|
Response\html(Template\layout('edit_user', array(
|
|
'values' => $values + array('csrf' => Helper\generate_csrf()),
|
|
'errors' => $errors,
|
|
'menu' => 'config',
|
|
'title' => t('Edit User'),
|
|
)));
|
|
});
|
|
|
|
Router\get_action('confirm-remove-user', function () {
|
|
if (! SessionStorage::getInstance()->isAdmin()) {
|
|
Response\text('Access Forbidden', 403);
|
|
}
|
|
|
|
Response\html(Template\layout('confirm_remove_user', array(
|
|
'user' => Model\User\get_user_by_id_without_password(Request\int_param('user_id')),
|
|
'csrf_token' => Helper\generate_csrf(),
|
|
'menu' => 'config',
|
|
'title' => t('Remove User'),
|
|
)));
|
|
});
|
|
|
|
Router\get_action('remove-user', function () {
|
|
if (! SessionStorage::getInstance()->isAdmin() || ! Helper\check_csrf(Request\param('csrf'))) {
|
|
Response\text('Access Forbidden', 403);
|
|
}
|
|
|
|
Model\User\remove_user(Request\int_param('user_id'));
|
|
Response\redirect('?action=users');
|
|
}); |