coderkun/questlab
1
0
Fork 0
Code Issues 15 Pull requests Projects Releases Wiki Activity

integrate AuthComponent and implement CRUD for users

Browse source
This commit is contained in:
coderkun 2014-01-22 16:31:25 +01:00
commit 011c9d8ed5
18 changed files with 509 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
agents/ToplevelAgent.inc
View file

@ -265,6 +265,7 @@
/**
* Run the Controller of this Agent and its SubAgents.
*
* @throws AccessDeniedException
* @throws IdNotFoundException
* @throws ServiceUnavailableException
* @throws DatamodelException
@ -292,6 +293,7 @@
/**
* Run IntermediateAgent.
*
* @throws AccessDeniedException
* @throws ParamsNotValidException
* @throws IdNotFoundException
* @throws ServiceUnavailableException

65
app/Controller.inc
View file

@ -19,12 +19,30 @@
*/
abstract class Controller extends \nre\core\Controller
{
/**
* Required components
*
* @var array
*/
public $components = array('auth');
/**
* Required models
*
* @var array
*/
public $models = array('users');
/**
* Linker instance
*
* @var Linker
*/
protected $linker = null;
/**
* Data of currently logged in user if any
*
* @var array
*/
protected static $user = null;
@ -58,13 +76,19 @@
{
parent::preFilter($request, $response);
// Check rights
$this->checkPermission();
// Create linker
$this->linker = new \nre\core\Linker($this->request);
// Set userdata
$this->set('loggedUser', static::$user);
}
/**
* Prefilter that is executed after running the Controller.
* Postfilter that is executed after running the Controller.
*
* @param Request $request Current request
* @param Response $response Current response
@ -72,9 +96,44 @@
public function postFilter(\nre\core\Request $request, \nre\core\Response $response)
{
parent::postFilter($request, $response);
}
/**
* Check user permissions.
*
* @throws AccessDeniedException
*/
private function checkPermission()
{
// Determine user
try {
$userId = $this->Auth->getUserId();
if(!is_null($userId)) {
static::$user = $this->Users->getUserById($this->Auth->getUserId());
}
}
catch(\nre\exceptions\IdNotFoundException $e) {
}
// Set title
$this->set('title', $this->request->getParam(1, 'intermediate'));
// Determine permissions
$action = $this->request->getParam(2, 'action');
if(!property_exists($this, 'permissions')) {
return; // Allow if nothing is specified
}
if(!array_key_exists($action, $this->permissions)) {
return; // Allow if Action is not specified
}
$permissions = $this->permissions[$action];
// Check permissions
if(is_null(static::$user)) {
throw new \nre\exceptions\AccessDeniedException();
}
}
}

10
configs/AppConfig.inc
View file

@ -69,9 +69,10 @@
* @var array
*/
public static $routes = array(
array('css/?(.*)', 'css/$1?layout=stylesheet', false),
array('users/(.+)', 'users/user/$1', false),
array('seminaries/(.+)', 'seminaries/seminary/$1', false)
array('css/?(.*)', 'css/$1?layout=stylesheet', false),
array('users/([^/]+)/(edit|delete)', 'users/$2/$1', true),
array('users/(?!(index|login|logout|create|edit|delete))', 'users/user/$1', true),
array('seminaries/(.+)', 'seminaries/seminary/$1', false)
);
@ -82,7 +83,8 @@
* @var array
*/
public static $reverseRoutes = array(
array('users/user/(.*)', 'users/$1', false),
array('users/user/(.*)', 'users/$1', true),
array('users/([^/]+)/(.*)', 'users/$2/$1', true),
array('seminaries/seminary/(.*)', 'seminaries/$1', false)
);

8
controllers/HtmlController.inc
View file

@ -17,7 +17,7 @@
*
* @author Oliver Hanraths <oliver.hanraths@uni-duesseldorf.de>
*/
class HtmlController extends \nre\core\Controller
class HtmlController extends \hhu\z\Controller
{
@ -36,9 +36,6 @@
// Set content-type
$this->response->addHeader("Content-type: text/html; charset=utf-8");
// Start session
session_start();
}
@ -51,6 +48,9 @@
{
// Set the name of the current IntermediateAgent as page title
$this->set('title', $this->request->getParam(1, 'intermediate'));
// Set userdata
$this->set('loggedUser', static::$user);
}
}

9
controllers/SeminariesController.inc
View file

@ -25,6 +25,15 @@
* @var array
*/
public $models = array('seminaries', 'users');
/**
* User permissions
*
* @var array
*/
public $permissions = array(
'index' => array(),
'seminary' => array()
);

160
controllers/UsersController.inc
View file

@ -19,6 +19,19 @@
*/
class UsersController extends \hhu\z\Controller
{
/**
* User permissions
*
* @var array
*/
public $permissions = array(
'index' => array(),
'user' => array(),
'create' => array(),
'edit' => array(),
'delete' => array()
);
@ -56,6 +69,153 @@
}
/**
* Action: login.
*
* Log in a user.
*/
public function login()
{
$username = '';
// Log the user in
if($this->request->getRequestMethod() == 'POST' && !empty($this->request->getPostParam('login')))
{
$username = $this->request->getPostParam('username');
$userId = $this->Users->login(
$username,
$this->request->getPostParam('password')
);
if(!is_null($userId))
{
$this->Auth->setUserId($userId);
$user = $this->Users->getUserById($userId);
$this->redirect($this->linker->link(array($user['url']), 1));
}
}
// Pass data to view
$this->set('username', $username);
$this->set('failed', ($this->request->getRequestMethod() == 'POST'));
}
/**
* Action: logout.
*
* Log out a user.
*/
public function logout()
{
// Unset the currently logged in user
$this->Auth->setUserId(null);
// Redirect
$this->redirect($this->linker->link(array()));
}
/**
* Action: create.
*
* Create a new user.
*/
public function create()
{
if($this->request->getRequestMethod() == 'POST' && !is_null($this->request->getPostParam('create')))
{
// Create new user
$userId = $this->Users->createUser(
$this->request->getPostParam('username'),
$this->request->getPostParam('email'),
$this->request->getPostParam('password')
);
// Redirect to user
$user = $this->Users->getUserById($userId);
$this->redirect($this->linker->link(array($user['url']), 1));
}
}
/**
* Action: edit.
*
* Edit a user.
*
* @throws IdNotFoundException
* @param string $userUrl URL-Username of an user
*/
public function edit($userUrl)
{
// User
$user = $this->Users->getUserByUrl($userUrl);
// Check request method
if($this->request->getRequestMethod() == 'POST')
{
// Save changes
if(!empty($this->request->getPostParam('save')))
{
// Edit user
$this->Users->editUser(
$user['id'],
$this->request->getPostParam('username'),
$this->request->getPostParam('email'),
$this->request->getPostParam('password')
);
}
// Redirect to user
$this->redirect($this->linker->link(array($user['url']), 1));
}
// Pass data to view
$this->set('user', $user);
}
/**
* Action: delete.
*
* Delete a user.
*
* @throws IdNotFoundException
* @param string $userUrl URL-Username of an user
*/
public function delete($userUrl)
{
// User
$user = $this->Users->getUserByUrl($userUrl);
// Check request method
if($this->request->getRequestMethod() == 'POST')
{
// Check confirmation
if($this->request->getPostParam('delete') == 'delete')
{
// Delete user
$this->Users->deleteUser($user['id']);
// Redirect to overview
$this->redirect($this->linker->link(null, 1));
}
// Redirect to entry
$this->redirect($this->linker->link(array('user', $user['url']), 1));
}
// Show confirmation
$this->set('user', $user);
}
}
?>

BIN
locale/de_DE/LC_MESSAGES/The Legend of Z.mo
View file

Binary file not shown.

75
locale/de_DE/LC_MESSAGES/The Legend of Z.po
View file

@ -1,8 +1,8 @@
msgid ""
msgstr ""
"Project-Id-Version: The Legend of Z\n"
"POT-Creation-Date: 2014-01-19 22:56+0100\n"
"PO-Revision-Date: 2014-01-19 22:58+0100\n"
"POT-Creation-Date: 2014-01-22 16:28+0100\n"
"PO-Revision-Date: 2014-01-22 16:29+0100\n"
"Last-Translator: \n"
"Language-Team: \n"
"Language: de_DE\n"
@ -15,8 +15,10 @@ msgstr ""
"X-Poedit-SourceCharset: UTF-8\n"
"X-Poedit-SearchPath-0: ../../../views\n"
#: ../../../views/html/menu/index.tpl:2 ../../../views/html/users/user.tpl:1
#: ../../../views/html/users/index.tpl:1
#: ../../../views/html/menu/index.tpl:2 ../../../views/html/users/login.tpl:1
#: ../../../views/html/users/user.tpl:1 ../../../views/html/users/index.tpl:1
#: ../../../views/html/users/edit.tpl:1 ../../../views/html/users/delete.tpl:1
#: ../../../views/html/users/create.tpl:1
msgid "Users"
msgstr "Benutzer"
@ -26,10 +28,73 @@ msgstr "Benutzer"
msgid "Seminaries"
msgstr "Kurse"
#: ../../../views/html/users/user.tpl:4 ../../../views/html/users/index.tpl:7
#: ../../../views/html/menu/index.tpl:5 ../../../views/html/users/login.tpl:2
#: ../../../views/html/users/login.tpl:11
msgid "Login"
msgstr "Login"
#: ../../../views/html/menu/index.tpl:7
msgid "Logout"
msgstr "Logout"
#: ../../../views/html/users/login.tpl:6 ../../../views/html/users/login.tpl:7
#: ../../../views/html/users/edit.tpl:6 ../../../views/html/users/edit.tpl:7
#: ../../../views/html/users/create.tpl:6
#: ../../../views/html/users/create.tpl:7
msgid "Username"
msgstr "Benutzername"
#: ../../../views/html/users/login.tpl:8 ../../../views/html/users/login.tpl:9
#: ../../../views/html/users/edit.tpl:10 ../../../views/html/users/edit.tpl:11
#: ../../../views/html/users/create.tpl:10
#: ../../../views/html/users/create.tpl:11
msgid "Password"
msgstr "Passwort"
#: ../../../views/html/users/user.tpl:4 ../../../views/html/users/delete.tpl:2
msgid "Delete user"
msgstr "Benutzer löschen"
#: ../../../views/html/users/user.tpl:7 ../../../views/html/users/index.tpl:10
msgid "registered on"
msgstr "registriert seit"
#: ../../../views/html/users/index.tpl:3
msgid "Create new user"
msgstr "Neuen Benutzer erstellen"
#: ../../../views/html/users/edit.tpl:2
msgid "Edit user"
msgstr "Benutzer bearbeiten"
#: ../../../views/html/users/edit.tpl:8 ../../../views/html/users/edit.tpl:9
#: ../../../views/html/users/create.tpl:8
#: ../../../views/html/users/create.tpl:9
msgid "EMail-Address"
msgstr "EMail-Adresse"
#: ../../../views/html/users/edit.tpl:13
#: ../../../views/html/users/create.tpl:13
msgid "create"
msgstr "erstellen"
#: ../../../views/html/users/delete.tpl:4
#, php-format
msgid "Should the user “%s” (%s) really be deleted?"
msgstr "Soll der Benutzer „%s“ (%s) wirklich gelöscht werden?"
#: ../../../views/html/users/delete.tpl:6
msgid "delete"
msgstr "löschen"
#: ../../../views/html/users/delete.tpl:7
msgid "cancel"
msgstr "abbrechen"
#: ../../../views/html/users/create.tpl:2
msgid "New user"
msgstr "Neuer Benutzer"
#: ../../../views/html/error/index.tpl:1
msgid "Error"
msgstr "Fehler"

132
models/UsersModel.inc
View file

@ -100,6 +100,138 @@
return $user[0];
}
/**
* Log a user in if its credentials are valid.
*
* @throws DatamodelException
* @param string $username The name of the user to log in
* @param string $password Plaintext password of the user to log in
*/
public function login($username, $password)
{
$data = $this->db->query('SELECT id, password FROM users WHERE username = ?', 's', $username);
if(!empty($data))
{
$data = $data[0];
if($this->verify($password, $data['password'])) {
return $data['id'];
}
}
return null;
}
/**
* Create a new user.
*
* @param string $username Username of the user to create
* @param string $email EMail-Address of the user to create
* @param string $password Password of the user to create
* @return int ID of the newly created user
*/
public function createUser($username, $email, $password)
{
$this->db->query(
'INSERT INTO users '.
'(username, url, email, password) '.
'VALUES '.
'(?, ?, ?, ?)',
'ssss',
$username,
\nre\core\Linker::createLinkParam($username),
$email,
$this->hash($password)
);
return $this->db->getInsertId();
}
/**
* Edit a user.
*
* @throws DatamodelException
* @param string $username New name of user
* @param string $email Changed email-address of user
* @param string $password Changed plaintext password of user
*/
public function editUser($userId, $username, $email, $password)
{
try {
// Update user data
$this->db->query(
'UPDATE users '.
'SET username = ?, email = ? '.
'WHERE id = ?',
'ssi',
$sername, $email,
$userId
);
// Set new password
if(!empty($password))
{
$this->db->query(
'UPDATE users '.
'SET password = ? '.
'WHERE id = ?',
'si',
$this->hash($password),
$userId
);
}
}
catch(Exception $e) {
$this->db->rollback();
throw $e;
}
finally {
$this->db->setAutocommit(true);
}
}
/**
* Delete a user.
*
* @param int $userId ID of the user to delete
*/
public function deleteUser($userId)
{
$this->db->query('DELETE FROM users WHERE id = ?', 'i', $userId);
}
/**
* Hash a password.
*
* @param string $password Plaintext password
* @return string Hashed password
*/
private function hash($password)
{
return password_hash($password, PASSWORD_DEFAULT);
}
/**
* Verify a password.
*
* @param string $password Plaintext password to verify
* @param string $hash Hashed password to match with
* @return boolean Verified
*/
private function verify($password, $hash)
{
return password_verify($password, $hash);
}
}
?>

5
views/html/html.tpl
View file

@ -14,6 +14,11 @@
<nav>
<?=$menu?>
</nav>
<?php if(!is_null($loggedUser)) : ?>
<div id="user">
<a href="<?=$linker->link(array('users',$loggedUser['url']))?>"><?=$loggedUser['username']?></a>
</div>
<?php endif ?>
</header>
<article>
<?=$intermediate?>

5
views/html/menu/index.tpl
View file

@ -1,4 +1,9 @@
<menu>
<li><a href="<?=$linker->link("users")?>"><?=_('Users')?></a></li>
<li><a href="<?=$linker->link("seminaries")?>"><?=_('Seminaries')?></a></li>
<?php if(is_null($loggedUser)) : ?>
<li><a href="<?=$linker->link(array('users','login'))?>"><?=_('Login')?></a></li>
<?php else : ?>
<li><a href="<?=$linker->link(array('users','logout'))?>"><?=_('Logout')?></a></li>
<?php endif ?>
</menu>

14
views/html/users/create.tpl Normal file
View file

@ -0,0 +1,14 @@
<h1><?=_('Users')?></h1>
<h2><?=_('New user')?></h2>
<form method="post" action="<?=$linker->link('create', 1)?>">
<filedset>
<label for="username"><?=_('Username')?>:</label>
<input type="text" name="username" placeholder="<?=_('Username')?>" /><br />
<label for="email"><?=_('EMail-Address')?>:</label>
<input type="email" name="email" placeholder="<?=_('EMail-Address')?>" /><br />
<label for="password"><?=_('Password')?>:</label>
<input type="password" name="password" placeholder="<?=_('Password')?>" /><br />
</fieldset>
<input type="submit" name="create" value="<?=_('create')?>" />
</form>

8
views/html/users/delete.tpl Normal file
View file

@ -0,0 +1,8 @@
<h1><?=_('Users')?></h1>
<h2><?=_('Delete user')?></h2>
<?=sprintf(_('Should the user “%s” (%s) really be deleted?'), $user['username'], $user['email'])?>
<form method="post">
<input type="submit" name="delete" value="<?=_('delete')?>" />
<input type="submit" name="not-delete" value="<?=_('cancel')?>" />
</form>

14
views/html/users/edit.tpl Normal file
View file

@ -0,0 +1,14 @@
<h1><?=_('Users')?></h1>
<h2><?=_('Edit user')?></h2>
<form method="post" action="<?=$linker->link('edit', 1)?>">
<filedset>
<label for="username"><?=_('Username')?>:</label>
<input type="text" name="username" placeholder="<?=_('Username')?>" value="<?=$user['username']?>" /><br />
<label for="email"><?=_('EMail-Address')?>:</label>
<input type="email" name="email" placeholder="<?=_('EMail-Address')?>" value="<?=$user['email']?>" /><br />
<label for="password"><?=_('Password')?>:</label>
<input type="password" name="password" placeholder="<?=_('Password')?>" /><br />
</fieldset>
<input type="submit" name="create" value="<?=_('create')?>" />
</form>

3
views/html/users/index.tpl
View file

@ -1,4 +1,7 @@
<h1><?=_('Users')?></h1>
<nav>
<li><a href="<?=$linker->link('create', 1)?>"><?=_('Create new user')?></a></li>
</nav>
<ul>
<?php foreach($users as &$user) : ?>
<li>

12
views/html/users/login.tpl Normal file
View file

@ -0,0 +1,12 @@
<h1><?=_('Users')?></h1>
<h2><?=_('Login')?></h2>
<form method="post" action="<?=$linker->link(array(), 2)?>">
<fieldset>
<label for="username"><?=_('Username')?></label>
<input name="username" type="text" placeholder="<?=_('Username')?>" value="<?=$username?>" /><br />
<label for="password"><?=_('Password')?></label>
<input name="password" type="password" placeholder="<?=_('Password')?>" /><br />
</fieldset>
<input type="submit" name="login" value="<?=_('Login')?>" />
</form>

0
controllers/components/empty → views/html/users/logout.tpl
View file

3
views/html/users/user.tpl
View file

@ -1,5 +1,8 @@
<h1><?=_('Users')?></h1>
<h2><?=$user['username']?></h2>
<nav>
<li><a href="<?=$linker->link('delete', 3)?>"><?=_('Delete user')?></a></li>
</nav>
<p>
<?=_('registered on')?> <?=date(\hhu\z\Utils::DATEFORMAT, strtotime($user['created']))?>
</p>