Added account removal
This commit is contained in:
Marcin Kurczewski
parent
eadd649ad0
commit
4c0a408152
9 changed files with 98 additions and 22 deletions
|
|
@ -9,10 +9,10 @@ minPasswordLength = 5
|
||||||
|
|
||||||
[security.privileges]
|
[security.privileges]
|
||||||
anonymous = register, viewUser
|
anonymous = register, viewUser
|
||||||
regularUser = listUsers, viewUser
|
regularUser = listUsers, viewUser, deleteOwnAccount
|
||||||
powerUser = listUsers, viewUser
|
powerUser = listUsers, viewUser, deleteOwnAccount
|
||||||
moderator = listUsers, viewUser
|
moderator = listUsers, viewUser, deleteOwnAccount
|
||||||
administrator = listUsers, viewUser
|
administrator = listUsers, viewUser, deleteOwnAccount, deleteUsers
|
||||||
|
|
||||||
[users]
|
[users]
|
||||||
minUserNameLength = 1
|
minUserNameLength = 1
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ App.Presenters.UserPresenter = function(
|
||||||
var $messages = $el;
|
var $messages = $el;
|
||||||
var template;
|
var template;
|
||||||
var accountSettingsTemplate;
|
var accountSettingsTemplate;
|
||||||
|
var accountRemovalTemplate;
|
||||||
var browsingSettingsTemplate;
|
var browsingSettingsTemplate;
|
||||||
var user;
|
var user;
|
||||||
var userName;
|
var userName;
|
||||||
|
|
@ -25,11 +26,18 @@ App.Presenters.UserPresenter = function(
|
||||||
promise.waitAll(
|
promise.waitAll(
|
||||||
util.promiseTemplate('user'),
|
util.promiseTemplate('user'),
|
||||||
util.promiseTemplate('account-settings'),
|
util.promiseTemplate('account-settings'),
|
||||||
|
util.promiseTemplate('account-removal'),
|
||||||
util.promiseTemplate('browsing-settings'),
|
util.promiseTemplate('browsing-settings'),
|
||||||
api.get('/users/' + userName))
|
api.get('/users/' + userName))
|
||||||
.then(function(userHtml, accountSettingsHtml, browsingSettingsHtml, response) {
|
.then(function(
|
||||||
|
userHtml,
|
||||||
|
accountSettingsHtml,
|
||||||
|
accountRemovalHtml,
|
||||||
|
browsingSettingsHtml,
|
||||||
|
response) {
|
||||||
template = _.template(userHtml);
|
template = _.template(userHtml);
|
||||||
accountSettingsTemplate = _.template(accountSettingsHtml);
|
accountSettingsTemplate = _.template(accountSettingsHtml);
|
||||||
|
accountRemovalTemplate = _.template(accountRemovalHtml);
|
||||||
browsingSettingsTemplate = _.template(browsingSettingsHtml);
|
browsingSettingsTemplate = _.template(browsingSettingsHtml);
|
||||||
|
|
||||||
user = response.json;
|
user = response.json;
|
||||||
|
|
@ -41,12 +49,37 @@ App.Presenters.UserPresenter = function(
|
||||||
}
|
}
|
||||||
|
|
||||||
function render() {
|
function render() {
|
||||||
$el.html(template({user: user}));
|
var context = {
|
||||||
$el.find('.browsing-settings').html(browsingSettingsTemplate({user: user}));
|
user: user,
|
||||||
$el.find('.account-settings').html(accountSettingsTemplate({user: user}));
|
canDeleteAccount: auth.hasPrivilege('deleteAccounts') ||
|
||||||
|
(auth.hasPrivilege('deleteOwnAccount') && auth.getCurrentUser().name == userName),
|
||||||
|
};
|
||||||
|
$el.html(template(context));
|
||||||
|
$el.find('.browsing-settings').html(browsingSettingsTemplate(context));
|
||||||
|
$el.find('.account-settings').html(accountSettingsTemplate(context));
|
||||||
|
$el.find('.account-removal').html(accountRemovalTemplate(context));
|
||||||
|
$el.find('.account-removal form').submit(accountRemovalFormSubmitted);
|
||||||
$messages = $el.find('.messages');
|
$messages = $el.find('.messages');
|
||||||
};
|
};
|
||||||
|
|
||||||
|
function accountRemovalFormSubmitted(e) {
|
||||||
|
e.preventDefault();
|
||||||
|
$messages = $el.find('.account-removal .messages');
|
||||||
|
messagePresenter.hideMessages($messages);
|
||||||
|
if (!$el.find('.account-removal input[name=confirmation]:visible').prop('checked')) {
|
||||||
|
messagePresenter.showError($messages, 'Must confirm to proceed.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
api.delete('/users/' + user.name)
|
||||||
|
.then(function() {
|
||||||
|
auth.logout();
|
||||||
|
var $messageDiv = messagePresenter.showInfo($messages, 'Account deleted. <a href="">Back to main page</a>');
|
||||||
|
$messageDiv.find('a').click(mainPageLinkClicked);
|
||||||
|
}).fail(function(response) {
|
||||||
|
messagePresenter.showError($messages, response.json && response.json.error || response);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
init: init,
|
init: init,
|
||||||
render: render
|
render: render
|
||||||
|
|
|
||||||
21
public_html/templates/account-removal.tpl
Normal file
21
public_html/templates/account-removal.tpl
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
<form class="account-settings">
|
||||||
|
<div class="messages"></div>
|
||||||
|
|
||||||
|
<div class="form-row">
|
||||||
|
<label class="form-label" for="account-removal-confirmation">Confirmation:</label>
|
||||||
|
<div class="form-input">
|
||||||
|
<input type="hidden" name="confirmation" value="0"/>
|
||||||
|
<label for="account-removal-confirmation">
|
||||||
|
<input type="checkbox" id="account-removal-confirmation" name="confirmation" value="1"/>
|
||||||
|
I confirm that I want to delete this account.
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="form-row">
|
||||||
|
<label class="form-label"></label>
|
||||||
|
<div class="form-input">
|
||||||
|
<button class="submit" type="submit">Delete account</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</form>
|
||||||
|
|
@ -16,7 +16,7 @@
|
||||||
|
|
||||||
<% _.each(userList, function(user) { %>
|
<% _.each(userList, function(user) { %>
|
||||||
<div class="user">
|
<div class="user">
|
||||||
User name: <%= user.name %>
|
User name: <a href="#/user/<%= user.name %>"><%= user.name %></a>
|
||||||
</div>
|
</div>
|
||||||
<% }); %>
|
<% }); %>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,14 @@
|
||||||
<%= user.name %>
|
<%= user.name %>
|
||||||
|
|
||||||
<h2>Browsing settings</h2>
|
<h2>Browsing settings</h2>
|
||||||
|
|
||||||
<div class="browsing-settings"></div>
|
<div class="browsing-settings"></div>
|
||||||
|
|
||||||
<h2>Account settings</h2>
|
<h2>Account settings</h2>
|
||||||
|
|
||||||
<div class="account-settings"></div>
|
<div class="account-settings"></div>
|
||||||
|
|
||||||
|
<% if (canDeleteAccount) { %>
|
||||||
|
<h2>Account removal</h2>
|
||||||
|
<div class="account-removal"></div>
|
||||||
|
<% } %>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
|
|
@ -26,6 +26,16 @@ final class UserController extends AbstractController
|
||||||
$router->delete('/api/users/:name', [$this, 'delete']);
|
$router->delete('/api/users/:name', [$this, 'delete']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getByName($name)
|
||||||
|
{
|
||||||
|
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_VIEW_USER);
|
||||||
|
|
||||||
|
$user = $this->userService->getByName($name);
|
||||||
|
if (!$user)
|
||||||
|
throw new \DomainException('User with name "' . $name . '" was not found.');
|
||||||
|
return new \Szurubooru\ViewProxies\User($user);
|
||||||
|
}
|
||||||
|
|
||||||
public function getFiltered()
|
public function getFiltered()
|
||||||
{
|
{
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_LIST_USERS);
|
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_LIST_USERS);
|
||||||
|
|
@ -43,16 +53,6 @@ final class UserController extends AbstractController
|
||||||
'totalRecords' => $searchResult->totalRecords];
|
'totalRecords' => $searchResult->totalRecords];
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getByName($name)
|
|
||||||
{
|
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_VIEW_USER);
|
|
||||||
|
|
||||||
$user = $this->userService->getByName($name);
|
|
||||||
if (!$user)
|
|
||||||
throw new \DomainException('User with name "' . $name . '" was not found.');
|
|
||||||
return new \Szurubooru\ViewProxies\User($user);
|
|
||||||
}
|
|
||||||
|
|
||||||
public function register()
|
public function register()
|
||||||
{
|
{
|
||||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_REGISTER);
|
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_REGISTER);
|
||||||
|
|
@ -73,6 +73,10 @@ final class UserController extends AbstractController
|
||||||
|
|
||||||
public function delete($name)
|
public function delete($name)
|
||||||
{
|
{
|
||||||
throw new \BadMethodCallException('Not implemented');
|
if ($name == $this->authService->getLoggedInUser()->name)
|
||||||
|
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_DELETE_OWN_ACCOUNT);
|
||||||
|
else
|
||||||
|
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_DELETE_ACCOUNTS);
|
||||||
|
return $this->userService->deleteByName($name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,4 +19,11 @@ class UserDao extends AbstractDao implements ICrudDao
|
||||||
{
|
{
|
||||||
return (bool) $this->collection->findOne();
|
return (bool) $this->collection->findOne();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function deleteByName($userName)
|
||||||
|
{
|
||||||
|
$this->collection->remove(['name' => $userName]);
|
||||||
|
$tokens = $this->db->selectCollection('tokens');
|
||||||
|
$tokens->remove(['additionalData' => $userName]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,5 +5,7 @@ class Privilege
|
||||||
{
|
{
|
||||||
const PRIVILEGE_LIST_USERS = 'listUsers';
|
const PRIVILEGE_LIST_USERS = 'listUsers';
|
||||||
const PRIVILEGE_VIEW_USER = 'viewUser';
|
const PRIVILEGE_VIEW_USER = 'viewUser';
|
||||||
|
const PRIVILEGE_DELETE_ACCOUNTS = 'deleteAccounts';
|
||||||
|
const PRIVILEGE_DELETE_OWN_ACCOUNT = 'deleteOwnAccount';
|
||||||
const PRIVILEGE_REGISTER = 'register';
|
const PRIVILEGE_REGISTER = 'register';
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -65,4 +65,10 @@ class UserService
|
||||||
|
|
||||||
return $this->userDao->save($user);
|
return $this->userDao->save($user);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function deleteByName($name)
|
||||||
|
{
|
||||||
|
$this->userDao->deleteByName($name);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue