Added account removal
This commit is contained in:
Marcin Kurczewski
parent
eadd649ad0
commit
4c0a408152
9 changed files with 98 additions and 22 deletions
|
|
@ -9,10 +9,10 @@ minPasswordLength = 5
|
|||
|
||||
[security.privileges]
|
||||
anonymous = register, viewUser
|
||||
regularUser = listUsers, viewUser
|
||||
powerUser = listUsers, viewUser
|
||||
moderator = listUsers, viewUser
|
||||
administrator = listUsers, viewUser
|
||||
regularUser = listUsers, viewUser, deleteOwnAccount
|
||||
powerUser = listUsers, viewUser, deleteOwnAccount
|
||||
moderator = listUsers, viewUser, deleteOwnAccount
|
||||
administrator = listUsers, viewUser, deleteOwnAccount, deleteUsers
|
||||
|
||||
[users]
|
||||
minUserNameLength = 1
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ App.Presenters.UserPresenter = function(
|
|||
var $messages = $el;
|
||||
var template;
|
||||
var accountSettingsTemplate;
|
||||
var accountRemovalTemplate;
|
||||
var browsingSettingsTemplate;
|
||||
var user;
|
||||
var userName;
|
||||
|
|
@ -25,11 +26,18 @@ App.Presenters.UserPresenter = function(
|
|||
promise.waitAll(
|
||||
util.promiseTemplate('user'),
|
||||
util.promiseTemplate('account-settings'),
|
||||
util.promiseTemplate('account-removal'),
|
||||
util.promiseTemplate('browsing-settings'),
|
||||
api.get('/users/' + userName))
|
||||
.then(function(userHtml, accountSettingsHtml, browsingSettingsHtml, response) {
|
||||
.then(function(
|
||||
userHtml,
|
||||
accountSettingsHtml,
|
||||
accountRemovalHtml,
|
||||
browsingSettingsHtml,
|
||||
response) {
|
||||
template = _.template(userHtml);
|
||||
accountSettingsTemplate = _.template(accountSettingsHtml);
|
||||
accountRemovalTemplate = _.template(accountRemovalHtml);
|
||||
browsingSettingsTemplate = _.template(browsingSettingsHtml);
|
||||
|
||||
user = response.json;
|
||||
|
|
@ -41,12 +49,37 @@ App.Presenters.UserPresenter = function(
|
|||
}
|
||||
|
||||
function render() {
|
||||
$el.html(template({user: user}));
|
||||
$el.find('.browsing-settings').html(browsingSettingsTemplate({user: user}));
|
||||
$el.find('.account-settings').html(accountSettingsTemplate({user: user}));
|
||||
var context = {
|
||||
user: user,
|
||||
canDeleteAccount: auth.hasPrivilege('deleteAccounts') ||
|
||||
(auth.hasPrivilege('deleteOwnAccount') && auth.getCurrentUser().name == userName),
|
||||
};
|
||||
$el.html(template(context));
|
||||
$el.find('.browsing-settings').html(browsingSettingsTemplate(context));
|
||||
$el.find('.account-settings').html(accountSettingsTemplate(context));
|
||||
$el.find('.account-removal').html(accountRemovalTemplate(context));
|
||||
$el.find('.account-removal form').submit(accountRemovalFormSubmitted);
|
||||
$messages = $el.find('.messages');
|
||||
};
|
||||
|
||||
function accountRemovalFormSubmitted(e) {
|
||||
e.preventDefault();
|
||||
$messages = $el.find('.account-removal .messages');
|
||||
messagePresenter.hideMessages($messages);
|
||||
if (!$el.find('.account-removal input[name=confirmation]:visible').prop('checked')) {
|
||||
messagePresenter.showError($messages, 'Must confirm to proceed.');
|
||||
return;
|
||||
}
|
||||
api.delete('/users/' + user.name)
|
||||
.then(function() {
|
||||
auth.logout();
|
||||
var $messageDiv = messagePresenter.showInfo($messages, 'Account deleted. <a href="">Back to main page</a>');
|
||||
$messageDiv.find('a').click(mainPageLinkClicked);
|
||||
}).fail(function(response) {
|
||||
messagePresenter.showError($messages, response.json && response.json.error || response);
|
||||
});
|
||||
}
|
||||
|
||||
return {
|
||||
init: init,
|
||||
render: render
|
||||
|
|
|
|||
21
public_html/templates/account-removal.tpl
Normal file
21
public_html/templates/account-removal.tpl
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
<form class="account-settings">
|
||||
<div class="messages"></div>
|
||||
|
||||
<div class="form-row">
|
||||
<label class="form-label" for="account-removal-confirmation">Confirmation:</label>
|
||||
<div class="form-input">
|
||||
<input type="hidden" name="confirmation" value="0"/>
|
||||
<label for="account-removal-confirmation">
|
||||
<input type="checkbox" id="account-removal-confirmation" name="confirmation" value="1"/>
|
||||
I confirm that I want to delete this account.
|
||||
</label>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="form-row">
|
||||
<label class="form-label"></label>
|
||||
<div class="form-input">
|
||||
<button class="submit" type="submit">Delete account</button>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
<% _.each(userList, function(user) { %>
|
||||
<div class="user">
|
||||
User name: <%= user.name %>
|
||||
User name: <a href="#/user/<%= user.name %>"><%= user.name %></a>
|
||||
</div>
|
||||
<% }); %>
|
||||
|
||||
|
|
|
|||
|
|
@ -3,11 +3,14 @@
|
|||
<%= user.name %>
|
||||
|
||||
<h2>Browsing settings</h2>
|
||||
|
||||
<div class="browsing-settings"></div>
|
||||
|
||||
<h2>Account settings</h2>
|
||||
|
||||
<div class="account-settings"></div>
|
||||
|
||||
<% if (canDeleteAccount) { %>
|
||||
<h2>Account removal</h2>
|
||||
<div class="account-removal"></div>
|
||||
<% } %>
|
||||
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -26,6 +26,16 @@ final class UserController extends AbstractController
|
|||
$router->delete('/api/users/:name', [$this, 'delete']);
|
||||
}
|
||||
|
||||
public function getByName($name)
|
||||
{
|
||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_VIEW_USER);
|
||||
|
||||
$user = $this->userService->getByName($name);
|
||||
if (!$user)
|
||||
throw new \DomainException('User with name "' . $name . '" was not found.');
|
||||
return new \Szurubooru\ViewProxies\User($user);
|
||||
}
|
||||
|
||||
public function getFiltered()
|
||||
{
|
||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_LIST_USERS);
|
||||
|
|
@ -43,16 +53,6 @@ final class UserController extends AbstractController
|
|||
'totalRecords' => $searchResult->totalRecords];
|
||||
}
|
||||
|
||||
public function getByName($name)
|
||||
{
|
||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_VIEW_USER);
|
||||
|
||||
$user = $this->userService->getByName($name);
|
||||
if (!$user)
|
||||
throw new \DomainException('User with name "' . $name . '" was not found.');
|
||||
return new \Szurubooru\ViewProxies\User($user);
|
||||
}
|
||||
|
||||
public function register()
|
||||
{
|
||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_REGISTER);
|
||||
|
|
@ -73,6 +73,10 @@ final class UserController extends AbstractController
|
|||
|
||||
public function delete($name)
|
||||
{
|
||||
throw new \BadMethodCallException('Not implemented');
|
||||
if ($name == $this->authService->getLoggedInUser()->name)
|
||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_DELETE_OWN_ACCOUNT);
|
||||
else
|
||||
$this->authService->assertPrivilege(\Szurubooru\Privilege::PRIVILEGE_DELETE_ACCOUNTS);
|
||||
return $this->userService->deleteByName($name);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,4 +19,11 @@ class UserDao extends AbstractDao implements ICrudDao
|
|||
{
|
||||
return (bool) $this->collection->findOne();
|
||||
}
|
||||
|
||||
public function deleteByName($userName)
|
||||
{
|
||||
$this->collection->remove(['name' => $userName]);
|
||||
$tokens = $this->db->selectCollection('tokens');
|
||||
$tokens->remove(['additionalData' => $userName]);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,5 +5,7 @@ class Privilege
|
|||
{
|
||||
const PRIVILEGE_LIST_USERS = 'listUsers';
|
||||
const PRIVILEGE_VIEW_USER = 'viewUser';
|
||||
const PRIVILEGE_DELETE_ACCOUNTS = 'deleteAccounts';
|
||||
const PRIVILEGE_DELETE_OWN_ACCOUNT = 'deleteOwnAccount';
|
||||
const PRIVILEGE_REGISTER = 'register';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,4 +65,10 @@ class UserService
|
|||
|
||||
return $this->userDao->save($user);
|
||||
}
|
||||
|
||||
public function deleteByName($name)
|
||||
{
|
||||
$this->userDao->deleteByName($name);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue