From 8b44a248cc00e03721ddacd1e0a5772b52c090af Mon Sep 17 00:00:00 2001 From: Marcin Kurczewski Date: Sun, 4 May 2014 10:57:12 +0200 Subject: [PATCH] Moved user account removal to API --- public_html/dispatch.php | 3 ++- src/Api/Jobs/DeleteUserJob.php | 24 ++++++++++++++++++++++++ src/Controllers/UserController.php | 29 +++++++++++++---------------- 3 files changed, 39 insertions(+), 17 deletions(-) create mode 100644 src/Api/Jobs/DeleteUserJob.php diff --git a/public_html/dispatch.php b/public_html/dispatch.php index a523c004..65d46d08 100644 --- a/public_html/dispatch.php +++ b/public_html/dispatch.php @@ -147,6 +147,8 @@ $userValidations = \Chibi\Router::register(['UserController', 'banAction'], 'POST', '/user/{name}/ban', $userValidations); \Chibi\Router::register(['UserController', 'unbanAction'], 'POST', '/user/{name}/unban', $userValidations); \Chibi\Router::register(['UserController', 'acceptRegistrationAction'], 'POST', '/user/{name}/accept-registration', $userValidations); +\Chibi\Router::register(['UserController', 'deleteView'], 'GET', '/user/{name}/delete', $userValidations); +\Chibi\Router::register(['UserController', 'deleteAction'], 'POST', '/user/{name}/delete', $userValidations); foreach (['GET', 'POST'] as $method) { @@ -155,7 +157,6 @@ foreach (['GET', 'POST'] as $method) \Chibi\Router::register(['UserController', 'registrationAction'], $method, '/register', $userValidations); \Chibi\Router::register(['UserController', 'viewAction'], $method, '/user/{name}/{tab}', $userValidations); \Chibi\Router::register(['UserController', 'viewAction'], $method, '/user/{name}/{tab}/{page}', $userValidations); - \Chibi\Router::register(['UserController', 'deleteAction'], $method, '/user/{name}/delete', $userValidations); \Chibi\Router::register(['UserController', 'settingsAction'], $method, '/user/{name}/settings', $userValidations); \Chibi\Router::register(['UserController', 'editAction'], $method, '/user/{name}/edit', $userValidations); \Chibi\Router::register(['UserController', 'activationAction'], $method, '/activation/{token}', $userValidations); diff --git a/src/Api/Jobs/DeleteUserJob.php b/src/Api/Jobs/DeleteUserJob.php new file mode 100644 index 00000000..a657a263 --- /dev/null +++ b/src/Api/Jobs/DeleteUserJob.php @@ -0,0 +1,24 @@ +user; + + $name = $user->name; + UserModel::remove($user); + + LogHelper::log('{user} removed {subject}\'s account', [ + 'user' => TextHelper::reprUser(Auth::getCurrentUser()), + 'subject' => TextHelper::reprUser($name)]); + } + + public function requiresPrivilege() + { + return + [ + Privilege::DeleteUser, + Access::getIdentity($this->user) + ]; + } +} diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php index e6b47a1c..df112665 100644 --- a/src/Controllers/UserController.php +++ b/src/Controllers/UserController.php @@ -42,40 +42,37 @@ class UserController AcceptUserRegistrationJob::USER_NAME => $name]); } - public function deleteAction($name) + public function deleteView($name) { - $context = getContext(); $user = UserModel::findByNameOrEmail($name); - Access::assert( - Privilege::ViewUser, - Access::getIdentity($user)); - Access::assert( - Privilege::DeleteUser, - Access::getIdentity($user)); $this->loadUserView($user); + $context = getContext(); $context->transport->tab = 'delete'; + } - $context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password'); + public function deleteAction($name) + { + $this->deleteView($name); + $user = UserModel::findByNameOrEmail($name); - if (!InputHelper::get('submit')) - return; - - $name = $user->name; if (Auth::getCurrentUser()->id == $user->id) { - $suppliedPasswordHash = UserModel::hashPassword($suppliedCurrentPassword, $user->passSalt); + $suppliedPassword = InputHelper::get('current-password'); + $suppliedPasswordHash = UserModel::hashPassword($suppliedPassword, $user->passSalt); if ($suppliedPasswordHash != $user->passHash) throw new SimpleException('Must supply valid password'); } $oldId = $user->id; - UserModel::remove($user); + + Api::run(new DeleteUserJob(), [ + DeleteUserJob::USER_NAME => $name]); + if ($oldId == Auth::getCurrentUser()->id) Auth::logOut(); \Chibi\Util\Url::forward(\Chibi\Router::linkTo(['StaticPagesController', 'mainPageView'])); - LogHelper::log('{user} removed {subject}\'s account', ['subject' => TextHelper::reprUser($name)]); exit; }