Moved user account removal to API

This commit is contained in:
Marcin Kurczewski 2014-05-04 10:57:12 +02:00
parent 48e274234e
commit 8b44a248cc
3 changed files with 39 additions and 17 deletions

View file

@ -147,6 +147,8 @@ $userValidations =
\Chibi\Router::register(['UserController', 'banAction'], 'POST', '/user/{name}/ban', $userValidations);
\Chibi\Router::register(['UserController', 'unbanAction'], 'POST', '/user/{name}/unban', $userValidations);
\Chibi\Router::register(['UserController', 'acceptRegistrationAction'], 'POST', '/user/{name}/accept-registration', $userValidations);
\Chibi\Router::register(['UserController', 'deleteView'], 'GET', '/user/{name}/delete', $userValidations);
\Chibi\Router::register(['UserController', 'deleteAction'], 'POST', '/user/{name}/delete', $userValidations);
foreach (['GET', 'POST'] as $method)
{
@ -155,7 +157,6 @@ foreach (['GET', 'POST'] as $method)
\Chibi\Router::register(['UserController', 'registrationAction'], $method, '/register', $userValidations);
\Chibi\Router::register(['UserController', 'viewAction'], $method, '/user/{name}/{tab}', $userValidations);
\Chibi\Router::register(['UserController', 'viewAction'], $method, '/user/{name}/{tab}/{page}', $userValidations);
\Chibi\Router::register(['UserController', 'deleteAction'], $method, '/user/{name}/delete', $userValidations);
\Chibi\Router::register(['UserController', 'settingsAction'], $method, '/user/{name}/settings', $userValidations);
\Chibi\Router::register(['UserController', 'editAction'], $method, '/user/{name}/edit', $userValidations);
\Chibi\Router::register(['UserController', 'activationAction'], $method, '/activation/{token}', $userValidations);

View file

@ -0,0 +1,24 @@
<?php
class DeleteUserJob extends AbstractUserJob
{
public function execute()
{
$user = $this->user;
$name = $user->name;
UserModel::remove($user);
LogHelper::log('{user} removed {subject}\'s account', [
'user' => TextHelper::reprUser(Auth::getCurrentUser()),
'subject' => TextHelper::reprUser($name)]);
}
public function requiresPrivilege()
{
return
[
Privilege::DeleteUser,
Access::getIdentity($this->user)
];
}
}

View file

@ -42,40 +42,37 @@ class UserController
AcceptUserRegistrationJob::USER_NAME => $name]);
}
public function deleteAction($name)
public function deleteView($name)
{
$context = getContext();
$user = UserModel::findByNameOrEmail($name);
Access::assert(
Privilege::ViewUser,
Access::getIdentity($user));
Access::assert(
Privilege::DeleteUser,
Access::getIdentity($user));
$this->loadUserView($user);
$context = getContext();
$context->transport->tab = 'delete';
}
$context->suppliedCurrentPassword = $suppliedCurrentPassword = InputHelper::get('current-password');
public function deleteAction($name)
{
$this->deleteView($name);
$user = UserModel::findByNameOrEmail($name);
if (!InputHelper::get('submit'))
return;
$name = $user->name;
if (Auth::getCurrentUser()->id == $user->id)
{
$suppliedPasswordHash = UserModel::hashPassword($suppliedCurrentPassword, $user->passSalt);
$suppliedPassword = InputHelper::get('current-password');
$suppliedPasswordHash = UserModel::hashPassword($suppliedPassword, $user->passSalt);
if ($suppliedPasswordHash != $user->passHash)
throw new SimpleException('Must supply valid password');
}
$oldId = $user->id;
UserModel::remove($user);
Api::run(new DeleteUserJob(), [
DeleteUserJob::USER_NAME => $name]);
if ($oldId == Auth::getCurrentUser()->id)
Auth::logOut();
\Chibi\Util\Url::forward(\Chibi\Router::linkTo(['StaticPagesController', 'mainPageView']));
LogHelper::log('{user} removed {subject}\'s account', ['subject' => TextHelper::reprUser($name)]);
exit;
}