User Groups fix + frontend
This commit is contained in:
@@ -54,11 +54,16 @@ namespace Core\API {
|
||||
namespace Core\API\Groups {
|
||||
|
||||
use Core\API\GroupsAPI;
|
||||
use Core\API\Parameter\ArrayType;
|
||||
use Core\API\Parameter\Parameter;
|
||||
use Core\API\Parameter\RegexType;
|
||||
use Core\API\Parameter\StringType;
|
||||
use Core\API\Traits\Pagination;
|
||||
use Core\Driver\SQL\Column\Column;
|
||||
use Core\Driver\SQL\Condition\Compare;
|
||||
use Core\Driver\SQL\Condition\CondIn;
|
||||
use Core\Driver\SQL\Condition\CondLike;
|
||||
use Core\Driver\SQL\Condition\CondNot;
|
||||
use Core\Driver\SQL\Expression\Alias;
|
||||
use Core\Driver\SQL\Expression\Count;
|
||||
use Core\Driver\SQL\Join\InnerJoin;
|
||||
@@ -118,6 +123,48 @@ namespace Core\API\Groups {
|
||||
}
|
||||
}
|
||||
|
||||
class Search extends GroupsAPI {
|
||||
public function __construct(Context $context, bool $externalCall = false) {
|
||||
parent::__construct($context, $externalCall, [
|
||||
"query" => new StringType("query", -1, true, NULL),
|
||||
"exclude" => new ArrayType("exclude", Parameter::TYPE_INT, true, true, [])
|
||||
]);
|
||||
}
|
||||
|
||||
protected function _execute(): bool {
|
||||
$sql = $this->context->getSQL();
|
||||
$query = $this->getParam("query");
|
||||
$exclude = array_unique($this->getParam("exclude"));
|
||||
|
||||
$groupsQuery = Group::createBuilder($sql, false)
|
||||
->limit(5);
|
||||
|
||||
if (!empty($query)) {
|
||||
$groupsQuery->where(new CondLike(new Column("name"), "%$query%"));
|
||||
}
|
||||
|
||||
if (!empty($exclude)) {
|
||||
$groupsQuery->where(new CondNot(new CondIn(new Column("id"), $exclude)));
|
||||
}
|
||||
|
||||
$groups = Group::findBy($groupsQuery);
|
||||
if ($groups === false) {
|
||||
return $this->createError($sql->getLastError());
|
||||
}
|
||||
|
||||
$this->result["groups"] = $groups;
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function getDescription(): string {
|
||||
return "Returns a list of groups matching the search criteria";
|
||||
}
|
||||
|
||||
public static function getDefaultPermittedGroups(): array {
|
||||
return [Group::ADMIN, Group::SUPPORT];
|
||||
}
|
||||
}
|
||||
|
||||
class Get extends GroupsAPI {
|
||||
public function __construct(Context $context, bool $externalCall = false) {
|
||||
parent::__construct($context, $externalCall, [
|
||||
|
||||
@@ -885,6 +885,7 @@ namespace Core\API\User {
|
||||
return $this->createError("User not found");
|
||||
}
|
||||
|
||||
$columnsToUpdate = [];
|
||||
$username = $this->getParam("username");
|
||||
$fullName = $this->getParam("fullName");
|
||||
$email = $this->getParam("email");
|
||||
@@ -892,10 +893,8 @@ namespace Core\API\User {
|
||||
$groups = $this->getParam("groups");
|
||||
$confirmed = $this->getParam("confirmed");
|
||||
$active = $this->getParam("active");
|
||||
|
||||
$email = (!is_null($email) && empty($email)) ? null : $email;
|
||||
|
||||
$groupIds = array();
|
||||
if (!is_null($groups)) {
|
||||
$groupIds = array_unique($groups);
|
||||
if ($id === $currentUser->getId() && !in_array(Group::ADMIN, $groupIds)) {
|
||||
@@ -910,6 +909,9 @@ namespace Core\API\User {
|
||||
return $this->createError("Group with id=$groupId does not exist.");
|
||||
}
|
||||
}
|
||||
|
||||
$user->groups = $groupIds;
|
||||
$columnsToUpdate[] = "groups";
|
||||
}
|
||||
|
||||
// Check for duplicate username, email
|
||||
@@ -922,7 +924,6 @@ namespace Core\API\User {
|
||||
}
|
||||
}
|
||||
|
||||
$columnsToUpdate = [];
|
||||
if ($usernameChanged) {
|
||||
$user->name = $username;
|
||||
$columnsToUpdate[] = "name";
|
||||
@@ -961,18 +962,11 @@ namespace Core\API\User {
|
||||
}
|
||||
}
|
||||
|
||||
if (empty($columnsToUpdate) || $user->save($sql, $columnsToUpdate)) {
|
||||
|
||||
$deleteQuery = $sql->delete("UserGroup")->whereEq("user_id", $id);
|
||||
$insertQuery = $sql->insert("UserGroup", array("user_id", "group_id"));
|
||||
|
||||
foreach ($groupIds as $groupId) {
|
||||
$insertQuery->addRow($id, $groupId);
|
||||
}
|
||||
|
||||
$this->success = ($deleteQuery->execute() !== FALSE) && (empty($groupIds) || $insertQuery->execute() !== FALSE);
|
||||
if (!empty($columnsToUpdate)) {
|
||||
$this->success = $user->save($sql, $columnsToUpdate, in_array("groups", $columnsToUpdate)) !== FALSE;
|
||||
$this->lastError = $sql->getLastError();
|
||||
}
|
||||
|
||||
} else {
|
||||
return $this->createError("Error fetching user details: " . $sql->getLastError());
|
||||
}
|
||||
@@ -1402,7 +1396,7 @@ namespace Core\API\User {
|
||||
}
|
||||
|
||||
$oldPfp = $currentUser->getProfilePicture();
|
||||
if ($oldPfp) {
|
||||
if ($oldPfp && preg_match("/[a-fA-F0-9-]+\.(jpg|jpeg|png|gif)/", $oldPfp)) {
|
||||
$path = "$uploadDir/$oldPfp";
|
||||
if (is_file($path)) {
|
||||
@unlink($path);
|
||||
@@ -1446,9 +1440,11 @@ namespace Core\API\User {
|
||||
return $this->createError("Error updating user details: " . $sql->getLastError());
|
||||
}
|
||||
|
||||
$path = WEBROOT . "/img/uploads/user/$userId/$pfp";
|
||||
if (is_file($path)) {
|
||||
@unlink($path);
|
||||
if (preg_match("/[a-fA-F0-9-]+\.(jpg|jpeg|png|gif)/", $pfp)) {
|
||||
$path = WEBROOT . "/img/uploads/user/$userId/$pfp";
|
||||
if (is_file($path)) {
|
||||
@unlink($path);
|
||||
}
|
||||
}
|
||||
|
||||
return $this->success;
|
||||
|
||||
Reference in New Issue
Block a user