Users are not able to change their own name.
This commit is contained in:
@@ -108,15 +108,27 @@ The Sentri gnomes';
|
|||||||
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $this->data['user_uuid']]]];
|
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $this->data['user_uuid']]]];
|
||||||
$this->getUser();
|
$this->getUser();
|
||||||
|
|
||||||
if ($this->getUserGroupWeight() < $_SESSION['user']['user_group_weight']) {
|
if (!isset($this->postedData['user_profile_change']) && $this->getUserGroupWeight() < $_SESSION['user']['user_group_weight']) {
|
||||||
$this->apiOutput(400, ['error' => 'You cannot edit a user with an lower weight then yourself!']);
|
$this->apiOutput(400, ['error' => 'You cannot edit a user with a lower weight than yourself!']);
|
||||||
}
|
}
|
||||||
|
|
||||||
$query = "UPDATE system_users SET user_group_uuid = ?, user_email = ?, user_first_name = ?, user_last_name = ?, user_full_name = ?, user_phone_number = ?, user_status = ?, user_pref_language = ?, user_modified_timestamp = ?, user_stompable = ? WHERE user_uuid = ?";
|
$data = $this->data;
|
||||||
$stmt = $this->prepareStatement($query);
|
|
||||||
$stmt->bind_param('ssssssssiis', $this->data['user_group_uuid'], $this->data['user_email'], $this->data['user_first_name'], $this->data['user_last_name'], $this->data['user_full_name'], $this->data['user_phone_number'], $this->data['user_status'], $this->data['user_pref_language'], time(), $this->data['user_stompable'], $this->data['user_uuid']);
|
|
||||||
|
|
||||||
$this->executeStatement($stmt);
|
$userUuid = $data['user_uuid'];
|
||||||
|
unset($data['user_uuid']);
|
||||||
|
|
||||||
|
# always set timestamp
|
||||||
|
$data['user_modified_timestamp'] = time();
|
||||||
|
|
||||||
|
$set = [];
|
||||||
|
foreach ($data as $key => $value) {
|
||||||
|
$set[] = "$key = :$key";
|
||||||
|
}
|
||||||
|
|
||||||
|
$sql = sprintf("UPDATE system_users SET %s WHERE user_uuid = :user_uuid", implode(', ', $set));
|
||||||
|
$stmt = $GLOBALS['pdo']->prepare($sql);
|
||||||
|
$data['user_uuid'] = $userUuid;
|
||||||
|
$stmt->execute($data);
|
||||||
|
|
||||||
$this->apiOutput(200, ['success' => 'User successfully updated.']);
|
$this->apiOutput(200, ['success' => 'User successfully updated.']);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -48,29 +48,47 @@ if ($API_users->request_method === 'GET') {
|
|||||||
$API_users->createUser();
|
$API_users->createUser();
|
||||||
|
|
||||||
} elseif ($API_users->request_method === 'PUT') {
|
} elseif ($API_users->request_method === 'PUT') {
|
||||||
|
|
||||||
# Edit a user
|
# Edit a user
|
||||||
$API_users->checkPermissions('admin-access-admins', 'RW');
|
if (isset($API_users->postedData['user_profile_change'])) { # If the user is changing their own profile
|
||||||
|
$API_users->postedData['user_uuid'] = $_SESSION['user']['user_uuid']; # Make sure the user being changed is always its own user_uuid
|
||||||
|
|
||||||
$requiredFields = [
|
$requiredFields = [
|
||||||
'user_uuid' => ['type' => 'uuid'],
|
'user_uuid' => ['type' => 'uuid'],
|
||||||
'user_group_uuid' => ['type' => 'uuid'],
|
'user_email' => ['type' => 'email'],
|
||||||
'user_email' => ['type' => 'email'],
|
'user_first_name' => ['type' => 'string'],
|
||||||
'user_first_name' => ['type' => 'string'],
|
'user_last_name' => ['type' => 'string'],
|
||||||
'user_last_name' => ['type' => 'string'],
|
'user_full_name' => ['type' => 'string'],
|
||||||
'user_full_name' => ['type' => 'string'],
|
'user_pref_language' => ['type' => 'enum', 'values' => ['en', 'nl']],
|
||||||
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
|
];
|
||||||
'user_pref_language' => ['type' => 'enum', 'values' => ['en', 'nl']],
|
|
||||||
];
|
|
||||||
|
|
||||||
$optionalFields = [
|
$optionalFields = [
|
||||||
'user_phone_number' => ['type' => 'string'],
|
'user_phone_number' => ['type' => 'string']
|
||||||
'user_stompable' => ['type' => 'boolean']
|
];
|
||||||
];
|
|
||||||
|
} else {
|
||||||
|
$API_users->checkPermissions('admin-access-admins', 'RW');
|
||||||
|
|
||||||
|
$requiredFields = [
|
||||||
|
'user_uuid' => ['type' => 'uuid'],
|
||||||
|
'user_group_uuid' => ['type' => 'uuid'],
|
||||||
|
'user_email' => ['type' => 'email'],
|
||||||
|
'user_first_name' => ['type' => 'string'],
|
||||||
|
'user_last_name' => ['type' => 'string'],
|
||||||
|
'user_full_name' => ['type' => 'string'],
|
||||||
|
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
|
||||||
|
'user_pref_language' => ['type' => 'enum', 'values' => ['en', 'nl']],
|
||||||
|
];
|
||||||
|
|
||||||
|
$optionalFields = [
|
||||||
|
'user_phone_number' => ['type' => 'string'],
|
||||||
|
'user_stompable' => ['type' => 'boolean']
|
||||||
|
];
|
||||||
|
|
||||||
|
$API_users->postedData['user_stompable'] = (bool)$API_users->postedData['user_stompable'];
|
||||||
|
}
|
||||||
|
|
||||||
$API_users->postedData['user_full_name'] = trim($API_users->postedData['user_first_name'] . ' ' . $API_users->postedData['user_last_name']);
|
$API_users->postedData['user_full_name'] = trim($API_users->postedData['user_first_name'] . ' ' . $API_users->postedData['user_last_name']);
|
||||||
$API_users->postedData['user_pref_language'] = $API_users->postedData['user_pref_language'] ?? 'en';
|
$API_users->postedData['user_pref_language'] = $API_users->postedData['user_pref_language'] ?? 'en';
|
||||||
$API_users->postedData['user_stompable'] = (bool)$API_users->postedData['user_stompable'];
|
|
||||||
|
|
||||||
$API_users->validateData($requiredFields, $optionalFields);
|
$API_users->validateData($requiredFields, $optionalFields);
|
||||||
|
|
||||||
@@ -78,7 +96,6 @@ if ($API_users->request_method === 'GET') {
|
|||||||
|
|
||||||
} elseif ($API_users->request_method === 'DELETE') {
|
} elseif ($API_users->request_method === 'DELETE') {
|
||||||
|
|
||||||
|
|
||||||
$API_users->return_url = false;
|
$API_users->return_url = false;
|
||||||
|
|
||||||
$API_users->checkPermissions('admin-access-admins', 'RW');
|
$API_users->checkPermissions('admin-access-admins', 'RW');
|
||||||
|
|||||||
@@ -51,8 +51,10 @@ $pageNavbar->outPutNavbar();
|
|||||||
|
|
||||||
if ($user_data) {
|
if ($user_data) {
|
||||||
$formBuilder->startForm(); ?>
|
$formBuilder->startForm(); ?>
|
||||||
<form id="FormValidation" enctype="multipart/form-data" method="POST" action="/api/v1/userprofile/configure/">
|
<form id="FormValidation" enctype="multipart/form-data" method="POST" action="/api/v1/portal-management/users/">
|
||||||
|
<input type="hidden" name="X-HTTP-Method-Override" value="PUT">
|
||||||
<input type="hidden" name="user_uuid" value="<?php echo $user_uuid; ?>"/>
|
<input type="hidden" name="user_uuid" value="<?php echo $user_uuid; ?>"/>
|
||||||
|
<input type="hidden" name="user_profile_change" value="true"/>
|
||||||
<div class="card-body">
|
<div class="card-body">
|
||||||
|
|
||||||
<div class="form-group form-show-validation row">
|
<div class="form-group form-show-validation row">
|
||||||
|
|||||||
Reference in New Issue
Block a user