Merge pull request #4 from alexweissman/butterflyknife

merge changes for group api
userfrosting · May 30, 2014 · 8bc8a31 · 8bc8a31
2 parents 78c1259 + ab8b39e
commit 8bc8a31
Show file tree

Hide file tree

Showing 13 changed files with 429 additions and 395 deletions.
diff --git a/account/groups.php b/account/groups.php
@@ -111,7 +111,7 @@
 		  // Bind permission delete and add buttons
 		  $('.addPermission').on('click', function(){
 			if ($('#permission-groups').has("input").length == 0) {
-			  $("<li class='list-group-item'><div class='row'><div class='col-lg-6'><input autofocus class='form-control' name='new_permission'/></div></div></li>")
+			  $("<li class='list-group-item'><div class='row'><div class='col-lg-6'><input autofocus class='form-control' name='group_name'/></div></div></li>")
 			  .appendTo('#permission-groups');
 			}
 			$('#permission-groups input').focus();

diff --git a/api/load_user_permissions.php → api/create_group.php b/api/load_user_permissions.php → api/create_group.php
@@ -1,65 +1,70 @@
-<?php
-/*
-
-UserFrosting Version: 0.1
-By Alex Weissman
-Copyright (c) 2014
-
-Based on the UserCake user management system, v2.0.2.
-Copyright (c) 2009-2012
-
-UserFrosting, like UserCake, is 100% free and open-source.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the 'Software'), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
-*/
-
-// Request method: GET
-
-include('../models/db-settings.php');
-include('../models/config.php');
-
-set_error_handler('logAllErrors');
-
-// User must be logged in
-if (!isUserLoggedIn()){
-  addAlert("danger", "You must be logged in to access this resource.");
-  echo json_encode(array("errors" => 1, "successes" => 0));
-  exit();
-}
-
-// GET Parameters: [user_id]
-$validator = new Validator();
-$user_id = $validator->optionalGetVar('user_id');
-
-// If no user_id is specified, use the id of the currently logged in user.
-if (!$user_id){
-	$user_id = $loggedInUser->user_id;
-}
-
-// Attempt to load information for the specified user.
-if (!($results = loadUserGroups($user_id))){
-    echo json_encode(array("errors" => 1, "successes" => 0));
-    exit();
-}
-
-restore_error_handler();
-
-echo json_encode($results);
-
-?>
+<?php
+/*
+
+UserFrosting Version: 0.2.0
+By Alex Weissman
+Copyright (c) 2014
+
+Based on the UserCake user management system, v2.0.2.
+Copyright (c) 2009-2012
+
+UserFrosting, like UserCake, is 100% free and open-source.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the 'Software'), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+*/
+
+require_once("../models/config.php");
+
+set_error_handler('logAllErrors');
+
+// User must be logged in
+if (!isUserLoggedIn()){
+  addAlert("danger", "You must be logged in to access this resource.");
+  echo json_encode(array("errors" => 1, "successes" => 0));
+  exit();
+}
+
+// TODO: accept home page ids, is_default, and can_delete
+
+$validator = new Validator();
+$group_name = $validator->requiredPostVar('group_name');
+
+//Forms posted
+if($group_name) {
+	if (!createGroup($group_name)){
+	  echo json_encode(array("errors" => 1, "successes" => 0));
+	  exit();
+	}
+} else {
+	addAlert("danger", lang("PERMISSION_CHAR_LIMIT", array(1, 50)));
+	echo json_encode(array("errors" => 1, "successes" => 0));
+	exit();
+}
+
+restore_error_handler();
+
+if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
+  echo json_encode(array(
+	"errors" => 0,
+	"successes" => 1));
+} else {
+  header('Location: ' . getReferralPage());
+  exit();
+}
+?>
diff --git a/api/load_form_user.php b/api/load_form_user.php
@@ -1,7 +1,7 @@
 <?php
 /*
 
-UserFrosting Version: 0.1
+UserFrosting Version: 0.2.0
 By Alex Weissman
 Copyright (c) 2014
 
@@ -40,8 +40,6 @@
   exit();
 }
 
-$validator = new Validator();
-
 // TODO: move this to a secured function
 
 // Parameters: box_id, render_mode, [user_id, show_dates, disabled]
@@ -52,46 +50,36 @@
 // show_passwords (optional): if set to true, will show the password creation fields
 // disabled (optional): if set to true, disable all fields
 
+$validator = new Validator();
+
+$box_id = $validator->requiredGetVar('box_id');
+$render_mode = $validator->requiredGetVar('render_mode');
+$show_dates = $validator->optionalBooleanGetVar('show_dates', false);
+$show_passwords = $validator->optionalBooleanGetVar('show_passwords', true);
+
 // Buttons (optional)
 // button_submit: If set to true, display the submission button for this form.
 // button_edit: If set to true, display the edit button for panel mode.
 // button_disable: If set to true, display the enable/disable button.
 // button_activate: If set to true, display the activate button for inactive users.
 // button_delete: If set to true, display the deletion button for deletable users.
 
-$box_id = requiredGetVar('box_id');
-$render_mode = requiredGetVar('render_mode');
-$show_dates = optionalBooleanGetVar('show_dates', false);
-$show_passwords = optionalBooleanGetVar('show_passwords', true);
-$button_submit = optionalBooleanGetVar('button_submit', true);
-$button_edit = optionalBooleanGetVar('button_edit', false);
-$button_disable = optionalBooleanGetVar('button_disable', false);
-$button_activate = optionalBooleanGetVar('button_activate', false);
-$button_delete = optionalBooleanGetVar('button_delete', false);
-$disabled = optionalBooleanGetVar('disabled', false);
+$button_submit = $validator->optionalBooleanGetVar('button_submit', true);
+$button_edit = $validator->optionalBooleanGetVar('button_edit', false);
+$button_disable = $validator->optionalBooleanGetVar('button_disable', false);
+$button_activate = $validator->optionalBooleanGetVar('button_activate', false);
+$button_delete = $validator->optionalBooleanGetVar('button_delete', false);
+$disabled = $validator->optionalBooleanGetVar('disabled', false);
 
 $disable_str = "";
 if ($disabled) {
     $disable_str = "disabled";
     $username_disable_str = "disabled";
 }
 
-function optionalBooleanGetVar($var_name, $default_value){
-    if (isset($_GET[$var_name])){
-        $bool_val = false;
-        if (strtolower($_GET[$var_name]) == "true")
-            $bool_val = true;
-        if ($bool_val == $default_value)
-            return $default_value;
-        else
-            return !$default_value;
-    } else
-        return $default_value;
-}
-
-$userid = $validator->requiredGetVar('user_id');
+$userid = $validator->optionalNumericGetVar('user_id');
 // Create appropriate labels
-if (isset($userid) and is_numeric($userid)){
+if ($userid){
     $populate_fields = true;
     $button_submit_text = "Update user";
     $user_id = htmlentities($userid);

diff --git a/api/load_permissions.php → api/load_groups.php b/api/load_permissions.php → api/load_groups.php
@@ -1,7 +1,7 @@
 <?php
 /*
 
-UserFrosting Version: 0.1
+UserFrosting Version: 0.2.0
 By Alex Weissman
 Copyright (c) 2014
 
@@ -43,10 +43,37 @@
   exit();
 }
 
-// Attempt to load information for all groups
-if (!($results = loadGroups())){
-    echo json_encode(array("errors" => 1, "successes" => 0));
-    exit();
+// GET Parameters: [user_id, group_id]
+// If a user_id is specified, attempt to load group information for all groups associated with the specified user.
+// If a group_id is specified, attempt to load information for the specified group.
+// Otherwise, attempt to load all groups.
+$validator = new Validator();
+$user_id = $validator->optionalGetVar('user_id');
+$group_id = $validator->optionalGetVar('group_id');
+
+if ($user_id){
+  // Special case to load groups for the logged in user
+  if (strtolower($user_id) == "self"){
+    $user_id = $loggedInUser->user_id;
+  }
+
+  // Attempt to load group information for the specified user.
+  if (!($results = loadUserGroups($user_id))){
+      echo json_encode(array("errors" => 1, "successes" => 0));
+      exit();
+  }
+} else if ($group_id){	
+  // Attempt to load information for the specified group.
+  if (!($results = loadGroup($group_id))){
+      echo json_encode(array("errors" => 1, "successes" => 0));
+      exit();
+  }
+} else {
+  // Attempt to load information for all groups
+  if (!($results = loadGroups())){
+      echo json_encode(array("errors" => 1, "successes" => 0));
+      exit();
+  }
 }
 
 restore_error_handler();

diff --git a/api/create_permission.php → api/update_group.php b/api/create_permission.php → api/update_group.php
@@ -1,7 +1,7 @@
 <?php
 /*
 
-UserFrosting Version: 0.1
+UserFrosting Version: 0.2.0
 By Alex Weissman
 Copyright (c) 2014
 
@@ -29,65 +29,69 @@
 
 */
 
-require_once("models/config.php");
+// Update a permission group
+// Request method: POST
+
+require_once("../models/config.php");
 
 set_error_handler('logAllErrors');
 
-// Recommended admin-only access
-if (!securePage($_SERVER['PHP_SELF'])){
-  addAlert("danger", "Whoops, looks like you don't have permission to create a permission group.");
-  if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
-	echo json_encode(array("errors" => 1, "successes" => 0));
-  } else {
-	header("Location: " . getReferralPage());
-  }
+// User must be logged in
+if (!isUserLoggedIn()){
+  addAlert("danger", "You must be logged in to access this resource.");
+  echo json_encode(array("errors" => 1, "successes" => 0));
   exit();
 }
 
+// TODO: accept home page ids, is_default, and can_delete
+
+$validator = new Validator();
+$group_id = $validator->requiredPostVar('group_id');
+$name = $validator->requiredPostVar('name');
+
 //Forms posted
-if(!empty($_POST))
-{
-	//Create new permission level
-	if(!empty($_POST['new_permission'])) {
-		$permission = trim($_POST['new_permission']);
-
-		//Validate request
-		if (groupNameExists($permission)){
-			$errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));
+if($group_id && $name){
+	if (!updateGroup($group_id, $name)){
+	  echo json_encode(array("errors" => 1, "successes" => 0));
+	  exit();
+	}
+} else {
+	echo json_encode(array("errors" => 1, "successes" => 0));
+	exit();
+}
+	/*
+	//Remove access for users
+	if(!empty($_POST['removePermission'])){
+		$remove = $_POST['removePermission'];
+		if ($deletion_count = removeUsersFromGroup($permissionId, $remove)) {
+			$successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));
 		}
-		elseif (minMaxRange(1, 50, $permission)){
-			$errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));	
+		else {
+			$errors[] = lang("SQL_ERROR");
 		}
-		else{
-			if (createGroup($permission)) {
-			$successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));
+	}
+	
+	//Add access for users
+	if(!empty($_POST['addPermission'])){
+		$add = $_POST['addPermission'];
+		if ($addition_count = addUsersToGroup($permissionId, $add)) {
+			$successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));
 		}
-			else {
-				$errors[] = lang("SQL_ERROR");
-			}
+		else {
+			$errors[] = lang("SQL_ERROR");
 		}
-	} else {
-		$errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));	
 	}
-} else {
-	$errors[] = lang("NO_DATA");
-}
+*/
 
 restore_error_handler();
 
-foreach ($errors as $error){
-  addAlert("danger", $error);
-}
-foreach ($successes as $success){
-  addAlert("success", $success);
-}
-
 if (isset($_POST['ajaxMode']) and $_POST['ajaxMode'] == "true" ){
   echo json_encode(array(
-	"errors" => count($errors),
-	"successes" => count($successes)));
+	"errors" => 0,
+	"successes" => 1));
 } else {
   header('Location: ' . getReferralPage());
   exit();
 }
+
 ?>