1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2021 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Http\RequestHandlers; 21 22use Fisharebest\Webtrees\Auth; 23use Fisharebest\Webtrees\Contracts\UserInterface; 24use Fisharebest\Webtrees\FlashMessages; 25use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; 26use Fisharebest\Webtrees\I18N; 27use Fisharebest\Webtrees\Services\EmailService; 28use Fisharebest\Webtrees\Services\TreeService; 29use Fisharebest\Webtrees\Services\UserService; 30use Fisharebest\Webtrees\SiteUser; 31use Fisharebest\Webtrees\User; 32use Psr\Http\Message\ResponseInterface; 33use Psr\Http\Message\ServerRequestInterface; 34use Psr\Http\Server\RequestHandlerInterface; 35 36use function route; 37 38/** 39 * Edit a user. 40 */ 41class UserEditAction implements RequestHandlerInterface 42{ 43 private EmailService $email_service; 44 45 private UserService $user_service; 46 47 private TreeService $tree_service; 48 49 /** 50 * UserEditAction constructor. 51 * 52 * @param EmailService $email_service 53 * @param TreeService $tree_service 54 * @param UserService $user_service 55 */ 56 public function __construct( 57 EmailService $email_service, 58 TreeService $tree_service, 59 UserService $user_service 60 ) { 61 $this->email_service = $email_service; 62 $this->tree_service = $tree_service; 63 $this->user_service = $user_service; 64 } 65 66 /** 67 * @param ServerRequestInterface $request 68 * 69 * @return ResponseInterface 70 */ 71 public function handle(ServerRequestInterface $request): ResponseInterface 72 { 73 $user = $request->getAttribute('user'); 74 75 $params = (array) $request->getParsedBody(); 76 77 $user_id = (int) $params['user_id']; 78 $username = $params['username'] ?? ''; 79 $real_name = $params['real_name'] ?? ''; 80 $email = $params['email'] ?? ''; 81 $password = $params['password'] ?? ''; 82 $theme = $params['theme'] ?? ''; 83 $language = $params['language'] ?? ''; 84 $timezone = $params['timezone'] ?? ''; 85 $contact_method = $params['contact-method'] ?? ''; 86 $comment = $params['comment'] ?? ''; 87 $auto_accept = (bool) ($params[UserInterface::PREF_AUTO_ACCEPT_EDITS] ?? ''); 88 $canadmin = (bool) ($params[UserInterface::PREF_IS_ADMINISTRATOR] ?? ''); 89 $visible_online = (bool) ($params['visible-online'] ?? ''); 90 $verified = (bool) ($params[UserInterface::PREF_IS_EMAIL_VERIFIED] ?? ''); 91 $approved = (bool) ($params['approved'] ?? ''); 92 93 $edit_user = $this->user_service->find($user_id); 94 95 if ($edit_user === null) { 96 throw new HttpNotFoundException(I18N::translate('%s does not exist.', 'user_id:' . $user_id)); 97 } 98 99 // We have just approved a user. Tell them 100 if ($approved && $edit_user->getPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED) !== '1') { 101 I18N::init($edit_user->getPreference(UserInterface::PREF_LANGUAGE)); 102 103 $base_url = $request->getAttribute('base_url'); 104 105 $this->email_service->send( 106 new SiteUser(), 107 $edit_user, 108 Auth::user(), 109 /* I18N: %s is a server name/URL */ 110 I18N::translate('New user at %s', $base_url), 111 view('emails/approve-user-text', ['user' => $edit_user, 'base_url' => $base_url]), 112 view('emails/approve-user-html', ['user' => $edit_user, 'base_url' => $base_url]) 113 ); 114 } 115 116 $edit_user->setRealName($real_name); 117 $edit_user->setPreference(UserInterface::PREF_THEME, $theme); 118 $edit_user->setPreference(UserInterface::PREF_LANGUAGE, $language); 119 $edit_user->setPreference(UserInterface::PREF_TIME_ZONE, $timezone); 120 $edit_user->setPreference(UserInterface::PREF_CONTACT_METHOD, $contact_method); 121 $edit_user->setPreference(UserInterface::PREF_NEW_ACCOUNT_COMMENT, $comment); 122 $edit_user->setPreference(UserInterface::PREF_AUTO_ACCEPT_EDITS, (string) $auto_accept); 123 $edit_user->setPreference(UserInterface::PREF_IS_VISIBLE_ONLINE, (string) $visible_online); 124 $edit_user->setPreference(UserInterface::PREF_IS_EMAIL_VERIFIED, (string) $verified); 125 $edit_user->setPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED, (string) $approved); 126 127 if ($password !== '') { 128 $edit_user->setPassword($password); 129 } 130 131 // We cannot change our own admin status. Another admin will need to do it. 132 if ($edit_user->id() !== $user->id()) { 133 $edit_user->setPreference(UserInterface::PREF_IS_ADMINISTRATOR, $canadmin ? '1' : ''); 134 } 135 136 foreach ($this->tree_service->all() as $tree) { 137 $path_length = (int) $params['RELATIONSHIP_PATH_LENGTH' . $tree->id()]; 138 $gedcom_id = $params['gedcomid' . $tree->id()] ?? ''; 139 $can_edit = $params['canedit' . $tree->id()] ?? ''; 140 141 // Do not allow a path length to be set if the individual ID is not 142 if ($gedcom_id === '') { 143 $path_length = 0; 144 } 145 146 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_ACCOUNT_XREF, $gedcom_id); 147 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_ROLE, $can_edit); 148 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_PATH_LENGTH, (string) $path_length); 149 } 150 151 if ($edit_user->email() !== $email && $this->user_service->findByEmail($email) instanceof User) { 152 FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.') . $email, 'danger'); 153 154 return redirect(route('admin-users-edit', ['user_id' => $edit_user->id()])); 155 } 156 157 if ($edit_user->userName() !== $username && $this->user_service->findByUserName($username) instanceof User) { 158 FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'), 'danger'); 159 160 return redirect(route(UserEditPage::class, ['user_id' => $edit_user->id()])); 161 } 162 163 $edit_user 164 ->setEmail($email) 165 ->setUserName($username); 166 167 return redirect(route(UserListPage::class)); 168 } 169} 170