1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2021 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Http\RequestHandlers; 21 22use Fisharebest\Webtrees\Auth; 23use Fisharebest\Webtrees\Contracts\UserInterface; 24use Fisharebest\Webtrees\Exceptions\HttpNotFoundException; 25use Fisharebest\Webtrees\FlashMessages; 26use Fisharebest\Webtrees\I18N; 27use Fisharebest\Webtrees\Services\EmailService; 28use Fisharebest\Webtrees\Services\TreeService; 29use Fisharebest\Webtrees\Services\UserService; 30use Fisharebest\Webtrees\SiteUser; 31use Fisharebest\Webtrees\User; 32use Psr\Http\Message\ResponseInterface; 33use Psr\Http\Message\ServerRequestInterface; 34use Psr\Http\Server\RequestHandlerInterface; 35 36use function route; 37 38/** 39 * Edit a user. 40 */ 41class UserEditAction implements RequestHandlerInterface 42{ 43 /** @var EmailService */ 44 private $email_service; 45 46 /** @var UserService */ 47 private $user_service; 48 49 /** @var TreeService */ 50 private $tree_service; 51 52 /** 53 * UserEditAction constructor. 54 * 55 * @param EmailService $email_service 56 * @param TreeService $tree_service 57 * @param UserService $user_service 58 */ 59 public function __construct( 60 EmailService $email_service, 61 TreeService $tree_service, 62 UserService $user_service 63 ) { 64 $this->email_service = $email_service; 65 $this->tree_service = $tree_service; 66 $this->user_service = $user_service; 67 } 68 69 /** 70 * @param ServerRequestInterface $request 71 * 72 * @return ResponseInterface 73 */ 74 public function handle(ServerRequestInterface $request): ResponseInterface 75 { 76 $user = $request->getAttribute('user'); 77 78 $params = (array) $request->getParsedBody(); 79 80 $user_id = (int) $params['user_id']; 81 $username = $params['username'] ?? ''; 82 $real_name = $params['real_name'] ?? ''; 83 $email = $params['email'] ?? ''; 84 $password = $params['password'] ?? ''; 85 $theme = $params['theme'] ?? ''; 86 $language = $params['language'] ?? ''; 87 $timezone = $params['timezone'] ?? ''; 88 $contact_method = $params['contact-method'] ?? ''; 89 $comment = $params['comment'] ?? ''; 90 $auto_accept = (bool) ($params[UserInterface::PREF_AUTO_ACCEPT_EDITS] ?? ''); 91 $canadmin = (bool) ($params[UserInterface::PREF_IS_ADMINISTRATOR] ?? ''); 92 $visible_online = (bool) ($params['visible-online'] ?? ''); 93 $verified = (bool) ($params[UserInterface::PREF_IS_EMAIL_VERIFIED] ?? ''); 94 $approved = (bool) ($params['approved'] ?? ''); 95 96 $edit_user = $this->user_service->find($user_id); 97 98 if ($edit_user === null) { 99 throw new HttpNotFoundException(I18N::translate('%1$s does not exist', 'user_id:' . $user_id)); 100 } 101 102 // We have just approved a user. Tell them 103 if ($approved && $edit_user->getPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED) !== '1') { 104 I18N::init($edit_user->getPreference(UserInterface::PREF_LANGUAGE)); 105 106 $base_url = $request->getAttribute('base_url'); 107 108 $this->email_service->send( 109 new SiteUser(), 110 $edit_user, 111 Auth::user(), 112 /* I18N: %s is a server name/URL */ 113 I18N::translate('New user at %s', $base_url), 114 view('emails/approve-user-text', ['user' => $edit_user, 'base_url' => $base_url]), 115 view('emails/approve-user-html', ['user' => $edit_user, 'base_url' => $base_url]) 116 ); 117 } 118 119 $edit_user->setRealName($real_name); 120 $edit_user->setPreference(UserInterface::PREF_THEME, $theme); 121 $edit_user->setPreference(UserInterface::PREF_LANGUAGE, $language); 122 $edit_user->setPreference(UserInterface::PREF_TIME_ZONE, $timezone); 123 $edit_user->setPreference(UserInterface::PREF_CONTACT_METHOD, $contact_method); 124 $edit_user->setPreference(UserInterface::PREF_NEW_ACCOUNT_COMMENT, $comment); 125 $edit_user->setPreference(UserInterface::PREF_AUTO_ACCEPT_EDITS, (string) $auto_accept); 126 $edit_user->setPreference(UserInterface::PREF_IS_VISIBLE_ONLINE, (string) $visible_online); 127 $edit_user->setPreference(UserInterface::PREF_IS_EMAIL_VERIFIED, (string) $verified); 128 $edit_user->setPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED, (string) $approved); 129 130 if ($password !== '') { 131 $edit_user->setPassword($password); 132 } 133 134 // We cannot change our own admin status. Another admin will need to do it. 135 if ($edit_user->id() !== $user->id()) { 136 $edit_user->setPreference(UserInterface::PREF_IS_ADMINISTRATOR, $canadmin ? '1' : ''); 137 } 138 139 foreach ($this->tree_service->all() as $tree) { 140 $path_length = (int) $params['RELATIONSHIP_PATH_LENGTH' . $tree->id()]; 141 $gedcom_id = $params['gedcomid' . $tree->id()] ?? ''; 142 $can_edit = $params['canedit' . $tree->id()] ?? ''; 143 144 // Do not allow a path length to be set if the individual ID is not 145 if ($gedcom_id === '') { 146 $path_length = 0; 147 } 148 149 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_ACCOUNT_XREF, $gedcom_id); 150 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_ROLE, $can_edit); 151 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_PATH_LENGTH, (string) $path_length); 152 } 153 154 if ($edit_user->email() !== $email && $this->user_service->findByEmail($email) instanceof User) { 155 FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.') . $email, 'danger'); 156 157 return redirect(route('admin-users-edit', ['user_id' => $edit_user->id()])); 158 } 159 160 if ($edit_user->userName() !== $username && $this->user_service->findByUserName($username) instanceof User) { 161 FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'), 'danger'); 162 163 return redirect(route(UserEditPage::class, ['user_id' => $edit_user->id()])); 164 } 165 166 $edit_user 167 ->setEmail($email) 168 ->setUserName($username); 169 170 return redirect(route(UserListPage::class)); 171 } 172} 173