1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2022 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Http\RequestHandlers; 21 22use Fisharebest\Webtrees\Auth; 23use Fisharebest\Webtrees\Contracts\UserInterface; 24use Fisharebest\Webtrees\FlashMessages; 25use Fisharebest\Webtrees\Http\Exceptions\HttpNotFoundException; 26use Fisharebest\Webtrees\I18N; 27use Fisharebest\Webtrees\Services\EmailService; 28use Fisharebest\Webtrees\Services\TreeService; 29use Fisharebest\Webtrees\Services\UserService; 30use Fisharebest\Webtrees\SiteUser; 31use Fisharebest\Webtrees\User; 32use Fisharebest\Webtrees\Validator; 33use Psr\Http\Message\ResponseInterface; 34use Psr\Http\Message\ServerRequestInterface; 35use Psr\Http\Server\RequestHandlerInterface; 36 37use function route; 38 39/** 40 * Edit a user. 41 */ 42class UserEditAction implements RequestHandlerInterface 43{ 44 private EmailService $email_service; 45 46 private UserService $user_service; 47 48 private TreeService $tree_service; 49 50 /** 51 * UserEditAction constructor. 52 * 53 * @param EmailService $email_service 54 * @param TreeService $tree_service 55 * @param UserService $user_service 56 */ 57 public function __construct( 58 EmailService $email_service, 59 TreeService $tree_service, 60 UserService $user_service 61 ) { 62 $this->email_service = $email_service; 63 $this->tree_service = $tree_service; 64 $this->user_service = $user_service; 65 } 66 67 /** 68 * @param ServerRequestInterface $request 69 * 70 * @return ResponseInterface 71 */ 72 public function handle(ServerRequestInterface $request): ResponseInterface 73 { 74 $user = Validator::attributes($request)->user(); 75 76 $params = (array) $request->getParsedBody(); 77 78 $user_id = (int) $params['user_id']; 79 $username = $params['username'] ?? ''; 80 $real_name = $params['real_name'] ?? ''; 81 $email = $params['email'] ?? ''; 82 $password = $params['password'] ?? ''; 83 $theme = $params['theme'] ?? ''; 84 $language = $params['language'] ?? ''; 85 $timezone = $params['timezone'] ?? ''; 86 $contact_method = $params['contact-method'] ?? ''; 87 $comment = $params['comment'] ?? ''; 88 $auto_accept = (bool) ($params[UserInterface::PREF_AUTO_ACCEPT_EDITS] ?? ''); 89 $canadmin = (bool) ($params[UserInterface::PREF_IS_ADMINISTRATOR] ?? ''); 90 $visible_online = (bool) ($params['visible-online'] ?? ''); 91 $verified = (bool) ($params[UserInterface::PREF_IS_EMAIL_VERIFIED] ?? ''); 92 $approved = (bool) ($params['approved'] ?? ''); 93 94 $edit_user = $this->user_service->find($user_id); 95 96 if ($edit_user === null) { 97 throw new HttpNotFoundException(I18N::translate('%s does not exist.', 'user_id:' . $user_id)); 98 } 99 100 // We have just approved a user. Tell them 101 if ($approved && $edit_user->getPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED) !== '1') { 102 I18N::init($edit_user->getPreference(UserInterface::PREF_LANGUAGE)); 103 104 $base_url = Validator::attributes($request)->string('base_url'); 105 106 $this->email_service->send( 107 new SiteUser(), 108 $edit_user, 109 Auth::user(), 110 /* I18N: %s is a server name/URL */ 111 I18N::translate('New user at %s', $base_url), 112 view('emails/approve-user-text', ['user' => $edit_user, 'base_url' => $base_url]), 113 view('emails/approve-user-html', ['user' => $edit_user, 'base_url' => $base_url]) 114 ); 115 } 116 117 $edit_user->setRealName($real_name); 118 $edit_user->setPreference(UserInterface::PREF_THEME, $theme); 119 $edit_user->setPreference(UserInterface::PREF_LANGUAGE, $language); 120 $edit_user->setPreference(UserInterface::PREF_TIME_ZONE, $timezone); 121 $edit_user->setPreference(UserInterface::PREF_CONTACT_METHOD, $contact_method); 122 $edit_user->setPreference(UserInterface::PREF_NEW_ACCOUNT_COMMENT, $comment); 123 $edit_user->setPreference(UserInterface::PREF_AUTO_ACCEPT_EDITS, (string) $auto_accept); 124 $edit_user->setPreference(UserInterface::PREF_IS_VISIBLE_ONLINE, (string) $visible_online); 125 $edit_user->setPreference(UserInterface::PREF_IS_EMAIL_VERIFIED, (string) $verified); 126 $edit_user->setPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED, (string) $approved); 127 128 if ($password !== '') { 129 $edit_user->setPassword($password); 130 } 131 132 // We cannot change our own admin status. Another admin will need to do it. 133 if ($edit_user->id() !== $user->id()) { 134 $edit_user->setPreference(UserInterface::PREF_IS_ADMINISTRATOR, $canadmin ? '1' : ''); 135 } 136 137 foreach ($this->tree_service->all() as $tree) { 138 $path_length = (int) $params['RELATIONSHIP_PATH_LENGTH' . $tree->id()]; 139 $gedcom_id = $params['gedcomid' . $tree->id()] ?? ''; 140 $can_edit = $params['canedit' . $tree->id()] ?? ''; 141 142 // Do not allow a path length to be set if the individual ID is not 143 if ($gedcom_id === '') { 144 $path_length = 0; 145 } 146 147 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_ACCOUNT_XREF, $gedcom_id); 148 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_ROLE, $can_edit); 149 $tree->setUserPreference($edit_user, UserInterface::PREF_TREE_PATH_LENGTH, (string) $path_length); 150 } 151 152 if ($edit_user->email() !== $email && $this->user_service->findByEmail($email) instanceof User) { 153 FlashMessages::addMessage(I18N::translate('Duplicate email address. A user with that email already exists.') . $email, 'danger'); 154 155 return redirect(route('admin-users-edit', ['user_id' => $edit_user->id()])); 156 } 157 158 if ($edit_user->userName() !== $username && $this->user_service->findByUserName($username) instanceof User) { 159 FlashMessages::addMessage(I18N::translate('Duplicate username. A user with that username already exists. Please choose another username.'), 'danger'); 160 161 return redirect(route(UserEditPage::class, ['user_id' => $edit_user->id()])); 162 } 163 164 $edit_user 165 ->setEmail($email) 166 ->setUserName($username); 167 168 return redirect(route(UserListPage::class)); 169 } 170} 171