first commit

administrator/components/com_users/controllers/group.php

@@ -0,0 +1,69 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * User view level controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       1.6
+ */
+class UsersControllerGroup extends JControllerForm
+{
+		/**
+	 * @var		string	The prefix to use with controller messages.
+	 * @since   1.6
+	 */
+	protected $text_prefix = 'COM_USERS_GROUP';
+
+	/**
+	 * Method to check if you can save a new or existing record.
+	 *
+	 * Overrides JControllerForm::allowSave to check the core.admin permission.
+	 *
+	 * @param   array  An array of input data.
+	 * @param   string	The name of the key for the primary key.
+	 *
+	 * @return  boolean
+	 * @since   1.6
+	 */
+	protected function allowSave($data, $key = 'id')
+	{
+		return (JFactory::getUser()->authorise('core.admin', $this->option) && parent::allowSave($data, $key));
+	}
+
+	/**
+	 * Overrides JControllerForm::allowEdit
+	 *
+	 * Checks that non-Super Admins are not editing Super Admins.
+	 *
+	 * @param   array  An array of input data.
+	 * @param   string	The name of the key for the primary key.
+	 *
+	 * @return  boolean
+	 * @since   1.6
+	 */
+	protected function allowEdit($data = array(), $key = 'id')
+	{
+		// Check if this group is a Super Admin
+		if (JAccess::checkGroup($data[$key], 'core.admin'))
+		{
+			// If I'm not a Super Admin, then disallow the edit.
+			if (!JFactory::getUser()->authorise('core.admin'))
+			{
+				return false;
+			}
+		}
+
+		return parent::allowEdit($data, $key);
+	}
+
+}

administrator/components/com_users/controllers/groups.php

@@ -0,0 +1,126 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * User groups list controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       1.6
+ */
+class UsersControllerGroups extends JControllerAdmin
+{
+	/**
+	 * @var		string	The prefix to use with controller messages.
+	 * @since   1.6
+	 */
+	protected $text_prefix = 'COM_USERS_GROUPS';
+
+	/**
+	 * Proxy for getModel.
+	 *
+	 * @since   1.6
+	 */
+	public function getModel($name = 'Group', $prefix = 'UsersModel', $config = array())
+	{
+		return parent::getModel($name, $prefix, array('ignore_request' => true));
+	}
+
+	/**
+	 * Removes an item.
+	 *
+	 * Overrides JControllerAdmin::delete to check the core.admin permission.
+	 *
+	 * @since   1.6
+	 */
+	public function delete()
+	{
+		if (!JFactory::getUser()->authorise('core.admin', $this->option))
+		{
+			JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR'));
+			jexit();
+		}
+
+		return parent::delete();
+	}
+
+	/**
+	 * Method to publish a list of records.
+	 *
+	 * Overrides JControllerAdmin::publish to check the core.admin permission.
+	 *
+	 * @since   1.6
+	 */
+	public function publish()
+	{
+		if (!JFactory::getUser()->authorise('core.admin', $this->option))
+		{
+			JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR'));
+			jexit();
+		}
+
+		return parent::publish();
+	}
+
+	/**
+	 * Changes the order of one or more records.
+	 *
+	 * Overrides JControllerAdmin::reorder to check the core.admin permission.
+	 *
+	 * @since   1.6
+	 */
+	public function reorder()
+	{
+		if (!JFactory::getUser()->authorise('core.admin', $this->option))
+		{
+			JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR'));
+			jexit();
+		}
+
+		return parent::reorder();
+	}
+
+	/**
+	 * Method to save the submitted ordering values for records.
+	 *
+	 * Overrides JControllerAdmin::saveorder to check the core.admin permission.
+	 *
+	 * @since   1.6
+	 */
+	public function saveorder()
+	{
+		if (!JFactory::getUser()->authorise('core.admin', $this->option))
+		{
+			JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR'));
+			jexit();
+		}
+
+		return parent::saveorder();
+	}
+
+	/**
+	 * Check in of one or more records.
+	 *
+	 * Overrides JControllerAdmin::checkin to check the core.admin permission.
+	 *
+	 * @since   1.6
+	 */
+	public function checkin()
+	{
+		if (!JFactory::getUser()->authorise('core.admin', $this->option))
+		{
+			JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR'));
+			jexit();
+		}
+
+		return parent::checkin();
+	}
+}

administrator/components/com_users/controllers/index.html

@@ -0,0 +1 @@
+<!DOCTYPE html><title></title>

administrator/components/com_users/controllers/level.php

@@ -0,0 +1,81 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * User view level controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       1.6
+ */
+class UsersControllerLevel extends JControllerForm
+{
+	/**
+	 * @var		string	The prefix to use with controller messages.
+	 * @since   1.6
+	 */
+	protected $text_prefix = 'COM_USERS_LEVEL';
+
+	/**
+	 * Method to check if you can save a new or existing record.
+	 *
+	 * Overrides JControllerForm::allowSave to check the core.admin permission.
+	 *
+	 * @param   array  An array of input data.
+	 * @param   string	The name of the key for the primary key.
+	 *
+	 * @return  boolean
+	 * @since   1.6
+	 */
+	protected function allowSave($data, $key = 'id')
+	{
+		return (JFactory::getUser()->authorise('core.admin', $this->option) && parent::allowSave($data, $key));
+	}
+
+	/**
+	 * Method to remove a record.
+	 */
+	public function delete()
+	{
+		// Check for request forgeries.
+		JSession::checkToken() or jexit(JText::_('JInvalid_Token'));
+
+		$ids  = $this->input->get('cid', array(), 'array');
+
+		if (!JFactory::getUser()->authorise('core.admin', $this->option))
+		{
+			JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR'));
+			jexit();
+		}
+		elseif (empty($ids))
+		{
+			JError::raiseWarning(500, JText::_('COM_USERS_NO_LEVELS_SELECTED'));
+		}
+		else
+		{
+			// Get the model.
+			$model = $this->getModel();
+
+			JArrayHelper::toInteger($ids);
+
+			// Remove the items.
+			if (!$model->delete($ids))
+			{
+				JError::raiseWarning(500, $model->getError());
+			}
+			else {
+				$this->setMessage(JText::plural('COM_USERS_N_LEVELS_DELETED', count($ids)));
+			}
+		}
+
+		$this->setRedirect('index.php?option=com_users&view=levels');
+	}
+}

administrator/components/com_users/controllers/levels.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * User view levels list controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       1.6
+ */
+class UsersControllerLevels extends JControllerAdmin
+{
+	/**
+	 * @var		string	The prefix to use with controller messages.
+	 * @since   1.6
+	 */
+	protected $text_prefix = 'COM_USERS_LEVELS';
+
+	/**
+	 * Proxy for getModel.
+	 *
+	 * @since   1.6
+	 */
+	public function getModel($name = 'Level', $prefix = 'UsersModel')
+	{
+		return parent::getModel($name, $prefix, array('ignore_request' => true));
+	}
+}

administrator/components/com_users/controllers/mail.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * Users mail controller.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ */
+class UsersControllerMail extends JControllerLegacy
+{
+	public function send()
+	{
+		// Check for request forgeries.
+		JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN'));
+
+		$model = $this->getModel('Mail');
+		if ($model->send())
+		{
+			$type = 'message';
+		}
+		else
+		{
+			$type = 'error';
+		}
+
+		$msg = $model->getError();
+		$this->setredirect('index.php?option=com_users&view=mail', $msg, $type);
+	}
+
+	public function cancel()
+	{
+		// Check for request forgeries.
+		JSession::checkToken('request') or jexit(JText::_('JINVALID_TOKEN'));
+		$this->setRedirect('index.php');
+	}
+}

administrator/components/com_users/controllers/note.php

@@ -0,0 +1,51 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * User note controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       2.5
+ */
+class UsersControllerNote extends JControllerForm
+{
+	/**
+	 * The prefix to use with controller messages.
+	 *
+	 * @var    string
+	 * @since  2.5
+	 */
+	protected $text_prefix = 'COM_USERS_NOTE';
+
+	/**
+	 * Gets the URL arguments to append to an item redirect.
+	 *
+	 * @param   integer  $recordId  The primary key id for the item.
+	 * @param   string   $key       The name of the primary key variable.
+	 *
+	 * @return  string  The arguments to append to the redirect URL.
+	 *
+	 * @since   2.5
+	 */
+	protected function getRedirectToItemAppend($recordId = null, $key = 'id')
+	{
+		$append = parent::getRedirectToItemAppend($recordId, $key);
+
+		$userId = JFactory::getApplication()->input->get('u_id', 0, 'int');
+		if ($userId)
+		{
+			$append .= '&u_id=' . $userId;
+		}
+
+		return $append;
+	}
+}

administrator/components/com_users/controllers/notes.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * User notes controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       2.5
+ */
+class UsersControllerNotes extends JControllerAdmin
+{
+	/**
+	 * The prefix to use with controller messages.
+	 *
+	 * @var    string
+	 * @since  2.5
+	 */
+	protected $text_prefix = 'COM_USERS_NOTES';
+
+	/**
+	 * @param   string  $name    The model name. Optional.
+	 * @param   string  $prefix  The class prefix. Optional.
+	 * @param   array   $config  Configuration array for model. Optional.
+	 *
+	 * @return  object  The model.
+	 *
+	 * @since   2.5
+	 */
+	public function getModel($name = 'Note', $prefix = 'UsersModel', $config = array('ignore_request' => true))
+	{
+		return parent::getModel($name, $prefix, $config);
+	}
+}

administrator/components/com_users/controllers/user.php

@@ -0,0 +1,120 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * User controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       1.6
+ */
+class UsersControllerUser extends JControllerForm
+{
+	/**
+	 * @var    string  The prefix to use with controller messages.
+	 * @since  1.6
+	 */
+	protected $text_prefix = 'COM_USERS_USER';
+
+	/**
+	 * Overrides JControllerForm::allowEdit
+	 *
+	 * Checks that non-Super Admins are not editing Super Admins.
+	 *
+	 * @param   array   $data  An array of input data.
+	 * @param   string  $key   The name of the key for the primary key.
+	 *
+	 * @return  boolean  True if allowed, false otherwise.
+	 *
+	 * @since   1.6
+	 */
+	protected function allowEdit($data = array(), $key = 'id')
+	{
+		// Check if this person is a Super Admin
+		if (JAccess::check($data[$key], 'core.admin'))
+		{
+			// If I'm not a Super Admin, then disallow the edit.
+			if (!JFactory::getUser()->authorise('core.admin'))
+			{
+				return false;
+			}
+		}
+
+		return parent::allowEdit($data, $key);
+	}
+
+	/**
+	 * Method to run batch operations.
+	 *
+	 * @param   object  $model  The model.
+	 *
+	 * @return  boolean  True on success, false on failure
+	 *
+	 * @since   2.5
+	 */
+	public function batch($model = null)
+	{
+		JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));
+
+		// Set the model
+		$model = $this->getModel('User', '', array());
+
+		// Preset the redirect
+		$this->setRedirect(JRoute::_('index.php?option=com_users&view=users' . $this->getRedirectToListAppend(), false));
+
+		return parent::batch($model);
+	}
+
+	/**
+	 * Overrides parent save method to check the submitted passwords match.
+	 *
+	 * @param   string  $key     The name of the primary key of the URL variable.
+	 * @param   string  $urlVar  The name of the URL variable if different from the primary key (sometimes required to avoid router collisions).
+	 *
+	 * @return  boolean  True if successful, false otherwise.
+	 *
+	 * @since   1.6
+	 */
+	public function save($key = null, $urlVar = null)
+	{
+		$data = $this->input->post->get('jform', array(), 'array');
+
+		// TODO: JForm should really have a validation handler for this.
+		if (isset($data['password']) && isset($data['password2']))
+		{
+			// Check the passwords match.
+			if ($data['password'] != $data['password2'])
+			{
+				$this->setMessage(JText::_('JLIB_USER_ERROR_PASSWORD_NOT_MATCH'), 'warning');
+				$this->setRedirect(JRoute::_('index.php?option=com_users&view=user&layout=edit', false));
+			}
+
+			unset($data['password2']);
+		}
+
+		return parent::save();
+	}
+
+	/**
+	 * Function that allows child controller access to model data after the data has been saved.
+	 *
+	 * @param   JModelLegacy  $model      The data model object.
+	 * @param   array         $validData  The validated data.
+	 *
+	 * @return  void
+	 *
+	 * @since   3.1
+	 */
+	protected function postSaveHook(JModelLegacy $model, $validData = array())
+	{
+		return;
+	}
+}

administrator/components/com_users/controllers/users.php

@@ -0,0 +1,144 @@
+<?php
+/**
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ *
+ * @copyright   Copyright (C) 2005 - 2013 Open Source Matters, Inc. All rights reserved.
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+defined('_JEXEC') or die;
+
+/**
+ * Users list controller class.
+ *
+ * @package     Joomla.Administrator
+ * @subpackage  com_users
+ * @since       1.6
+ */
+class UsersControllerUsers extends JControllerAdmin
+{
+	/**
+	 * @var    string  The prefix to use with controller messages.
+	 * @since  1.6
+	 */
+	protected $text_prefix = 'COM_USERS_USERS';
+
+	/**
+	 * Constructor.
+	 *
+	 * @param   array  $config  An optional associative array of configuration settings.
+	 *
+	 * @return  UsersControllerUsers
+	 *
+	 * @since   1.6
+	 * @see     JController
+	 */
+	public function __construct($config = array())
+	{
+		parent::__construct($config);
+
+		$this->registerTask('block', 'changeBlock');
+		$this->registerTask('unblock', 'changeBlock');
+	}
+
+	/**
+	 * Proxy for getModel.
+	 *
+	 * @param   string  $name    The model name. Optional.
+	 * @param   string  $prefix  The class prefix. Optional.
+	 * @param   array   $config  Configuration array for model. Optional.
+	 *
+	 * @return  object  The model.
+	 *
+	 * @since   1.6
+	 */
+	public function getModel($name = 'User', $prefix = 'UsersModel', $config = array('ignore_request' => true))
+	{
+		return parent::getModel($name, $prefix, $config);
+	}
+
+	/**
+	 * Method to change the block status on a record.
+	 *
+	 * @return  void
+	 *
+	 * @since   1.6
+	 */
+	public function changeBlock()
+	{
+		// Check for request forgeries.
+		JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));
+
+		$ids    = $this->input->get('cid', array(), 'array');
+		$values = array('block' => 1, 'unblock' => 0);
+		$task   = $this->getTask();
+		$value  = JArrayHelper::getValue($values, $task, 0, 'int');
+
+		if (empty($ids))
+		{
+			JError::raiseWarning(500, JText::_('COM_USERS_USERS_NO_ITEM_SELECTED'));
+		}
+		else
+		{
+			// Get the model.
+			$model = $this->getModel();
+
+			// Change the state of the records.
+			if (!$model->block($ids, $value))
+			{
+				JError::raiseWarning(500, $model->getError());
+			}
+			else
+			{
+				if ($value == 1)
+				{
+					$this->setMessage(JText::plural('COM_USERS_N_USERS_BLOCKED', count($ids)));
+				}
+				elseif ($value == 0)
+				{
+					$this->setMessage(JText::plural('COM_USERS_N_USERS_UNBLOCKED', count($ids)));
+				}
+			}
+		}
+
+		$this->setRedirect('index.php?option=com_users&view=users');
+	}
+
+	/**
+	 * Method to activate a record.
+	 *
+	 * @return  void
+	 *
+	 * @since   1.6
+	 */
+	public function activate()
+	{
+		// Check for request forgeries.
+		JSession::checkToken() or jexit(JText::_('JINVALID_TOKEN'));
+
+		$ids = $this->input->get('cid', array(), 'array');
+
+		if (empty($ids))
+		{
+			JError::raiseWarning(500, JText::_('COM_USERS_USERS_NO_ITEM_SELECTED'));
+		}
+		else
+		{
+			// Get the model.
+			$model = $this->getModel();
+
+			// Change the state of the records.
+			if (!$model->activate($ids))
+			{
+				JError::raiseWarning(500, $model->getError());
+			}
+			else
+			{
+				$this->setMessage(JText::plural('COM_USERS_N_USERS_ACTIVATED', count($ids)));
+			}
+		}
+
+		$this->setRedirect('index.php?option=com_users&view=users');
+	}
+}