2021-10-08 10:27:40 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Controller;
|
|
|
|
|
|
|
|
|
|
use App\Controller\AppController;
|
|
|
|
|
use Cake\Utility\Hash;
|
|
|
|
|
use Cake\Utility\Text;
|
|
|
|
|
use \Cake\Database\Expression\QueryExpression;
|
|
|
|
|
use Cake\Http\Exception\NotFoundException;
|
|
|
|
|
use Cake\Http\Exception\MethodNotAllowedException;
|
|
|
|
|
use Cake\Http\Exception\ForbiddenException;
|
2022-01-17 15:24:30 +01:00
|
|
|
use Cake\Http\Exception\UnauthorizedException;
|
|
|
|
|
|
2021-10-08 10:27:40 +02:00
|
|
|
|
|
|
|
|
class UserSettingsController extends AppController
|
|
|
|
|
{
|
|
|
|
|
public $quickFilterFields = [['name' => true], ['value' => true]];
|
|
|
|
|
public $filterFields = ['name', 'value', 'Users.id'];
|
|
|
|
|
public $containFields = ['Users'];
|
|
|
|
|
|
|
|
|
|
public function index()
|
|
|
|
|
{
|
|
|
|
|
$conditions = [];
|
2022-01-17 15:24:30 +01:00
|
|
|
$currentUser = $this->ACL->getUser();
|
|
|
|
|
if (empty($currentUser['role']['perm_admin'])) {
|
|
|
|
|
$conditions['user_id'] = $currentUser->id;
|
|
|
|
|
}
|
2021-10-08 10:27:40 +02:00
|
|
|
$this->CRUD->index([
|
2022-01-17 15:24:30 +01:00
|
|
|
'conditions' => $conditions,
|
2021-10-08 10:27:40 +02:00
|
|
|
'contain' => $this->containFields,
|
|
|
|
|
'filters' => $this->filterFields,
|
|
|
|
|
'quickFilters' => $this->quickFilterFields,
|
|
|
|
|
]);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
if (!empty($this->request->getQuery('Users_id'))) {
|
2022-02-04 00:45:42 +01:00
|
|
|
$conditions = [
|
2021-10-08 10:27:40 +02:00
|
|
|
'id' => $this->request->getQuery('Users_id')
|
2022-02-04 00:45:42 +01:00
|
|
|
];
|
|
|
|
|
if (empty($currentUser['role']['perm_admin'])) {
|
|
|
|
|
$conditions['organisation_id'] = $currentUser['organisation_id'];
|
|
|
|
|
}
|
|
|
|
|
$settingsForUser = $this->UserSettings->Users->find()->where($conditions)->first();
|
|
|
|
|
if (empty($settingsForUser)) {
|
|
|
|
|
throw new NotFoundException(__('Invalid {0}.', __('user')));
|
|
|
|
|
}
|
2021-10-08 10:27:40 +02:00
|
|
|
$this->set('settingsForUser', $settingsForUser);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-08 16:49:12 +02:00
|
|
|
public function view($id)
|
|
|
|
|
{
|
2022-01-17 15:24:30 +01:00
|
|
|
if (!$this->isLoggedUserAllowedToEdit($id)) {
|
|
|
|
|
throw new NotFoundException(__('Invalid {0}.', 'user setting'));
|
|
|
|
|
}
|
2021-10-08 16:49:12 +02:00
|
|
|
$this->CRUD->view($id, [
|
|
|
|
|
'contain' => ['Users']
|
|
|
|
|
]);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-27 10:44:47 +01:00
|
|
|
public function add($user_id=null)
|
2021-10-08 10:27:40 +02:00
|
|
|
{
|
2022-01-17 15:24:30 +01:00
|
|
|
$currentUser = $this->ACL->getUser();
|
2021-10-08 10:27:40 +02:00
|
|
|
$this->CRUD->add([
|
|
|
|
|
'redirect' => ['action' => 'index', $user_id],
|
2022-01-17 15:24:30 +01:00
|
|
|
'beforeSave' => function ($data) use ($currentUser) {
|
|
|
|
|
if (empty($currentUser['role']['perm_admin'])) {
|
|
|
|
|
$data['user_id'] = $currentUser->id;
|
|
|
|
|
}
|
2021-10-08 10:27:40 +02:00
|
|
|
return $data;
|
|
|
|
|
}
|
|
|
|
|
]);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
2022-01-17 15:24:30 +01:00
|
|
|
$allUsers = $this->UserSettings->Users->find('list', ['keyField' => 'id', 'valueField' => 'username'])->order(['username' => 'ASC']);
|
|
|
|
|
if (empty($currentUser['role']['perm_admin'])) {
|
|
|
|
|
$allUsers->where(['id' => $currentUser->id]);
|
|
|
|
|
$user_id = $currentUser->id;
|
2022-01-27 10:44:47 +01:00
|
|
|
} else if (!is_null($user_id)) {
|
|
|
|
|
$allUsers->where(['id' => $user_id]);
|
2022-01-17 15:24:30 +01:00
|
|
|
}
|
2021-10-08 10:27:40 +02:00
|
|
|
$dropdownData = [
|
2022-01-17 15:24:30 +01:00
|
|
|
'user' => $allUsers->all()->toArray(),
|
2021-10-08 10:27:40 +02:00
|
|
|
];
|
|
|
|
|
$this->set(compact('dropdownData'));
|
|
|
|
|
$this->set('user_id', $user_id);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function edit($id)
|
|
|
|
|
{
|
|
|
|
|
$entity = $this->UserSettings->find()->where([
|
|
|
|
|
'id' => $id
|
|
|
|
|
])->first();
|
2022-01-17 15:24:30 +01:00
|
|
|
|
|
|
|
|
if (!$this->isLoggedUserAllowedToEdit($entity)) {
|
|
|
|
|
throw new NotFoundException(__('Invalid {0}.', 'user setting'));
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-08 10:27:40 +02:00
|
|
|
$entity = $this->CRUD->edit($id, [
|
|
|
|
|
'redirect' => ['action' => 'index', $entity->user_id]
|
|
|
|
|
]);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
$dropdownData = [
|
|
|
|
|
'user' => $this->UserSettings->Users->find('list', [
|
|
|
|
|
'sort' => ['username' => 'asc']
|
|
|
|
|
]),
|
|
|
|
|
];
|
|
|
|
|
$this->set(compact('dropdownData'));
|
|
|
|
|
$this->set('user_id', $this->entity->user_id);
|
|
|
|
|
$this->render('add');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function delete($id)
|
|
|
|
|
{
|
2022-01-17 15:24:30 +01:00
|
|
|
if (!$this->isLoggedUserAllowedToEdit($id)) {
|
|
|
|
|
throw new NotFoundException(__('Invalid {0}.', 'user setting'));
|
|
|
|
|
}
|
2021-10-08 10:27:40 +02:00
|
|
|
$this->CRUD->delete($id);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-26 12:11:44 +01:00
|
|
|
/**
|
|
|
|
|
* Get a setting by name for the currently logged-in user
|
|
|
|
|
*
|
|
|
|
|
* @param [type] $settingsName
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
public function getMySettingByName($settingsName)
|
2021-10-08 16:49:12 +02:00
|
|
|
{
|
|
|
|
|
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName);
|
|
|
|
|
if (is_null($setting)) {
|
|
|
|
|
throw new NotFoundException(__('Invalid {0} for user {1}.', __('User setting'), $this->ACL->getUser()->username));
|
|
|
|
|
}
|
|
|
|
|
$this->CRUD->view($setting->id, [
|
|
|
|
|
'contain' => ['Users']
|
|
|
|
|
]);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
$this->render('view');
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-26 12:11:44 +01:00
|
|
|
public function setMySetting($settingsName = false)
|
2021-10-08 16:49:12 +02:00
|
|
|
{
|
|
|
|
|
if (!$this->request->is('get')) {
|
|
|
|
|
$setting = $this->UserSettings->getSettingByName($this->ACL->getUser(), $settingsName);
|
|
|
|
|
if (is_null($setting)) { // setting not found, create it
|
|
|
|
|
$result = $this->UserSettings->createSetting($this->ACL->getUser(), $settingsName, $this->request->getData()['value']);
|
|
|
|
|
} else {
|
|
|
|
|
$result = $this->UserSettings->editSetting($this->ACL->getUser(), $settingsName, $this->request->getData()['value']);
|
|
|
|
|
}
|
|
|
|
|
$success = !empty($result);
|
|
|
|
|
$message = $success ? __('Setting saved') : __('Could not save setting');
|
|
|
|
|
$this->CRUD->setResponseForController('setSetting', $success, $message, $result);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$this->set('settingName', $settingsName);
|
|
|
|
|
}
|
2021-10-08 16:57:38 +02:00
|
|
|
|
2022-01-26 12:11:44 +01:00
|
|
|
public function saveSetting($user_id = false)
|
2021-10-18 13:28:26 +02:00
|
|
|
{
|
2022-01-26 12:11:44 +01:00
|
|
|
$user = $this->getRequestedUserIfAllowed($user_id);
|
2021-10-18 13:28:26 +02:00
|
|
|
if ($this->request->is('post')) {
|
|
|
|
|
$data = $this->ParamHandler->harvestParams([
|
|
|
|
|
'name',
|
|
|
|
|
'value'
|
|
|
|
|
]);
|
2022-01-26 12:11:44 +01:00
|
|
|
$setting = $this->UserSettings->getSettingByName($user, $data['name']);
|
2021-10-18 13:28:26 +02:00
|
|
|
if (is_null($setting)) { // setting not found, create it
|
2022-01-26 12:11:44 +01:00
|
|
|
$result = $this->UserSettings->createSetting($user, $data['name'], $data['value']);
|
2021-10-18 13:28:26 +02:00
|
|
|
} else {
|
2022-01-26 12:11:44 +01:00
|
|
|
$result = $this->UserSettings->editSetting($user, $data['name'], $data['value']);
|
2021-10-18 13:28:26 +02:00
|
|
|
}
|
|
|
|
|
$success = !empty($result);
|
|
|
|
|
$message = $success ? __('Setting saved') : __('Could not save setting');
|
2022-01-26 12:11:44 +01:00
|
|
|
$this->CRUD->setResponseForController('saveSetting', $success, $message, $result);
|
2021-10-18 13:28:26 +02:00
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-26 12:11:44 +01:00
|
|
|
public function getMyBookmarks($forSidebar = false)
|
2021-10-18 13:28:26 +02:00
|
|
|
{
|
|
|
|
|
$bookmarks = $this->UserSettings->getSettingByName($this->ACL->getUser(), $this->UserSettings->BOOKMARK_SETTING_NAME);
|
|
|
|
|
$bookmarks = json_decode($bookmarks['value'], true);
|
|
|
|
|
$this->set('user_id', $this->ACL->getUser()->id);
|
|
|
|
|
$this->set('bookmarks', $bookmarks);
|
|
|
|
|
$this->set('forSidebar', $forSidebar);
|
|
|
|
|
$this->render('/element/UserSettings/saved-bookmarks');
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-26 12:11:44 +01:00
|
|
|
public function saveMyBookmark()
|
2021-10-08 16:57:38 +02:00
|
|
|
{
|
|
|
|
|
if (!$this->request->is('get')) {
|
|
|
|
|
$result = $this->UserSettings->saveBookmark($this->ACL->getUser(), $this->request->getData());
|
|
|
|
|
$success = !empty($result);
|
|
|
|
|
$message = $success ? __('Bookmark saved') : __('Could not save bookmark');
|
|
|
|
|
$this->CRUD->setResponseForController('saveBookmark', $success, $message, $result);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$this->set('user_id', $this->ACL->getUser()->id);
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-26 12:11:44 +01:00
|
|
|
public function deleteMyBookmark()
|
2021-10-18 13:28:26 +02:00
|
|
|
{
|
|
|
|
|
if (!$this->request->is('get')) {
|
|
|
|
|
$result = $this->UserSettings->deleteBookmark($this->ACL->getUser(), $this->request->getData());
|
|
|
|
|
$success = !empty($result);
|
|
|
|
|
$message = $success ? __('Bookmark deleted') : __('Could not delete bookmark');
|
|
|
|
|
$this->CRUD->setResponseForController('deleteBookmark', $success, $message, $result);
|
|
|
|
|
$responsePayload = $this->CRUD->getResponsePayload();
|
|
|
|
|
if (!empty($responsePayload)) {
|
|
|
|
|
return $responsePayload;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$this->set('user_id', $this->ACL->getUser()->id);
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-17 15:24:30 +01:00
|
|
|
/**
|
2022-02-04 00:45:42 +01:00
|
|
|
* isLoggedUserAllowedToEdit
|
2022-01-17 15:24:30 +01:00
|
|
|
*
|
|
|
|
|
* @param int|\App\Model\Entity\UserSetting $setting
|
|
|
|
|
* @return boolean
|
|
|
|
|
*/
|
|
|
|
|
private function isLoggedUserAllowedToEdit($setting): bool
|
|
|
|
|
{
|
|
|
|
|
$currentUser = $this->ACL->getUser();
|
|
|
|
|
$isAllowed = false;
|
|
|
|
|
if (!empty($currentUser['role']['perm_admin'])) {
|
|
|
|
|
$isAllowed = true;
|
|
|
|
|
} else {
|
|
|
|
|
if (is_numeric($setting)) {
|
|
|
|
|
$setting = $this->UserSettings->find()->where([
|
|
|
|
|
'id' => $setting
|
|
|
|
|
])->first();
|
|
|
|
|
if (empty($setting)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$isAllowed = $setting->user_id == $currentUser->id;
|
|
|
|
|
}
|
|
|
|
|
return $isAllowed;
|
|
|
|
|
}
|
2022-01-26 12:11:44 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return the requested user if user permissions allow it. Otherwise, return the user currently logged-in
|
|
|
|
|
*
|
|
|
|
|
* @param bool|int $user_id
|
|
|
|
|
* @return void
|
|
|
|
|
*/
|
|
|
|
|
private function getRequestedUserIfAllowed($user_id = false)
|
|
|
|
|
{
|
|
|
|
|
$currentUser = $this->ACL->getUser();
|
|
|
|
|
if (is_bool($user_id)) {
|
|
|
|
|
return $currentUser;
|
|
|
|
|
}
|
|
|
|
|
if (!empty($currentUser['role']['perm_admin'])) {
|
|
|
|
|
$user = $this->Users->get($user_id, [
|
|
|
|
|
'contain' => ['Roles', 'Individuals' => 'Organisations']
|
|
|
|
|
]);
|
|
|
|
|
} else {
|
|
|
|
|
$user = $currentUser;
|
|
|
|
|
}
|
|
|
|
|
return $user;
|
|
|
|
|
}
|
2022-01-17 15:24:30 +01:00
|
|
|
}
|
