Merge branch 'feature/user-removal' into dev

author: Malf Furious <m@lfurio.us> 2016-05-22 16:59:43 -0400
committer: Malf Furious <m@lfurio.us> 2016-05-22 16:59:43 -0400
commit: abd11313d0a9f2b28d7b709fcbd98befd95db15c (patch)
tree: 152db15fb227134a48fa54d4696f0069bf651d62 /app
parent: d431ef2954455ad38454d27f5be866061794b4bf (diff)
parent: 2d1e4242a87b54578e24546dabe1525a014da24e (diff)
download: scrott-abd11313d0a9f2b28d7b709fcbd98befd95db15c.tar.gz
scrott-abd11313d0a9f2b28d7b709fcbd98befd95db15c.zip
8 files changed, 214 insertions, 2 deletions
diff --git a/app/class/user.class.php b/app/class/user.class.php
index 1d17dfe..07bd0d6 100644
--- a/app/class/user.class.php
+++ b/app/class/user.class.php
@@ -75,6 +75,16 @@ class User extends Object
     }
 
     /*
+     * Get the number of administrative accounts in the system
+     */
+    function getNumAdmins()
+    {
+        $query = "SELECT count(*) as cnt FROM user WHERE admin = 1";
+        $results = $this->db->query($query);
+        return $results[0]['cnt'];
+    }
+
+    /*
      * Check whether a given username is currently in use
      */
     function usernameInUse($username)
diff --git a/app/controller/dashboard.control.php b/app/controller/dashboard.control.php
index aa1c0bd..4ee4b38 100644
--- a/app/controller/dashboard.control.php
+++ b/app/controller/dashboard.control.php
@@ -14,8 +14,6 @@ class Dashboard extends Controller
     function handle($argv)
     {
         $mod = new DashboardModel();
-        $mod->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']);
-        $mod->common_deflt();
         $this->action_default($mod);
     }
 
diff --git a/app/controller/deleteacct.control.php b/app/controller/deleteacct.control.php
new file mode 100644
index 0000000..bd81ec7
--- /dev/null
+++ b/app/controller/deleteacct.control.php
@@ -0,0 +1,44 @@
+<?php
+
+require_once "class/controller.class.php";
+require_once "model/deleteacct.mod.php";
+
+/*
+ * Deleteacct is used to delete user accounts, requiring all requests to
+ * correctly enter the user's password
+ */
+class Deleteacct extends Controller
+{
+    /*
+     * Controller implementation
+     */
+    function handle($argv)
+    {
+        $mod = new DeleteacctModel();
+
+        switch ($_REQUEST['input']['action'])
+        {
+            case "delete":
+                $this->action_delete($mod);
+                break;
+
+            default:
+                $this->action_default($mod);
+                break;
+        }
+    }
+
+    function action_default($mod)
+    {
+        $mod->deflt();
+        include "view/deleteacct/default.view.php";
+    }
+
+    function action_delete($mod)
+    {
+        $mod->del($_REQUEST['input']);
+        $this->action_default($mod);
+    }
+}
+
+?>
diff --git a/app/controller/root.control.php b/app/controller/root.control.php
index 7017ada..341fa8a 100644
--- a/app/controller/root.control.php
+++ b/app/controller/root.control.php
@@ -7,6 +7,7 @@ require_once "controller/except.control.php";
 require_once "controller/auth.control.php";
 require_once "controller/deauth.control.php";
 require_once "controller/dashboard.control.php";
+require_once "controller/deleteacct.control.php";
 
 /*
  * Root-level controller for Scrott app.  This object will delegate the page request to the
@@ -65,6 +66,7 @@ class Root extends Controller
                 switch ($argv[0])
                 {
                     case "logout": $ctrl = new Deauth(); break;
+                    case "deleteaccount": $ctrl = new Deleteacct(); break;
                     default:
                         throw new Exception("The requested path is not valid.");
                         break;
diff --git a/app/model/common.mod.php b/app/model/common.mod.php
index 7630dfa..5e6373c 100644
--- a/app/model/common.mod.php
+++ b/app/model/common.mod.php
@@ -14,6 +14,16 @@ class CommonModel extends MasterModel
     );
 
     /*
+     * Constructor
+     */
+    function __construct()
+    {
+        parent::__construct();
+        $this->common_handleFormSubmissions($_REQUEST['input'], $_FILES['attachment']);
+        $this->common_deflt();
+    }
+
+    /*
      * Default action
      */
     function common_deflt()
@@ -48,6 +58,7 @@ class CommonModel extends MasterModel
             case "common-setting-admin":             $this->saveSettingAdmin($input);                         break;
             case "common-setting-allusers-adduser":  $this->saveSettingAllusersAdduser($input);               break;
             case "common-setting-allusers-edituser": $this->saveSettingAllusersEdituser($input, $attachment); break;
+            case "common-setting-allusers-deluser":  $this->saveSettingAllusersDeluser($input);               break;
         }
     }
 
@@ -273,6 +284,51 @@ class CommonModel extends MasterModel
         else
             $this->logFormErrors($form);
     }
+
+    /*
+     * Allow admin to remove user accounts
+     */
+    function saveSettingAllusersDeluser($input)
+    {
+        $form = new Form();
+        $form->field_text("guid");
+
+        if (!$form->populate($input))
+        {
+            $this->logFormErrors($form);
+            return;
+        }
+
+        $user = $this->getCurrentUser();
+
+        if (!$user || $user->admin == 0)
+        {
+            $this->logError("Admin permissions required");
+            return;
+        }
+
+        $user = new User($form->guid);
+
+        if ($user->type != "user")
+        {
+            $this->logError("Invalid user GUID");
+            return;
+        }
+
+        if ($user->admin && $user->getNumAdmins() == 1)
+        {
+            $this->logError("Account not deleted - Cannot remove the last admin account");
+            return;
+        }
+
+        $user->delObj();
+
+        if (!$this->getCurrentUser())
+        {
+            /* did user delete their own account? */
+            $this->redirectTo($this->ar() . "/");
+        }
+    }
 }
 
 ?>
diff --git a/app/model/deleteacct.mod.php b/app/model/deleteacct.mod.php
new file mode 100644
index 0000000..89aca14
--- /dev/null
+++ b/app/model/deleteacct.mod.php
@@ -0,0 +1,49 @@
+<?php
+
+require_once "model/common.mod.php";
+require_once "class/form.class.php";
+require_once "class/user.class.php";
+
+class DeleteacctModel extends CommonModel
+{
+    /*
+     * Default action
+     */
+    function deflt()
+    {
+    }
+
+    /*
+     * Delete current user's account
+     */
+    function del($input)
+    {
+        $form = new Form();
+        $form->field_text("password", null, false);
+
+        if (!$form->populate($input))
+        {
+            $this->logFormErrors($form);
+            return;
+        }
+
+        $user = $this->getCurrentUser();
+
+        if (!$user->validatePassword($form->password))
+        {
+            $this->logError("Account not deleted - Password was incorrect");
+            return;
+        }
+
+        if ($user->admin && $user->getNumAdmins() == 1)
+        {
+            $this->logError("Account not deleted - Cannot remove the last admin account");
+            return;
+        }
+
+        $user->delObj();
+        $this->redirectTo($this->ar() . "/");
+    }
+}
+
+?>
diff --git a/app/view/common/setting.modal.view.php b/app/view/common/setting.modal.view.php
index e43f723..60b0ba5 100644
--- a/app/view/common/setting.modal.view.php
+++ b/app/view/common/setting.modal.view.php
@@ -108,6 +108,11 @@
                         </form>
 
                         <p>&nbsp;</p>
+                        <p>&nbsp;</p>
+
+                        <a href="<?=$mod->ar()?>/deleteaccount" class="btn btn-danger btn-xs pull-right"><span class="glyphicon glyphicon-trash"></span> Delete Account</a>
+
+                        <p>&nbsp;</p>
                     </div>
 
                     <?php if ($mod->getCurrentUser()->admin == 1) { ?>
@@ -288,6 +293,17 @@
 
                                                     <button type="submit" class="btn btn-success pull-right">Save</button>
                                                 </form>
+
+                                                <p>&nbsp;</p>
+                                                <p>&nbsp;</p>
+
+                                                <form method="post" action="<?=$mod->ap()?>">
+                                                    <input type="hidden" name="input[action]" value="common-setting-allusers-deluser" />
+                                                    <input type="hidden" name="input[guid]" value="<?=$user->guid?>" />
+                                                    <button type="submit" class="btn btn-danger btn-xs pull-right" onclick="return assertConfirm()">
+                                                        <span class="glyphicon glyphicon-trash"></span> Delete Account
+                                                    </button>
+                                                </form>
                                             </div>
                                         </div>
                                     </div>
diff --git a/app/view/deleteacct/default.view.php b/app/view/deleteacct/default.view.php
new file mode 100644
index 0000000..de32202
--- /dev/null
+++ b/app/view/deleteacct/default.view.php
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+
+<html lang="en">
+    <head>
+        <?php include "view/common/head.view.php"; ?>
+        <title>Scrott - Delete user account</title>
+    </head>
+
+    <body>
+        <?php include "view/common/topp.view.php"; ?>
+
+        <div class="container">
+            <div class="panel panel-danger">
+                <div class="panel-heading">Warning: Deleting your user account!</div>
+
+                <div class="panel-body text-center">
+                    <form method="post" action="<?=$mod->ap()?>">
+                        <input type="hidden" name="input[action]" value="delete" />
+                        <h1>Are you sure?!</h1>
+                        <h4>Please confirm you want to delete your Scrott account.  Type your current password in the box below and click the confirm button</h4>
+
+                        <div class="form-group">
+                            <label>Password</label>
+                            <input type="password" name="input[password]" class="form-control" autofocus />
+                        </div>
+
+                        <button type="submit" class="btn btn-danger btn-lg">
+                            <span class="glyphicon glyphicon-trash"></span> Confirm Delete Account
+                        </button>
+                    </form>
+                </div>
+            </div>
+        </div>
+
+        <?php include "view/common/foot.view.php"; ?>
+    </body>
+</html>
author	Malf Furious <m@lfurio.us>	2016-05-22 16:59:43 -0400
committer	Malf Furious <m@lfurio.us>	2016-05-22 16:59:43 -0400
commit	abd11313d0a9f2b28d7b709fcbd98befd95db15c (patch)
tree	152db15fb227134a48fa54d4696f0069bf651d62 /app
parent	d431ef2954455ad38454d27f5be866061794b4bf (diff)
parent	2d1e4242a87b54578e24546dabe1525a014da24e (diff)
download	scrott-abd11313d0a9f2b28d7b709fcbd98befd95db15c.tar.gz scrott-abd11313d0a9f2b28d7b709fcbd98befd95db15c.zip