Context Navigation

User.pm @ 1823

Visit:

Revision 1823, 58.7 kB (checked in by takayama, 20 months ago)
Fixed BugId:67959 * Added check for result of object loading
Property svn:keywords set to `Id Revision`

Line
1	package MT::CMS::User;
2
3	use strict;
4
5	use MT::Util qw( format_ts relative_date is_url );
6	use MT::Author;
7
8	sub edit {
9	my $cb = shift;
10	my ($app, $id, $obj, $param) = @_;
11
12	my $author = $app->user;
13
14	if ($id) {
15	# TODO: Populate permissions / blogs for this user
16	# populate blog_loop, permission_loop
17	$param->{is_me} = 1 if $id == $author->id;
18	$param->{editing_other_profile} = 1
19	if !$param->{is_me} && $author->is_superuser;
20
21	$param->{userpic} = $obj->userpic_html();
22
23	require MT::Permission;
24
25	# General permissions...
26	my $sys_perms = MT::Permission->perms('system');
27	foreach (@$sys_perms) {
28	$param->{ 'perm_can_' . $_->[0] } =
29	($obj->is_superuser \|\| $obj->permissions(0)->has( $_->[0] )) ? 1 : 0;
30	}
31	$param->{perm_is_superuser} = $obj->is_superuser;
32
33	require MT::Auth;
34	if ( $app->user->is_superuser ) {
35	$param->{search_label} = $app->translate('Users');
36	$param->{object_type} = 'author';
37	$param->{can_edit_username} = 1;
38	}
39	$param->{status_enabled} = $obj->is_active ? 1 : 0;
40	$param->{status_pending} =
41	$obj->status == MT::Author::PENDING() ? 1 : 0;
42	$param->{can_modify_password} =
43	( $param->{editing_other_profile} \|\| $param->{is_me} )
44	&& MT::Auth->password_exists;
45	$param->{can_recover_password} = MT::Auth->can_recover_password;
46	$param->{languages} = $app->languages_list( $obj->preferred_language )
47	unless exists $param->{langauges};
48	} else {
49	$param->{create_personal_weblog} =
50	$app->config->NewUserAutoProvisioning ? 1 : 0
51	unless exists $param->{create_personal_weblog};
52	$param->{can_modify_password} = MT::Auth->password_exists;
53	$param->{can_recover_password} = MT::Auth->can_recover_password;
54	}
55
56	$app->add_breadcrumb( $app->translate("Users"),
57	$app->user->is_superuser
58	? $app->uri( mode => 'list_authors' )
59	: undef );
60	my $auth_prefs;
61	if ($obj) {
62	$app->add_breadcrumb( $obj->name );
63	$param->{languages} =
64	$app->languages_list( $obj->preferred_language );
65	$auth_prefs = $obj->entry_prefs;
66	}
67	else {
68	$app->add_breadcrumb( $app->translate("Create User") );
69	$param->{languages} =
70	$app->languages_list( $app->config('DefaultUserLanguage') )
71	unless ( exists $param->{languages} );
72	$auth_prefs = { tag_delim => $app->config->DefaultUserTagDelimiter }
73	unless ( exists $param->{'auth_pref_tag_delim'} );
74	}
75	$param->{text_filters} =
76	$app->load_text_filters( $obj ? $obj->text_format : undef,
77	'comment' );
78	unless ( exists $param->{'auth_pref_tag_delim'} ) {
79	my $delim = chr( $auth_prefs->{tag_delim} );
80	if ( $delim eq ',' ) {
81	$param->{'auth_pref_tag_delim_comma'} = 1;
82	}
83	elsif ( $delim eq ' ' ) {
84	$param->{'auth_pref_tag_delim_space'} = 1;
85	}
86	else {
87	$param->{'auth_pref_tag_delim_other'} = 1;
88	}
89	$param->{'auth_pref_tag_delim'} = $delim;
90	}
91	$param->{'nav_authors'} = 1;
92	}
93
94	sub edit_role {
95	my $app = shift;
96
97	$app->return_to_dashboard( redirect => 1 ) if $app->param('blog_id');
98
99	my %param = $_[0] ? %{ $_[0] } : ();
100	my $q = $app->param;
101	my $author = $app->user;
102	my $id = $q->param('id');
103
104	require MT::Permission;
105	if ( !$author->is_superuser ) {
106	return $app->error( $app->translate("Invalid request.") );
107	}
108	my $role;
109	require MT::Role;
110	if ($id) {
111	$role = MT::Role->load($id)
112	or return $app->error($app->translate('Can\'t load role #[_1].', $id));
113
114	# $param{is_enabled} = $role->is_active;
115	$param{is_enabled} = 1;
116	$param{name} = $role->name;
117	$param{description} = $role->description;
118	$param{id} = $role->id;
119	my $creator = MT::Author->load( $role->created_by )
120	if $role->created_by;
121	$param{created_by} = $creator ? $creator->name : '';
122
123	my $permissions = $role->permissions;
124	if ( defined($permissions) && $permissions ) {
125	my @perms = split ',', $permissions;
126
127	my @roles = MT::Role->load_same(
128	{ 'id' => [$id] },
129	{ not => { id => 1 } },
130	1, # exact match
131	@perms
132	);
133	my @same_perms;
134	for my $other_role (@roles) {
135	push @same_perms,
136	{
137	name => $other_role->name,
138	id => $other_role->id,
139	};
140	}
141	$param{same_perm_loop} = \@same_perms if @same_perms;
142	}
143	require MT::Association;
144	$param{user_count} = MT::Author->count( undef, { join => MT::Association->join_on( 'author_id', { role_id => $id }, { unique => 1 } ) } );
145	}
146
147	my $all_perm_flags = MT::Permission->perms('blog');
148
149	my @p_data;
150	for my $ref (@$all_perm_flags) {
151	$param{ 'have_access-' . $ref->[0] } =
152	( $role && $role->has( $ref->[0] ) ) ? 1 : 0;
153	$param{ 'prompt-' . $ref->[0] } = $ref->[1];
154	}
155	$param{saved} = $q->param('saved');
156	$param{nav_privileges} = 1;
157	$app->add_breadcrumb( $app->translate('Roles'),
158	$app->uri( mode => 'list_roles' ) );
159	if ($id) {
160	$app->add_breadcrumb( $role->name );
161	}
162	else {
163	$app->add_breadcrumb( $app->translate('Create Role') );
164	}
165	$param{screen_class} = "settings-screen edit-role";
166	$param{object_type} = 'role';
167	$param{object_label} = MT::Role->class_label;
168	$param{object_label_plural} = MT::Role->class_label_plural;
169	$param{search_label} = $app->translate('Users');
170	$app->load_tmpl( 'edit_role.tmpl', \%param );
171	}
172
173	sub list {
174	my $app = shift;
175	my (%param) = @_;
176
177	$app->return_to_dashboard( redirect => 1 )
178	if $app->param('blog_id');
179
180	my $this_author = $app->user;
181	return $app->return_to_dashboard( permission => 1 )
182	unless $this_author->is_superuser();
183
184	my $this_author_id = $this_author->id;
185	my $list_pref = $app->list_pref('author');
186	%param = (%param, %$list_pref);
187	my $limit = $list_pref->{rows};
188	my $offset = $app->param('offset') \|\| 0;
189	my $args = { offset => $offset, sort => 'name' };
190	$args->{limit} = $limit + 1;
191	my %author_entry_count;
192	$param{tab_users} = 1;
193	my ( $filter_col, $val );
194	$param{filter_args} = "";
195	my %terms = ( type => MT::Author::AUTHOR() );
196
197	my $filter_key = $app->param('filter_key');
198	if ( ( $filter_col = $app->param('filter') )
199	&& ( $val = $app->param('filter_val') ) )
200	{
201	if ( !exists( $terms{$filter_col} ) ) {
202	$terms{$filter_col} = $val;
203	$param{filter} = $filter_col;
204	$param{filter_val} = $val;
205	$param{filter_args} = "&filter=" . encode_url($filter_col) . "&filter_val=" . encode_url($val);
206	}
207	} elsif ($filter_key) {
208	my $filters = $app->registry("list_filters", "sys_user") \|\| {};
209	if ( my $filter = $filters->{$filter_key} ) {
210	if ( my $code = $filter->{code}
211	\|\| $app->handler_to_coderef( $filter->{handler} ) )
212	{
213	$param{filter} = 1;
214	$param{filter_key} = $filter_key;
215	$param{filter_label} = $filter->{label};
216	$code->( \%terms, $args );
217	}
218	}
219	}
220	$param{can_create_user} = $this_author->is_superuser;
221	$param{synchronized} = 1 if $app->param('synchronized');
222	$param{error} = 1 if $app->param('error');
223	my $author_iter = MT::Author->load_iter( \%terms, $args );
224	my ( @data, %authors, %entry_count_refs );
225	my $entry_class = $app->model('entry');
226	while ( my $au = $author_iter->() ) {
227	my $row = $au->column_values;
228	$row->{name} = '(unnamed)' if !$row->{name};
229	$authors{ $au->id } \|\|= $au;
230	$row->{id} = $au->id;
231	$row->{email} = ''
232	unless ( !defined $au->email )
233	or ( $au->email =~ /@/ );
234	$row->{entry_count} = 0;
235	$entry_count_refs{ $au->id } = \$row->{entry_count};
236	$row->{is_me} = $au->id == $this_author_id;
237	$row->{has_edit_access} = $this_author->is_superuser;
238	$row->{status_enabled} = $au->is_active;
239	$row->{status_pending} = $au->status == MT::Author::PENDING();
240
241	if ( $row->{created_by} ) {
242	my $parent_author = $authors{ $au->created_by } \|\|=
243	MT::Author->load( $au->created_by )
244	if $au->created_by;
245	if ($parent_author) {
246	$row->{created_by_name} = $parent_author->name;
247	}
248	else {
249	$row->{created_by_name} = $app->translate('(user deleted)');
250	}
251	}
252	push @data, $row;
253	last if scalar @data == $limit;
254	}
255	if ( keys %entry_count_refs ) {
256	my $author_entry_count_iter =
257	MT::Entry->count_group_by(
258	{ author_id => [ keys %entry_count_refs ] },
259	{ group => ['author_id'] } );
260	while ( my ( $count, $author_id ) = $author_entry_count_iter->() ) {
261	${ $entry_count_refs{$author_id} } = $count;
262	}
263	}
264	$param{object_loop} = \@data;
265	$param{object_type} = 'author';
266	$param{object_label} = $app->model('author')->class_label;
267	$param{object_label_plural} = $app->model('author')->class_label_plural;
268	if ( $this_author->is_superuser() ) {
269	$param{search_label} = $app->translate('Users');
270	$param{is_superuser} = 1;
271	}
272
273	$param{limit} = $limit;
274	$param{list_start} = $offset + 1;
275	delete $args->{limit};
276	delete $args->{offset};
277	$param{list_total} = MT::Author->count( \%terms, $args );
278	$param{list_end} = $offset + ( scalar @data );
279	$param{next_offset_val} = $offset + ( scalar @data );
280	$param{next_offset} = $param{next_offset_val} < $param{list_total} ? 1 : 0;
281	$param{next_max} = $param{list_total} - $limit;
282	$param{next_max} = 0 if ( $param{next_max} \|\| 0 ) < $offset + 1;
283	if ( $offset > 0 ) {
284	$param{prev_offset} = 1;
285	$param{prev_offset_val} = $offset - $limit;
286	$param{prev_offset_val} = 0 if $param{prev_offset_val} < 0;
287	}
288	$param{offset} = $offset;
289	$param{list_filters} = $app->list_filters("sys_user");
290	$param{list_noncron} = 1;
291	$param{saved_deleted} = $app->param('saved_deleted');
292	$param{saved_removed} = $app->param('saved_removed');
293	$param{author_ldap_found} = $app->param('author_ldap_found');
294	$param{saved} = $app->param('saved');
295	my $status = $app->param('saved_status');
296	$param{"saved_status_$status"} = 1 if $status;
297	$param{unchanged} = $app->param('unchanged');
298	$app->load_list_actions( 'author', \%param );
299	$param{page_actions} =
300	$app->page_actions('list_authors');
301
302	$param{nav_authors} = 1;
303	$param{listing_screen} = 1;
304	$param{screen_id} = "list-author";
305	my $tmpl_file = $param{output} \|\| 'list_author.tmpl';
306	$app->load_tmpl( $tmpl_file, \%param );
307	}
308
309	# list of all users, regardless of commenter/author on a blog
310	sub list_member {
311	my $app = shift;
312
313	my $blog_id = $app->param('blog_id');
314	$app->return_to_dashboard( redirect => 1 )
315	unless $blog_id;
316
317	my $blog = $app->blog;
318	my $user = $app->user;
319	my $perms = $app->permissions;
320	return $app->return_to_dashboard( permission => 1 )
321	unless $user->is_superuser() \|\| ($perms && $perms->can_administer_blog());
322
323	my $super_user = 1 if $user->is_superuser();
324	my $args = {};
325	my $terms = {};
326	my $param = { list_noncron => 1 };
327	$args->{join} =
328	MT::Permission->join_on( 'author_id', { blog_id => $blog_id, } );
329
330	$args->{sort_order} = 'created_on';
331	$args->{direction} = 'descend';
332
333	$param->{saved} = 1 if $app->param('saved');
334	$param->{search_label} = $app->translate('Users');
335	$param->{object_type} = 'author';
336
337	require MT::Association;
338	require MT::Role;
339	my @all_roles = MT::Role->load( undef, { sort => 'name' });
340
341	my $sel_role = 0;
342	my $filter = $app->param('filter') \|\| '';
343	if ($filter eq 'role') {
344	my $val = scalar $app->param('filter_val');
345	if ($val) {
346	$sel_role = $val;
347	$args->{join} = MT::Association->join_on('author_id', { blog_id => $blog_id, role_id => $val });
348	}
349	}
350	elsif ($filter eq 'status') {
351	my $val = $app->param('filter_val');
352	if ($val eq 'disabled') {
353	$terms->{status} = 2;
354	}
355	elsif ($val eq 'pending') {
356	$terms->{status} = 3;
357	}
358	else {
359	$terms->{status} = 1;
360	}
361	}
362
363	my @role_loop;
364	foreach my $r (@all_roles) {
365	push @role_loop, { role_id => $r->id, role_name => $r->name, selected => $r->id == $sel_role };
366	}
367	$param->{role_loop} = \@role_loop;
368	my $hasher = sub {
369	my ( $obj, $row ) = @_;
370	if ( ( $row->{email} \|\| '' ) !~ m/@/ ) {
371	$row->{email} = '';
372	}
373	if ( $row->{created_by} ) {
374	if ( my $created_by = MT::Author->load( $row->{created_by} ) ) {
375	$row->{created_by} = $created_by->name;
376	}
377	else {
378	$row->{created_by} = $app->translate('User deleted');
379	}
380	}
381	$row->{is_me} = $row->{id} == $user->id;
382	$row->{has_edit_access} = 1 if $super_user;
383	$row->{usertype_author} = 1 if $obj->type == MT::Author::AUTHOR();
384	if ( $obj->type == MT::Author::COMMENTER() ) {
385	$row->{usertype_commenter} = 1;
386	$row->{status_trusted} = 1 if $obj->is_trusted($blog_id);
387	if ($row->{name} =~ m/^[a-f0-9]{32}$/) {
388	$row->{name} = $row->{nickname} \|\| $row->{url};
389	}
390	}
391	$row->{status_enabled} = 1 if $obj->status == 1;
392	my @roles = MT::Role->load(undef, { join => MT::Association->join_on('role_id', { author_id => $row->{id}, blog_id => $blog_id }, { unique => 1 })});
393	my @role_loop;
394	foreach my $role (@roles) {
395	my @perms;
396	my @all_perms = @{ MT::Permission->perms() };
397	foreach (@all_perms) {
398	next unless length( $_->[1] \|\| '' );
399	push @perms, $_->[1]
400	if $role->has( $_->[0] );
401	}
402	my $role_perms = join(", ", @perms);
403	push @role_loop, { role_name => $role->name, role_id => $role->id, role_perms => $role_perms };
404	}
405	$row->{role_loop} = \@role_loop;
406	$row->{auth_icon_url} = $obj->auth_icon_url;
407	};
408	$param->{screen_id} = "list-member";
409
410	return $app->listing(
411	{
412	type => 'user',
413	template => 'list_member.tmpl',
414	terms => $terms,
415	params => $param,
416	args => $args,
417	code => $hasher,
418	}
419	);
420	}
421
422	sub list_association {
423	my $app = shift;
424
425	my $blog_id = $app->param('blog_id');
426	my $author_id = $app->param('author_id');
427	my $role_id = $app->param('role_id');
428
429	my $this_user = $app->user;
430	if ( !$this_user->is_superuser ) {
431	if (
432	(
433	!$blog_id
434	\|\| !$this_user->permissions($blog_id)->can_administer_blog
435	)
436	&& ( !$author_id \|\| ( $author_id != $this_user->id ) )
437	)
438	{
439	return $app->errtrans("Permission denied.");
440	}
441	}
442
443	my ( $user, $role );
444	$app->error(undef);
445
446	if ($author_id) {
447	$app->add_breadcrumb( $app->translate('Users'),
448	$app->user->is_superuser
449	? $app->uri( mode => 'list_authors' )
450	: undef );
451	if ( 'PSEUDO' ne $author_id ) {
452	my $author_class = $app->model('author');
453	$user = $author_class->load($author_id);
454	$app->add_breadcrumb(
455	$user->name,
456	$app->uri(
457	mode => 'view',
458	args => { _type => 'author', id => $author_id }
459	)
460	);
461	}
462	else {
463	$app->add_breadcrumb( $app->translate('(newly created user)') );
464	}
465	$app->add_breadcrumb( $app->translate('User Associations') );
466	}
467	if ($role_id) {
468	my $role_class = $app->model('role') or return;
469	$role = $role_class->load($role_id);
470	$app->add_breadcrumb( $app->translate("Roles"),
471	$app->uri( mode => "list_roles" ) );
472	$app->add_breadcrumb(
473	$role->name,
474	$app->uri(
475	mode => 'edit_role',
476	args => { _type => 'role', id => $role_id }
477	)
478	);
479	$app->add_breadcrumb( $app->translate("Role Users & Groups") );
480	}
481	if ( !$role_id && !$author_id ) {
482	if ($blog_id) {
483	$app->add_breadcrumb( $app->translate("Users") );
484	}
485	else {
486	$app->add_breadcrumb( $app->translate("Associations") );
487	}
488	}
489
490	my $pref = $app->list_pref('association');
491
492	# Supplies additional parameters for the row being listed
493	my %users;
494	$users{ $this_user->id } = $this_user;
495	my $hasher = sub {
496	my ( $obj, $row ) = @_;
497	if ( my $user = $obj->user ) {
498	$row->{user_id} = $user->id;
499	$row->{user_name} = $user->name;
500	}
501	if ( my $role = $obj->role ) {
502	$row->{role_name} = $role->name;
503
504	# populate permissions for the expanded view
505	if ( $pref->{view_expanded} ) {
506	my @perms;
507	my @all_perms = @{ MT::Permission->perms() };
508	foreach (@all_perms) {
509	next unless length( $_->[1] \|\| '' );
510	push @perms, { name => $_->[1] }
511	if $role->has( $_->[0] );
512	}
513	$row->{perm_loop} = \@perms;
514	}
515	}
516	else {
517	$row->{role_name} = $app->translate("(Custom)");
518	}
519	if ( my $blog = $obj->blog ) {
520	$row->{blog_name} = $blog->name;
521	}
522	if ( my $ts = $obj->created_on ) {
523	$row->{created_on_formatted} =
524	format_ts( MT::App::CMS::LISTING_DATE_FORMAT(), $ts, $obj->blog, $app->user ? $app->user->preferred_language : undef );
525	$row->{created_on_time_formatted} =
526	format_ts( MT::App::CMS::LISTING_TIMESTAMP_FORMAT(), $ts, $obj->blog, $app->user ? $app->user->preferred_language : undef );
527	$row->{created_on_relative} =
528	relative_date( $ts, time, $obj->blog );
529	}
530	if ( $row->{created_by} ) {
531	my $created_user = $users{ $row->{created_by} } \|\|=
532	MT::Author->load( $row->{created_by} );
533	if ($created_user) {
534	$row->{created_by} = $created_user->name;
535	}
536	else {
537	$row->{created_by} = $app->translate('(user deleted)');
538	}
539	}
540	};
541	$app->model('association') or return;
542	my $types;
543	if ( !$author_id && !$blog_id ) {
544	$types = [
545	MT::Association::USER_BLOG_ROLE(),
546	MT::Association::USER_ROLE(),
547	];
548	}
549	elsif ( !$author_id ) {
550	$types = [
551	MT::Association::USER_BLOG_ROLE(),
552	];
553	}
554	elsif ($author_id) {
555	$types =
556	[ MT::Association::USER_BLOG_ROLE(), MT::Association::USER_ROLE() ];
557	}
558
559	my $pre_build = sub {
560	my ($param) = @_;
561	my $data = $param->{object_loop} \|\| [];
562
563	#TODO: handle group_view
564	if ( $param->{user_view}
565	&& ( 'PSEUDO' ne $param->{edit_author_id} ) )
566	{
567
568	# don't merge
569	}
570	elsif ( $param->{role_view} ) {
571	_merge_default_assignments( $app, $data, $hasher, 'role',
572	$param->{role_id} );
573	}
574	elsif ( $param->{blog_view} ) {
575	_merge_default_assignments( $app, $data, $hasher, 'blog',
576	$param->{blog_id} );
577	}
578	else {
579	_merge_default_assignments( $app, $data, $hasher, 'all' );
580	}
581	};
582
583	return $app->listing(
584	{
585	args => { sort => 'created_on', direction => 'descend' },
586	type => 'association',
587	code => $hasher,
588	terms => {
589	type => $types,
590	$author_id ? ( author_id => $author_id ) : (),
591	$blog_id ? ( blog_id => $blog_id ) : (),
592	$role_id ? ( role_id => $role_id ) : (),
593	},
594	pre_build => $pre_build,
595	params => {
596	can_create_association => $app->user->is_superuser \|\| ( $blog_id
597	&& $app->user->permissions($blog_id)->can_administer_blog ),
598	has_expanded_mode => 1,
599	nav_privileges =>
600	( $author_id \|\| $blog_id ? 0 : 1 ) \|\| $role_id,
601	nav_authors => ( $author_id \|\| $blog_id ? 1 : 0 )
602	&& !$role_id,
603	blog_view => $blog_id ? 1 : 0,
604	user_view => $author_id ? 1 : 0,
605	role_view => $role_id ? 1 : 0,
606	$role_id
607	? (
608	role_id => $role_id,
609	role_name => $role->name,
610	)
611	: (),
612	$author_id
613	? (
614	edit_author_id => $author_id,
615	edit_name => $user
616	? ( $user->nickname ? $user->nickname : $user->name )
617	: $app->translate('(newly created user)'),
618	edit_object => $app->translate('The user'),
619	group_count => $user ? $user->group_count() : 0,
620	status_enabled => $user ? ( $user->is_active ? 1 : 0 ) : 0,
621	status_pending => $user
622	? ( $user->status == MT::Author::PENDING() ? 1 : 0 )
623	: 0,
624	)
625	: (),
626	saved => $app->param('saved') \|\| 0,
627	saved_deleted => $app->param('saved_deleted') \|\| 0,
628	usergroup_view => !$author_id && !$role_id,
629	blog_id => $blog_id,
630	search_label => $app->translate('Users'),
631	object_type => 'association',
632	pt_name => $app->translate('User'),
633	screen_id => "list-associations",
634	},
635	}
636	);
637	}
638
639	sub list_role {
640	my $app = shift;
641
642	$app->return_to_dashboard( redirect => 1 ) if $app->param('blog_id');
643
644	my $pref = $app->list_pref('role');
645
646	my $author_class = $app->model('author');
647	my $assoc_class = $app->model('association');
648	my $hasher = sub {
649	my ( $obj, $row ) = @_;
650	my $user_count = $assoc_class->count(
651	{
652	role_id => $obj->id,
653	author_id => [ 1, undef ],
654	},
655	{
656	unique => 'author_id',
657	range_incl => { author_id => 1 },
658	}
659	);
660	$row->{members} = $user_count;
661	$row->{weblogs} = $assoc_class->count(
662	{
663	role_id => $obj->id,
664	blog_id => [ 1, undef ],
665	},
666	{
667	unique => 'blog_id',
668	range_incl => { blog_id => 1 },
669	}
670	);
671	if ( $obj->created_by ) {
672	my $user = $author_class->load( $obj->created_by );
673	$row->{created_by} = $user ? $user->name : '';
674	}
675	else {
676	$row->{created_by} = '';
677	}
678
679	# populate permissions for the expanded view
680	if ( $pref->{view_expanded} ) {
681	my @perms;
682	my @all_perms = @{ MT::Permission->perms() };
683	foreach (@all_perms) {
684	next unless length( $_->[1] \|\| '' );
685	push @perms, { name => $_->[1] }
686	if $obj->has( $_->[0] );
687	}
688	$row->{perm_loop} = \@perms;
689	}
690	};
691	unless ( $app->user->is_superuser() ) {
692	return $app->errtrans("Permission denied.");
693	}
694	$app->add_breadcrumb( $app->translate("Roles") );
695	$app->listing(
696	{
697	args => { sort => 'name' },
698	type => 'role',
699	code => $hasher,
700	params => {
701	nav_privileges => 1,
702	list_noncron => 1,
703	can_create_role => $app->user->is_superuser,
704	has_expanded_mode => 1,
705	search_label => $app->translate('Users'),
706	object_type => 'role',
707	screen_id => 'list-role',
708	},
709	}
710	);
711	}
712
713	sub save_role {
714	my $app = shift;
715	my $q = $app->param;
716	$app->validate_magic() or return;
717	$app->user->is_superuser or return $app->errtrans("Invalid request.");
718
719	my $id = $q->param('id');
720	my @perms = $q->param('permission');
721	my $role;
722	require MT::Role;
723	$role = $id ? MT::Role->load($id) : MT::Role->new;
724	my $name = $q->param('name') \|\| '';
725	$name =~ s/(^\s+\|\s+$)//g;
726	return $app->errtrans("Role name cannot be blank.")
727	if $name eq '';
728
729	my $role_by_name = MT::Role->load( { name => $name } );
730	if ( $role_by_name && ( ( $id && ( $role->id != $id ) ) \|\| !$id ) ) {
731	return $app->errtrans("Another role already exists by that name.");
732	}
733	if ( !@perms ) {
734	return $app->errtrans("You cannot define a role without permissions.");
735	}
736
737	$role->name( $q->param('name') );
738	$role->description( $q->param('description') );
739	$role->clear_full_permissions;
740	$role->set_these_permissions(@perms);
741	if ( $role->id ) {
742	$role->modified_by( $app->user->id );
743	}
744	else {
745	$role->created_by( $app->user->id );
746	}
747	$role->save or return $app->error( $role->errstr );
748
749	my $url;
750	$url = $app->uri(
751	'mode' => 'edit_role',
752	args => { id => $role->id, saved => 1 }
753	);
754	$app->redirect($url);
755	}
756
757	sub enable_object {
758	my $app = shift;
759	set_object_status( $app, MT::Author::ACTIVE() );
760	}
761
762	sub disable_object {
763	my $app = shift;
764	set_object_status( $app, MT::Author::INACTIVE() );
765	}
766
767	sub set_object_status {
768	my ($app, $new_status) = @_;
769
770	$app->validate_magic() or return;
771	return $app->error( $app->translate('Permission denied.') )
772	unless $app->user->is_superuser;
773	return $app->error( $app->translate("Invalid request.") )
774	if $app->request_method ne 'POST';
775
776	my $q = $app->param;
777	my $type = $q->param('_type');
778	return $app->error( $app->translate('Invalid type') )
779	unless ( $type eq 'user' )
780	\|\| ( $type eq 'author' )
781	\|\| ( $type eq 'group' );
782
783	my $class = $app->model($type);
784
785	my @sync;
786	my $saved = 0;
787	for my $id ( $q->param('id') ) {
788	next unless $id; # avoid 'empty' ids
789	my $obj = $class->load($id);
790	next unless $obj;
791	if ( ( $obj->id == $app->user->id ) && ( $type eq 'author' ) ) {
792	next;
793	}
794	next if $new_status == $obj->status;
795	$obj->status($new_status);
796	$obj->save;
797	$saved++;
798	if ( $type eq 'author' ) {
799	if ( $new_status == MT::Author::ACTIVE() ) {
800	push @sync, $obj;
801	}
802	}
803	}
804	my $unchanged = 0;
805	if (@sync) {
806	MT::Auth->synchronize_author( User => \@sync );
807	foreach (@sync) {
808	if ( $_->status != MT::Author::ACTIVE() ) {
809	$unchanged++;
810	}
811	}
812	}
813	if ( $saved && ( $saved > $unchanged ) ) {
814	$app->add_return_arg(
815	saved_status => ( $new_status == MT::Author::ACTIVE() )
816	? 'enabled'
817	: 'disabled'
818	);
819	}
820	$app->add_return_arg( is_power_edit => 1 )
821	if $q->param('is_power_edit');
822	$app->add_return_arg( unchanged => $unchanged )
823	if $unchanged;
824	$app->call_return;
825	}
826
827	sub upload_userpic {
828	my $app = shift;
829
830	my ($asset, $bytes) = $app->_upload_file(
831	@_,
832	require_type => 'image',
833	);
834	return if !defined $asset;
835	return $asset if !defined $bytes; # whatever it is
836
837	## TODO: should this be layered into _upload_file somehow, so we don't
838	## save the asset twice?
839	my $user_id = $app->param('user_id');
840
841	$asset->tags('@userpic');
842	$asset->created_by($user_id);
843	$asset->save;
844
845	$app->forward( 'asset_userpic', { asset => $asset, user_id => $user_id } );
846	}
847
848	sub cfg_system_users {
849	my $app = shift;
850	my %param;
851	if ( $app->param('blog_id') ) {
852	return $app->return_to_dashboard( redirect => 1 );
853	}
854
855	return $app->errtrans("Permission denied.")
856	unless $app->user->is_superuser();
857	my $cfg = $app->config;
858	$app->add_breadcrumb( $app->translate('General Settings') );
859	$param{nav_config} = 1;
860
861	$param{nav_settings} = 1;
862	$param{languages} =
863	$app->languages_list( $app->config('DefaultUserLanguage') );
864	my $tag_delim = $app->config('DefaultUserTagDelimiter') \|\| ord(',');
865	if ( $tag_delim eq ord(',') ) {
866	$tag_delim = 'comma';
867	}
868	elsif ( $tag_delim eq ord(' ') ) {
869	$tag_delim = 'space';
870	}
871	else {
872	$tag_delim = 'comma';
873	}
874	$param{"tag_delim_$tag_delim"} = 1;
875
876	( my $tz = $app->config('DefaultTimezone') ) =~ s![-\.]!_!g;
877	$tz =~ s!_00$!!;
878	$param{ 'server_offset_' . $tz } = 1;
879
880	$param{default_site_root} = $app->config('DefaultSiteRoot');
881	$param{default_site_url} = $app->config('DefaultSiteURL');
882	$param{personal_weblog_readonly} =
883	$app->config->is_readonly('NewUserAutoProvisioning');
884	$param{personal_weblog} = $app->config->NewUserAutoProvisioning ? 1 : 0;
885	if ( my $id = $param{new_user_template_blog_id} =
886	$app->config('NewUserTemplateBlogId') \|\| '' )
887	{
888	my $blog = MT::Blog->load($id);
889	if ($blog) {
890	$param{new_user_template_blog_name} = $blog->name;
891	}
892	else {
893	$app->config( 'NewUserTemplateBlogId', undef, 1 );
894	$cfg->save_config();
895	delete $param{new_user_template_blog_id};
896	}
897	}
898	$param{system_email_address} = $cfg->EmailAddressMain;
899	$param{saved} = $app->param('saved');
900	$param{error} = $app->param('error');
901	$param{screen_class} = "settings-screen system-general-settings";
902	my $registration = $cfg->CommenterRegistration;
903	if ( $registration->{Allow} ) {
904	$param{registration} = 1;
905	if ( my $ids = $registration->{Notify} ) {
906	my @ids = split ',', $ids;
907	my @sysadmins = MT::Author->load(
908	{
909	id => \@ids,
910	type => MT::Author::AUTHOR()
911	},
912	{
913	join => MT::Permission->join_on(
914	'author_id',
915	{
916	permissions => "\%'administer'\%",
917	blog_id => '0',
918	},
919	{ 'like' => { 'permissions' => 1 } }
920	)
921	}
922	);
923	my @names;
924	foreach my $a (@sysadmins) {
925	push @names, $a->name . '(' . $a->id . ')';
926	}
927	$param{notify_user_id} = $ids;
928	$param{notify_user_name} = join ',', @names;
929	}
930	}
931	$app->load_tmpl( 'cfg_system_users.tmpl', \%param );
932	}
933
934	sub save_cfg_system_users {
935	my $app = shift;
936	$app->validate_magic or return;
937	return $app->errtrans("Permission denied.")
938	unless $app->user->is_superuser();
939
940	my $tmpl_blog_id = $app->param('new_user_template_blog_id') \|\| '';
941	if ( $tmpl_blog_id =~ m/^\d+$/ ) {
942	MT::Blog->load($tmpl_blog_id)
943	or return $app->error(
944	$app->translate(
945	"Invalid ID given for personal blog clone source ID.")
946	);
947	}
948	else {
949	if ( $tmpl_blog_id ne '' ) {
950	return $app->error(
951	$app->translate(
952	"Invalid ID given for personal blog clone source ID.")
953	);
954	}
955	}
956
957	my $cfg = $app->config;
958	my $tz = $app->param('default_time_zone');
959	$app->config( 'DefaultTimezone', $tz \|\| undef, 1 );
960	$app->config( 'DefaultSiteRoot', $app->param('default_site_root') \|\| undef,
961	1 );
962	$app->config( 'DefaultSiteURL', $app->param('default_site_url') \|\| undef,
963	1 );
964	$app->config( 'NewUserAutoProvisioning',
965	$app->param('personal_weblog') ? 1 : 0, 1 );
966	$app->config( 'NewUserTemplateBlogId', $tmpl_blog_id \|\| undef, 1 );
967	$app->config( 'DefaultUserLanguage', $app->param('default_language'), 1 );
968	$app->config( 'DefaultUserTagDelimiter',
969	$app->param('default_user_tag_delimiter') \|\| undef, 1 );
970	my $registration = $cfg->CommenterRegistration;
971	if ( my $reg = $app->param('registration') ) {
972	$registration->{Allow} = $reg ? 1 : 0;
973	$registration->{Notify} = $app->param('notify_user_id');
974	$cfg->CommenterRegistration( $registration, 1 );
975	}
976	elsif ( $registration->{Allow} ) {
977	$registration->{Allow} = 0;
978	$cfg->CommenterRegistration( $registration, 1 );
979	}
980	$cfg->save_config();
981
982	my $args = ();
983
984	if ( $app->config->NewUserAutoProvisioning() ne
985	( $app->param('personal_weblog') ? 1 : 0 ) )
986	{
987	$args->{error} =
988	$app->translate(
989	'If personal blog is set, the default site URL and root are required.'
990	);
991	}
992	else {
993	$args->{saved} = 1;
994	}
995
996	$app->redirect(
997	$app->uri(
998	'mode' => 'cfg_system_users',
999	args => $args
1000	)
1001	);
1002	}
1003
1004	sub remove_user_assoc {
1005	my $app = shift;
1006	$app->validate_magic or return;
1007
1008	my $user = $app->user;
1009	my $perms = $app->permissions;
1010	return $app->errtrans("Permission denied.")
1011	unless $perms->can_administer_blog;
1012
1013	my $blog_id = $app->param('blog_id');
1014	my @ids = $app->param('id');
1015	return $app->errtrans("Invalid request.")
1016	unless $blog_id && @ids;
1017
1018	require MT::Association;
1019	require MT::Permission;
1020	foreach my $id (@ids) {
1021	next unless $id;
1022	MT::Association->remove({ blog_id => $blog_id, author_id => $id });
1023	# these too, just in case there are no real associations
1024	# (ie, commenters)
1025	MT::Permission->remove({ blog_id => $blog_id, author_id => $id });
1026	}
1027
1028	$app->add_return_arg( saved => 1 );
1029	$app->call_return;
1030	}
1031
1032	sub revoke_role {
1033	my $app = shift;
1034	$app->validate_magic or return;
1035
1036	my $user = $app->user;
1037	my $perms = $app->permissions;
1038	return $app->errtrans("Permission denied.")
1039	unless $perms->can_administer_blog;
1040
1041	my $blog_id = $app->param('blog_id');
1042	my $role_id = $app->param('role_id');
1043	my $user_id = $app->param('author_id');
1044	return $app->errtrans("Invalid request.")
1045	unless $blog_id && $role_id && $user_id;
1046
1047	require MT::Association;
1048	require MT::Role;
1049	require MT::Blog;
1050
1051	my $author = MT::Author->load( $user_id );
1052	my $role = MT::Role->load( $role_id );
1053	my $blog = MT::Blog->load( $blog_id );
1054	return $app->errtrans("Invalid request.")
1055	unless $blog && $role && $author;
1056
1057	MT::Association->unlink( $blog => $role => $author );
1058
1059	$app->add_return_arg( saved => 1 );
1060	$app->call_return;
1061	}
1062
1063	sub grant_role {
1064	my $app = shift;
1065
1066	my $user = $app->user;
1067
1068	my $blogs = $app->param('blog') \|\| '';
1069	my $authors = $app->param('author') \|\| '';
1070	my $roles = $app->param('role') \|\| '';
1071	my $author_id = $app->param('author_id');
1072	my $blog_id = $app->param('blog_id');
1073	my $role_id = $app->param('role_id');
1074
1075	my @blogs = split /,/, $blogs;
1076	my @authors = split /,/, $authors;
1077	my @roles = split /,/, $roles;
1078
1079	require MT::Blog;
1080	require MT::Role;
1081
1082	foreach (@blogs) {
1083	my $id = $_;
1084	$id =~ s/\D//g;
1085	$_ = MT::Blog->load($id);
1086	}
1087	foreach (@roles) {
1088	my $id = $_;
1089	$id =~ s/\D//g;
1090	$_ = MT::Role->load($id);
1091	}
1092	my $add_pseudo_new_user = 0;
1093	foreach (@authors) {
1094	my $id = $_;
1095	if ( 'author-PSEUDO' eq $id ) {
1096	$add_pseudo_new_user = 1;
1097	next;
1098	}
1099	$id =~ s/\D//g;
1100	$_ = MT::Author->load($id);
1101	}
1102	$app->error(undef);
1103
1104	if ($author_id) {
1105	if ( $author_id eq 'PSEUDO' ) {
1106	$add_pseudo_new_user = 1;
1107	}
1108	else {
1109	push @authors, MT::Author->load($author_id);
1110	}
1111	}
1112	push @blogs, MT::Blog->load($blog_id) if $blog_id;
1113	push @roles, MT::Role->load($role_id) if $role_id;
1114
1115	if ( !$user->is_superuser ) {
1116	if ( ( scalar @blogs != 1 )
1117	\|\| ( !$user->permissions( $blogs[0] )->can_administer_blog ) )
1118	{
1119	return $app->errtrans("Permission denied.");
1120	}
1121	}
1122
1123	require MT::Association;
1124
1125	my @default_assignments;
1126
1127	# TBD: handle case for associating system roles to users/groups
1128	foreach my $blog (@blogs) {
1129	next unless ref $blog;
1130	foreach my $role (@roles) {
1131	next unless ref $role;
1132	if ($add_pseudo_new_user) {
1133	push @default_assignments, $role->id . ',' . $blog->id;
1134	}
1135	foreach my $ug ( @authors ) {
1136	next unless ref $ug;
1137	MT::Association->link( $ug => $role => $blog );
1138	}
1139	}
1140	}
1141
1142	if ( $add_pseudo_new_user && @default_assignments ) {
1143	my $da = $app->config('DefaultAssignments');
1144	$da .= ',' if $da;
1145	$app->config( 'DefaultAssignments',
1146	$da . join( ',', @default_assignments ), 1 );
1147	$app->config->save_config;
1148	}
1149
1150	$app->add_return_arg( saved => 1 );
1151	$app->call_return;
1152	}
1153
1154	sub dialog_select_author {
1155	my $app = shift;
1156
1157	my $hasher = sub {
1158	my ( $obj, $row ) = @_;
1159	$row->{label} = $row->{name};
1160	$row->{description} = $row->{nickname};
1161	};
1162
1163	$app->listing(
1164	{
1165	type => 'author',
1166	terms => {
1167	type => MT::Author::AUTHOR(),
1168	status => MT::Author::ACTIVE(),
1169	},
1170	args => {
1171	sort => 'name',
1172	join => MT::Permission->join_on(
1173	'author_id',
1174	{
1175	permissions => "\%'create_post'\%",
1176	blog_id => $app->blog->id,
1177	},
1178	{ 'like' => { 'permissions' => 1 } }
1179	),
1180	},
1181	code => $hasher,
1182	template => 'dialog/select_users.tmpl',
1183	params => {
1184	dialog_title =>
1185	$app->translate("Select a entry author"),
1186	items_prompt =>
1187	$app->translate("Selected author"),
1188	search_prompt => $app->translate(
1189	"Type a username to filter the choices below."),
1190	panel_label => $app->translate("Entry author"),
1191	panel_description => $app->translate("Name"),
1192	panel_type => 'author',
1193	panel_multi => defined $app->param('multi')
1194	? $app->param('multi')
1195	: 0,
1196	panel_searchable => 1,
1197	panel_first => 1,
1198	panel_last => 1,
1199	list_noncron => 1,
1200	idfield => $app->param('idfield'),
1201	namefield => $app->param('namefield'),
1202	},
1203	}
1204	);
1205	}
1206
1207	sub dialog_select_sysadmin {
1208	my $app = shift;
1209	return $app->errtrans("Permission denied.")
1210	unless $app->user->is_superuser;
1211
1212	my $hasher = sub {
1213	my ( $obj, $row ) = @_;
1214	$row->{label} = $row->{name};
1215	$row->{description} = $row->{nickname};
1216	};
1217
1218	$app->listing(
1219	{
1220	type => 'author',
1221	terms => {
1222	type => MT::Author::AUTHOR(),
1223	status => MT::Author::ACTIVE(),
1224	},
1225	args => {
1226	sort => 'name',
1227	join => MT::Permission->join_on(
1228	'author_id',
1229	{
1230	permissions => "\%'administer'\%",
1231	blog_id => '0',
1232	},
1233	{ 'like' => { 'permissions' => 1 } }
1234	),
1235	},
1236	code => $hasher,
1237	template => 'dialog/select_users.tmpl',
1238	params => {
1239	dialog_title =>
1240	$app->translate("Select a System Administrator"),
1241	items_prompt =>
1242	$app->translate("Selected System Administrator"),
1243	search_prompt => $app->translate(
1244	"Type a username to filter the choices below."),
1245	panel_label => $app->translate("System Administrator"),
1246	panel_description => $app->translate("Name"),
1247	panel_type => 'author',
1248	panel_multi => defined $app->param('multi')
1249	? $app->param('multi')
1250	: 0,
1251	panel_searchable => 1,
1252	panel_first => 1,
1253	panel_last => 1,
1254	list_noncron => 1,
1255	idfield => $app->param('idfield'),
1256	namefield => $app->param('namefield'),
1257	},
1258	}
1259	);
1260	}
1261
1262	# This mode can be called to service a number of views
1263	# Adding roles->blogs for a user
1264	# Adding roles->blogs for a group
1265	# Adding users->roles->blogs
1266	# Adding groups->roles->blogs
1267	sub dialog_grant_role {
1268	my $app = shift;
1269
1270	my $author_id = $app->param('author_id');
1271	my $blog_id = $app->param('blog_id');
1272	my $role_id = $app->param('role_id');
1273
1274	my $this_user = $app->user;
1275	if ( !$this_user->is_superuser ) {
1276	if ( !$blog_id
1277	\|\| !$this_user->permissions($blog_id)->can_administer_blog )
1278	{
1279	return $app->errtrans("Permission denied.");
1280	}
1281	}
1282
1283	my $type = $app->param('_type');
1284	my ( $user, $role );
1285	if ($author_id) {
1286	$user = MT::Author->load($author_id);
1287	}
1288	if ($role_id) {
1289	require MT::Role;
1290	$role = MT::Role->load($role_id);
1291	}
1292
1293	my $hasher = sub {
1294	my ( $obj, $row ) = @_;
1295	$row->{label} = $row->{name};
1296	$row->{description} = $row->{nickname} if exists $row->{nickname};
1297	};
1298
1299	# Only show active users who are not commenters.
1300	my $terms = {};
1301	if ( $type && ( $type eq 'author' ) ) {
1302	$terms->{status} = MT::Author::ACTIVE();
1303	$terms->{type} = MT::Author::AUTHOR();
1304	}
1305
1306	my $pseudo_user_row = {
1307	id => 'PSEUDO',
1308	label => $app->translate('(newly created user)'),
1309	description =>
1310	$app->translate('represents a user who will be created afterwards'),
1311	};
1312
1313	if ( $app->param('search') \|\| $app->param('json') ) {
1314	my $params = {
1315	panel_type => $type,
1316	list_noncron => 1,
1317	panel_multi => 1,
1318	};
1319	$app->listing(
1320	{
1321	terms => $terms,
1322	type => $type,
1323	code => $hasher,
1324	params => $params,
1325	template => 'include/listing_panel.tmpl',
1326	$app->param('search') ? () : (
1327	pre_build => sub {
1328	my ($param) = @_;
1329	if ( $type && $type eq 'author' ) {
1330	if ( !$app->param('offset') ) {
1331	my $objs = $param->{object_loop} \|\|= [];
1332	unshift @$objs, $pseudo_user_row;
1333	}
1334	}
1335	}
1336	),
1337	}
1338	);
1339	}
1340	else {
1341
1342	# traditional, full-screen listing
1343	my $params = {
1344	($author_id \|\| 0) eq 'PSEUDO'
1345	? (
1346	edit_author_name => $app->translate('(newly created user)'),
1347	edit_author_id => 'PSEUDO'
1348	)
1349	: $author_id
1350	? (
1351	edit_author_name => $user->nickname
1352	? $user->nickname
1353	: $user->name,
1354	edit_author_id => $user->id,
1355	)
1356	: (),
1357	$role_id
1358	? (
1359	role_name => $role->name,
1360	role_id => $role->id,
1361	)
1362	: (),
1363	};
1364
1365	my @panels;
1366	if ( !$role_id ) {
1367	push @panels, 'role';
1368	}
1369	if ( !$blog_id ) {
1370	my @blogs;
1371	my $iter = MT::Blog->load_iter();
1372	while ( my $blog = $iter->() ) {
1373	push @blogs, $blog->id;
1374	}
1375
1376	# if only one blog exists, skip the blog selection step.
1377	if ( @blogs == 1 ) {
1378	$blog_id = $blogs[0];
1379	}
1380	else {
1381	push @panels, 'blog';
1382	}
1383	}
1384	if ( !$author_id ) {
1385	if ( $type eq 'user' ) {
1386	unshift @panels, 'author';
1387	}
1388	}
1389
1390	my $panel_info = {
1391	'blog' => {
1392	panel_title => $app->translate("Select Blogs"),
1393	panel_label => $app->translate("Blog Name"),
1394	items_prompt => $app->translate("Blogs Selected"),
1395	search_label => $app->translate("Search Blogs"),
1396	panel_description => $app->translate("Description"),
1397	},
1398	'author' => {
1399	panel_title => $app->translate("Select Users"),
1400	panel_label => $app->translate("Username"),
1401	items_prompt => $app->translate("Users Selected"),
1402	search_label => $app->translate("Search Users"),
1403	panel_description => $app->translate("Name"),
1404	},
1405	'role' => {
1406	panel_title => $app->translate("Select Roles"),
1407	panel_label => $app->translate("Role Name"),
1408	items_prompt => $app->translate("Roles Selected"),
1409	search_label => $app->translate(""),
1410	panel_description => $app->translate("Description"),
1411	},
1412	};
1413
1414	$params->{blog_id} = $blog_id;
1415	$params->{dialog_title} = $app->translate("Grant Permissions");
1416	$params->{panel_loop} = [];
1417	$params->{panel_multi} = 1;
1418
1419	for ( my $i = 0 ; $i <= $#panels ; $i++ ) {
1420	my $source = $panels[$i];
1421	my $panel_params = {
1422	panel_type => $source,
1423	%{ $panel_info->{$source} },
1424	list_noncron => 1,
1425	panel_last => $i == $#panels,
1426	panel_first => $i == 0,
1427	panel_number => $i + 1,
1428	panel_total => $#panels + 1,
1429	panel_has_steps => ( $#panels == '0' ? 0 : 1 ),
1430	panel_searchable => ( $source eq 'role' ? 0 : 1 ),
1431	};
1432
1433	# Only show active user/groups.
1434	my $terms = {};
1435	if ( $source eq 'author' ) {
1436	$terms->{status} = MT::Author::ACTIVE();
1437	$terms->{type} = MT::Author::AUTHOR();
1438	}
1439
1440	$app->listing(
1441	{
1442	no_html => 1,
1443	code => $hasher,
1444	type => $source,
1445	params => $panel_params,
1446	terms => $terms,
1447	args => { sort => 'name' },
1448	}
1449	);
1450	if ( $source && ( $source eq 'author' ) ) {
1451	if ( !$app->param('offset') ) {
1452	my $data = $panel_params->{object_loop} \|\|= [];
1453	unshift @$data, $pseudo_user_row;
1454	}
1455	}
1456	if (
1457	!$panel_params->{object_loop}
1458	\|\| ( $panel_params->{object_loop}
1459	&& @{ $panel_params->{object_loop} } < 1 )
1460	)
1461	{
1462	$params->{"missing_$source"} = 1;
1463	$params->{"missing_data"} = 1;
1464	}
1465	push @{ $params->{panel_loop} }, $panel_params;
1466	}
1467
1468	# save the arguments from whence we came...
1469	$params->{return_args} = $app->return_args;
1470	$app->load_tmpl( 'dialog/create_association.tmpl', $params );
1471	}
1472	}
1473
1474	sub remove_userpic {
1475	my $app = shift;
1476	$app->validate_magic() or return;
1477	my $q = $app->param;
1478	my $user_id = $q->param('user_id');
1479	my $user = $app->model('author')->load( { id => $user_id } )
1480	or return;
1481	if ($user->userpic_asset_id) {
1482	my $old_file = $user->userpic_file();
1483	my $fmgr = MT::FileMgr->new('Local');
1484	if ($fmgr->exists($old_file)) {
1485	$fmgr->delete($old_file);
1486	}
1487	$user->userpic_asset_id(0);
1488	$user->save;
1489	}
1490	return 'success';
1491	}
1492
1493	sub can_delete_association {
1494	my ( $eh, $app, $obj ) = @_;
1495
1496	my $blog_id = $app->param('blog_id');
1497	my $user = $app->user;
1498	if ( !$user->is_superuser ) {
1499	if ( !$blog_id \|\| !$user->permissions($blog_id)->can_administer_blog ) {
1500	return $eh->error( MT->translate("Permission denied.") );
1501	}
1502	if ( $obj->author_id == $user->id ) {
1503	return $eh->error(
1504	MT->translate("You cannot delete your own association.") );
1505	}
1506	}
1507	1;
1508	}
1509
1510	sub can_view {
1511	my ( $eh, $app, $id ) = @_;
1512	return $id && ( $app->user->id == $id );
1513	}
1514
1515	sub can_save {
1516	my ( $eh, $app, $id ) = @_;
1517	my $author = $app->user;
1518	if ( !$id ) {
1519	return $author->is_superuser;
1520	}
1521	else {
1522	return $author->id == $id;
1523	}
1524	}
1525
1526	sub can_delete {
1527	my ( $eh, $app, $obj ) = @_;
1528	my $author = $app->user;
1529	if ( $author->id == $obj->id ) {
1530	return $eh->error(
1531	MT->translate("You cannot delete your own user record.") );
1532	}
1533	return 1 if $author->is_superuser();
1534	if ( !( $obj->created_by && $obj->created_by == $author->id ) ) {
1535	return $eh->error(
1536	MT->translate(
1537	"You have no permission to delete the user [_1].", $obj->name
1538	)
1539	);
1540	}
1541	}
1542
1543	sub save_filter {
1544	my ( $eh, $app ) = @_;
1545
1546	my $status = $app->param('status');
1547	return 1 if $status and $status == MT::Author::INACTIVE();
1548
1549	require MT::Auth;
1550	my $auth_mode = $app->config('AuthenticationModule');
1551	my ($pref) = split /\s+/, $auth_mode;
1552
1553	my $name = $app->param('name');
1554	my $nickname = $app->param('nickname');
1555	if ( $pref eq 'MT' ) {
1556	if ( defined $name ) {
1557	$name =~ s/(^\s+\|\s+$)//g;
1558	$app->param( 'name', $name );
1559	}
1560	return $eh->error( $app->translate("User requires username") )
1561	if ( !$name );
1562
1563	if ( defined $nickname ) {
1564	$nickname =~ s/(^\s+\|\s+$)//g;
1565	$app->param( 'nickname', $nickname );
1566	}
1567	return $eh->error( $app->translate("User requires display name") )
1568	if ( !$nickname );
1569	}
1570
1571	require MT::Author;
1572	my $existing = MT::Author->load(
1573	{
1574	name => $name,
1575	type => MT::Author::AUTHOR()
1576	}
1577	);
1578	my $id = $app->param('id');
1579	if ( $existing && ( ( $id && $existing->id ne $id ) \|\| !$id ) ) {
1580	return $eh->error(
1581	$app->translate("A user with the same name already exists.") );
1582	}
1583
1584	return 1 if ( $pref ne 'MT' );
1585	if ( !$app->param('id') ) { # it's a new object
1586	return $eh->error( $app->translate("User requires password") )
1587	if ( !$app->param('pass') );
1588	return $eh->error(
1589	$app->translate("User requires password recovery word/phrase") )
1590	if ( !$app->param('hint') );
1591	}
1592	return $eh->error(
1593	MT->translate("Email Address is required for password recovery") )
1594	unless $app->param('email');
1595	if ( $app->param('url') ) {
1596	my $url = $app->param('url');
1597	return $eh->error( MT->translate("Website URL is imperfect") )
1598	unless is_url($url);
1599	}
1600	1;
1601	}
1602
1603	sub pre_save {
1604	my $eh = shift;
1605	my ( $app, $obj, $original ) = @_;
1606
1607	# Authors should only be of type AUTHOR when created from
1608	# the CMS app; COMMENTERs are created from the Comments app.
1609	$obj->type( MT::Author::AUTHOR() );
1610
1611	my $pass = $app->param('pass');
1612	if ($pass) {
1613	$obj->set_password($pass);
1614	}
1615	elsif ( !$obj->id ) {
1616	$obj->password('(none)');
1617	}
1618
1619	my ( $delim, $delim2 ) = $app->param('tag_delim');
1620	$delim = $delim ? $delim : $delim2;
1621	if ( $delim =~ m/comma/i ) {
1622	$delim = ord(',');
1623	}
1624	elsif ( $delim =~ m/space/i ) {
1625	$delim = ord(' ');
1626	}
1627	else {
1628	$delim = ord(',');
1629	}
1630	$obj->entry_prefs( 'tag_delim' => $delim );
1631
1632	unless ( $obj->id ) {
1633	$obj->created_by( $app->user->id );
1634	}
1635	1;
1636	}
1637
1638	sub post_save {
1639	my $eh = shift;
1640	my ( $app, $obj, $original ) = @_;
1641
1642	if ( !$original->id ) {
1643	$app->log(
1644	{
1645	message => $app->translate(
1646	"User '[_1]' (ID:[_2]) created by '[_3]'",
1647	$obj->name, $obj->id, $app->user->name
1648	),
1649	level => MT::Log::INFO(),
1650	class => 'author',
1651	category => 'new',
1652	}
1653	);
1654	$obj->add_default_roles;
1655
1656	my $author_id = $obj->id;
1657	if ( $app->param('create_personal_weblog') ) {
1658
1659	# provision new user with a personal blog
1660	$app->run_callbacks( 'new_user_provisioning', $obj );
1661	}
1662	}
1663	else {
1664	if ( $app->user->id == $obj->id ) {
1665	## If this is a user editing his/her profile, $id will be
1666	## some defined value; if so we should update the user's
1667	## cookie to reflect any changes made to username and password.
1668	## Otherwise, this is a new user, and we shouldn't update the
1669	## cookie.
1670	$app->user($obj);
1671	if ( ( $obj->name ne $original->name )
1672	\|\| ( $app->param('pass') ) )
1673	{
1674	$app->start_session();
1675	}
1676	}
1677	}
1678	1;
1679	}
1680
1681	sub post_delete {
1682	my ( $eh, $app, $obj ) = @_;
1683
1684	$app->log(
1685	{
1686	message => $app->translate(
1687	"User '[_1]' (ID:[_2]) deleted by '[_3]'",
1688	$obj->name, $obj->id, $app->user->name
1689	),
1690	level => MT::Log::INFO(),
1691	class => 'system',
1692	category => 'delete'
1693	}
1694	);
1695	}
1696
1697	sub _merge_default_assignments {
1698	my $app = shift;
1699	my ( $data, $hasher, $type, $id ) = @_;
1700
1701	if ( my $def = MT->config->DefaultAssignments ) {
1702	my @def = split ',', $def;
1703	while ( my $role_id = shift @def ) {
1704	my $blog_id = shift @def;
1705	next unless $role_id && $blog_id;
1706	next if ( $type eq 'role' ) && ( $id != $role_id );
1707	next if ( $type eq 'blog' ) && ( $id != $blog_id );
1708	my $obj = MT::Association->new;
1709	$obj->role_id($role_id);
1710	$obj->blog_id($blog_id);
1711	$obj->id( 'PSEUDO-' . $role_id . '-' . $blog_id );
1712	my $row = $obj->column_values();
1713	$hasher->( $obj, $row ) if $hasher;
1714	$row->{user_id} = 'PSEUDO';
1715	$row->{user_name} = MT->translate('(newly created user)');
1716	push @$data, $row;
1717	}
1718	}
1719	}
1720
1721	sub build_author_table {
1722	my $app = shift;
1723	my (%args) = @_;
1724
1725	my $i = 1;
1726	my @author;
1727	my $iter;
1728	if ( $args{load_args} ) {
1729	my $class = $app->model('author');
1730	$iter = $class->load_iter( @{ $args{load_args} } );
1731	}
1732	elsif ( $args{iter} ) {
1733	$iter = $args{iter};
1734	}
1735	elsif ( $args{items} ) {
1736	$iter = sub { pop @{ $args{items} } };
1737	}
1738	return [] unless $iter;
1739	my $blog_id = $app->param('blog_id');
1740	my $param = $args{param};
1741	$param->{has_edit_access} = $app->user->is_superuser();
1742	$param->{is_administrator} = $app->user->is_superuser();
1743	my ( %blogs, %entry_count_refs );
1744	while ( my $author = $iter->() ) {
1745	my $row = {
1746	name => $author->name,
1747	nickname => $author->nickname,
1748	email => $author->email,
1749	url => $author->url,
1750	status_enabled => $author->is_active,
1751	status_pending => ( $author->status == MT::Author::PENDING() )
1752	? 1
1753	: 0,
1754	id => $author->id,
1755	entry_count => 0,
1756	is_me => ( $app->user->id == $author->id ? 1 : 0 )
1757	};
1758	$entry_count_refs{ $author->id } = \$row->{entry_count};
1759	if ( $author->created_by ) {
1760	if ( my $parent_author =
1761	$app->model('author')->load( $author->created_by ) )
1762	{
1763	$row->{created_by} = $parent_author->name;
1764	}
1765	else {
1766	$row->{created_by} = $app->translate('(user deleted)');
1767	}
1768	}
1769	$row->{object} = $author;
1770	$row->{usertype_author} = 1 if $author->type == MT::Author::AUTHOR();
1771	if ( $author->type == MT::Author::COMMENTER() ) {
1772	$row->{usertype_commenter} = 1;
1773	$row->{status_trusted} = 1 if $blog_id && $author->is_trusted($blog_id);
1774	if ($row->{name} =~ m/^[a-f0-9]{32}$/) {
1775	$row->{name} = $row->{nickname} \|\| $row->{url};
1776	}
1777	}
1778	$row->{auth_icon_url} = $author->auth_icon_url;
1779	push @author, $row;
1780	}
1781	return [] unless @author;
1782	my $type = $app->param('entry_type') \|\| 'entry';
1783	my $entry_class = $app->model($type);
1784	my $author_entry_count_iter =
1785	$entry_class->count_group_by( { author_id => [ keys %entry_count_refs ] },
1786	{ group => ['author_id'] } );
1787	while ( my ( $count, $author_id ) = $author_entry_count_iter->() ) {
1788	${ $entry_count_refs{$author_id} } = $count;
1789	}
1790	$param->{author_table}[0]{object_loop} = \@author;
1791
1792	$app->load_list_actions( 'author', $param->{author_table}[0] );
1793	$param->{page_actions} = $param->{author_table}[0]{page_actions} =
1794	$app->page_actions('list_authors');
1795	$param->{object_loop} = $param->{author_table}[0]{object_loop};
1796
1797	\@author;
1798	}
1799
1800	sub _delete_pseudo_association {
1801	my $app = shift;
1802	my ($pid, $bid) = @_;
1803	my $rid;
1804	if ($pid) {
1805	( my $pseudo, $rid, $bid ) = split '-', $pid;
1806	}
1807	my @newdef;
1808	if ( my $def = $app->config->DefaultAssignments ) {
1809	my @def = split ',', $def;
1810	while ( my $role_id = shift @def ) {
1811	my $blog_id = shift @def;
1812	next unless $role_id && $blog_id;
1813	next
1814	if ( $rid && ( $role_id == $rid ) && ( $blog_id == $bid ) )
1815	\|\| ( !defined($rid) && ( $blog_id == $bid ) );
1816	push @newdef, "$role_id,$blog_id";
1817	}
1818	}
1819	if (@newdef) {
1820	$app->config( 'DefaultAssignments', join( ',', @newdef ), 1 );
1821	}
1822	else {
1823	$app->config( 'DefaultAssignments', undef, 1 );
1824	}
1825	$app->config->save_config;
1826	}
1827
1828	1;

Note: See TracBrowser for help on using the browser.

Context Navigation

root/branches/release-34/lib/MT/CMS/User.pm @ 1823

Download in other formats: