More code for #857

2025-02-15 18:03:35 -06:00 · 2017-09-26 09:15:21 +02:00 · 2017-09-26 09:15:21 +02:00 · d99adb515a
commit d99adb515a
parent 91e96aa4b9
10 changed files with 137 additions and 4 deletions
--- a/app/Http/Controllers/Admin/UserController.php
+++ b/app/Http/Controllers/Admin/UserController.php
@ -48,6 +48,32 @@ class UserController extends Controller
        );
    }

+    /**
+     * @param User $user
+     *
+     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
+     */
+    public function delete(User $user)
+    {
+        $subTitle = trans('firefly.delete_user', ['email' => $user->email]);
+
+        return view('admin.users.delete', compact('user', 'subTitle'));
+    }
+
+    /**
+     * @param User                    $user
+     * @param UserRepositoryInterface $repository
+     *
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector
+     */
+    public function destroy(User $user, UserRepositoryInterface $repository)
+    {
+        $repository->destroy($user);
+        Session::flash('success', strval(trans('firefly.user_deleted')));
+
+        return redirect(route('admin.users'));
+    }
+
    /**
     * @param User $user
     *
@ -64,9 +90,10 @@ class UserController extends Controller
        $subTitle     = strval(trans('firefly.edit_user', ['email' => $user->email]));
        $subTitleIcon = 'fa-user-o';
        $codes        = [
-            ''        => strval(trans('firefly.no_block_code')),
-            'bounced' => strval(trans('firefly.block_code_bounced')),
-            'expired' => strval(trans('firefly.block_code_expired')),
+            ''              => strval(trans('firefly.no_block_code')),
+            'bounced'       => strval(trans('firefly.block_code_bounced')),
+            'expired'       => strval(trans('firefly.block_code_expired')),
+            'email_changed' => strval(trans('firefly.block_code_email_changed')),
        ];

        return view('admin.users.edit', compact('user', 'subTitle', 'subTitleIcon', 'codes'));
@ -143,6 +170,7 @@ class UserController extends Controller
        }

        $repository->changeStatus($user, $data['blocked'], $data['blocked_code']);
+        $repository->updateEmail($user, $data['email']);

        Session::flash('success', strval(trans('firefly.updated_user', ['email' => $user->email])));
        Preferences::mark();
--- a/app/Http/breadcrumbs.php
+++ b/app/Http/breadcrumbs.php
@ -138,6 +138,12 @@ Breadcrumbs::register(
    $breadcrumbs->push(trans('firefly.edit_user', ['email' => $user->email]), route('admin.users.edit', [$user->id]));
 }
 );
+Breadcrumbs::register(
+    'admin.users.delete', function (BreadCrumbGenerator $breadcrumbs, User $user) {
+    $breadcrumbs->parent('admin.users');
+    $breadcrumbs->push(trans('firefly.delete_user', ['email' => $user->email]), route('admin.users.delete', [$user->id]));
+}
+);

 Breadcrumbs::register(
    'admin.users.domains', function (BreadCrumbGenerator $breadcrumbs) {
--- a/app/Repositories/User/UserRepository.php
+++ b/app/Repositories/User/UserRepository.php
@ -53,9 +53,14 @@ class UserRepository implements UserRepositoryInterface
    }

    /**
+     * This updates the users email address and records some things so it can be confirmed or undone later.
+     * The user is blocked until the change is confirmed.
+     *
     * @param User   $user
     * @param string $newEmail
     *
+     * @see updateEmail
+     *
     * @return bool
     */
    public function changeEmail(User $user, string $newEmail): bool
@ -212,4 +217,29 @@ class UserRepository implements UserRepositoryInterface
    {
        return $user->hasRole($role);
    }
+
+    /**
+     * This updates the users email address. Same as changeEmail just without most logging. This makes sure that the undo/confirm routine can't catch this one.
+     * The user is NOT blocked.
+     *
+     * @param User   $user
+     * @param string $newEmail
+     *
+     * @see changeEmail
+     *
+     * @return bool
+     */
+    public function updateEmail(User $user, string $newEmail): bool
+    {
+        $oldEmail = $user->email;
+
+        // save old email as pref
+        Preferences::setForUser($user, 'admin_previous_email_latest', $oldEmail);
+        Preferences::setForUser($user, 'admin_previous_email_' . date('Y-m-d-H-i-s'), $oldEmail);
+
+        $user->email = $newEmail;
+        $user->save();
+
+        return true;
+    }
 }
--- a/app/Repositories/User/UserRepositoryInterface.php
+++ b/app/Repositories/User/UserRepositoryInterface.php
@ -43,9 +43,14 @@ interface UserRepositoryInterface
    public function attachRole(User $user, string $role): bool;

    /**
+     * This updates the users email address and records some things so it can be confirmed or undone later.
+     * The user is blocked until the change is confirmed.
+     *
     * @param User   $user
     * @param string $newEmail
     *
+     * @see updateEmail
+     *
     * @return bool
     */
    public function changeEmail(User $user, string $newEmail): bool;
@ -111,4 +116,17 @@ interface UserRepositoryInterface
     * @return bool
     */
    public function hasRole(User $user, string $role): bool;
+
+    /**
+     * This updates the users email address. Same as changeEmail just without most logging. This makes sure that the undo/confirm routine can't catch this one.
+     * The user is NOT blocked.
+     *
+     * @param User   $user
+     * @param string $newEmail
+     *
+     * @see changeEmail
+     *
+     * @return bool
+     */
+    public function updateEmail(User $user, string $newEmail): bool;
 }
--- a/resources/lang/en_US/firefly.php
+++ b/resources/lang/en_US/firefly.php
@ -430,6 +430,7 @@ return [
    'login_with_new_email'                       => 'You can now login with your new email address.',
    'login_with_old_email'                       => 'You can now login with your old email address again.',

+
    // attachments
    'nr_of_attachments'                          => 'One attachment|:count attachments',
    'attachments'                                => 'Attachments',
@ -902,6 +903,13 @@ return [
    'block_code_bounced'                    => 'Email message(s) bounced',
    'block_code_expired'                    => 'Demo account expired',
    'no_block_code'                         => 'No reason for block or user not blocked',
+    'block_code_email_changed'              => 'User has not yet confirmed new email address',
+    'admin_update_email'                    => 'Contrary to the profile page, the user will NOT be notified their email address has changed!',
+    'update_user'                           => 'Update user',
+    'updated_user'                          => 'User data has been changed.',
+    'delete_user'                           => 'Delete user :email',
+    'user_deleted'                          => 'The user has been deleted',
+
    // links
    'journal_link_configuration'            => 'Transaction links configuration',
    'create_new_link_type'                  => 'Create new link type',
--- a/resources/lang/en_US/form.php
+++ b/resources/lang/en_US/form.php
@ -132,6 +132,8 @@ return [
    'delete_rule'                => 'Delete rule ":title"',
    'delete_rule_group'          => 'Delete rule group ":title"',
    'delete_link_type'           => 'Delete link type ":name"',
+    'delete_user'                => 'Delete user ":email"',
+    'user_areYouSure'            => 'If you delete user ":email", everything will be gone. There is no undo, undelete or anything. If you delete yourself, you will lose access to this instance of Firefly III.',
    'attachment_areYouSure'      => 'Are you sure you want to delete the attachment named ":name"?',
    'account_areYouSure'         => 'Are you sure you want to delete the account named ":name"?',
    'bill_areYouSure'            => 'Are you sure you want to delete the bill named ":name"?',
--- a/resources/views/admin/users/delete.twig
+++ b/resources/views/admin/users/delete.twig
@ -0,0 +1,37 @@
+{% extends "./layout/default" %}
+
+{% block breadcrumbs %}
+    {{ Breadcrumbs.renderIfExists(Route.getCurrentRoute.getName, user) }}
+{% endblock %}
+
+{% block content %}
+
+    <form method="POST" action="{{ route('admin.users.destroy',user.id) }}" accept-charset="UTF-8" class="form-horizontal" id="destroy">
+        <input name="_token" type="hidden" value="{{ csrf_token() }}">
+
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12">
+                <div class="box box-danger">
+                    <div class="box-header with-border">
+                        <h3 class="box-title">{{ trans('form.delete_user', {'email': user.email}) }}</h3>
+                    </div>
+                    <div class="box-body">
+                        <p class="text-danger">
+                            {{ trans('form.permDeleteWarning') }}
+                        </p>
+
+                        <p>
+                            {{ trans('form.user_areYouSure', {'email': user.email}) }}
+                        </p>
+                    </div>
+                    <div class="box-footer">
+                        <input type="submit" onclick="return confirm('{{ trans('firefly.are_you_sure')|escape('js') }}');" name="submit" value="{{ trans('form.deletePermanently') }}" class="btn btn-danger pull-right"/>
+                        <a href="{{ URL.previous() }}" class="btn-default btn">{{ trans('form.cancel') }}</a>
+                    </div>
+
+
+                </div>
+            </div>
+        </div>
+    </form>
+{% endblock %}
--- a/resources/views/admin/users/edit.twig
+++ b/resources/views/admin/users/edit.twig
@ -17,7 +17,7 @@
                    <h3 class="box-title">{{ 'mandatoryFields'|_ }}</h3>
                </div>
                <div class="box-body">
-                    {{ ExpandedForm.text('email') }}
+                    {{ ExpandedForm.text('email',null,{'helpText': trans('firefly.admin_update_email')}) }}
                    {{ ExpandedForm.password('password') }}
                    {{ ExpandedForm.password('password_confirmation') }}
                    {{ ExpandedForm.checkbox('blocked') }}
--- a/resources/views/admin/users/index.twig
+++ b/resources/views/admin/users/index.twig
@ -30,6 +30,7 @@
                                <td class="hidden-xs" data-value="{{ user.id }}">
                                    <div class="btn-group btn-group-xs">
                                        <a class="btn btn-default" href="{{ route('admin.users.edit',user.id) }}"><i class="fa fa-pencil"></i></a>
+                                        <a class="btn btn-danger" href="{{ route('admin.users.delete',user.id) }}"><i class="fa fa-trash"></i></a>
                                    </div>
                                </td>
                                <td class="hidden-xs" data-value="{{ user.id }}">#{{ user.id }}</td>
--- a/routes/web.php
+++ b/routes/web.php
@ -779,8 +779,11 @@ Route::group(
    // user manager
    Route::get('users', ['uses' => 'UserController@index', 'as' => 'users']);
    Route::get('users/edit/{user}', ['uses' => 'UserController@edit', 'as' => 'users.edit']);
+    Route::get('users/delete/{user}', ['uses' => 'UserController@delete', 'as' => 'users.delete']);
    Route::get('users/show/{user}', ['uses' => 'UserController@show', 'as' => 'users.show']);
+
    Route::post('users/update/{user}', ['uses' => 'UserController@update', 'as' => 'users.update']);
+    Route::post('users/destroy/{user}', ['uses' => 'UserController@destroy', 'as' => 'users.destroy']);

    // journal links manager
    Route::get('links', ['uses' => 'LinkController@index', 'as' => 'links.index']);