Add acl and access list for projects
This commit is contained in:
Frédéric Guillot
@@ -9,6 +9,7 @@ require __DIR__.'/../lib/template.php';
|
||||
require __DIR__.'/../lib/helper.php';
|
||||
require __DIR__.'/../lib/translator.php';
|
||||
require __DIR__.'/../models/base.php';
|
||||
require __DIR__.'/../models/acl.php';
|
||||
require __DIR__.'/../models/config.php';
|
||||
require __DIR__.'/../models/user.php';
|
||||
require __DIR__.'/../models/project.php';
|
||||
@@ -26,6 +27,7 @@ abstract class Base
|
||||
protected $task;
|
||||
protected $board;
|
||||
protected $config;
|
||||
protected $acl;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
@@ -38,30 +40,20 @@ abstract class Base
|
||||
$this->project = new \Model\Project;
|
||||
$this->task = new \Model\Task;
|
||||
$this->board = new \Model\Board;
|
||||
}
|
||||
|
||||
private function noAuthAllowed($controller, $action)
|
||||
{
|
||||
$public = array(
|
||||
'user' => array('login', 'check'),
|
||||
'task' => array('add'),
|
||||
'board' => array('readonly'),
|
||||
);
|
||||
|
||||
if (isset($public[$controller])) {
|
||||
return in_array($action, $public[$controller]);
|
||||
}
|
||||
|
||||
return false;
|
||||
$this->acl = new \Model\Acl;
|
||||
}
|
||||
|
||||
public function beforeAction($controller, $action)
|
||||
{
|
||||
// Start the session
|
||||
$this->session->open(dirname($_SERVER['PHP_SELF']), SESSION_SAVE_PATH);
|
||||
|
||||
if (! isset($_SESSION['user']) && ! $this->noAuthAllowed($controller, $action)) {
|
||||
$this->response->redirect('?controller=user&action=login');
|
||||
}
|
||||
// HTTP secure headers
|
||||
$this->response->csp();
|
||||
$this->response->nosniff();
|
||||
$this->response->xss();
|
||||
$this->response->hsts();
|
||||
$this->response->xframe();
|
||||
|
||||
// Load translations
|
||||
$language = $this->config->get('language', 'en_US');
|
||||
@@ -70,17 +62,24 @@ abstract class Base
|
||||
// Set timezone
|
||||
date_default_timezone_set($this->config->get('timezone', 'UTC'));
|
||||
|
||||
$this->response->csp();
|
||||
$this->response->nosniff();
|
||||
$this->response->xss();
|
||||
$this->response->hsts();
|
||||
$this->response->xframe();
|
||||
// If the user is not authenticated redirect to the login form, if the action is public continue
|
||||
if (! isset($_SESSION['user']) && ! $this->acl->isPublicAction($controller, $action)) {
|
||||
$this->response->redirect('?controller=user&action=login');
|
||||
}
|
||||
|
||||
// Check if the user is allowed to see this page
|
||||
if (! $this->acl->isPageAccessAllowed($controller, $action)) {
|
||||
$this->response->redirect('?controller=user&action=forbidden');
|
||||
}
|
||||
}
|
||||
|
||||
public function checkPermissions()
|
||||
public function checkProjectPermissions($project_id)
|
||||
{
|
||||
if ($_SESSION['user']['is_admin'] == 0) {
|
||||
$this->response->redirect('?controller=user&action=forbidden');
|
||||
if ($this->acl->isRegularUser()) {
|
||||
|
||||
if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
|
||||
$this->response->redirect('?controller=project&action=forbidden');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -8,15 +8,20 @@ class Board extends Base
|
||||
public function assign()
|
||||
{
|
||||
$task = $this->task->getById($this->request->getIntegerParam('task_id'));
|
||||
$project = $this->project->get($task['project_id']);
|
||||
$project = $this->project->getById($task['project_id']);
|
||||
$projects = $this->project->getListByStatus(\Model\Project::ACTIVE);
|
||||
|
||||
if ($this->acl->isRegularUser()) {
|
||||
$projects = $this->project->filterListByAccess($projects, $this->acl->getUserId());
|
||||
}
|
||||
|
||||
if (! $project) $this->notfound();
|
||||
$this->checkProjectPermissions($project['id']);
|
||||
|
||||
$this->response->html($this->template->layout('board_assign', array(
|
||||
'errors' => array(),
|
||||
'values' => $task,
|
||||
'users_list' => $this->user->getList(),
|
||||
'users_list' => $this->project->getUsersList($project['id']),
|
||||
'projects' => $projects,
|
||||
'current_project_id' => $project['id'],
|
||||
'current_project_name' => $project['name'],
|
||||
@@ -29,6 +34,8 @@ class Board extends Base
|
||||
public function assignTask()
|
||||
{
|
||||
$values = $this->request->getValues();
|
||||
$this->checkProjectPermissions($values['project_id']);
|
||||
|
||||
list($valid,) = $this->task->validateAssigneeModification($values);
|
||||
|
||||
if ($valid && $this->task->update($values)) {
|
||||
@@ -68,8 +75,18 @@ class Board extends Base
|
||||
{
|
||||
$projects = $this->project->getListByStatus(\Model\Project::ACTIVE);
|
||||
|
||||
if (! count($projects)) {
|
||||
$this->redirectNoProject();
|
||||
if ($this->acl->isRegularUser()) {
|
||||
$projects = $this->project->filterListByAccess($projects, $this->acl->getUserId());
|
||||
}
|
||||
|
||||
if (empty($projects)) {
|
||||
|
||||
if ($this->acl->isAdminUser()) {
|
||||
$this->redirectNoProject();
|
||||
}
|
||||
else {
|
||||
$this->response->redirect('?controller=project&action=forbidden');
|
||||
}
|
||||
}
|
||||
else if (! empty($_SESSION['user']['default_project_id']) && isset($projects[$_SESSION['user']['default_project_id']])) {
|
||||
$project_id = $_SESSION['user']['default_project_id'];
|
||||
@@ -79,6 +96,8 @@ class Board extends Base
|
||||
list($project_id, $project_name) = each($projects);
|
||||
}
|
||||
|
||||
$this->checkProjectPermissions($project_id);
|
||||
|
||||
$this->response->html($this->template->layout('board_index', array(
|
||||
'projects' => $projects,
|
||||
'current_project_id' => $project_id,
|
||||
@@ -93,8 +112,14 @@ class Board extends Base
|
||||
public function show()
|
||||
{
|
||||
$projects = $this->project->getListByStatus(\Model\Project::ACTIVE);
|
||||
|
||||
if ($this->acl->isRegularUser()) {
|
||||
$projects = $this->project->filterListByAccess($projects, $this->acl->getUserId());
|
||||
}
|
||||
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
|
||||
$this->checkProjectPermissions($project_id);
|
||||
if (! isset($projects[$project_id])) $this->notfound();
|
||||
|
||||
$project_name = $projects[$project_id];
|
||||
@@ -112,10 +137,8 @@ class Board extends Base
|
||||
// Display a form to edit a board
|
||||
public function edit()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
$project = $this->project->get($project_id);
|
||||
$project = $this->project->getById($project_id);
|
||||
|
||||
if (! $project) $this->notfound();
|
||||
|
||||
@@ -140,10 +163,8 @@ class Board extends Base
|
||||
// Validate and update a board
|
||||
public function update()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
$project = $this->project->get($project_id);
|
||||
$project = $this->project->getById($project_id);
|
||||
|
||||
if (! $project) $this->notfound();
|
||||
|
||||
@@ -183,10 +204,8 @@ class Board extends Base
|
||||
// Validate and add a new column
|
||||
public function add()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
$project = $this->project->get($project_id);
|
||||
$project = $this->project->getById($project_id);
|
||||
|
||||
if (! $project) $this->notfound();
|
||||
|
||||
@@ -224,8 +243,6 @@ class Board extends Base
|
||||
// Confirmation dialog before removing a column
|
||||
public function confirm()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$this->response->html($this->template->layout('board_remove', array(
|
||||
'column' => $this->board->getColumn($this->request->getIntegerParam('column_id')),
|
||||
'menu' => 'projects',
|
||||
@@ -236,8 +253,6 @@ class Board extends Base
|
||||
// Remove a column
|
||||
public function remove()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$column = $this->board->getColumn($this->request->getIntegerParam('column_id'));
|
||||
|
||||
if ($column && $this->board->removeColumn($column['id'])) {
|
||||
@@ -252,6 +267,12 @@ class Board extends Base
|
||||
// Save the board (Ajax request made by the drag and drop)
|
||||
public function save()
|
||||
{
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
|
||||
if ($project_id > 0 && ! $this->project->isUserAllowed($project_id, $this->acl->getUserId())) {
|
||||
$this->response->json(array('result' => false), 401);
|
||||
}
|
||||
|
||||
$this->response->json(array(
|
||||
'result' => $this->board->saveTasksPosition($this->request->getValues())
|
||||
));
|
||||
|
||||
@@ -23,8 +23,6 @@ class Config extends Base
|
||||
// Validate and save settings
|
||||
public function save()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$values = $this->request->getValues();
|
||||
list($valid, $errors) = $this->config->validateModification($values);
|
||||
|
||||
@@ -56,7 +54,6 @@ class Config extends Base
|
||||
// Download the database
|
||||
public function downloadDb()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
$this->response->forceDownload('db.sqlite.gz');
|
||||
$this->response->binary($this->config->downloadDatabase());
|
||||
}
|
||||
@@ -64,7 +61,6 @@ class Config extends Base
|
||||
// Optimize the database
|
||||
public function optimizeDb()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
$this->config->optimizeDatabase();
|
||||
$this->session->flash(t('Database optimization done.'));
|
||||
$this->response->redirect('?controller=config');
|
||||
|
||||
@@ -4,17 +4,28 @@ namespace Controller;
|
||||
|
||||
class Project extends Base
|
||||
{
|
||||
// Display access forbidden page
|
||||
public function forbidden()
|
||||
{
|
||||
$this->response->html($this->template->layout('project_forbidden', array(
|
||||
'menu' => 'projects',
|
||||
'title' => t('Access Forbidden')
|
||||
)));
|
||||
}
|
||||
|
||||
// List of completed tasks for a given project
|
||||
public function tasks()
|
||||
{
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
$project = $this->project->get($project_id);
|
||||
$project = $this->project->getById($project_id);
|
||||
|
||||
if (! $project) {
|
||||
$this->session->flashError(t('Project not found.'));
|
||||
$this->response->redirect('?controller=project');
|
||||
}
|
||||
|
||||
$this->checkProjectPermissions($project['id']);
|
||||
|
||||
$tasks = $this->task->getAllByProjectId($project_id, array(0));
|
||||
$nb_tasks = count($tasks);
|
||||
|
||||
@@ -30,7 +41,7 @@ class Project extends Base
|
||||
// List of projects
|
||||
public function index()
|
||||
{
|
||||
$projects = $this->project->getAll(true);
|
||||
$projects = $this->project->getAll(true, $this->acl->isRegularUser());
|
||||
$nb_projects = count($projects);
|
||||
|
||||
$this->response->html($this->template->layout('project_index', array(
|
||||
@@ -44,8 +55,6 @@ class Project extends Base
|
||||
// Display a form to create a new project
|
||||
public function create()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$this->response->html($this->template->layout('project_new', array(
|
||||
'errors' => array(),
|
||||
'values' => array(),
|
||||
@@ -57,8 +66,6 @@ class Project extends Base
|
||||
// Validate and save a new project
|
||||
public function save()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$values = $this->request->getValues();
|
||||
list($valid, $errors) = $this->project->validateCreation($values);
|
||||
|
||||
@@ -84,9 +91,7 @@ class Project extends Base
|
||||
// Display a form to edit a project
|
||||
public function edit()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project = $this->project->get($this->request->getIntegerParam('project_id'));
|
||||
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
|
||||
|
||||
if (! $project) {
|
||||
$this->session->flashError(t('Project not found.'));
|
||||
@@ -104,8 +109,6 @@ class Project extends Base
|
||||
// Validate and update a project
|
||||
public function update()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$values = $this->request->getValues() + array('is_active' => 0);
|
||||
list($valid, $errors) = $this->project->validateModification($values);
|
||||
|
||||
@@ -131,9 +134,7 @@ class Project extends Base
|
||||
// Confirmation dialog before to remove a project
|
||||
public function confirm()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project = $this->project->get($this->request->getIntegerParam('project_id'));
|
||||
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
|
||||
|
||||
if (! $project) {
|
||||
$this->session->flashError(t('Project not found.'));
|
||||
@@ -150,8 +151,6 @@ class Project extends Base
|
||||
// Remove a project
|
||||
public function remove()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
|
||||
if ($project_id && $this->project->remove($project_id)) {
|
||||
@@ -166,8 +165,6 @@ class Project extends Base
|
||||
// Enable a project
|
||||
public function enable()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
|
||||
if ($project_id && $this->project->enable($project_id)) {
|
||||
@@ -182,8 +179,6 @@ class Project extends Base
|
||||
// Disable a project
|
||||
public function disable()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
|
||||
if ($project_id && $this->project->disable($project_id)) {
|
||||
@@ -194,4 +189,64 @@ class Project extends Base
|
||||
|
||||
$this->response->redirect('?controller=project');
|
||||
}
|
||||
|
||||
// Users list for the selected project
|
||||
public function users()
|
||||
{
|
||||
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
|
||||
|
||||
if (! $project) {
|
||||
$this->session->flashError(t('Project not found.'));
|
||||
$this->response->redirect('?controller=project');
|
||||
}
|
||||
|
||||
$this->response->html($this->template->layout('project_users', array(
|
||||
'project' => $project,
|
||||
'users' => $this->project->getAllUsers($project['id']),
|
||||
'menu' => 'projects',
|
||||
'title' => t('Edit project access list')
|
||||
)));
|
||||
}
|
||||
|
||||
// Allow a specific user for the selected project
|
||||
public function allow()
|
||||
{
|
||||
$values = $this->request->getValues();
|
||||
list($valid,) = $this->project->validateUserAccess($values);
|
||||
|
||||
if ($valid) {
|
||||
|
||||
if ($this->project->allowUser($values['project_id'], $values['user_id'])) {
|
||||
$this->session->flash(t('Project updated successfully.'));
|
||||
}
|
||||
else {
|
||||
$this->session->flashError(t('Unable to update this project.'));
|
||||
}
|
||||
}
|
||||
|
||||
$this->response->redirect('?controller=project&action=users&project_id='.$values['project_id']);
|
||||
}
|
||||
|
||||
// Revoke user access
|
||||
public function revoke()
|
||||
{
|
||||
$values = array(
|
||||
'project_id' => $this->request->getIntegerParam('project_id'),
|
||||
'user_id' => $this->request->getIntegerParam('user_id'),
|
||||
);
|
||||
|
||||
list($valid,) = $this->project->validateUserAccess($values);
|
||||
|
||||
if ($valid) {
|
||||
|
||||
if ($this->project->revokeUser($values['project_id'], $values['user_id'])) {
|
||||
$this->session->flash(t('Project updated successfully.'));
|
||||
}
|
||||
else {
|
||||
$this->session->flashError(t('Unable to update this project.'));
|
||||
}
|
||||
}
|
||||
|
||||
$this->response->redirect('?controller=project&action=users&project_id='.$values['project_id']);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,6 +45,7 @@ class Task extends Base
|
||||
$task = $this->task->getById($this->request->getIntegerParam('task_id'), true);
|
||||
|
||||
if (! $task) $this->notfound();
|
||||
$this->checkProjectPermissions($task['project_id']);
|
||||
|
||||
$this->response->html($this->template->layout('task_show', array(
|
||||
'task' => $task,
|
||||
@@ -59,6 +60,7 @@ class Task extends Base
|
||||
public function create()
|
||||
{
|
||||
$project_id = $this->request->getIntegerParam('project_id');
|
||||
$this->checkProjectPermissions($project_id);
|
||||
|
||||
$this->response->html($this->template->layout('task_new', array(
|
||||
'errors' => array(),
|
||||
@@ -71,7 +73,7 @@ class Task extends Base
|
||||
),
|
||||
'projects_list' => $this->project->getListByStatus(\Model\Project::ACTIVE),
|
||||
'columns_list' => $this->board->getColumnsList($project_id),
|
||||
'users_list' => $this->user->getList(),
|
||||
'users_list' => $this->project->getUsersList($project_id),
|
||||
'colors_list' => $this->task->getColors(),
|
||||
'menu' => 'tasks',
|
||||
'title' => t('New task')
|
||||
@@ -82,6 +84,8 @@ class Task extends Base
|
||||
public function save()
|
||||
{
|
||||
$values = $this->request->getValues();
|
||||
$this->checkProjectPermissions($values['project_id']);
|
||||
|
||||
list($valid, $errors) = $this->task->validateCreation($values);
|
||||
|
||||
if ($valid) {
|
||||
@@ -108,7 +112,7 @@ class Task extends Base
|
||||
'values' => $values,
|
||||
'projects_list' => $this->project->getListByStatus(\Model\Project::ACTIVE),
|
||||
'columns_list' => $this->board->getColumnsList($values['project_id']),
|
||||
'users_list' => $this->user->getList(),
|
||||
'users_list' => $this->project->getUsersList($values['project_id']),
|
||||
'colors_list' => $this->task->getColors(),
|
||||
'menu' => 'tasks',
|
||||
'title' => t('New task')
|
||||
@@ -121,12 +125,13 @@ class Task extends Base
|
||||
$task = $this->task->getById($this->request->getIntegerParam('task_id'));
|
||||
|
||||
if (! $task) $this->notfound();
|
||||
$this->checkProjectPermissions($task['project_id']);
|
||||
|
||||
$this->response->html($this->template->layout('task_edit', array(
|
||||
'errors' => array(),
|
||||
'values' => $task,
|
||||
'columns_list' => $this->board->getColumnsList($task['project_id']),
|
||||
'users_list' => $this->user->getList(),
|
||||
'users_list' => $this->project->getUsersList($task['project_id']),
|
||||
'colors_list' => $this->task->getColors(),
|
||||
'menu' => 'tasks',
|
||||
'title' => t('Edit a task')
|
||||
@@ -137,6 +142,8 @@ class Task extends Base
|
||||
public function update()
|
||||
{
|
||||
$values = $this->request->getValues();
|
||||
$this->checkProjectPermissions($values['project_id']);
|
||||
|
||||
list($valid, $errors) = $this->task->validateModification($values);
|
||||
|
||||
if ($valid) {
|
||||
@@ -154,7 +161,7 @@ class Task extends Base
|
||||
'errors' => $errors,
|
||||
'values' => $values,
|
||||
'columns_list' => $this->board->getColumnsList($values['project_id']),
|
||||
'users_list' => $this->user->getList(),
|
||||
'users_list' => $this->project->getUsersList($values['project_id']),
|
||||
'colors_list' => $this->task->getColors(),
|
||||
'menu' => 'tasks',
|
||||
'title' => t('Edit a task')
|
||||
@@ -166,7 +173,10 @@ class Task extends Base
|
||||
{
|
||||
$task = $this->task->getById($this->request->getIntegerParam('task_id'));
|
||||
|
||||
if ($task && $this->task->close($task['id'])) {
|
||||
if (! $task) $this->notfound();
|
||||
$this->checkProjectPermissions($task['project_id']);
|
||||
|
||||
if ($this->task->close($task['id'])) {
|
||||
$this->session->flash(t('Task closed successfully.'));
|
||||
} else {
|
||||
$this->session->flashError(t('Unable to close this task.'));
|
||||
@@ -181,6 +191,7 @@ class Task extends Base
|
||||
$task = $this->task->getById($this->request->getIntegerParam('task_id'));
|
||||
|
||||
if (! $task) $this->notfound();
|
||||
$this->checkProjectPermissions($task['project_id']);
|
||||
|
||||
$this->response->html($this->template->layout('task_close', array(
|
||||
'task' => $task,
|
||||
@@ -194,7 +205,10 @@ class Task extends Base
|
||||
{
|
||||
$task = $this->task->getById($this->request->getIntegerParam('task_id'));
|
||||
|
||||
if ($task && $this->task->open($task['id'])) {
|
||||
if (! $task) $this->notfound();
|
||||
$this->checkProjectPermissions($task['project_id']);
|
||||
|
||||
if ($this->task->open($task['id'])) {
|
||||
$this->session->flash(t('Task opened successfully.'));
|
||||
} else {
|
||||
$this->session->flashError(t('Unable to open this task.'));
|
||||
@@ -209,6 +223,7 @@ class Task extends Base
|
||||
$task = $this->task->getById($this->request->getIntegerParam('task_id'));
|
||||
|
||||
if (! $task) $this->notfound();
|
||||
$this->checkProjectPermissions($task['project_id']);
|
||||
|
||||
$this->response->html($this->template->layout('task_open', array(
|
||||
'task' => $task,
|
||||
|
||||
@@ -68,8 +68,6 @@ class User extends Base
|
||||
// Display a form to create a new user
|
||||
public function create()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$this->response->html($this->template->layout('user_new', array(
|
||||
'projects' => $this->project->getList(),
|
||||
'errors' => array(),
|
||||
@@ -82,8 +80,6 @@ class User extends Base
|
||||
// Validate and save a new user
|
||||
public function save()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$values = $this->request->getValues();
|
||||
list($valid, $errors) = $this->user->validateCreation($values);
|
||||
|
||||
@@ -121,7 +117,7 @@ class User extends Base
|
||||
unset($user['password']);
|
||||
|
||||
$this->response->html($this->template->layout('user_edit', array(
|
||||
'projects' => $this->project->getList(),
|
||||
'projects' => $this->project->filterListByAccess($this->project->getList(), $user['id']),
|
||||
'errors' => array(),
|
||||
'values' => $user,
|
||||
'menu' => 'users',
|
||||
@@ -162,7 +158,7 @@ class User extends Base
|
||||
}
|
||||
|
||||
$this->response->html($this->template->layout('user_edit', array(
|
||||
'projects' => $this->project->getList(),
|
||||
'projects' => $this->project->filterListByAccess($this->project->getList(), $values['id']),
|
||||
'errors' => $errors,
|
||||
'values' => $values,
|
||||
'menu' => 'users',
|
||||
@@ -173,8 +169,6 @@ class User extends Base
|
||||
// Confirmation dialog before to remove a user
|
||||
public function confirm()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$user = $this->user->getById($this->request->getIntegerParam('user_id'));
|
||||
|
||||
if (! $user) $this->notfound();
|
||||
@@ -189,8 +183,6 @@ class User extends Base
|
||||
// Remove a user
|
||||
public function remove()
|
||||
{
|
||||
$this->checkPermissions();
|
||||
|
||||
$user_id = $this->request->getIntegerParam('user_id');
|
||||
|
||||
if ($user_id && $this->user->remove($user_id)) {
|
||||
|
||||
Reference in New Issue
Block a user