From e468f3c558dcf1c992309fe8382b91b01c2dab6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <fred@kanboard.net>
Date: Sun, 17 Aug 2014 15:54:02 -0700
Subject: [PATCH] Fix bug #197: admin flag removed after a user update

---
 app/Model/User.php | 77 +++++++++++++++++++++++-----------------------
 1 file changed, 38 insertions(+), 39 deletions(-)

diff --git a/app/Model/User.php b/app/Model/User.php
index 19ec04940..cfabd3424 100644
--- a/app/Model/User.php
+++ b/app/Model/User.php
@@ -111,6 +111,41 @@ class User extends Base
         return $result;
     }
 
+    /**
+     * Prepare values before an update or a create
+     *
+     * @access public
+     * @param  array    $values    Form values
+     */
+    public function prepare(array &$values)
+    {
+        if (isset($values['password'])) {
+
+            if (! empty($values['password'])) {
+                $values['password'] = \password_hash($values['password'], PASSWORD_BCRYPT);
+            }
+            else {
+                unset($values['password']);
+            }
+        }
+
+        if (isset($values['confirmation'])) {
+            unset($values['confirmation']);
+        }
+
+        if (isset($values['current_password'])) {
+            unset($values['current_password']);
+        }
+
+        if (isset($values['is_admin']) && empty($values['is_admin'])) {
+            $values['is_admin'] = 0;
+        }
+
+        if (isset($values['is_ldap_user']) && empty($values['is_ldap_user'])) {
+            $values['is_ldap_user'] = 0;
+        }
+    }
+
     /**
      * Add a new user in the database
      *
@@ -120,22 +155,7 @@ class User extends Base
      */
     public function create(array $values)
     {
-        if (isset($values['confirmation'])) {
-            unset($values['confirmation']);
-        }
-
-        if (isset($values['password'])) {
-            $values['password'] = \password_hash($values['password'], PASSWORD_BCRYPT);
-        }
-
-        if (empty($values['is_admin'])) {
-            $values['is_admin'] = 0;
-        }
-
-        if (empty($values['is_ldap_user'])) {
-            $values['is_ldap_user'] = 0;
-        }
-
+        $this->prepare($values);
         return $this->db->table(self::TABLE)->save($values);
     }
 
@@ -148,31 +168,10 @@ class User extends Base
      */
     public function update(array $values)
     {
-        if (! empty($values['password'])) {
-            $values['password'] = \password_hash($values['password'], PASSWORD_BCRYPT);
-        }
-        else {
-            unset($values['password']);
-        }
-
-        if (isset($values['confirmation'])) {
-            unset($values['confirmation']);
-        }
-
-        if (isset($values['current_password'])) {
-            unset($values['current_password']);
-        }
-
-        if (empty($values['is_admin'])) {
-            $values['is_admin'] = 0;
-        }
-
-        if (empty($values['is_ldap_user'])) {
-            $values['is_ldap_user'] = 0;
-        }
-
+        $this->prepare($values);
         $result = $this->db->table(self::TABLE)->eq('id', $values['id'])->update($values);
 
+        // If the user is connected refresh his session
         if (session_id() !== '' && $_SESSION['user']['id'] == $values['id']) {
             $this->updateSession();
         }