1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110
<?php
namespace CMS\Controllers;
use Core\Modules\Router\Request;
use Core\Modules\Crypt\Crypt;
use CMS\Helpers;
class CMSUserRoles extends CMS
{
public $resourceModel = 'CMS\Models\CMSUserRole';
protected $scope = array();
protected function beforeCreate(Request $request)
{
unset($this->sections['general']['fields']['current_password']);
}
protected function beforeEdit(Request $request)
{
if ($request->is('post')) {
if (!Crypt::hashCompare($this->user->password, $request->post('current_password'))) {
$this->resource->setError('current_password', 'mismatch');
}
}
}
protected function beforeDelete(Request $request)
{
if (!$request->post('password') || !Crypt::hashCompare($this->user->password, $request->post('password'))) {
if (!$request->is('xhr')) {
Helpers\FlashMessage::set($this->labels['general']['not_authorized'], 'danger');
}
$request->redirectTo('index');
}
if ($this->user->role_id == $this->resource->getPrimaryKeyValue()) {
if (!$request->is('xhr')) {
Helpers\FlashMessage::set($this->labels['errors']['delete']['self'], 'danger');
}
$request->redirectTo('index');
}
parent::beforeDelete($request);
}
protected function loadAccessibilityScope()
{
parent::loadAccessibilityScope();
$this->scope = array(
'permissions' => Helpers\CMSUsers::getAccessibilityScope(),
'ownership' => Helpers\Ownership::getScope($this->labels['modules']),
);
}
}