[Modifica] roles de los usuarios en admin

2022-04-29 00:40:18 -05:00 · 2022-04-29 00:40:18 -05:00 · 1e1093fd25
parent 1f47803783
commit 1e1093fd25
4 changed files with 121 additions and 6 deletions
--- a/controllers/adminController.php
+++ b/controllers/adminController.php
@ -380,6 +380,8 @@ class adminController {

    $page = $pagination['page'];

+    $roles = $adminModel -> get_roles();
+
    unset($search, $adminModel, $total, $pagination);

    $token    = csrf::generate();
@ -459,4 +461,51 @@ class adminController {

    utils::redirect(NABU_ROUTES['registered-users']);
  }
+
+  // Modifica el rol de un usuario con el método POST.
+  static public function change_role() {
+    csrf::validate($_POST['csrf']);
+
+    $view = NABU_ROUTES['registered-users'];
+
+    if ($_SESSION['user']['role'] != 'admin')
+      utils::redirect($views);
+
+    $messages = messages::get();
+
+    $validations = new validations($view);
+
+    // Valida la URL del artículo.
+    $data = $validations -> validate($_GET, array(
+      array('field' => 'user', 'min_length' => 1, 'max_length' => 255, 'not_spaces' => true)
+    ));
+
+    $user = $data['user'];
+
+    if ($user == 'root' || $user == $_SESSION['user']['username'] || empty($_POST['change-role-form']))
+      utils::redirect($view);
+
+    // Valida el formulario para modificar el rol del usuario.
+    if (!is_numeric($_POST['role']))
+      utils::redirect($view);
+
+    $role = $_POST['role'];
+
+    $adminModel = new adminModel();
+
+    // Obtiene los datos del usuario administrador.
+    $admin = $adminModel -> get_admin($_SESSION['user']['id']);
+
+    if (empty($admin))
+      utils::redirect(NABU_ROUTES['logout']);
+
+    if (empty($adminModel -> find_role($role)))
+      utils::redirect($view);
+
+    $adminModel -> change_role($user, $role);
+
+    messages::add('El rol del usuario se ha modificado correctamente');
+
+    utils::redirect($view);
+  }
 }
--- a/core/routes.php
+++ b/core/routes.php
@ -33,6 +33,7 @@ return array(
  'errors'             => array('route' => 'errors',             'controller' => 'blogController',           'view' => 'errors'),
  'favorites'          => array('route' => 'favorites',          'controller' => 'communityController',      'view' => 'favorites'),
  'home'               => array('route' => 'home',               'controller' => 'blogController',           'view' => 'home'),
+  'change-role'        => array('route' => 'change-role',        'controller' => 'adminController',          'view' => 'change_role'),
  'likes'              => array('route' => 'likes',              'controller' => 'communityController',      'view' => 'likes'),
  'login'              => array('route' => 'login',              'controller' => 'usersController',          'view' => 'login'),
  'logout'             => array('route' => 'logout',             'controller' => 'usersController',          'view' => 'logout'),
--- a/models/adminModel.php
+++ b/models/adminModel.php
@ -281,7 +281,7 @@ class adminModel extends dbConnection {

  // @return un array con los usuarios registrados.
  public function get_users(int $limit, int $accumulation, string $pattern) {
-    $query = 'SELECT u.name, u.username, u.email, r.name AS role ' .
+    $query = 'SELECT u.name, u.username, u.email, r.id AS roleId, r.name AS role ' .
             'FROM users AS u ' .
             'INNER JOIN roles AS r ON u.role_id = r.id ' .
             'WHERE u.activated = TRUE ';
@ -311,6 +311,60 @@ class adminModel extends dbConnection {
    }
  }

+  // @return un array con los roles del sistema.
+  public function get_roles() {
+    $query = 'SELECT * FROM roles ORDER BY name ASC';
+
+    try {
+      $prepare = $this -> pdo -> prepare($query);
+
+      $prepare -> execute();
+
+      $roles = $prepare -> fetchAll();
+
+      if (empty($roles))
+        $roles = array();
+
+      return $roles;
+    }
+    catch (PDOException $e) {
+      $this -> errors($e -> getMessage(), 'tuvimos un problema para obtener todos los roles del sistema');
+    }
+  }
+
+  // @return un array de un rol del sistema.
+  public function find_role(int $id) {
+    $query = 'SELECT * FROM roles WHERE id = ?';
+
+    try {
+      $prepare = $this -> pdo -> prepare($query);
+
+      $prepare -> execute(array($id));
+
+      $role = $prepare -> fetch();
+
+      if (empty($role))
+        $role = array();
+
+      return $role;
+    }
+    catch (PDOException $e) {
+      $this -> errors($e -> getMessage(), 'tuvimos un problema para buscar un rol del sistema');
+    }
+  }
+
+  // Actualiza el rol de un usuario.
+  public function change_role(string $user, int $role) {
+    $query = 'UPDATE users SET role_id = ? WHERE username = ?';
+
+    try {
+      $this -> pdo -> prepare($query) -> execute(array($role, $user));
+    }
+    catch (PDOException $e) {
+      $this -> errors($e -> getMessage(), 'tuvimos un problema para modificar el rol de un usuario');
+    }
+  }
+
  public function __destruct() {
    parent::__destruct();
    $this -> pdo = null;
--- a/views/admin/registered-users.php
+++ b/views/admin/registered-users.php
@ -30,18 +30,29 @@
        <th>Nombre</th>
        <th>Apodo</th>
        <th>Correo institucional</th>
-        <th>Rol</th>
-        <th></th>
-        <th></th>
+        <th>Eliminar</th>
+        <th>Cambiar rol</th>
    </tr>
    <?php foreach($users as $user): ?>
    <tr>
      <td><a href="<?= NABU_ROUTES['profile'] . '&user=' . urlencode($user['username']) ?>"><?= utils::escape($user['name']) ?></a></td>
      <td><?= utils::escape($user['username']) ?></td>
      <td><?= utils::escape($user['email']) ?></td>
-      <td><?= $user['role'] ?></td>
      <td><a href="<?= NABU_ROUTES['delete-user'] . '&user=' . urlencode($user['username']) ?>">Eliminar</a></td>
-      <td>Cambiar rol</td>
+      <td>
+        <form method="POST" action="<?= NABU_ROUTES['change-role'] . '&user=' . utils::escape($user['username']) ?>" >
+          <select name="role" id="role">
+            <option value="<?= $user['roleId'] ?>"><?= $user['role'] ?></option>
+            <?php foreach($roles as $role): ?>
+              <?php if($role['id'] != $user['roleId']): ?>
+                <option value="<?= $role['id'] ?>"><?= $role['name'] ?></option>
+              <?php endif ?>
+            <?php endforeach ?>
+          </select>
+          <input type="hidden" name="csrf" value="<?= $token ?>">
+          <input type="submit" name="change-role-form" value="Guardar">
+        </form>
+      </td>
    </tr>
    <?php endforeach ?>
 </table>