[Modifica] roles de los usuarios en admin
This commit is contained in:
parent
1f47803783
commit
1e1093fd25
|
@ -380,6 +380,8 @@ class adminController {
|
|||
|
||||
$page = $pagination['page'];
|
||||
|
||||
$roles = $adminModel -> get_roles();
|
||||
|
||||
unset($search, $adminModel, $total, $pagination);
|
||||
|
||||
$token = csrf::generate();
|
||||
|
@ -459,4 +461,51 @@ class adminController {
|
|||
|
||||
utils::redirect(NABU_ROUTES['registered-users']);
|
||||
}
|
||||
|
||||
// Modifica el rol de un usuario con el método POST.
|
||||
static public function change_role() {
|
||||
csrf::validate($_POST['csrf']);
|
||||
|
||||
$view = NABU_ROUTES['registered-users'];
|
||||
|
||||
if ($_SESSION['user']['role'] != 'admin')
|
||||
utils::redirect($views);
|
||||
|
||||
$messages = messages::get();
|
||||
|
||||
$validations = new validations($view);
|
||||
|
||||
// Valida la URL del artículo.
|
||||
$data = $validations -> validate($_GET, array(
|
||||
array('field' => 'user', 'min_length' => 1, 'max_length' => 255, 'not_spaces' => true)
|
||||
));
|
||||
|
||||
$user = $data['user'];
|
||||
|
||||
if ($user == 'root' || $user == $_SESSION['user']['username'] || empty($_POST['change-role-form']))
|
||||
utils::redirect($view);
|
||||
|
||||
// Valida el formulario para modificar el rol del usuario.
|
||||
if (!is_numeric($_POST['role']))
|
||||
utils::redirect($view);
|
||||
|
||||
$role = $_POST['role'];
|
||||
|
||||
$adminModel = new adminModel();
|
||||
|
||||
// Obtiene los datos del usuario administrador.
|
||||
$admin = $adminModel -> get_admin($_SESSION['user']['id']);
|
||||
|
||||
if (empty($admin))
|
||||
utils::redirect(NABU_ROUTES['logout']);
|
||||
|
||||
if (empty($adminModel -> find_role($role)))
|
||||
utils::redirect($view);
|
||||
|
||||
$adminModel -> change_role($user, $role);
|
||||
|
||||
messages::add('El rol del usuario se ha modificado correctamente');
|
||||
|
||||
utils::redirect($view);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -33,6 +33,7 @@ return array(
|
|||
'errors' => array('route' => 'errors', 'controller' => 'blogController', 'view' => 'errors'),
|
||||
'favorites' => array('route' => 'favorites', 'controller' => 'communityController', 'view' => 'favorites'),
|
||||
'home' => array('route' => 'home', 'controller' => 'blogController', 'view' => 'home'),
|
||||
'change-role' => array('route' => 'change-role', 'controller' => 'adminController', 'view' => 'change_role'),
|
||||
'likes' => array('route' => 'likes', 'controller' => 'communityController', 'view' => 'likes'),
|
||||
'login' => array('route' => 'login', 'controller' => 'usersController', 'view' => 'login'),
|
||||
'logout' => array('route' => 'logout', 'controller' => 'usersController', 'view' => 'logout'),
|
||||
|
|
|
@ -281,7 +281,7 @@ class adminModel extends dbConnection {
|
|||
|
||||
// @return un array con los usuarios registrados.
|
||||
public function get_users(int $limit, int $accumulation, string $pattern) {
|
||||
$query = 'SELECT u.name, u.username, u.email, r.name AS role ' .
|
||||
$query = 'SELECT u.name, u.username, u.email, r.id AS roleId, r.name AS role ' .
|
||||
'FROM users AS u ' .
|
||||
'INNER JOIN roles AS r ON u.role_id = r.id ' .
|
||||
'WHERE u.activated = TRUE ';
|
||||
|
@ -311,6 +311,60 @@ class adminModel extends dbConnection {
|
|||
}
|
||||
}
|
||||
|
||||
// @return un array con los roles del sistema.
|
||||
public function get_roles() {
|
||||
$query = 'SELECT * FROM roles ORDER BY name ASC';
|
||||
|
||||
try {
|
||||
$prepare = $this -> pdo -> prepare($query);
|
||||
|
||||
$prepare -> execute();
|
||||
|
||||
$roles = $prepare -> fetchAll();
|
||||
|
||||
if (empty($roles))
|
||||
$roles = array();
|
||||
|
||||
return $roles;
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
$this -> errors($e -> getMessage(), 'tuvimos un problema para obtener todos los roles del sistema');
|
||||
}
|
||||
}
|
||||
|
||||
// @return un array de un rol del sistema.
|
||||
public function find_role(int $id) {
|
||||
$query = 'SELECT * FROM roles WHERE id = ?';
|
||||
|
||||
try {
|
||||
$prepare = $this -> pdo -> prepare($query);
|
||||
|
||||
$prepare -> execute(array($id));
|
||||
|
||||
$role = $prepare -> fetch();
|
||||
|
||||
if (empty($role))
|
||||
$role = array();
|
||||
|
||||
return $role;
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
$this -> errors($e -> getMessage(), 'tuvimos un problema para buscar un rol del sistema');
|
||||
}
|
||||
}
|
||||
|
||||
// Actualiza el rol de un usuario.
|
||||
public function change_role(string $user, int $role) {
|
||||
$query = 'UPDATE users SET role_id = ? WHERE username = ?';
|
||||
|
||||
try {
|
||||
$this -> pdo -> prepare($query) -> execute(array($role, $user));
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
$this -> errors($e -> getMessage(), 'tuvimos un problema para modificar el rol de un usuario');
|
||||
}
|
||||
}
|
||||
|
||||
public function __destruct() {
|
||||
parent::__destruct();
|
||||
$this -> pdo = null;
|
||||
|
|
|
@ -30,18 +30,29 @@
|
|||
<th>Nombre</th>
|
||||
<th>Apodo</th>
|
||||
<th>Correo institucional</th>
|
||||
<th>Rol</th>
|
||||
<th></th>
|
||||
<th></th>
|
||||
<th>Eliminar</th>
|
||||
<th>Cambiar rol</th>
|
||||
</tr>
|
||||
<?php foreach($users as $user): ?>
|
||||
<tr>
|
||||
<td><a href="<?= NABU_ROUTES['profile'] . '&user=' . urlencode($user['username']) ?>"><?= utils::escape($user['name']) ?></a></td>
|
||||
<td><?= utils::escape($user['username']) ?></td>
|
||||
<td><?= utils::escape($user['email']) ?></td>
|
||||
<td><?= $user['role'] ?></td>
|
||||
<td><a href="<?= NABU_ROUTES['delete-user'] . '&user=' . urlencode($user['username']) ?>">Eliminar</a></td>
|
||||
<td>Cambiar rol</td>
|
||||
<td>
|
||||
<form method="POST" action="<?= NABU_ROUTES['change-role'] . '&user=' . utils::escape($user['username']) ?>" >
|
||||
<select name="role" id="role">
|
||||
<option value="<?= $user['roleId'] ?>"><?= $user['role'] ?></option>
|
||||
<?php foreach($roles as $role): ?>
|
||||
<?php if($role['id'] != $user['roleId']): ?>
|
||||
<option value="<?= $role['id'] ?>"><?= $role['name'] ?></option>
|
||||
<?php endif ?>
|
||||
<?php endforeach ?>
|
||||
</select>
|
||||
<input type="hidden" name="csrf" value="<?= $token ?>">
|
||||
<input type="submit" name="change-role-form" value="Guardar">
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
<?php endforeach ?>
|
||||
</table>
|
||||
|
|
Loading…
Reference in New Issue