last few finishing touches

Author: alexweissman

.gitignore

@@ -1,4 +1,6 @@
 *.komodoproject
 .DS_Store
 _meta/*
-public/test/*
+public/test/*
+ROLES.md
+userfrosting/config-userfrosting.php

CHANGELOG.md

@@ -19,3 +19,4 @@
 - Wrapper class Notification for sending emails, other notifications to users
 - Remove username requirement for password reset.  It is more likely that an attacker would know the user's username, than the user themselves.  For the next version, we can try to implement some real multi-factor authentication.
 - When a user creates another user, they don't need to set a password.  Instead, an email is sent out to the new user, with a token allowing them to set their own password.
+- Admins can manually generate a password reset request for another user, or directly change the user's password.

ROLES.md

@@ -1,26 +1,18 @@
 <?php
-    require_once 'vendor/autoload.php';
-    require_once 'models/auth/password.php';
 
     // Set your timezone here
     date_default_timezone_set('America/New_York');
 
     // Do not send fatal errors to the response body!
     ini_set("display_errors", "off");
-     
-    // Use native PHP sessions
-    session_cache_limiter(false);
-    session_name("UserFrosting");  
-    // First, initialize the PHP session
-    session_start();
-            
+    
     /* Instantiate the Slim application */
     $app = new \UserFrosting\UserFrosting([
         'view' =>           new \Slim\Views\Twig(),
         'mode' =>           'dev'   // Set to 'dev' or 'production'
     ]);
 
-    // Get public path.  Is this guaranteed to work in all environments?
+    // Get file path to public directory for this website.  Is this guaranteed to work in all environments?
     $public_path = $_SERVER['DOCUMENT_ROOT'] . $app->environment()['SCRIPT_NAME'];
 
     // Construct public URL (e.g. "http://www.userfrosting.com/admin").  Feel free to hardcode this if you feel safer.

TODO.md

@@ -5,8 +5,16 @@
  * @author Alex Weissman
  * @link http://www.userfrosting.com
  */
-
-require_once("config-userfrosting.php");
+ 
+require_once 'vendor/autoload.php';
+require_once 'models/auth/password.php';
+require_once 'config-userfrosting.php';
+
+// Use native PHP sessions
+session_cache_limiter(false);
+session_name("UserFrosting");  
+// First, initialize the PHP session
+session_start();
 
 use \Slim\Extras\Middleware\CsrfGuard;
 

userfrosting/config-userfrosting.php …frosting/config-userfrosting-example.phpuserfrosting/config-userfrosting.php renamed to userfrosting/config-userfrosting-example.php userfrosting/config-userfrosting.php renamed to userfrosting/config-userfrosting-example.php

@@ -261,7 +261,7 @@ public static function install(){
           (2, 'uri_users', 'always()'),
           (1, 'uri_account_settings', 'always()'),
           (1, 'update_account_setting', 'equals(self.id, user.id)&&in(property,[\"email\",\"locale\",\"password\"])'),
-          (2, 'update_account_setting', 'in(property,[\"email\",\"display_name\",\"title\",\"locale\",\"flag_enabled\"])'),
+          (2, 'update_account_setting', '!in_group(user.id,2)&&in(property,[\"email\",\"display_name\",\"title\",\"locale\",\"flag_password_reset\",\"flag_enabled\"])'),
           (2, 'view_account_setting', 'in(property,[\"user_name\",\"email\",\"display_name\",\"title\",\"locale\",\"flag_enabled\",\"groups\",\"primary_group_id\"])'),
           (2, 'delete_account', '!in_group(user.id,2)'),
           (2, 'create_account', 'always()');");    

userfrosting/initialize.php

@@ -35,7 +35,7 @@ abstract class UFModel extends Model {
      * Create a new object, initializing the table name and whitelisted columns.
      *
      */
-    public function __construct($properties = [], $id = null) {    
+    public function __construct($properties = []) {    
         $table_schema = Database::getSchemaTable(static::$_table_id);
         $this->table = $table_schema->name;
         $this->fillable = $table_schema->columns;