Fixes #478, #520

alexweissman · alexweissman · commit f53b5819d889 · 2016-06-22T17:21:01.000-04:00
diff --git a/public/index.php b/public/index.php
@@ -133,14 +133,10 @@
         return $controller->pageUsers($primary_group);
     });
     
-    // User info form (update/view)
+    // User info form (update)
     $app->get('/forms/users/u/:user_id/?', function ($user_id) use ($app) {
         $controller = new UF\UserController($app);
-        $get = $app->request->get();        
-        if (isset($get['mode']) && $get['mode'] == "update")
-            return $controller->formUserEdit($user_id);
-        else
-            return $controller->formUserView($user_id);
+        return $controller->formUserEdit($user_id);
     });  
 
     // User edit password form
@@ -194,14 +190,10 @@
         return $controller->pageGroupAuthorization($group_id);
     })->name('uri_authorization');  
     
-    // Group info form (update/view)
+    // Group info form (update)
     $app->get('/forms/groups/g/:group_id/?', function ($group_id) use ($app) {
         $controller = new UF\GroupController($app);
-        $get = $app->request->get();        
-        if (isset($get['mode']) && $get['mode'] == "update")
-            return $controller->formGroupEdit($group_id);
-        else
-            return $controller->formGroupView($group_id);
+        return $controller->formGroupEdit($group_id);
     });
 
     // Group creation form
diff --git a/public/js/widget-auth.js b/public/js/widget-auth.js
@@ -46,19 +46,14 @@ function authForm(box_id, options) {
 		$('#' + box_id).remove();
 	}
     
-    // If we are updating an existing auth rule
-    if (options['auth_id']) {
-        var data = {
-            box_id: box_id,
-            mode: "update"
-        };
+    var data = {
+        box_id: box_id
+    };
         
+    // Creating vs updating an existing auth rule
+    if (options['auth_id']) {
         var url = site['uri']['public'] + "/forms/groups/auth/a/" + options['auth_id'];
     } else {
-        var data = {
-            box_id: box_id
-        };
-        
         var url = site['uri']['public'] + "/forms/groups/g/" + options['owner_id'] + "/auth";  
     }
     
diff --git a/public/js/widget-groups.js b/public/js/widget-groups.js
@@ -53,8 +53,7 @@ function groupForm(box_id, group_id) {
     if (group_id) {
         data = {
             box_id: box_id,
-            render: 'modal',
-            mode: "update"
+            render: 'modal'
         };
         
         url = site['uri']['public'] + "/forms/groups/g/" + group_id;
diff --git a/public/js/widget-users.js b/public/js/widget-users.js
@@ -184,8 +184,7 @@ function userForm(box_id, user_id) {
     if (user_id) {
         data = {
             box_id: box_id,
-            render: 'modal',
-            mode: "update"
+            render: 'modal'
         };
         
         url = site['uri']['public'] + "/forms/users/u/" + user_id;
@@ -314,7 +313,11 @@ function userPasswordForm(box_id, user_id) {
 	});
 }
 
-// Display user info in a panel
+/**
+ * Display user info in a panel
+ *
+ * @deprecated
+ */
 function userDisplay(box_id, user_id) {
 	user_id = typeof user_id !== 'undefined' ? user_id : "";
 	
@@ -325,8 +328,7 @@ function userDisplay(box_id, user_id) {
 	
 	var data = {
 		box_id: box_id,
-		render: 'modal',
-        mode: 'view'
+		render: 'modal'
 	};
 	
 	// Generate the form
diff --git a/userfrosting/controllers/GroupController.php b/userfrosting/controllers/GroupController.php
@@ -338,13 +338,13 @@ public function updateGroup($group_id){
 
         // Check authorization for submitted fields, if the value has been changed
         foreach ($post as $name => $value) {
-            if (isset($group->$name) && $post[$name] != $group->$name){
+            if ($group->attributeExists($name) && $post[$name] != $group->$name){
                 // Check authorization
                 if (!$this->_app->user->checkAccess('update_group_setting', ['group' => $group, 'property' => $name])){
                     $ms->addMessageTranslated("danger", "ACCESS_DENIED");
                     $this->_app->halt(403);
                 }
-            } else if (!isset($group->$name)) {
+            } else if (!$group->attributeExists($name)) {
                 $ms->addMessageTranslated("danger", "NO_DATA");
                 $this->_app->halt(400);
             }
diff --git a/userfrosting/controllers/UserController.php b/userfrosting/controllers/UserController.php
@@ -576,13 +576,13 @@ public function updateUser($user_id){
 
         // Check authorization for submitted fields, if the value has been changed
         foreach ($post as $name => $value) {
-            if ($name == "groups" || (isset($target_user->$name) && $post[$name] != $target_user->$name)){
+            if ($name == "groups" || ($target_user->attributeExists($name) && $post[$name] != $target_user->$name)){
                 // Check authorization
                 if (!$this->_app->user->checkAccess('update_account_setting', ['user' => $target_user, 'property' => $name])){
                     $ms->addMessageTranslated("danger", "ACCESS_DENIED");
                     $this->_app->halt(403);
                 }
-            } else if (!isset($target_user->$name)) {
+            } else if (!$target_user->attributeExists($name)) {
                 $ms->addMessageTranslated("danger", "NO_DATA");
                 $this->_app->halt(400);
             }
diff --git a/userfrosting/models/database/UFModel.php b/userfrosting/models/database/UFModel.php
@@ -14,7 +14,8 @@
  * @package UserFrosting
  * @author Alex Weissman
  */
-abstract class UFModel extends Model {
+abstract class UFModel extends Model
+{
     
     /**
      * @var Slim The Slim app, containing configuration info
@@ -35,7 +36,8 @@ abstract class UFModel extends Model {
      * Create a new object, initializing the table name and whitelisted columns.
      *
      */
-    public function __construct($properties = []) {    
+    public function __construct($properties = [])
+    {    
         $table_schema = Database::getSchemaTable(static::$_table_id);
         $this->table = $table_schema->name;
         $this->fillable = $table_schema->columns;
@@ -45,19 +47,32 @@ public function __construct($properties = []) {
     }
     
     /**
-     * For raw array fetching.  Must be static, otherwise PHP gets confused about where to find the table_id.
-     */
-    public static function queryBuilder(){
-        // Set query builder to fetch result sets as associative arrays (instead of creating stdClass objects)
-        Capsule::connection()->setFetchMode(\PDO::FETCH_ASSOC);
-        $table = Database::getSchemaTable(static::$_table_id)->name;
-        return Capsule::table($table);
+     * Determine if an attribute exists on the model - even if it is null.
+     *
+     * @param  string  $key
+     * @return bool
+     */    
+    public function attributeExists($key)
+    {
+        return array_key_exists($key, $this->attributes);            
+    }
+    
+    /**
+     * Determine if an relation exists on the model - even if it is null.
+     *
+     * @param  string  $key
+     * @return bool
+     */    
+    public function relationExists($key)
+    {
+        return array_key_exists($key, $this->relations);            
     }    
     
     /**
      * For excluding certain columns in a query.
      */
-    public function scopeExclude($query, $value = []) {
+    public function scopeExclude($query, $value = [])
+    {
         $columns = array_merge(['id'], Database::getSchemaTable(static::$_table_id)->columns);
         return $query->select( array_diff( $columns,(array) $value) );
     }
@@ -68,7 +83,8 @@ public function scopeExclude($query, $value = []) {
      * Calls save(), then returns the id of the new record in the database.
      * @return int the id of this object.
      */ 
-    public function store(){        
+    public function store()
+    {        
         $this->save();
         
         // Store function should always return the id of the object
@@ -80,7 +96,19 @@ public function store(){
      *
      * @return array
      */      
-    public function export(){
+    public function export()
+    {
         return $this->toArray();
-    } 
+    }
+    
+    /**
+     * For raw array fetching.  Must be static, otherwise PHP gets confused about where to find the table_id.
+     */
+    public static function queryBuilder()
+    {
+        // Set query builder to fetch result sets as associative arrays (instead of creating stdClass objects)
+        Capsule::connection()->setFetchMode(\PDO::FETCH_ASSOC);
+        $table = Database::getSchemaTable(static::$_table_id)->name;
+        return Capsule::table($table);
+    }    
 }
