62 lines
1.6 KiB
PHP
62 lines
1.6 KiB
PHP
<?php
|
|
|
|
class UserController {
|
|
|
|
// list all users (admin only)
|
|
|
|
protected function check_access($f3){
|
|
$current_user = $f3->get('SESSION.user');
|
|
if(!$current_user || $current_user['role_name'] !== 'admin'){
|
|
$f3->reroute('/login');
|
|
}
|
|
}
|
|
|
|
public function index($f3){
|
|
|
|
$this->check_access($f3);
|
|
|
|
$db = $f3->get('DB');
|
|
$users = $db->exec(
|
|
'SELECT u.*, r.role AS role_name
|
|
FROM users u
|
|
LEFT JOIN roles r ON r.id = u.role
|
|
ORDER BY id ASC'
|
|
);
|
|
$f3->set('users', $users);
|
|
|
|
$f3->set('content', '../ui/views/user/index.html');
|
|
echo \Template::instance()->render('../ui/templates/layout.html');
|
|
}
|
|
|
|
public function editForm($f3){
|
|
$this->check_access($f3);
|
|
|
|
$user_id = (int) $f3->get('PARAMS.id');
|
|
$db = $f3->get('DB');
|
|
|
|
$rows = $db->exec(
|
|
'SELECt * FROM users WHERE id = ? LIMIT 1',
|
|
[$user_id]
|
|
);
|
|
if(!$rows){
|
|
$f3->reroute('/users');
|
|
}
|
|
$f3->set('edit_user', $rows[0]);
|
|
$f3->set('content', '../ui/views/user/edit.html');
|
|
echo \Template::instance()->render('../ui/templates/layout.html');
|
|
}
|
|
|
|
public function update($f3){
|
|
|
|
$this->check_access($f3);
|
|
|
|
$user_id = (int) $f3->get('PARAMS.id');
|
|
$new_username = $f3->get('POST.username');
|
|
// $new_role = $f3->get('POST.role_name')
|
|
$db = $f3->get('DB');
|
|
$db->exec(
|
|
'UPDATE users SET username = ? WHERE id =? LIMIT 1',
|
|
[$new_username, $user_id]);
|
|
$f3->reroute('/users');
|
|
}
|
|
} |