Malin/domnitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor routes and controllers for RESTful resource access

Browse Source 
Updated controllers and routes to use RESTful resource-based URLs and parameter passing for groups, users, and notification channels. Added user isolation checks for domain and group access, ensuring proper data filtering based on isolation mode. Adjusted views to match new route structure and improved security and maintainability by removing reliance on query parameters for resource identification.
This commit is contained in:
Hosteroid
2025-10-20 21:08:09 +03:00
parent c4e4196e02
commit ac7a0c0aa8
10 changed files with 266 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
app/Controllers/UserController.php
View File

@@ -194,9 +194,9 @@ class UserController extends Controller
/**
* Show edit user form
*/
public function edit()
public function edit($params = [])
{
$userId = (int)($_GET['id'] ?? 0);
$userId = $params['id'] ?? 0;
$user = $this->userModel->find($userId);
if (!$user) {
@@ -214,7 +214,7 @@ class UserController extends Controller
/**
* Update user
*/
public function update()
public function update($params = [])
{
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
$this->redirect('/users');
@@ -224,7 +224,7 @@ class UserController extends Controller
// CSRF Protection
$this->verifyCsrf('/users');
$userId = (int)($_POST['id'] ?? 0);
$userId = $params['id'] ?? 0;
$user = $this->userModel->find($userId);
if (!$user) {
@@ -242,13 +242,13 @@ class UserController extends Controller
// Validation
if (empty($email) || empty($fullName)) {
$_SESSION['error'] = 'Email and full name are required';
$this->redirect('/users/edit?id=' . $userId);
$this->redirect("/users/$userId/edit");
return;
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['error'] = 'Invalid email address';
$this->redirect('/users/edit?id=' . $userId);
$this->redirect("/users/$userId/edit");
return;
}
@@ -256,7 +256,7 @@ class UserController extends Controller
$nameError = \App\Helpers\InputValidator::validateLength($fullName, 255, 'Full name');
if ($nameError) {
$_SESSION['error'] = $nameError;
$this->redirect('/users/edit?id=' . $userId);
$this->redirect("/users/$userId/edit");
return;
}
@@ -264,7 +264,7 @@ class UserController extends Controller
$existingUsers = $this->userModel->where('email', $email);
if (!empty($existingUsers) && $existingUsers[0]['id'] != $userId) {
$_SESSION['error'] = 'Email already in use by another user';
$this->redirect('/users/edit?id=' . $userId);
$this->redirect("/users/$userId/edit");
return;
}
@@ -282,7 +282,7 @@ class UserController extends Controller
if (!empty($password)) {
if (strlen($password) < 8) {
$_SESSION['error'] = 'Password must be at least 8 characters';
$this->redirect('/users/edit?id=' . $userId);
$this->redirect("/users/$userId/edit");
return;
}
$this->userModel->changePassword($userId, $password);
@@ -293,16 +293,16 @@ class UserController extends Controller
} catch (\Exception $e) {
$_SESSION['error'] = 'Failed to update user: ' . $e->getMessage();
$this->redirect('/users/edit?id=' . $userId);
$this->redirect("/users/$userId/edit");
}
}
/**
* Delete user
*/
public function delete()
public function delete($params = [])
{
$userId = (int)($_GET['id'] ?? 0);
$userId = $params['id'] ?? 0;
$user = $this->userModel->find($userId);
if (!$user) {
@@ -342,9 +342,9 @@ class UserController extends Controller
/**
* Toggle user active status
*/
public function toggleStatus()
public function toggleStatus($params = [])
{
$userId = (int)($_GET['id'] ?? 0);
$userId = $params['id'] ?? 0;
$user = $this->userModel->find($userId);
if (!$user) {