winter/modules/backend/controllers/MyAccount.php at 9aabe55f9092809d5bef70d0529ef9af1a147b78 · wintercms/winter · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php

namespace Backend\Controllers;

use Backend\Behaviors\FormController;
use Backend\Classes\Controller;
use Backend\Facades\BackendAuth;
use Backend\Facades\BackendMenu;
use System\Classes\SettingsManager;

/**
 * My Account controller
 *
 * Allows any authenticated backend user to manage their own account settings.
 * Isolated from the Users controller to prevent privilege escalation via
 * handler dispatch on a controller with degraded permissions.
 *
 * @package winter\wn-backend-module
 * @author Winter CMS
 */
class MyAccount extends Controller
{
    /**
     * @var array Extensions implemented by this controller.
     */
    public $implement = [
        FormController::class,
    ];

    /**
     * @var array Permissions required to view this page.
     *      Empty array — any logged-in user can access their own account.
     */
    public $requiredPermissions = [];

    /**
     * @var string HTML body tag class
     */
    public $bodyClass = 'compact-container';

    public $formLayout = 'sidebar';

    /**
     * Constructor.
     */
    public function __construct()
    {
        parent::__construct();

        BackendMenu::setContext('Winter.System', 'system', 'users');
        SettingsManager::setContext('Winter.Backend', 'myaccount');
    }

    /**
     * My Account page
     */
    public function index()
    {
        $this->pageTitle = 'backend::lang.myaccount.menu_label';
        return $this->asExtension('FormController')->update($this->user->id, 'myaccount');
    }

    /**
     * Save handler for the My Account form
     */
    public function index_onSave()
    {
        $result = $this->asExtension('FormController')->update_onSave($this->user->id, 'myaccount');

        /*
         * If the password or login name has been updated, reauthenticate the user
         */
        $loginChanged = $this->user->login != post('User[login]');
        $passwordChanged = strlen(post('User[password]'));
        if ($loginChanged || $passwordChanged) {
            BackendAuth::login($this->user->reload(), true);
        }

        return $result;
    }
}