From fd9e25ca8c7092e86882ad8b26b35e5bb423f87f Mon Sep 17 00:00:00 2001
From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com>
Date: Tue, 17 Jan 2023 16:49:16 +0100
Subject: [PATCH] create ManageUserController and admin-only access
---
Controllers/ManageUserController.php | 25 +++++++++++++++++++++++++
Models/UserModel.php | 12 ++++++++++++
Views/manageruser/default.php | 4 ++++
3 files changed, 41 insertions(+)
create mode 100644 Controllers/ManageUserController.php
create mode 100644 Views/manageruser/default.php
diff --git a/Controllers/ManageUserController.php b/Controllers/ManageUserController.php
new file mode 100644
index 0000000..b0d3512
--- /dev/null
+++ b/Controllers/ManageUserController.php
@@ -0,0 +1,25 @@
+isUserAdmin($_SESSION["ID"])) {
+ header("Location: /");
+ die();
+ }
+ }
+
+ public function defaultAction(Array $A_urlParams = null, Array $A_postParams = null)
+ {
+ self::admin_or_die();
+ }
+
+ public function searchAction(Array $A_urlParams = null, Array $A_postParams = null)
+ {
+
+ }
+}
diff --git a/Models/UserModel.php b/Models/UserModel.php
index 43ff52d..6ad2eeb 100644
--- a/Models/UserModel.php
+++ b/Models/UserModel.php
@@ -69,6 +69,18 @@ final class UserModel
if ($row === false) return false;
return $row["DISABLED"] !== 1;
}
+
+ public function isUserAdmin($I_id)
+ {
+ $O_model = Model::get();
+ $stmt = $O_model->prepare("SELECT ADMIN FROM USER WHERE ID=:id");
+ $stmt->bindParam("id", $I_id);
+ $stmt->execute();
+
+ $row = $stmt->fetch();
+ if ($row === false) return false;
+ return $row["ADMIN"] === 1;
+ }
public function updateEmailByID($I_id, $S_newEmail){
$O_model = Model::get();
diff --git a/Views/manageruser/default.php b/Views/manageruser/default.php
new file mode 100644
index 0000000..c7fa839
--- /dev/null
+++ b/Views/manageruser/default.php
@@ -0,0 +1,4 @@
+ Default view
+
+ Please search :
+
\ No newline at end of file