21420560247

Committed 28 Jan 2026 12:59AM UTC coverage: 52.306% (-1.4%) from 53.72%

Build # 21420560247

Build Type

push

github

Committed by

AJenbo

Commit Message

Bump phpunit/phpunit from 9.6.11 to 9.6.33 in /application

Bumps [phpunit/phpunit](https://github.com/sebastianbergmann/phpunit) from 9.6.11 to 9.6.33.
- [Release notes](https://github.com/sebastianbergmann/phpunit/releases)
- [Changelog](https://github.com/sebastianbergmann/phpunit/blob/9.6.33/ChangeLog-9.6.md)
- [Commits](https://github.com/sebastianbergmann/phpunit/compare/9.6.11...9.6.33)

---
updated-dependencies:
- dependency-name: phpunit/phpunit
  dependency-version: 9.6.33
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

Run Details

3039 of 5810 relevant lines covered (52.31%)

12.21 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/application/inc/Http/Controllers/Admin/UserController.php

<?php

namespace App\Http\Controllers\Admin;

use App\Exceptions\Handler as ExceptionHandler;
use App\Exceptions\InvalidInput;
use App\Http\Request;
use App\Models\Email;
use App\Models\User;
use App\Services\ConfigService;
use App\Services\DbService;
use App\Services\EmailService;
use App\Services\OrmService;
use App\Services\RenderService;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Response;
use Throwable;

class UserController extends AbstractAdminController
{
    /**
     * Index page for users.
     */
    public function index(Request $request): Response
    {
        $users = app(OrmService::class)->getByQuery(
            User::class,
            'SELECT * FROM `users` ORDER BY ' . ($request->get('order') ? 'lastlogin' : 'fullname')
        );

        $data = [
            'title'       => _('Users and Groups'),
            'currentUser' => $request->user(),
            'users'       => $users,
        ] + $this->basicPageData($request);

        return $this->render('admin/users', $data);
    }

    /**
     * Page for creating a new user.
     */
    public function newUser(Request $request): Response
    {
        $request->startSession();
        $session = $request->getSession();
        $message = $session->get('message', '');
        $session->remove('message');
        $session->save();

        return $this->render('admin/newuser', ['message' => $message]);
    }

    /**
     * Create a user.
     *
     * The new user must be verified by an admin.
     */
    public function create(Request $request): RedirectResponse
    {
        $fullname = $request->get('fullname');
        $name = $request->getRequestString('name') ?? '';
        $password = $request->getRequestString('password') ?? '';

        $message = _('Your account has been created. An administrator will evaluate it shortly.');

        try {
            if (!$fullname || !$name || !$password) {
                throw new InvalidInput(_('All fields must be filled.'));
            }
            if ($password !== $request->get('password2')) {
                throw new InvalidInput(_('The passwords do not match.'), Response::HTTP_FORBIDDEN);
            }

            $orm = app(OrmService::class);

            if ($orm->getOneByQuery(User::class, 'SELECT * FROM users WHERE name = ' . app(DbService::class)->quote($name))) {
                throw new InvalidInput(_('Username already taken.'));
            }
            $firstUser = !(bool)$orm->getOneByQuery(User::class, 'SELECT * FROM users WHERE access != 0');

            $user = new User([
                'full_name'     => $fullname,
                'nickname'      => $name,
                'password_hash' => '',
                'access_level'  => $firstUser ? User::ADMINISTRATOR : User::NO_ACCESS,
                'last_login'    => time(),
            ]);
            $user->setPassword($password)->save();

            $emailbody = app(RenderService::class)->render('admin/email/newuser', ['fullname' => $fullname]);

            $emailAddress = ConfigService::getDefaultEmail();
            $email = new Email([
                'subject'          => _('New user'),
                'body'             => $emailbody,
                'senderName'       => ConfigService::getString('site_name'),
                'senderAddress'    => $emailAddress,
                'recipientName'    => ConfigService::getString('site_name'),
                'recipientAddress' => $emailAddress,
            ]);

            try {
                app(EmailService::class)->send($email);
            } catch (Throwable $exception) {
                /** @var ExceptionHandler */
                $handler = app(ExceptionHandler::class);
                $handler->report($exception);
                $email->save();
            }
        } catch (InvalidInput $exception) {
            $message = $exception->getMessage();
        }

        $request->startSession();
        $session = $request->getSession();
        $session->set('message', $message);
        $session->save();

        return redirect('/admin/users/new/', Response::HTTP_SEE_OTHER);
    }

    public function editUser(Request $request, int $id): Response
    {
        $user = app(OrmService::class)->getOne(User::class, $id);
        if (!$user) {
            throw new InvalidInput(_('User not found.'), Response::HTTP_NOT_FOUND);
        }

        $data = [
            'title'        => _('Edit') . ' ' . $user->getFullName(),
            'currentUser'  => $request->user(),
            'user'         => $user,
            'accessLevels' => [
                User::NO_ACCESS     => _('No access'),
                User::ADMINISTRATOR => _('Administrator'),
                User::MANAGER       => _('Manager'),
                User::CLERK         => _('Clerk'),
            ],
        ] + $this->basicPageData($request);

        return $this->render('admin/user', $data);
    }

    public function update(Request $request, int $id): JsonResponse
    {
        $user = $request->user();
        if (!$user || (!$user->hasAccess(User::ADMINISTRATOR) && $user->getId() !== $id)) {
            throw new InvalidInput(_('You do not have permission to edit users.'), Response::HTTP_FORBIDDEN);
        }

        // Validate access lavel update
        if ($user->getId() === $id
            && $request->request->getInt('access') !== $user->getAccessLevel()
        ) {
            throw new InvalidInput(_('You can\'t change your own access level.'), Response::HTTP_FORBIDDEN);
        }

        $user = app(OrmService::class)->getOne(User::class, $id);
        if (!$user) {
            throw new InvalidInput(_('User not found.'), Response::HTTP_NOT_FOUND);
        }

        // Validate password update
        $newPassword = $request->getRequestString('password_new');
        if ($newPassword) {
            if (!$user->hasAccess(User::ADMINISTRATOR) && $user->getId() !== $id) {
                throw new InvalidInput(
                    _('You do not have the required access level to change the password for this user.'),
                    Response::HTTP_FORBIDDEN
                );
            }

            $password = $request->getRequestString('password');
            if (!$password || ($user->getId() === $id && !$user->validatePassword($password))) {
                throw new InvalidInput(_('Incorrect password.'), Response::HTTP_FORBIDDEN);
            }

            $user->setPassword($newPassword);
        }

        if ($request->request->has('access')) {
            $user->setAccessLevel($request->request->getInt('access'));
        }

        if ($request->request->has('fullname')) {
            $user->setFullName($request->getRequestString('fullname') ?? '');
        }

        $user->save();

        return new JsonResponse([]);
    }

    public function delete(Request $request, int $id): JsonResponse
    {
        $user = $request->user();
        if (!$user || !$user->hasAccess(User::ADMINISTRATOR)) {
            throw new InvalidInput(_('You do not have permission to edit users.'), Response::HTTP_FORBIDDEN);
        }
        if ($user->getId() === $id) {
            throw new InvalidInput(_('You can\'t delete yourself.'), Response::HTTP_FORBIDDEN);
        }

        $user = app(OrmService::class)->getOne(User::class, $id);
        if ($user) {
            $user->delete();
        }

        return new JsonResponse([]);
    }
}

1	<?php
2
3	namespace App\Http\Controllers\Admin;
4
5	use App\Exceptions\Handler as ExceptionHandler;
6	use App\Exceptions\InvalidInput;
7	use App\Http\Request;
8	use App\Models\Email;
9	use App\Models\User;
10	use App\Services\ConfigService;
11	use App\Services\DbService;
12	use App\Services\EmailService;
13	use App\Services\OrmService;
14	use App\Services\RenderService;
15	use Symfony\Component\HttpFoundation\JsonResponse;
16	use Symfony\Component\HttpFoundation\RedirectResponse;
17	use Symfony\Component\HttpFoundation\Response;
18	use Throwable;
19
20	class UserController extends AbstractAdminController
21	{
22	/**
23	* Index page for users.
24	*/
25	public function index(Request $request): Response
26	{
27	$users = app(OrmService::class)->getByQuery(	×
28	User::class,	×
29	'SELECT * FROM `users` ORDER BY ' . ($request->get('order') ? 'lastlogin' : 'fullname')	×
30	);	×
31
32	$data = [	×
33	'title' => _('Users and Groups'),	×
34	'currentUser' => $request->user(),	×
35	'users' => $users,	×
36	] + $this->basicPageData($request);	×
37
38	return $this->render('admin/users', $data);	×
39	}
40
41	/**
42	* Page for creating a new user.
43	*/
44	public function newUser(Request $request): Response
45	{
46	$request->startSession();	×
47	$session = $request->getSession();	×
48	$message = $session->get('message', '');	×
49	$session->remove('message');	×
50	$session->save();	×
51
52	return $this->render('admin/newuser', ['message' => $message]);	×
53	}
54
55	/**
56	* Create a user.
57	*
58	* The new user must be verified by an admin.
59	*/
60	public function create(Request $request): RedirectResponse
61	{
62	$fullname = $request->get('fullname');	×
63	$name = $request->getRequestString('name') ?? '';	×
64	$password = $request->getRequestString('password') ?? '';	×
65
66	$message = _('Your account has been created. An administrator will evaluate it shortly.');	×
67
68	try {
69	if (!$fullname \|\| !$name \|\| !$password) {	×
70	throw new InvalidInput(_('All fields must be filled.'));	×
71	}
72	if ($password !== $request->get('password2')) {	×
73	throw new InvalidInput(_('The passwords do not match.'), Response::HTTP_FORBIDDEN);	×
74	}
75
76	$orm = app(OrmService::class);	×
77
78	if ($orm->getOneByQuery(User::class, 'SELECT * FROM users WHERE name = ' . app(DbService::class)->quote($name))) {	×
79	throw new InvalidInput(_('Username already taken.'));	×
80	}
81	$firstUser = !(bool)$orm->getOneByQuery(User::class, 'SELECT * FROM users WHERE access != 0');	×
82
83	$user = new User([	×
84	'full_name' => $fullname,	×
85	'nickname' => $name,	×
86	'password_hash' => '',	×
87	'access_level' => $firstUser ? User::ADMINISTRATOR : User::NO_ACCESS,	×
88	'last_login' => time(),	×
89	]);	×
90	$user->setPassword($password)->save();	×
91
92	$emailbody = app(RenderService::class)->render('admin/email/newuser', ['fullname' => $fullname]);	×
93
94	$emailAddress = ConfigService::getDefaultEmail();	×
95	$email = new Email([	×
96	'subject' => _('New user'),	×
97	'body' => $emailbody,	×
98	'senderName' => ConfigService::getString('site_name'),	×
99	'senderAddress' => $emailAddress,	×
100	'recipientName' => ConfigService::getString('site_name'),	×
101	'recipientAddress' => $emailAddress,	×
102	]);	×
103
104	try {
105	app(EmailService::class)->send($email);	×
106	} catch (Throwable $exception) {	×
107	/** @var ExceptionHandler */
108	$handler = app(ExceptionHandler::class);	×
109	$handler->report($exception);	×
110	$email->save();	×
111	}
112	} catch (InvalidInput $exception) {	×
113	$message = $exception->getMessage();	×
114	}
115
116	$request->startSession();	×
117	$session = $request->getSession();	×
118	$session->set('message', $message);	×
119	$session->save();	×
120
121	return redirect('/admin/users/new/', Response::HTTP_SEE_OTHER);	×
122	}
123
124	public function editUser(Request $request, int $id): Response
125	{
126	$user = app(OrmService::class)->getOne(User::class, $id);	×
127	if (!$user) {	×
128	throw new InvalidInput(_('User not found.'), Response::HTTP_NOT_FOUND);	×
129	}
130
131	$data = [	×
132	'title' => _('Edit') . ' ' . $user->getFullName(),	×
133	'currentUser' => $request->user(),	×
134	'user' => $user,	×
135	'accessLevels' => [	×
136	User::NO_ACCESS => _('No access'),	×
137	User::ADMINISTRATOR => _('Administrator'),	×
138	User::MANAGER => _('Manager'),	×
139	User::CLERK => _('Clerk'),	×
140	],	×
141	] + $this->basicPageData($request);	×
142
143	return $this->render('admin/user', $data);	×
144	}
145
146	public function update(Request $request, int $id): JsonResponse
147	{
148	$user = $request->user();	×
149	if (!$user \|\| (!$user->hasAccess(User::ADMINISTRATOR) && $user->getId() !== $id)) {	×
150	throw new InvalidInput(_('You do not have permission to edit users.'), Response::HTTP_FORBIDDEN);	×
151	}
152
153	// Validate access lavel update
154	if ($user->getId() === $id	×
155	&& $request->request->getInt('access') !== $user->getAccessLevel()	×
156	) {
157	throw new InvalidInput(_('You can\'t change your own access level.'), Response::HTTP_FORBIDDEN);	×
158	}
159
160	$user = app(OrmService::class)->getOne(User::class, $id);	×
161	if (!$user) {	×
162	throw new InvalidInput(_('User not found.'), Response::HTTP_NOT_FOUND);	×
163	}
164
165	// Validate password update
166	$newPassword = $request->getRequestString('password_new');	×
167	if ($newPassword) {	×
168	if (!$user->hasAccess(User::ADMINISTRATOR) && $user->getId() !== $id) {	×
169	throw new InvalidInput(	×
170	_('You do not have the required access level to change the password for this user.'),	×
171	Response::HTTP_FORBIDDEN	×
172	);	×
173	}
174
175	$password = $request->getRequestString('password');	×
176	if (!$password \|\| ($user->getId() === $id && !$user->validatePassword($password))) {	×
177	throw new InvalidInput(_('Incorrect password.'), Response::HTTP_FORBIDDEN);	×
178	}
179
180	$user->setPassword($newPassword);	×
181	}
182
183	if ($request->request->has('access')) {	×
184	$user->setAccessLevel($request->request->getInt('access'));	×
185	}
186
187	if ($request->request->has('fullname')) {	×
188	$user->setFullName($request->getRequestString('fullname') ?? '');	×
189	}
190
191	$user->save();	×
192
193	return new JsonResponse([]);	×
194	}
195
196	public function delete(Request $request, int $id): JsonResponse
197	{
198	$user = $request->user();	×
199	if (!$user \|\| !$user->hasAccess(User::ADMINISTRATOR)) {	×
200	throw new InvalidInput(_('You do not have permission to edit users.'), Response::HTTP_FORBIDDEN);	×
201	}
202	if ($user->getId() === $id) {	×
203	throw new InvalidInput(_('You can\'t delete yourself.'), Response::HTTP_FORBIDDEN);	×
204	}
205
206	$user = app(OrmService::class)->getOne(User::class, $id);	×
207	if ($user) {	×
208	$user->delete();	×
209	}
210
211	return new JsonResponse([]);	×
212	}
213	}

AJenbo / agcms / 21420560247

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous