Update Pull Request yiisoft#602

rossaddison · May 5, 2024 · 2b23069 · 2b23069
1 parent 826a572
commit 2b23069
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 33 deletions.
diff --git a/blog/resources/rbac/items.php b/blog/resources/rbac/items.php
@@ -18,4 +18,16 @@
         'updatedAt' => 1599036348,
         'createdAt' => 1599036348,
     ],
+
+    /**
+     * Purpose: Effects read-only status of Login text box 
+     * @see Auth/Controller/ChangePasswordController 'canChangePasswordForAnyUser'
+     * @see views/changepassword/change $canChangePasswordForAnyUser
+     */
+    'canChangePasswordForAnyUser' => [
+        'name' => 'canChangePasswordForAnyUser',
+        'type' => 'permission',
+        'updatedAt' => 1599036348,
+        'createdAt' => 1599036348,
+    ],
 ];
diff --git a/blog/resources/views/changepassword/change.php b/blog/resources/views/changepassword/change.php
@@ -35,7 +35,8 @@
                         ->id('changeForm')
                         ->open() ?>
 
-                    <?= Field::text($formModel, 'login')->addInputAttributes(['value'=> $login ?? '', 'readonly'=>'readonly']) ?>
+                    <?= $canChangePasswordForAnyUser ? Field::text($formModel, 'login')->addInputAttributes(['value'=> $login ?? '']) 
+                                                     : Field::text($formModel, 'login')->addInputAttributes(['value'=> $login ?? '', 'readonly'=>'readonly']); ?>
                     <?= Field::password($formModel, 'password') ?>
                     <?= Field::password($formModel, 'newPassword') ?>
                     <?= Field::password($formModel, 'newPasswordVerify') ?>

diff --git a/blog/src/Auth/Controller/ChangePasswordController.php b/blog/src/Auth/Controller/ChangePasswordController.php
@@ -24,12 +24,12 @@ public function __construct(
       private Session $session,
       private Flash $flash,
       private Translator $translator,
-      private CurrentUser $current_user,
+      private CurrentUser $currentUser,
       private WebControllerService $webService, 
       private ViewRenderer $viewRenderer,
     )
     {
-      $this->current_user = $current_user;
+      $this->currentUser = $currentUser;
       $this->session = $session;      
       $this->flash = new Flash($session);
       $this->translator = $translator;
@@ -46,36 +46,35 @@ public function change(
     ): ResponseInterface {
       if ($authService->isGuest()) {
           return $this->redirectToMain();
-      }  
-      // permit an authenticated user, ie. not a guest, only and null!== current user
-      if (!$authService->isGuest()) {
-        if ($this->current_user->can('viewInv',[])) {
-          // readonly the login detail on the change form
-          $identity_id = $this->current_user->getIdentity()->getId();
-          if (null!==$identity_id) {
-            $identity = $identityRepository->findIdentity($identity_id);
-            if (null!==$identity) {
-              // Identity and User are in a HasOne relationship so no null value
-              $login = $identity->getUser()?->getLogin();
-              if ($request->getMethod() === Method::POST
-                && $formHydrator->populate($changePasswordForm, $request->getParsedBody())
-                && $changePasswordForm->change() 
-              ) {
-                // Identity implements CookieLoginIdentityInterface: ensure the regeneration of the cookie auth key by means of $authService->logout();
-                // @see vendor\yiisoft\user\src\Login\Cookie\CookieLoginIdentityInterface 
-
-                // Specific note: "Make sure to invalidate earlier issued keys when you implement force user logout,
-                // PASSWORD CHANGE and other scenarios, that require forceful access revocation for old sessions.
-                // The authService logout function will regenerate the auth key here => overwriting any auth key
-                $authService->logout();
-                $this->flash_message('success', $this->translator->translate('validator.password.change'));
-                return $this->redirectToMain();
-              }
-              return $this->viewRenderer->render('change', ['formModel' => $changePasswordForm, 'login' => $login]);
-            } // identity
-          } // identity_id 
-        } // current user
-      } // auth service 
+      }
+
+      $identity_id = $this->currentUser->getIdentity()->getId();
+      if (null!==$identity_id) {
+        $identity = $identityRepository->findIdentity($identity_id);
+        if (null!==$identity) {
+          // Identity and User are in a HasOne relationship so no null value
+          $login = $identity->getUser()?->getLogin();
+          if ($request->getMethod() === Method::POST
+            && $formHydrator->populate($changePasswordForm, $request->getParsedBody())
+            && $changePasswordForm->change() 
+          ) {
+            // Identity implements CookieLoginIdentityInterface: ensure the regeneration of the cookie auth key by means of $authService->logout();
+            // @see vendor\yiisoft\user\src\Login\Cookie\CookieLoginIdentityInterface 
+            // Specific note: "Make sure to invalidate earlier issued keys when you implement force user logout,
+            // PASSWORD CHANGE and other scenarios, that require forceful access revocation for old sessions.
+            // The authService logout function will regenerate the auth key here => overwriting any auth key
+            $authService->logout();
+            $this->flash_message('success', $this->translator->translate('validator.password.change'));
+            return $this->redirectToMain();
+          }
+          return $this->viewRenderer->render('change', 
+                  [
+                      'formModel' => $changePasswordForm, 
+                      'login' => $login,
+                      'canChangePasswordForAnyUser' => $this->currentUser->can('changePasswordForAnyUser')    
+                  ]);
+        } // identity
+      } // identity_id 
     } // reset
 
     /**