View file app/Controllers/User/AdminController.php

File size: 4.13Kb
<?php

declare(strict_types=1);

namespace App\Controllers\User;

use App\Controllers\Controller;
use App\Models\User;
use App\Repositories\FileRepository;
use App\Repositories\ReadRepository;
use App\Repositories\StoryRepository;
use App\Services\Session;
use App\Services\Validator;
use App\Services\View;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;

/**
 * AdminController
 */
class AdminController extends Controller
{
    public function __construct(
        protected View $view,
        protected Session $session,
        protected Validator $validator,
        protected FileRepository $fileRepository,
        protected StoryRepository $storyRepository,
        protected ReadRepository $readRepository,
    ) {}

    /**
     * Edit
     *
     * @param string   $login
     * @param Response $response
     *
     * @return Response
     */
    public function edit(string $login, Response $response): Response
    {
        $user = User::query()->where('login', $login)->first();

        if (! $user) {
            abort(404, 'Пользователь не найден!');
        }

        $isManagement = true;

        return $this->view->render(
            $response,
            'profile/profile',
            compact('user', 'isManagement'),
        );
    }

    /**
     * Store
     *
     * @param string   $login
     * @param Request  $request
     * @param Response $response
     *
     * @return Response
     */
    public function store(string $login, Request $request, Response $response): Response {

        $user = User::query()->where('login', $login)->first();

        if (! $user) {
            abort(404, 'Пользователь не найден!');
        }

        $input = (array) $request->getParsedBody();

        $this->validator
            ->required(['csrf', 'role', 'email'])
            ->same('csrf', $this->session->get('csrf'), 'Неверный идентификатор сессии, повторите действие!')
            ->in('role', User::ROLES)
            ->length('email', 5, 100)
            ->email('email')
            ->length('name', 3, 20);

        if ($this->validator->isValid($input)) {

            $user->update([
                'role'  => sanitize($input['role']),
                'email' => sanitize($input['email']),
                'name'  => sanitize($input['name']),
            ]);

            $this->session->set('flash', ['success' => 'Данные успешно изменены!']);
        } else {
            $this->session->set('flash', ['errors' => $this->validator->getErrors(), 'old' => $input]);
        }

        return $this->redirect($response, route('user-edit', ['login' => $user->login]));
    }

    /**
     * Destroy
     *
     * @param string   $login
     * @param Request  $request
     * @param Response $response
     *
     * @return Response
     */
    public function destroy(string $login, Request $request, Response $response): Response
    {
        $user = User::query()->where('login', $login)->first();

        if (! $user) {
            abort(404, 'Пользователь не найден!');
        }

        if (! isAdmin(User::ADMIN)) {
            abort(403, 'У вас нет прав на удаление пользователей!');
        }

        $input = (array) $request->getParsedBody();

        $this->validator
            ->required('csrf')
            ->same('csrf', $this->session->get('csrf'), 'Неверный идентификатор сессии, повторите действие!')
            ->custom(! in_array($user->role, User::ADMIN_ROLES, true), 'Нельзя удалять администраторов!');

        if ($this->validator->isValid($input)) {
            $user->delete();
        } else {
            $this->session->set('flash', ['errors' => $this->validator->getErrors()]);

            return $this->redirect($response, route('user-edit', ['login' => $user->login]));
        }

        $this->session->set('flash', ['success' => 'Пользователь успешно удален!']);

        return $this->redirect($response, route('users'));
    }
}