Issue techjoomla#15 fix: User update (patch) is not working for resou…

…rce `com_api&app=users&resource=user`
manojLondhe · Apr 19, 2019 · de887b4 · de887b4
1 parent 37d3a19
commit de887b4
Show file tree

Hide file tree

Showing 2 changed files with 52 additions and 39 deletions.
diff --git a/src/language/en-GB/en-GB.plg_api_users.ini b/src/language/en-GB/en-GB.plg_api_users.ini
@@ -2,7 +2,7 @@ PLG_API_USERS="API - Users"
 PLG_API_USERS_DESCRIPTION="This plugin exposes users to the Joomla! API. Supports creation, listing and login for users."
 PLG_API_USERS_BAD_REQUEST_MESSAGE="Bad request"
 PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE="Required data is empty"
-PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Your account has been created successfully"
+PLG_API_USERS_ACCOUNT_CREATED_SUCCESSFULLY_MESSAGE="Congratulations! Account has been created successfully."
 PLG_API_USERS_PROFILE_CREATED_SUCCESSFULLY_MESSAGE="profile created successfully"
 PLG_API_USERS_UNABLE_CREATE_PROFILE_MESSAGE="Unable to create profile"
 PLG_API_USERS_EASYSOCIAL_NOT_INSTALL_MESSAGE="Easysocial is not installed properly"
@@ -15,3 +15,6 @@ PLG_API_USERS_UNSUPPORTED_METHOD_POST="unsupported method,please use get method"
 PLG_API_USERS_USERS="users/"
 PLG_API_USERS_IN_DELETE="in delete"
 PLG_API_USERS_IN_POST="in post"
+
+; Since v2.0.1
+PLG_API_USERS_ACCOUNT_UPDATED_SUCCESSFULLY_MESSAGE="Account details updated successfully"
diff --git a/src/users/user.php b/src/users/user.php
@@ -28,29 +28,22 @@ class UsersApiResourceUser extends ApiResource
 	 */
 	public function post()
 	{
-		$app = JFactory::getApplication();
-		$userIdentifier = $app->input->get('id', 0, 'String');
-		$formData = $app->input->getArray();
-		$params = JComponentHelper::getParams("com_users");
-		$response = new stdClass;
-
-		$xidentifier = $app->input->server->get('HTTP_IDENTIFIER');
-		$fidentifier = $app->input->server->get('HTTP_FORCECREATE');
-
-		if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '')
-		{
-			ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));
-
-			return;
-		}
+		$app            = JFactory::getApplication();
+		$params         = JComponentHelper::getParams("com_users");
+		$formData       = $app->input->getArray();
+		$userIdentifier = $app->input->get('id', 0, 'string');
+		$xIdentifier    = $app->input->server->get('HTTP_X_IDENTIFIER');
+		$fIdentifier    = $app->input->server->get('HTTP_FORCECREATE');
 
 		// Get current logged in user.
-		$my = JFactory::getUser();
+		$me = JFactory::getUser();
+
+		// Check if $userIdentifier is not set - POST / CREATE user case
 
-		// Check if $userIdentifier is not set
 		if (empty($userIdentifier))
 		{
-			if ($formData['password'] == '')
+			// Validate required fields
+			if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '' || $formData['password'] == '')
 			{
 				ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));
 
@@ -72,33 +65,33 @@ public function post()
 
 			return;
 		}
+		// PATCH / EDIT user case
 		else
 		{
-			// Get a user object
-			$user = $this->retriveUser($xidentifier, $userIdentifier);
-			$passedUserGroups = array();
+			// Get a user object from xIdentifier
+			$user = $this->retriveUser($xIdentifier, $userIdentifier);
 
 			// If user is already present then update it according to access.
 			if (!empty($user->id))
 			{
-				$iAmSuperAdmin	= $my->authorise('core.admin');
+				$iAmSuperAdmin = $me->authorise('core.admin');
 
-				// Check if regular user is tring to update himself.
-				if ($my->id == $user->id || $iAmSuperAdmin)
+				// Check if regular user is trying to update his/her own profile OR if user is superadmin
+				if ($me->id == $user->id || $iAmSuperAdmin)
 				{
-					// If present then update or else dont include.
+					// If password present then update password2 or else dont include.
 					if (!empty($formData['password']))
 					{
 						$formData['password2'] = $formData['password'];
 					}
 
-					// Add newly added groups and keep the old one as it is.
+					/*// Add newly added groups and keep the old one as it is.
 					if (!empty($formData['groups']))
 					{
-						$passedUserGroups['groups'] = array_unique(array_merge($user->groups, $formData['groups']));
-					}
+						$formData['groups'] = array_unique(array_merge($user->groups, $formData['groups']));
+					}*/
 
-					$response = $this->storeUser($user, $passedUserGroups);
+					$response = $this->storeUser($user, $formData);
 					$this->plugin->setResponse($response);
 
 					return;
@@ -112,11 +105,12 @@ public function post()
 			}
 			else
 			{
-				if ($fidentifier)
+				// Forced user creation
+				if ($fIdentifier)
 				{
 					$user = new JUser;
 
-					if ($formData['password'] == '')
+					if ($formData['username'] == '' || $formData['name'] == '' || $formData['email'] == '' || $formData['password'] == '')
 					{
 						ApiError::raiseError(400, JText::_('PLG_API_USERS_REQUIRED_DATA_EMPTY_MESSAGE'));
 
@@ -135,9 +129,10 @@ public function post()
 
 					return;
 				}
+				// User trying to be updated not found
 				else
 				{
-					ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_ABSENT_MESSAGE'));
+					ApiError::raiseError(400, JText::_('PLG_API_USERS_USER_NOT_FOUND_MESSAGE'));
 
 					return;
 				}
@@ -222,8 +217,22 @@ private function getUserId($email)
 	private function storeUser($user, $formData, $isNew = 0)
 	{
 		$response = new stdClass;
+		$ignore   = array();
+
+		// Ignore pasword field if not set to avoid warning on bind()
+		if (!isset($formData['password']))
+		{
+			$ignore[] = 'password';
+		}
+
+		// In case of edit user, set formData->id as $user->id no matter what is passed in x-identifier
+		// Otherwise - it will try to create new user
+		if (!$isNew)
+		{
+			$formData['id'] = $user->id;
+		}
 
-		if (!$user->bind($formData))
+		if (!$user->bind($formData, $ignore))
 		{
 			ApiError::raiseError(400, $user->getError());
 
@@ -237,6 +246,7 @@ private function storeUser($user, $formData, $isNew = 0)
 			return;
 		}
 
+		// Set user id to be returned
 		$response->id = $user->id;
 
 		if ($isNew)
@@ -262,14 +272,14 @@ public function delete()
 	{
 		$app = JFactory::getApplication();
 		$userIdentifier = $app->input->get('id', 0, 'STRING');
-		$xidentifier = $app->input->server->get('HTTP_IDENTIFIER');
+		$xIdentifier = $app->input->server->get('HTTP_X_IDENTIFIER');
 
 		$loggedUser = JFactory::getUser();
 
 		// Check if I am a Super Admin
 		$iAmSuperAdmin = $loggedUser->authorise('core.admin');
 
-		$userToDelete = $this->retriveUser($xidentifier, $userIdentifier);
+		$userToDelete = $this->retriveUser($xIdentifier, $userIdentifier);
 
 		if (!$userToDelete->id)
 		{
@@ -317,19 +327,19 @@ public function delete()
 	/**
 	 * Function retriveUser for get user details depending upon the identifier.
 	 *
-	 * @param   string  $xidentifier     Flag to differentiate the column value.
+	 * @param   string  $xIdentifier     Flag to differentiate the column value.
 	 *
 	 * @param   string  $userIdentifier  username
 	 *
 	 * @return  object  $user  Juser object if user exist otherwise std class.
 	 *
 	 * @since   2.0
 	 */
-	private function retriveUser($xidentifier, $userIdentifier)
+	private function retriveUser($xIdentifier, $userIdentifier)
 	{
 		$user = new stdClass;
 
-		switch ($xidentifier)
+		switch ($xIdentifier)
 		{
 			case 'username':
 				$userId = JUserHelper::getUserId($userIdentifier);