leonardo/yii2-usuario
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #545 from TonisOrmisson/limit-profile-view

Browse Source 
Add option to limit profile views only for admin users
This commit is contained in:
Lorenzo Milesi
2024-03-08 09:36:09 +01:00
committed by GitHub
parent 65a35e26e8 25c7b90aad
commit 29a878fa4f
4 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -7,6 +7,7 @@
- Fix: Social Network Auth (eluhr) - Fix: Social Network Auth (eluhr)
- Enh #532: /user/registration/register now shows form validation errors - Enh #532: /user/registration/register now shows form validation errors
- Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (TonisOrmisson) - Enh: Allow/suggest new v3 releases of 2amigos 2fa dependencies: 2fa-library, qrcode-library (TonisOrmisson)
- Enh: Added option to disable viewing any other user's profile for non-admin users (TonisOrmisson)
## 1.6.2 Jan 4th, 2024 ## 1.6.2 Jan 4th, 2024

5
docs/install/configuration-options.md
View File

@ -313,6 +313,11 @@ Set to `true` to restrict user assignments to roles only.
If `true` registration and last login IPs are not logged into users table, instead a dummy 127.0.0.1 is used If `true` registration and last login IPs are not logged into users table, instead a dummy 127.0.0.1 is used
#### disableProfileViewsForRegularUsers (type: `boolean`, default: `false`)
If `true` only admin users have access to view any other user's profile. By default any user can see any other users public profile page.
#### minPasswordRequirements (type: `array`, default: `['lower' => 1, 'digit' => 1, 'upper' => 1]`) #### minPasswordRequirements (type: `array`, default: `['lower' => 1, 'digit' => 1, 'upper' => 1]`)
Minimum requirements when a new password is automatically generated. Minimum requirements when a new password is automatically generated.

12
src/User/Controller/ProfileController.php
View File

@ -11,15 +11,20 @@
namespace Da\User\Controller; namespace Da\User\Controller;
use Da\User\Model\User;
use Da\User\Query\ProfileQuery; use Da\User\Query\ProfileQuery;
use Da\User\Traits\ModuleAwareTrait;
use Yii; use Yii;
use yii\base\Module; use yii\base\Module;
use yii\filters\AccessControl; use yii\filters\AccessControl;
use yii\web\Controller; use yii\web\Controller;
use yii\web\ForbiddenHttpException;
use yii\web\NotFoundHttpException; use yii\web\NotFoundHttpException;
class ProfileController extends Controller class ProfileController extends Controller
{ {
use ModuleAwareTrait;
protected $profileQuery; protected $profileQuery;
/** /**
@ -67,6 +72,13 @@ class ProfileController extends Controller
public function actionShow($id) public function actionShow($id)
{ {
$user = Yii::$app->user;
/** @var User $identity */
$identity = $user->getIdentity();
if($user->getId() != $id && $this->module->disableProfileViewsForRegularUsers && !$identity->getIsAdmin()) {
throw new ForbiddenHttpException();
}
$profile = $this->profileQuery->whereUserId($id)->one(); $profile = $this->profileQuery->whereUserId($id)->one();
if ($profile === null) { if ($profile === null) {

4
src/User/Module.php
View File

@ -241,6 +241,10 @@ class Module extends BaseModule
* @var boolean whether to disable IP logging into user table * @var boolean whether to disable IP logging into user table
*/ */
public $disableIpLogging = false; public $disableIpLogging = false;
/**
* @var boolean whether to disable viewing any user's profile for non-admin users
*/
public $disableProfileViewsForRegularUsers = false;
/** /**
* @var array Minimum requirements when a new password is automatically generated. * @var array Minimum requirements when a new password is automatically generated.
* Array structure: `requirement => minimum number characters`. * Array structure: `requirement => minimum number characters`.