getQueryParam('id'); if (empty($userId)) { throw new Error(); } if (!$this->user->isAdmin() && $this->user->getId() != $userId) { throw new Forbidden(); } $user = $this->getEntityManager()->getEntity('User', $userId); if (empty($user)) { throw new NotFound(); } return $this->getAclManager()->getMapData($user); } public function postActionChangeOwnPassword(Request $request): bool { $data = $request->getParsedBody(); if ( !property_exists($data, 'password') || !property_exists($data, 'currentPassword') ) { throw new BadRequest(); } $this->getService('User') ->changePassword( $this->user->getId(), $data->password, true, $data->currentPassword ); return true; } public function postActionChangePasswordByRequest(Request $request): StdClass { $data = $request->getParsedBody(); if (empty($data->requestId) || empty($data->password)) { throw new BadRequest(); } return $this->getService('User')->changePasswordByRequest($data->requestId, $data->password); } public function postActionPasswordChangeRequest(Request $request): bool { $data = $request->getParsedBody(); if (empty($data->userName) || empty($data->emailAddress)) { throw new BadRequest(); } $userName = $data->userName; $emailAddress = $data->emailAddress; $url = null; if (!empty($data->url)) { $url = $data->url; } $this->getService('User')->passwordChangeRequest($userName, $emailAddress, $url); return true; } public function postActionGenerateNewApiKey(Request $request): StdClass { $data = $request->getParsedBody(); if (empty($data->id)) { throw new BadRequest(); } if (!$this->user->isAdmin()) { throw new Forbidden(); } return $this->getRecordService() ->generateNewApiKeyForEntity($data->id) ->getValueMap(); } public function postActionGenerateNewPassword(Request $request): bool { $data = $request->getParsedBody(); if (empty($data->id)) { throw new BadRequest(); } if (!$this->user->isAdmin()) { throw new Forbidden(); } $this->getRecordService()->generateNewPasswordForUser($data->id); return true; } public function beforeCreateLink(): void { if (!$this->user->isAdmin()) { throw new Forbidden(); } } public function beforeRemoveLink(): void { if (!$this->user->isAdmin()) { throw new Forbidden(); } } protected function fetchSearchParamsFromRequest(Request $request): SearchParams { $searchParams = parent::fetchSearchParamsFromRequest($request); $userType = $request->getQueryParam('userType'); if (!$userType) { return $searchParams; } return $searchParams->withWhereAdded( WhereItem::fromRaw([ 'type' => 'isOfType', 'attribute' => 'id', 'value' => $userType, ]) ); } }