From 06a2406e550be13ced18acda2be70bba6ae83302 Mon Sep 17 00:00:00 2001
From: overflowerror <mail@overflowerror.com>
Date: Mon, 18 Jan 2021 16:46:15 +0100
Subject: [PATCH] settings now work

---
 src/Controller/UserController.php | 40 ++++++++++++++++++++++++++++++-
 src/Form/UserType.php             | 14 +++++++----
 templates/user/settings.html.twig | 20 ++++++++++++++++
 templates/user/users.html.twig    | 10 ++++----
 4 files changed, 75 insertions(+), 9 deletions(-)
 create mode 100644 templates/user/settings.html.twig

diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php
index 1bcbcb6..4709322 100644
--- a/src/Controller/UserController.php
+++ b/src/Controller/UserController.php
@@ -198,7 +198,45 @@ class UserController extends AbstractController
             $okay = true;
         }
 
-        return $this->render("user/user-new.html.twig", [
+        return $this->render("user/user-edit.html.twig", [
+            "ok" => $okay,
+            "form" => $form->createView()
+        ]);
+    }
+
+    /**
+     * @Route("/settings", name="app_settings")
+     */
+    public function settings(Request $request): Response
+    {
+        if (!$this->isGranted(User::ROLE_USER)) {
+            throw new AccessDeniedHttpException();
+        }
+
+        $user = $this->userService->getLoggedInUser();
+
+
+        $form = $this->createForm(UserType::class, $user, [
+            "password_optional" => true,
+            "roles" => false
+        ]);
+
+        $okay = false;
+
+        $form->handleRequest($request);
+        if ($form->isSubmitted() && $form->isValid()) {
+            $roles = $user->getRoles();
+
+            $user = $form->getData();
+
+            $user->setRoles($roles);
+
+            $this->userService->update($user);
+
+            $okay = true;
+        }
+
+        return $this->render("user/settings.html.twig", [
             "ok" => $okay,
             "form" => $form->createView()
         ]);
diff --git a/src/Form/UserType.php b/src/Form/UserType.php
index a8af7b1..aca5f30 100644
--- a/src/Form/UserType.php
+++ b/src/Form/UserType.php
@@ -20,14 +20,19 @@ class UserType extends AbstractType
     {
         $builder
             ->add("name", TextType::class)
-            ->add("email", EmailType::class)
-            ->add("roles", ChoiceType::class, [
+            ->add("email", EmailType::class);
+
+        if ($options["roles"]) {
+            $builder->add("roles", ChoiceType::class, [
                 "choices" => [
                     "Admin" => User::ROLE_ADMIN
                 ],
                 "multiple" => true,
                 "expanded" => true,
-            ])
+            ]);
+        }
+
+        $builder
             ->add("newPassword", PasswordType::class, [
                 "always_empty" => true,
                 "required" => !$options["password_optional"]
@@ -39,7 +44,8 @@ class UserType extends AbstractType
     {
         $resolver->setDefaults([
             "data_class" => User::class,
-            "password_optional" => false
+            "password_optional" => false,
+            "roles" => true,
         ]);
     }
 
diff --git a/templates/user/settings.html.twig b/templates/user/settings.html.twig
new file mode 100644
index 0000000..61293e6
--- /dev/null
+++ b/templates/user/settings.html.twig
@@ -0,0 +1,20 @@
+{% extends 'base.html.twig' %}
+
+{% block title %}Settings{% endblock %}
+{% block stylesheets %}
+{% endblock %}
+
+{% block javascripts %}
+    {% if ok %}
+        <script>
+            window.setTimeout(function () {
+                toast("Saved");
+            }, 0);
+        </script>
+    {% endif %}
+{% endblock %}
+
+{% block body %}
+    <h1>Settings</h1>
+    {{ form(form) }}
+{% endblock %}
\ No newline at end of file
diff --git a/templates/user/users.html.twig b/templates/user/users.html.twig
index 569ca52..f80bce0 100644
--- a/templates/user/users.html.twig
+++ b/templates/user/users.html.twig
@@ -28,7 +28,9 @@
                 </th>
             </tr>
             {% for user in users %}
-                {% set canEdit = (user.id == current.id) or (user.isSuperAdmin()) %}
+                {% set isSelf = (user.id == current.id) %}
+                {% set canEdit = current.isSuperAdmin() or not user.isSuperAdmin() %}
+                {% set canDelete = not (isSelf or user.isSuperAdmin()) %}
                 <tr>
                     <td>
                         <input type="checkbox">
@@ -53,8 +55,8 @@
                     </td>
                     <td>
                         <div class="btn-group" role="group">
-                            <a class="btn btn-link {% if canEdit %}disabled{% endif %}"
-                               href="{{ path("app_user_edit") }}?user={{ user.customId }}">
+                            <a class="btn btn-link {% if not canEdit %}disabled{% endif %}"
+                               href="{% if isSelf %}{{ path("app_settings") }}{% else %}{{ path("app_user_edit") }}?user={{ user.customId }}{% endif %}">
                                 <i class="fas fa-cog"></i>
                             </a>
                             <form action="{{ path("app_user_delete") }}" method="POST">
@@ -65,7 +67,7 @@
                                         data-mdb-toggle="dropdown"
                                         aria-expanded="false"
                                         onclick=""
-                                        {% if canEdit %}
+                                        {% if not canDelete %}
                                             disabled
                                         {% endif %}
                                 >