LimeSurvey API - Master branch

UserManagementController extends LSBaseController
in package

Class UserManagementController

Table of Contents

Properties

$aData  : array<string|int, mixed>
$navData  : array<string|int, mixed>
This array contains the survey / group / question id used by the menu widget.
$sTemplate  : null
$userId  : int

Methods

__construct()  : mixed
Basic initialiser to the base controller class
accessRules()  : array<string|int, mixed>
actionActivationConfirm()  : void|string
Show user activation confirmation
actionAddEditUser()  : mixed
Open modal to edit, or create a new user
actionAddRole()  : string|null
Opens the modal to add dummy users
actionApplyEdit()  : string
Stores changes to user, or triggers userCreateEvent
actionBatchAddGroup()  : string|null|void
Mass edition apply roles
actionBatchApplyRoles()  : string
Mass edition apply roles
actionBatchExpires()  : string
Mass action to set expires
actionBatchPermissions()  : string
Stores the permission settings run via MassEdit
actionBatchSendAndResetLoginData()  : string
Method to resend a password to selected surveyadministrators (MassAction)
actionBatchStatus()  : mixed
Stores the status settings run via MassEdit
actionDeleteConfirm()  : void|string
Show user delete confirmation
actionDeleteMultiple()  : void
Deletes multiple users selected by massive action.
actionDeleteUser()  : string
Handle user deletion request: validates permissions, optionally transfers surveys, deletes the user, and returns a JSON response.
actionExportUser()  : string
Export user records to a downloadable CSV or JSON file.
actionImportUsers()  : string
Imports users from an uploaded CSV or JSON file, creating new users or updating existing ones, then redirects to the user index after adding alert message.
actionIndex()  : string|array<string|int, string>|null
actionRenderSelectedItems()  : void
render selected items for massive action modal
actionRenderUserImport()  : string
Render the import-users modal part for a given import format.
actionSaveRole()  : string|null
Save role of user
actionSaveThemePermissions()  : string
Stores the changed permissions
actionSaveUserPermissions()  : string
Stores the changed permissions
actionTakeOwnership()  : void
Takes ownership on user after confirmation
actionUserActivateDeactivate()  : void|string
Stores the status settings
actionUserPermissions()  : string
Opens a modal to edit user permissions
actionUserTemplatePermissions()  : string|null
Opens a modal to edit user theme permissions
actionViewUser()  : string|null
Show some user detail and statistics
createAbsoluteUrl()  : string
Returns an absolute URL based on the given controller and action information.
createNewUser()  : array<string|int, mixed>
Create new user
deleteUser()  : bool
Attempt to delete the specified user while enforcing permission and safety checks.
filters()  : mixed
loadHelper()  : void
Loads a helper
loadLibrary()  : void
Loads a library
loadModel()  : User
Returns the data model based on the primary key given in the GET variable.
run()  : void
Checks for action specific authorization and then executes an action
updateAdminUser()  : object
Update admin-user
userActivation()  : array<string|int, mixed>
Activate / deactivate user
_checkInstallation()  : void
Check that installation was already done by looking for config.php Will redirect to the installer script if not exists.
applyPermissionFromArray()  : array<string|int, mixed>
Adds permission to a users Needs an array in the form of [PERMISSIONID][PERMISSION]
beforeRender()  : bool
This part comes from renderWrappedTemplate (not the best way to refactoring, but a temporary solution)
customInit()  : mixed
getRandomString()  : string
Creates a random string
getRandomUsername()  : string
Creates a random unique username using prefix
loadPageStates()  : array<string|int, mixed>
Loads page states from a hidden input.
renderJSON()  : void
Method to render an array as a json document (this one called by a lot of actions in different controllers)
sessionControl()  : void
Load and set session vars
createAdminUser()  : array<string|int, mixed>
This method creates a new admin user and returns success or error message
isAllowedToEdit()  : bool
Check if the current user allowed to update $user
renderErrors()  : string
todo this should not be in a controller, find a better place for it (view)

Properties

$aData

public array<string|int, mixed> $aData = []

import for all new controllers/actions (REFACTORING) to pass data before rendering the content

$navData

This array contains the survey / group / question id used by the menu widget.

public array<string|int, mixed> $navData = array()

$sTemplate

public null $sTemplate = \null

this is needed for the preview rendering inside the questioneditor

Methods

__construct()

Basic initialiser to the base controller class

public __construct(string $id[, CWebModule $module = null ]) : mixed
Parameters
$id : string
$module : CWebModule = null
Tags
access

public

actionActivationConfirm()

Show user activation confirmation

public actionActivationConfirm() : void|string
Tags
throws
CException
Return values
void|string

actionAddEditUser()

Open modal to edit, or create a new user

public actionAddEditUser([int|null $userid = null ]) : mixed
Parameters
$userid : int|null = null
Tags
throws
CException

actionAddRole()

Opens the modal to add dummy users

public actionAddRole() : string|null
Tags
throws
CException
Return values
string|null

actionApplyEdit()

Stores changes to user, or triggers userCreateEvent

public actionApplyEdit() : string
Tags
throws
CException
throws
Exception
Return values
string

| JSON

actionBatchAddGroup()

Mass edition apply roles

public actionBatchAddGroup() : string|null|void
Tags
throws
CException
throws
CHttpException
Return values
string|null|void

actionBatchApplyRoles()

Mass edition apply roles

public actionBatchApplyRoles() : string
Tags
throws
CException
Return values
string

actionBatchExpires()

Mass action to set expires

public actionBatchExpires() : string
Tags
throws
CException
Return values
string

actionBatchPermissions()

Stores the permission settings run via MassEdit

public actionBatchPermissions() : string
Tags
throws
CException
Return values
string

actionBatchSendAndResetLoginData()

Method to resend a password to selected surveyadministrators (MassAction)

public actionBatchSendAndResetLoginData() : string
Tags
throws
CException
throws
Exception
Return values
string

actionBatchStatus()

Stores the status settings run via MassEdit

public actionBatchStatus() : mixed
Tags
throws
CException

actionDeleteConfirm()

Show user delete confirmation

public actionDeleteConfirm() : void|string
Tags
throws
CException
Return values
void|string

actionDeleteMultiple()

Deletes multiple users selected by massive action.

public actionDeleteMultiple() : void
Tags
throws
CException
Return values
void

| string

actionDeleteUser()

Handle user deletion request: validates permissions, optionally transfers surveys, deletes the user, and returns a JSON response.

public actionDeleteUser() : string

Performs permission and safety checks, may render a survey-transfer selection when the target owns surveys, transfers surveys when a destination is provided, invokes UserManager->deleteUser for the resolved user model, and returns a JSON partial describing the outcome.

Return values
string

JSON partial containing either:

  • success (false) and errors (array|string|object) when permission or validation checks fail, or
  • success (bool) and message (string) after an attempted deletion, or
  • success (true) and html (string) with a survey-transfer selection when the target owns surveys and no transfer destination was provided.

actionExportUser()

Export user records to a downloadable CSV or JSON file.

public actionExportUser(string $outputFormat[, int $uid = 0 ]) : string

Exports either a single user (when $uid > 0) or all users to a temporary file and sends it as a file download. The exported records are the user attributes with the password field cleared. CSV output uses a UTF-8 BOM and semicolon (;) as the field delimiter with double-quote enclosure.

Parameters
$outputFormat : string

'json' or 'csv' (defaults to 'csv' for unrecognized values)

$uid : int = 0

User ID to export; 0 exports all users

Return values
string

in case of error

actionImportUsers()

Imports users from an uploaded CSV or JSON file, creating new users or updating existing ones, then redirects to the user index after adding alert message.

public actionImportUsers([string $importFormat = 'csv' ]) : string
Parameters
$importFormat : string = 'csv'

Format of the uploaded file; must be "csv" or "json".

Tags
throws
LSUserException

If an unsupported $importFormat is provided.

Return values
string

The rendered error partial when the current user lacks create permission; or redirect.

actionIndex()

public actionIndex() : string|array<string|int, string>|null
Tags
throws
CException
Return values
string|array<string|int, string>|null

actionRenderSelectedItems()

render selected items for massive action modal

public actionRenderSelectedItems() : void
Tags
throws
CHttpException
throws
CException

actionRenderUserImport()

Render the import-users modal part for a given import format.

public actionRenderUserImport([string $importFormat = 'csv' ]) : string
Parameters
$importFormat : string = 'csv'

The import format to render; allowed values are 'csv' or 'json'.

Tags
throws
LSUserException

If an unsupported import format is provided.

Return values
string

The rendered HTML partial for the import modal.

actionSaveRole()

Save role of user

public actionSaveRole() : string|null
Tags
throws
CException
Return values
string|null

actionSaveThemePermissions()

Stores the changed permissions

public actionSaveThemePermissions() : string
Tags
throws
CException
Return values
string

| JSON

actionSaveUserPermissions()

Stores the changed permissions

public actionSaveUserPermissions() : string
Tags
throws
CException
Return values
string

| JSON

actionTakeOwnership()

Takes ownership on user after confirmation

public actionTakeOwnership() : void
Tags
throws
CException
Return values
void

| string

actionUserActivateDeactivate()

Stores the status settings

public actionUserActivateDeactivate() : void|string
Tags
throws
CException
Return values
void|string

actionUserPermissions()

Opens a modal to edit user permissions

public actionUserPermissions() : string
Tags
throws
CException
Return values
string

actionUserTemplatePermissions()

Opens a modal to edit user theme permissions

public actionUserTemplatePermissions() : string|null
Tags
throws
CException
Return values
string|null

actionViewUser()

Show some user detail and statistics

public actionViewUser(int $userid) : string|null
Parameters
$userid : int
Tags
throws
CException
Return values
string|null

createAbsoluteUrl()

Returns an absolute URL based on the given controller and action information.

public createAbsoluteUrl(string $route[, array<string|int, mixed> $params = array() ][, string $schema = '' ][, string $ampersand = '&' ]) : string

The functionality was moved to \LSYii_Application::createPublicUrl, to be safe the function remains here.

Parameters
$route : string

the URL route. This should be in the format of 'ControllerID/ActionID'.

$params : array<string|int, mixed> = array()

additional GET parameters (name=>value). Both the name and value will be URL-encoded.

$schema : string = ''

schema to use (e.g. http, https). If empty, the schema used for the current request will be used.

$ampersand : string = '&'

the token separating name-value pairs in the URL.

Return values
string

the constructed URL

createNewUser()

Create new user

public createNewUser(array<string|int, mixed> $aUser) : array<string|int, mixed>
Parameters
$aUser : array<string|int, mixed>

array with user details

Tags
todo

: move to private function

throws
CException
Return values
array<string|int, mixed>

returns all attributes from model user as an array

deleteUser()

Attempt to delete the specified user while enforcing permission and safety checks.

public deleteUser(int $uid) : bool

Performs permission checks (requires global users:delete), prevents deleting the current user, blocks deletion of forced superadmin accounts, enforces ownership constraints for non-superadmins, and prevents deletion if the user owns any surveys. If all checks pass, delegates deletion to UserManager and returns the deletion result.

Parameters
$uid : int

The ID of the user to delete.

Tags
throws
CException
Return values
bool

true if the user was deleted successfully, false otherwise.

loadHelper()

Loads a helper

public loadHelper(string $helper) : void
Parameters
$helper : string
Tags
access

public

loadLibrary()

Loads a library

public loadLibrary(string $library) : void
Parameters
$library : string
Tags
access

public

loadModel()

Returns the data model based on the primary key given in the GET variable.

public loadModel(int $id) : User

If the data model is not found, an HTTP exception will be raised. Why not a private function here ?

Parameters
$id : int

the ID of the model to be loaded

Tags
throws
CHttpException
Return values
User

object

run()

Checks for action specific authorization and then executes an action

public run(string $action) : void

TODO: check the dbupdate mechanism, do we really want to check db update before every action??

Parameters
$action : string
Tags
access

public

throws
CException
throws
CHttpException

updateAdminUser()

Update admin-user

public updateAdminUser(array<string|int, mixed> $aUser) : object
Parameters
$aUser : array<string|int, mixed>

array with user details

Tags
todo

: move to and private function, but need review unit test before.

throws
CException
Return values
object

user - updated user object

userActivation()

Activate / deactivate user

public userActivation(array<string|int, mixed> $userIds, string $operation) : array<string|int, mixed>
Parameters
$userIds : array<string|int, mixed>
$operation : string

activate or deactivate

Tags
todo

: move this to a private function !!!

Return values
array<string|int, mixed>

_checkInstallation()

Check that installation was already done by looking for config.php Will redirect to the installer script if not exists.

protected _checkInstallation() : void
Tags
access

protected

applyPermissionFromArray()

Adds permission to a users Needs an array in the form of [PERMISSIONID][PERMISSION]

protected applyPermissionFromArray(int $iUserId, array<string|int, mixed> $aPermissionArray) : array<string|int, mixed>

todo REFACTORING this should be moved to model (user or permission)

Parameters
$iUserId : int
$aPermissionArray : array<string|int, mixed>
Return values
array<string|int, mixed>

beforeRender()

This part comes from renderWrappedTemplate (not the best way to refactoring, but a temporary solution)

protected beforeRender(string $view) : bool

todo REFACTORING find all actions that set $aData['surveyid'] and change the layout directly in the action

Parameters
$view : string
Return values
bool

getRandomString()

Creates a random string

protected getRandomString() : string

todo REFACTORING this should be moved to model user ...see getRandomUsername

Return values
string

getRandomUsername()

Creates a random unique username using prefix

protected getRandomUsername(string $prefix) : string

todo this should be moved to model user ...

Parameters
$prefix : string

the prefix to be used

Return values
string

loadPageStates()

Loads page states from a hidden input.

protected loadPageStates() : array<string|int, mixed>
Return values
array<string|int, mixed>

the loaded page states

renderJSON()

Method to render an array as a json document (this one called by a lot of actions in different controllers)

protected renderJSON(array<string|int, mixed> $aData[, mixed $success = true ]) : void
Parameters
$aData : array<string|int, mixed>
$success : mixed = true

sessionControl()

Load and set session vars

protected sessionControl() : void

todo REFACTORING see comments in method

Tags
access

protected

createAdminUser()

This method creates a new admin user and returns success or error message

private createAdminUser(array<string|int, mixed> $aUser[, bool $sendEmail = true ]) : array<string|int, mixed>
Parameters
$aUser : array<string|int, mixed>

array with attributes from user model

$sendEmail : bool = true

true if email should be send, false otherwise

Tags
throws
CException
throws
Exception
Return values
array<string|int, mixed>

isAllowedToEdit()

Check if the current user allowed to update $user

private isAllowedToEdit(mixed $user) : bool
Parameters
$user : mixed
Return values
bool

renderErrors()

todo this should not be in a controller, find a better place for it (view)

private renderErrors(array<string|int, mixed> $errors) : string
Parameters
$errors : array<string|int, mixed>
Return values
string

$errorDiv


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results