1) Allow admins to edit the admin bit of other admins
2) Don't allow admins to delete themselves (partial fix for ticket #213)
3) Inline user::update(). Don't do form processing in helper methods!
4) Inline user::_get_edit_form() so that we can treat edit forms differently.
Trying to hard to make common functions makes for weird edge cases.
1) create common update function so processing consistent between the
user edit and admin edit.
2) created common private helper function to build the user edit form
the same way.
So a user can now change their user name if the new one doesn't exist.
password field in order for the update to succeed. If there is no
data entered in the primary password field, the confirmation field is
ignored.
Addresses Trac Ticket #4
user modules.
* Don't delete vars when we delete a module. This makes
reinstalling a module a lot easier.
* Add user::lookup() as the preferred way to load a user, so that
other modules don't delve into the user module (that'd be a
problem when we swap out user modules)
* Notify site admins if Akismet is not fully configured
* Bundle all server variables into the comment so that if/when we
re-check the comment, we are not using the server info from the
site admin's request.
* Update Akismet to grab request context data from the comment
* Pre-seed comment fields if we have a logged in user. Update
comment::create() API to clarify it for this.
* Delete comment::update(), that's a controller function.
* Add url to User_Model
* Add author_name() author_email() and author_url() to
Comment_Model. It'll return the appropriate values depending
on whether the comment was left by a logged in user or a guest.
* Use resetForm() instead of clearForm() when we reload the
comment form after ajax submit, this way we preserve the
pre-seeded values.
* In the user profile page, ignore blank passwords.
communicate. Almost all controllers now use JSON to speak to the
theme when we're dealing with form processing. This means tht we only
send the form back and forth, but we use a JSON protocol to tell the
browser success/error status as well as the location of any newly
created resources, or where the browser should redirect the user.
Lots of small changes:
1) Admin -> Edit Profile is gone. Instead I fixed the "Modify Profile" link
in the top right corner to be a modal dialog
2) We use json_encode everywhere. No more Atom/XML for now. We can bring those
back later, though. For now there's a lot of code duplication but that'll be
easy to clean up.
3) REST_Controller is no longer abstract. All methods its subclasses should create
throw exceptions, which means that subclasses don't have to implement stubs for
those methods.
4) New pattern: helper method get_add_form calls take an Item_Model,
not an id since we have to load the Item_Model in the controller
anyway to check permissions.
5) User/Groups REST resources are separate from User/Group in the site
admin. They do different things, we should avoid confusing overlap.
1) We now use __call() in REST_Controller to handle any requests to a controller
that were not already handled. In the case of RESTful controllers, this should
be the only entry point (although they're free to break the model and add other
ones.. nothing stops them).
This means that we can remove all the catch-all routes in
routes.php which greatly simplifies it.
2) Move request_method() and output_format() out of REST_Controller and into the REST
helper in core/helpers/rest.php
3) Experiment with letting the various subclasses check the output_format and deal with
it themselves. This simplifies the API, but it might be a bad idea in that it might
push too much work to the individual controllers. It's a balancing act, time will tell,
I'm willing to change it back later.
GET /form/edit/{controller}/{resource_id} -> controller::_form_edit($resource)
GET /form/add/{controller}/{parameters} -> controller::_form_add($parameters)
* Updated comment, user and core modules to reflect the API changes
* Cleaned up routing and handling of requests to /{controller}
GET /controller -> controller::_index()
POST /controller -> controller::_create()
GET /controller/id -> controller::_show()
PUT /controller/id -> controller::_update()
DELETE /controller/id -> controller::_delete()
GET /form/edit/controller/resource_id -> controller::_form()
GET /form/add/controller/data -> controller::_form()
