User controller refactoring

app/Controllers/Controller.php

@@ -11,6 +11,9 @@ use DI\NotFoundException;
 use League\Flysystem\FileNotFoundException;
 use League\Flysystem\Filesystem;
 use Monolog\Logger;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpNotFoundException;
+use Slim\Exception\HttpUnauthorizedException;
 use Twig\Environment;
 
 /**
@@ -68,4 +71,27 @@ abstract class Controller
 
         return $totalSize;
     }
+
+    /**
+     * @param  Request  $request
+     * @param $id
+     * @param  bool  $authorize
+     * @return mixed
+     * @throws HttpNotFoundException
+     * @throws HttpUnauthorizedException
+     */
+    protected function getUser(Request $request, $id, $authorize = false)
+    {
+        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
+
+        if (!$user) {
+            throw new HttpNotFoundException($request);
+        }
+
+        if ($authorize && $user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
+            throw new HttpUnauthorizedException($request);
+        }
+
+        return $user;
+    }
 }

app/Controllers/UserController.php

@@ -114,14 +114,11 @@ class UserController extends Controller
      * @throws \Twig\Error\LoaderError
      * @throws \Twig\Error\RuntimeError
      * @throws \Twig\Error\SyntaxError
+     * @throws HttpUnauthorizedException
      */
     public function edit(Request $request, Response $response, int $id): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request);
-        }
+        $user = $this->getUser($request, $id, false);
 
         return view()->render($response, 'user/edit.twig', [
             'profile' => false,
@@ -135,14 +132,11 @@ class UserController extends Controller
      * @param  int  $id
      * @return Response
      * @throws HttpNotFoundException
+     * @throws HttpUnauthorizedException
      */
     public function update(Request $request, Response $response, int $id): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request);
-        }
+        $user = $this->getUser($request, $id, false);
 
         if (param($request, 'email') === null) {
             $this->session->alert(lang('email_required'), 'danger');
@@ -204,14 +198,11 @@ class UserController extends Controller
      * @param  int  $id
      * @return Response
      * @throws HttpNotFoundException
+     * @throws HttpUnauthorizedException
      */
     public function delete(Request $request, Response $response, int $id): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request, $response);
-        }
+        $user = $this->getUser($request, $id, false);
 
         if ($user->id === $this->session->get('user_id')) {
             $this->session->alert(lang('cannot_delete'), 'danger');
@@ -238,15 +229,7 @@ class UserController extends Controller
      */
     public function profile(Request $request, Response $response): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $this->session->get('user_id'))->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request);
-        }
-
-        if ($user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
-            throw new HttpUnauthorizedException($request);
-        }
+        $user = $this->getUser($request, $this->session->get('user_id'), true);
 
         return view()->render($response, 'user/edit.twig', [
             'profile' => true,
@@ -264,15 +247,7 @@ class UserController extends Controller
      */
     public function profileEdit(Request $request, Response $response, int $id): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request, $response);
-        }
-
-        if ($user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
-            throw new HttpUnauthorizedException($request);
-        }
+        $user = $this->getUser($request, $id, true);
 
         if (param($request, 'email') === null) {
             $this->session->alert(lang('email_required'), 'danger');
@@ -313,15 +288,7 @@ class UserController extends Controller
      */
     public function refreshToken(Request $request, Response $response, int $id): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request, $response);
-        }
-
-        if ($user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
-            throw new HttpUnauthorizedException($request);
-        }
+        $user = $this->getUser($request, $id, true);
 
         $token = $this->generateNewToken();
 
@@ -347,15 +314,7 @@ class UserController extends Controller
      */
     public function getShareXconfigFile(Request $request, Response $response, int $id): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request, $response);
-        }
-
-        if ($user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
-            throw new HttpUnauthorizedException($request);
-        }
+        $user = $this->getUser($request, $id, true);
 
         if ($user->token === null || $user->token === '') {
             $this->session->alert(lang('no_upload_token'), 'danger');
@@ -393,15 +352,7 @@ class UserController extends Controller
      */
     public function getUploaderScriptFile(Request $request, Response $response, int $id): Response
     {
-        $user = $this->database->query('SELECT * FROM `users` WHERE `id` = ? LIMIT 1', $id)->fetch();
-
-        if (!$user) {
-            throw new HttpNotFoundException($request, $response);
-        }
-
-        if ($user->id !== $this->session->get('user_id') && !$this->session->get('admin', false)) {
-            throw new HttpUnauthorizedException($request);
-        }
+        $user = $this->getUser($request, $id, true);
 
         if ($user->token === null || $user->token === '') {
             $this->session->alert(lang('no_upload_token'), 'danger');

resources/templates/dashboard/system.twig

@@ -53,9 +53,9 @@
             </div>
         </div>
         <div class="row">
-            <div class="col-md-8 mt-3">
+            <div class="col-md-8">
                 <div class="row same-height-container">
-                    <div class="col-md-6">
+                    <div class="col-md-6 mt-3">
                         <div class="card shadow-sm same-height">
                             <div class="card-header"><i class="fas fa-paint-brush fa-fw"></i> {{ lang('theme') }}</div>
                             <div class="card-body">