+ Added user group change to profile

app/Controllers/Routing.php

@@ -133,7 +133,7 @@ class Routing
 
             $r->add(['GET', 'POST'], '/admin/users', 'AdminUsers:view', 'AdminUsers');
             $r->add(['GET', 'POST'], '/admin/users/result/{data}[/{page:[1-9]\d*}]', 'AdminUsersResult:view', 'AdminUsersResult');
-            $r->add(['GET', 'POST'], '/admin/users/{action:\w+}/{ids:\d+(?:-\d+)*}', 'AdminUsersAction:view', 'AdminUsersAction');
+            $r->add(['GET', 'POST'], '/admin/users/{action:\w+}/{ids:\d+(?:-\d+)*}[/{token}]', 'AdminUsersAction:view', 'AdminUsersAction');
 
             $r->add('GET',           '/admin/users/promote/{uid:[2-9]|[1-9]\d+}/{pid:[1-9]\d*}/{token}', 'AdminUsersPromote:promote', 'AdminUserPromote');
         }

app/Models/Pages/Admin/Users.php

@@ -80,10 +80,11 @@ abstract class Users extends Admin
      *
      * @param array $selected
      * @param string $action
+     * @param bool $profile
      *
      * @return false|array
      */
-    protected function checkSelected(array $selected, $action)
+    protected function checkSelected(array $selected, $action, $profile = false)
     {
         $selected = \array_map(function ($value) { // ????
             return (int) $value;
@@ -130,7 +131,7 @@ abstract class Users extends Admin
                     }
                     break;
                 case self::ACTION_CHG:
-                    if (! $this->rules->canChangeGroup($user)) {
+                    if (! $this->rules->canChangeGroup($user, $profile)) {
                         $this->fIswev = ['v', \ForkBB\__('You are not allowed to change group for %s', $user->username)];
                         if ($user->isAdmin) {
                             $this->fIswev = ['i', \ForkBB\__('No move admins message')];
@@ -144,6 +145,9 @@ abstract class Users extends Admin
             }
 
             $result[] = $user->id;
+            if ($user->id === $this->user->id) {
+                $this->fIswev = ['i', \ForkBB\__('You are trying to change your own group')];
+            }
         }
 
         if (empty($result)) {

app/Models/Pages/Admin/Users/Action.php

@@ -37,6 +37,15 @@ class Action extends Users
      */
     public function view(array $args, $method)
     {
+        if (isset($args['token'])) {
+            if (! $this->c->Csrf->verify($args['token'], 'AdminUsersAction', $args)) {
+                return $this->c->Message->message('Bad token');
+            }
+            $profile = true;
+        } else {
+            $profile = false;
+        }
+
         $this->rules = $this->c->UsersRules->init();
 
         $error = false;
@@ -52,7 +61,9 @@ class Action extends Users
                 }
                 break;
             case self::ACTION_CHG:
-                if (! $this->rules->changeGroup) {
+                if ($profile && ! $this->rules->canChangeGroup($this->c->users->load((int) $args['ids']), true)) {
+                    $error = true;
+                } elseif (! $profile && ! $this->rules->changeGroup) {
                     $error = true;
                 }
                 break;
@@ -64,7 +75,7 @@ class Action extends Users
             return $this->c->Message->message('Bad request');
         }
 
-        $ids = $this->checkSelected(\explode('-', $args['ids']), $args['action']);
+        $ids = $this->checkSelected(\explode('-', $args['ids']), $args['action'], $profile);
         if (false === $ids) {
             $message = $this->c->Message->message('Action not available');
             $message->fIswev = $this->fIswev; //????
@@ -78,7 +89,7 @@ class Action extends Users
             case self::ACTION_DEL:
                 return $this->delete($args, $method);
             case self::ACTION_CHG:
-                return $this->change($args, $method);
+                return $this->change($args, $method, $profile);
             default:
                 throw new RuntimeException("The action {$args['action']} is unavailable");
         }
@@ -136,8 +147,7 @@ class Action extends Users
     /**
      * Создает массив данных для формы удаления пользователей
      *
-     * @param array $stat
-     * @param int $number
+     * @param array $args
      *
      * @return array
      */
@@ -198,15 +208,21 @@ class Action extends Users
     /**
      * Возвращает список групп доступных для замены
      *
+     * @param bool $profile
+     *
      * @return array
      */
-    protected function groupListForChange()
+    protected function groupListForChange($profile)
     {
         $list = [];
         foreach ($this->c->groups->getList() as $id => $group) {
-            if (! $group->groupGuest && ! $group->groupAdmin) {
                 $list[$id] = $group->g_title;
-            }
+        }
+        unset($list[$this->c->GROUP_GUEST]);
+        if (! $profile) {
+            unset($list[$this->c->GROUP_ADMIN]);
+        } elseif (! $this->user->isAdmin) {
+            $list = [$this->c->GROUP_MEMBER => $list[$this->c->GROUP_MEMBER]];
         }
         return $list;
     }
@@ -216,17 +232,17 @@ class Action extends Users
      *
      * @param array $args
      * @param string $method
+     * @param bool $profile
      *
      * @return Page
      */
-    protected function change(array $args, $method)
+    protected function change(array $args, $method, $profile)
     {
         if ('POST' === $method) {
-            $groupList = \implode(',', \array_keys($this->groupListForChange()));
             $v = $this->c->Validator->reset()
                 ->addRules([
                     'token'     => 'token:AdminUsersAction',
-                    'new_group' => 'required|integer|in:' . $groupList,
+                    'new_group' => 'required|integer|in:' . \implode(',', \array_keys($this->groupListForChange($profile))),
                     'confirm'   => 'required|integer|in:0,1',
                     'move'      => 'string',
                 ])->addAliases([
@@ -243,14 +259,25 @@ class Action extends Users
             $this->c->Cache->delete('stats');       //???? перенести в manager
             $this->c->Cache->delete('forums_mark'); //???? с авто обновлением кеша
 
-            return $this->c->Redirect->page('AdminUsers')->message('Users move redirect');
+            $redirect = $this->c->Redirect;
+            if ($profile) {
+                $user = $this->c->users->load((int) $args['ids']);
+                if ($this->c->ProfileRules->setUser($user)->editProfile) {
+                    $redirect->page('EditUserProfile', ['id' => $user->id]);
+                } else {
+                    $redirect->page('User', ['id' => $user->id, 'name' => $user->username]);
+                }
+            } else {
+                $redirect->page('AdminUsers');
+            }
+            return $redirect->message('Users move redirect');
         }
 
         $this->nameTpl    = 'admin/form';
         $this->classForm  = 'change-group';
         $this->titleForm  = \ForkBB\__('Change user group');
         $this->aCrumbs[]  = [$this->c->Router->link('AdminUsersAction', $args), \ForkBB\__('Change user group')];
-        $this->form       = $this->formChange($args);
+        $this->form       = $this->formChange($args, $profile);
 
         return $this;
     }
@@ -258,12 +285,12 @@ class Action extends Users
     /**
      * Создает массив данных для формы изменения группы пользователей
      *
-     * @param array $stat
-     * @param int $number
+     * @param array $args
+     * @param bool $profile
      *
      * @return array
      */
-    protected function formChange(array $args)
+    protected function formChange(array $args, $profile)
     {
         $yn    = [1 => \ForkBB\__('Yes'), 0 => \ForkBB\__('No')];
         $names = \implode(', ', $this->nameList($this->userList));
@@ -277,7 +304,7 @@ class Action extends Users
                     'fields' => [
                         'new_group' => [
                             'type'      => 'select',
-                            'options'   => $this->groupListForChange(),
+                            'options'   => $this->groupListForChange($profile),
                             'value'     => $this->c->config->o_default_user_group,
                             'caption'   => \ForkBB\__('New group label'),
                             'info'      => \ForkBB\__('New group help', $names),

app/Models/Pages/Profile.php

@@ -78,6 +78,12 @@ abstract class Profile extends Page
     protected function btns($type)
     {
         $btns = [];
+        if ($this->user->isAdmin && ! $this->rules->editProfile) {
+            $btns['change-user-group'] = [
+                $this->linkChangeGroup(),
+                \ForkBB\__('Change user group'),
+            ];
+        }
         if ($this->rules->banUser) {
             $btns['ban-user'] = [
                 $this->c->Router->link('',  ['id' => $this->curUser->id]),
@@ -110,4 +116,21 @@ abstract class Profile extends Page
         }
         return $btns;
     }
+
+    /**
+     * Формирует ссылку на изменение группы пользователя
+     *
+     * @return string
+     */
+    protected function linkChangeGroup()
+    {
+        return $this->c->Router->link('AdminUsersAction',  [
+            'action' => 'change_group',
+            'ids'    => $this->curUser->id,
+            'token'  => $this->c->Csrf->create('AdminUsersAction', [
+                'action' => 'change_group',
+                'ids'    => $this->curUser->id,
+            ]),
+        ]);
+    }
 }

app/Models/Pages/Profile/Edit.php

@@ -224,6 +224,24 @@ class Edit extends Profile
                 'href'  => $this->c->Router->link('EditUserPass', ['id' => $this->curUser->id]),
             ];
         }
+
+        if ($this->rules->changeGroup) {
+            $fields['group'] = [
+                'type'    => 'link',
+                'caption' => \ForkBB\__('Group'),
+                'value'   => $this->curUser->group_id ? $this->curUser->g_title : \ForkBB\__('Change user group'),
+                'title'   => \ForkBB\__('Change user group'),
+                'href'    => $this->linkChangeGroup(),
+            ];
+        } else {
+            $fields['group'] = [
+                'class'   => 'pline',
+                'type'    => 'str',
+                'caption' => \ForkBB\__('Group'),
+                'value'   => $this->curUser->group_id ? $this->curUser->g_title : '-',
+            ];
+        }
+
         if ($this->rules->setTitle) {
             $fields['title'] = [
                 'type'      => 'text',

app/Models/Rules/Profile.php

@@ -67,7 +67,7 @@ class Profile extends Rules
 
     protected function geteditEmail()
     {
-        return $this->admin || $this->my; // ???? разрешать ли модераторам менять email?
+        return $this->my || $this->admin;
     }
 
     protected function getviewLastVisit()
@@ -82,7 +82,7 @@ class Profile extends Rules
 
     protected function getdeleteUser()
     {
-        return ! $this->my && ($this->admin || $this->moderator); // ????
+        return ! $this->my && $this->admin;
     }
 
     protected function getviewIP()
@@ -107,6 +107,11 @@ class Profile extends Rules
 
     protected function geteditWebsite()
     {
-        return $this->admin || (($this->moderator || $this->my) && '1' == $this->user->g_post_links);
+        return $this->admin || (($this->moderator || $this->my) && '1' == $this->user->g_post_links); //????
+    }
+
+    protected function getchangeGroup()
+    {
+        return $this->admin || ($this->my && $this->moderator);
     }
 }

app/Models/Rules/Users.php

@@ -63,8 +63,18 @@ class Users extends Rules
         return $this->profileRules->setUser($user)->banUser;
     }
 
-    public function canChangeGroup(User $user)
+    public function canChangeGroup(User $user, $profile = false)
     {
-        return $this->user->isAdmin && ! $user->isAdmin;
+        if (! $this->profileRules instanceof ProfileRules) {
+            $this->profileRules = $this->c->ProfileRules;
+        }
+
+        if ($profile && $this->user->isAdmin) {
+            return true;
+        } elseif (! $profile && $user->isAdmin) {
+            return false;
+        }
+
+        return $this->profileRules->setUser($user)->changeGroup;
     }
 }

app/lang/en/admin_users.po

@@ -353,3 +353,6 @@ msgstr "No users were found matching your criteria."
 
 msgid "User promote redirect"
 msgstr "User promoted. Redirecting …"
+
+msgid "You are trying to change your own group"
+msgstr "You are trying to change your own group."

app/lang/en/profile.po

@@ -346,10 +346,10 @@ msgid "Delete ban legend"
 msgstr "Delete (administrators only) or ban user"
 
 msgid "Delete user"
-msgstr "Delete user"
+msgstr "Delete"
 
 msgid "Ban user"
-msgstr "Ban user"
+msgstr "Ban"
 
 msgid "Confirm delete legend"
 msgstr "Important: read before deleting user"
@@ -512,3 +512,9 @@ msgstr "Pagination"
 
 msgid "Board configuration redirect"
 msgstr "Board configuration updated. Redirecting …"
+
+msgid "Group"
+msgstr "Group"
+
+msgid "Change user group"
+msgstr "Change user group"

app/lang/ru/admin_users.po

@@ -250,7 +250,7 @@ msgid "All groups"
 msgstr "Все группы"
 
 msgid "Unverified users"
-msgstr "Неподтверждённые"
+msgstr "Непроверенные"
 
 msgid "Submit search"
 msgstr "Начать поиск"
@@ -353,3 +353,6 @@ msgstr "По вашему запросу ничего не найдено."
 
 msgid "User promote redirect"
 msgstr "Пользователь продвинут. Переадресация …"
+
+msgid "You are trying to change your own group"
+msgstr "Вы пытаетесь изменить свою собственную группу."

app/lang/ru/profile.po

@@ -512,3 +512,9 @@ msgstr "Постраничный вывод"
 
 msgid "Board configuration redirect"
 msgstr "Настройка форума обновлены. Переадресация …"
+
+msgid "Group"
+msgstr "Группа"
+
+msgid "Change user group"
+msgstr "Изменить группу пользователя"