<?php
class UsersController extends Controller
{
public function getAllUsers()
{
// Check permissions
$this->requireAuth(['admin']);
$userModel = new User();
$users = $userModel->getAllWithLastLogin();
Response::success('Users retrieved', $users);
}
public function createUser()
{
// Check permissions
$this->requireAuth(['admin']);
// Get and validate request data
$data = $this->getRequestData();
$this->validateRequiredFields($data, ['username', 'password', 'email', 'full_name', 'role']);
// Sanitize input
$data = $this->sanitizeInput($data);
// Validate role
$validRoles = ['admin', 'manager', 'cashier'];
if (!in_array($data['role'], $validRoles)) {
Response::error('Invalid role', 400);
}
// Create user
$userModel = new User();
try {
$userId = $userModel->create([
'username' => $data['username'],
'password' => $data['password'],
'email' => $data['email'],
'full_name' => $data['full_name'],
'role' => $data['role'],
'status' => isset($data['status']) ? $data['status'] : 'active'
]);
// Log activity
Logger::logActivity(
$this->user['user_id'],
'create_user',
"Created user: {$data['username']}"
);
Response::success('User created', ['id' => $userId]);
} catch (Exception $e) {
Response::error('Failed to create user: '.$e->getMessage());
}
}
/**
* @param $id
*/
public function getUser($id)
{
// Check permissions
$this->requireAuth(['admin']);
if (!$id) {
Response::error('User ID is required', 400);
}
$userModel = new User();
$user = $userModel->findById($id);
if (!$user) {
Response::error('User not found', 404);
}
// Remove sensitive data
unset($user['password']);
Response::success('User retrieved', $user);
}
/**
* @param $id
*/
public function updateUser($id)
{
// Check permissions
$this->requireAuth(['admin']);
if (!$id) {
Response::error('User ID is required', 400);
}
// Get and validate request data
$data = $this->getRequestData();
// Sanitize input
$data = $this->sanitizeInput($data);
// Validate role if provided
if (isset($data['role'])) {
$validRoles = ['admin', 'manager', 'cashier'];
if (!in_array($data['role'], $validRoles)) {
Response::error('Invalid role', 400);
}
}
// Get existing user
$userModel = new User();
$user = $userModel->findById($id);
if (!$user) {
Response::error('User not found', 404);
}
// Prevent updating own role or status (admin cannot demote themselves)
if ($id == $this->user['user_id']) {
unset($data['role']);
unset($data['status']);
}
// Check email uniqueness
if (isset($data['email']) && $data['email'] !== $user['email']) {
$emailExists = $userModel->findByEmail($data['email']);
if ($emailExists) {
Response::error('Email already in use by another user', 400);
}
}
// Remove username from update data (cannot be changed)
unset($data['username']);
// Remove password from update data (use separate endpoint for this)
unset($data['password']);
try {
$userModel->update($id, $data);
// Log activity
Logger::logActivity(
$this->user['user_id'],
'update_user',
"Updated user: {$user['username']}"
);
Response::success('User updated');
} catch (Exception $e) {
Response::error('Failed to update user: '.$e->getMessage());
}
}
/**
* @param $id
*/
public function deleteUser($id)
{
// Check permissions
$this->requireAuth(['admin']);
if (!$id) {
Response::error('User ID is required', 400);
}
// Cannot delete self
if ($id == $this->user['user_id']) {
Response::error('You cannot delete your own account', 400);
}
// Get user for logging
$userModel = new User();
$user = $userModel->findById($id);
if (!$user) {
Response::error('User not found', 404);
}
try {
$userModel->delete($id);
// Log activity
Logger::logActivity(
$this->user['user_id'],
'delete_user',
"Deleted user: {$user['username']}"
);
Response::success('User deleted');
} catch (Exception $e) {
Response::error('Failed to delete user: '.$e->getMessage());
}
}
public function changePassword()
{
// Check permissions
$this->requireAuth(['admin']);
// Get and validate request data
$data = $this->getRequestData();
$this->validateRequiredFields($data, ['user_id', 'new_password']);
$userId = intval($data['user_id']);
$newPassword = $data['new_password'];
// Validate password length
if (strlen($newPassword) < 6) {
Response::error('Password must be at least 6 characters long', 400);
}
// Update password
$userModel = new User();
// Check if user exists
$user = $userModel->findById($userId);
if (!$user) {
Response::error('User not found', 404);
}
try {
$userModel->updatePassword($userId, $newPassword);
// Log activity
Logger::logActivity(
$this->user['user_id'],
'change_password',
"Changed password for user: {$user['username']}"
);
Response::success('Password changed successfully');
} catch (Exception $e) {
Response::error('Failed to change password: '.$e->getMessage());
}
}
public function getActivityLog()
{
// Check permissions
$this->requireAuth(['admin']);
// Get pagination params
$pagination = $this->getPaginationParams();
// Get filter params
$userId = isset($_GET['user_id']) ? intval($_GET['user_id']) : null;
// Get activity log
$activityLog = Logger::getActivityLog($userId, $pagination['page'], $pagination['limit']);
Response::success('Activity logs retrieved', $activityLog);
}
public function getProfile()
{
$userId = $this->user['user_id'];
$userModel = new User();
$user = $userModel->findById($userId);
if (!$user) {
Response::error('User not found', 404);
}
// Remove sensitive data
unset($user['password']);
Response::success('Profile retrieved', $user);
}
public function updateProfile()
{
$userId = $this->user['user_id'];
// Get and validate request data
$data = $this->getRequestData();
// Sanitize input
$data = $this->sanitizeInput($data);
// Only allow updating full_name and email
$updateData = [];
if (isset($data['full_name'])) {
$updateData['full_name'] = $data['full_name'];
}
if (isset($data['email'])) {
// Check email uniqueness
$userModel = new User();
$emailExists = $userModel->findByEmail($data['email']);
if ($emailExists && $emailExists['id'] != $userId) {
Response::error('Email already in use by another user', 400);
}
$updateData['email'] = $data['email'];
}
if (empty($updateData)) {
Response::success('No changes to update');
}
try {
$userModel = new User();
$userModel->update($userId, $updateData);
// Log activity
Logger::logActivity(
$userId,
'update_profile',
"Updated own profile"
);
Response::success('Profile updated');
} catch (Exception $e) {
Response::error('Failed to update profile: '.$e->getMessage());
}
}
public function changeOwnPassword()
{
$userId = $this->user['user_id'];
// Get and validate request data
$data = $this->getRequestData();
$this->validateRequiredFields($data, ['current_password', 'new_password']);
$currentPassword = $data['current_password'];
$newPassword = $data['new_password'];
// Validate password length
if (strlen($newPassword) < 6) {
Response::error('Password must be at least 6 characters long', 400);
}
// Check current password
$userModel = new User();
$user = $userModel->findById($userId);
if (!$user || !password_verify($currentPassword, $user['password'])) {
Response::error('Current password is incorrect', 400);
}
try {
$userModel->updatePassword($userId, $newPassword);
// Log activity
Logger::logActivity(
$userId,
'change_own_password',
"Changed own password"
);
Response::success('Password changed successfully');
} catch (Exception $e) {
Response::error('Failed to change password: '.$e->getMessage());
}
}
}