Artem Konenko authored 8 years ago and Роман Штейнберг committed 8 years ago

* Add getDepartmentIdByName API (with auxiliary procedure)
* Add teacher insertion (only one at the time)
* Add token checking to user authorization in API handler
* Add throwing away HTTP exceptions in API handler
* Add functions for throwing HTTP exceptions (403, 404)
* Add singing in by tokens in User
* Add autocompleting department's ID by name
* Add error handling (show 400 bad request, if any require data missed)
* Add batch processing
* Add autocompleting job position ID by name

* Eliminate redundant  role
* A little refactor in base.twig around officeTitle ifs
* Eliminate redundant db tables

+ Refactor code

* Integration of drag-drop zone
* Some examples about new file structure

Moved `changeLogin` to Model_Account

Usage: $this->user->Faculty->ID or $this->user->Faculty->getDisciplines()

1) exam page: hide hidden div with ( json data )
2) update session info on profile/settings changes (User.php)
3) fix profile page model ( Model_Teacher )
4) fix change discipline's control type ( sql )
5) fix sql response in bind group ( repeated binding problem )

Moved some functions from Account to Model_Account & Model_Teacher.

It may seem that this commit is rather big, but it's not. Don't be afraid, just read the message. Recently we have understood that it was a bad idea to store rights for pages in a database. So I decided to move the information to PHP layer and make it more clear.

When you write a new controller in Admin/ Dean/ Student/ folder, you should explicitly extend one of Controller_Environment_* classes, and all specific checks will be done there. Additional advantage is manipulating $user variable, so you will have access to extended fields of user, ie User_Student contains StudentID, but User_Teacher does not.

Also, prefer -> operator to []. The reason is simple: IDE shows hints and mismatches only with the first one.

The second important statement is User::checkAccess(User::RIGHTS_*) — call it at the top of *every* function in the Handler/ classes. Exception will be thrown, if user doesn't have enough rights.

NB. If you want to overload "before()" function while extending Environment_* controller, do it in the right way:

    public function before() {
        parent::before();   // always first

        // any magic you like most
    }

* Model User has constants to check access for pages
* Some routes are moved to separate files (app/routes/api)
* New abstract model Container for complex objects like Discipline & Student (with -> access operator)
* New DeanOffice controller with access checks
* New SQL procedure to get info about students
* Profile page for students (/dean_office/students/127)

1) Now user info stored in session
2) Merge GetAccountInfo & GetPersonalInfo