Updating user with or without password - CakePHP

Question

I try to find a good and clean way to deal with an admin panel "edit user" in cakePHP v.2.7.

To be clear : I want to be able to edit my user with or without overwriting their password, but the cakePHP validator tool don't let me do what I want...

I've already take a look at CakePHP: Edit Users without changing password and Updating user email and password with CakePHP but it seem really dirty :

• the first one don't apply the rules onUpdate
• the second display the hash (just no... u_u")

There is no other way to do it ? (with as few line as possible)

Answer 1

TL;DR :

View

// add in your view `app/View/Users/edit.ctp`
// a 'fake' field you'll only use on the controller
echo $this->Form->input('new_password');

Controller

// add in your controller `app/Model/User.php@edit()`
// if we have a new password, create key `password` in data
if(!empty($new_password = $this->request->data['User']['new_password']))
  $this->request->data['User']['password'] = $new_password;
else // else, we remove the rules on password
  $this->User->validator()->remove('password');

---

Ok, I finally get what I want, here is my code :

On your app/View/Users/edit.ctp you add a field to your form (a custom one, don't add it to your DB)

<?php
// app/View/Users/edit.ctp
echo $this->Form->create('User');
// your other fields
// a 'fake' field you'll only use on the controller
echo $this->Form->input('new_password');

Don't change your app/Model/User.php ; here is mine :

<?php
// app/Model/User.php
App::uses('AuthComponent', 'Controller/Component');

class User extends AppModel {
  public $validate = array(
    // [...] other rules
    'password' => array(
      'passwordLength'=>array(
        'rule' => array('minLength', 8),
        'message' => 'Too short...',
        ),
      'passwordNotBlank'=>array(
        'rule' => 'notBlank',
        'required' => true,
        'allowEmpty' => false,
        'message' => 'A password is required',
        ),
    ),
  );

  public function beforeSave($options = array()) {
    if (!empty($pwd = $this->data[$this->alias]['password']))
      $this->data[$this->alias]['password'] = AuthComponent::password($pwd);

    return true;
  }
}

And on your app/Controller/UsersController.php you use this :

<?php
public function edit($id = null) {
  $this->User->id = $id;

  if (!$this->User->exists())
    throw new NotFoundException(__('Invalid user'));

  if ($this->request->is('post') || $this->request->is('put')) {
      // IMPORTANT >>>>>>>>>>>
      // if we have a new password, create key `password` in data
    if(!empty($new_password = $this->request->data['User']['new_password']))
      $this->request->data['User']['password'] = $new_password;
    else // else, we remove the rules on password
      $this->User->validator()->remove('password');
      // <<<<<<<<<<<<<<<<<<<<<

      // then we try to save
    if ($this->User->save($this->request->data)) {
      $this->Flash->success(__('The user has been updated'));
      $this->redirect(array('action' => 'index'));
    }
    else
      $this->Flash->warning(__('The user could not be updated.'));
  }
  else {
    $this->request->data = $this->User->read(null, $id);
    unset($this->request->data['User']['password']);
  }
}

With the 4 important lines, you are now able to set a new password if needed or disable the validation on the password.

I used this for reference http://book.cakephp.org/2.0/en/models/data-validation.html#removing-rules-from-the-set