VOOZH about

URL: https://deepwiki.com/mathsgod/light/4.3.4-user-management-operations

⇱ User Management Operations | mathsgod/light | DeepWiki

Loading...
Loading...
Last indexed: 31 January 2026 (cf9511)
Menu

UserController

Purpose and Scope

The UserController provides GraphQL mutations and queries for user account management, including creating, updating, and deleting user accounts, as well as password management operations. This controller implements the administrative and self-service user management functionality exposed through the GraphQL API.

For authentication operations (login, logout, 2FA), see AuthController. For user data model details and session management, see User Model and Sessions. For role and permission assignment, see RBAC System.

Sources: src/Controller/UserController.php1-176

Controller Overview

The UserController class is located at src/Controller/UserController.php and provides five main operations:

OperationTypeMethodPermissionDescription
List UsersQuerylistUseruser.listQuery users with filtering (deprecated)
Add UserMutationaddUseruser.addCreate a new user account
Update UserMutationupdateUseruser.updateUpdate user profile fields
Update Password (Admin)MutationupdateUserPassworduser.changePasswordChange another user's password
Change Password (Self)MutationchangeUserPassword(none)Change own password
Delete UserMutationdeleteUseruser.deleteDelete a user account

All operations are protected by authentication (#[Logged]) and/or specific permissions (#[Right]), with additional programmatic checks for administrator-only operations.

Sources: src/Controller/UserController.php22-175

Architecture and Dependencies



Diagram: UserController Architecture and Data Flow


The controller acts as a bridge between GraphQL operations and the underlying User model, enforcing authorization through both declarative annotations and programmatic checks.


Sources: src/Controller/UserController.php1-176 src/Input/User.php1-69 src/Model/User.php1-389




User Listing Query


The listUser query provides filtered user listing with role-based filtering. This query is deprecated - new code should use { app { users } } instead (see Root Query Type).




Implementation Details


The method at src/Controller/UserController.php33-44 implements the following logic:


    

  1. Creates a base query with User::Query()->filters($filters)->sort($sort)
    2. 

  2. If the requesting user is not an Administrator, filters out all users with the Administrators role
    3. 

  3. Returns a Light\Db\Query object that the GraphQL engine can paginate
    4. 



Administrator Filtering




Diagram: Administrator Filtering Logic in listUser


This ensures that non-administrators cannot see or enumerate administrator accounts through the listing API.


Sources: src/Controller/UserController.php33-44




User Creation (addUser)


The addUser mutation creates a new user account with role assignments. It requires the user.add permission.


GraphQL Mutation




Input Structure


The CreateUserInput type (defined in src/Input/User.php8-68) includes:



























































































FieldTypeRequiredDescription
usernameStringYesUnique username
passwordStringYesPlain text password (will be hashed)
first_nameStringYesUser's first name
last_nameStringNoUser's last name
emailStringYesEmail address
phoneStringNoPhone number
addr1, addr2, addr3StringNoAddress fields
birthdateStringNoDate of birth
join_dateStringNoAccount creation date (defaults to today)
expiry_dateStringNoAccount expiration date
statusIntNoAccount status (defaults to 0)
languageStringNoLanguage preference (defaults to "en")
roles[String]YesArray of role names to assign


Creation Flow




Diagram: User Creation Sequence


Key Implementation Details


The implementation at src/Controller/UserController.php114-163 includes:


    

  1. Default Values: Sets join_date to today, status to 0, and language to "en" if not provided
    2. 

  2. Password Validation: Uses System::isValidPassword() to enforce password policy (see src/Controller/UserController.php133-136)
    3. 

  3. Password Hashing: Uses password_hash() with PASSWORD_DEFAULT algorithm
    4. 

  4. Username Uniqueness: Checks for duplicate usernames before saving
    5. 

  5. Role Assignment Protection: Only administrators can assign the "Administrators" role (see src/Controller/UserController.php152-155)
    6. 

  6. Role Creation: Creates UserRole entries for each role in the input
    7. 



Sources: src/Controller/UserController.php114-163 src/Input/User.php8-68




User Updates (updateUser)


The updateUser mutation modifies an existing user's profile fields. It requires the user.update permission and respects the canUpdate authorization check.


GraphQL Mutation




Update Restrictions


The UpdateUserInput type differs from CreateUserInput:


    

  • Includes: username, join_date, expiry_date, status, and all profile fields
    • 

  • Excludes: password (must use dedicated password mutation) and roles (explicitly removed)
    • 



Update Flow and Authorization




Diagram: User Update Authorization and Processing Flow


Authorization Logic


The method at src/Controller/UserController.php50-71 uses User::canUpdate() (defined at src/Model/User.php350-368) which implements these rules:


    

  1. Self-Update: Users can always update their own profile
    2. 

  2. Administrator Protection: Only administrators can update administrator accounts
    3. 

  3. Administrator/Power User Privilege: Administrators and Power Users can update all non-administrator accounts
    4. 



Excluded Fields


The implementation explicitly removes roles from the update data at src/Controller/UserController.php62 Role management requires separate operations through the RBAC system.


Sources: src/Controller/UserController.php50-71 src/Model/User.php350-368 src/Input/User.php9-69




Password Management


The controller provides two distinct password operations: administrative password changes and self-service password changes.


Password Change Operations Comparison































OperationMethodPermissionOld Password RequiredTargetValidation
Admin ChangeupdateUserPassworduser.changePasswordNoAny user in listUserPolicy check
Self ChangechangeUserPassword(logged in)YesSelf onlyPolicy check


Administrative Password Change (updateUserPassword)




Implementation at src/Controller/UserController.php74-89:


    

  1. Uses listUser() to get the target user (respects administrator filtering)
    2. 

  2. Validates the new password against policy using System::isValidPassword()
    3. 

  3. Hashes the password with password_hash()
    4. 

  4. Sets password_dt to current timestamp
    5. 

  5. Saves the user record
    6. 



Self-Service Password Change (changeUserPassword)




Implementation at src/Controller/UserController.php92-110:


    

  1. Verifies the old password with password_verify()
    2. 

  2. Returns false if old password is incorrect
    3. 

  3. Validates the new password against policy
    4. 

  4. Hashes and saves the new password with timestamp
    5. 





Diagram: Password Change Operations


Password Policy Validation


Both operations use System::isValidPassword() to enforce the password policy configured in the system. If validation fails, an exception is thrown with the message "Password is not valid to the password policy".


Sources: src/Controller/UserController.php74-110




User Deletion (deleteUser)


The deleteUser mutation removes a user account permanently. It requires the user.delete permission and respects the canDelete authorization check.


GraphQL Mutation




Deletion Authorization Rules


The method at src/Controller/UserController.php168-174 uses User::canDelete() (defined at src/Model/User.php315-335) which enforces:


    

  1. Self-Deletion Prevention: Users cannot delete themselves
    2. 

  2. Administrator Protection: Only administrators can delete administrator accounts
    3. 

  3. Privilege Requirements: Administrators and Power Users can delete non-administrator accounts
    4. 





Diagram: User Deletion Authorization Flow


Cascading Effects


When a user is deleted through obj.delete(), the Light\Model base class triggers automatic audit logging to EventLog (see Data Layer). Additionally, related records in UserRole may be affected based on foreign key constraints defined in the database schema.


Sources: src/Controller/UserController.php168-174 src/Model/User.php315-335




Authorization and Security Summary


The UserController implements a multi-layered security approach:


Layer 1: Declarative Annotations










































AnnotationUsageEffect
#[Logged]All operationsRequires authenticated user via JWT
#[Right("user.list")]listUserRequires specific permission
#[Right("user.add")]addUserRequires specific permission
#[Right("user.update")]updateUserRequires specific permission
#[Right("user.changePassword")]updateUserPasswordRequires specific permission
#[Right("user.delete")]deleteUserRequires specific permission


Layer 2: Programmatic Checks




Diagram: Security Check Layers in UserController


Layer 3: User Model Authorization


The User model provides centralized authorization logic:



These methods are also exposed as GraphQL fields on the User type, allowing client-side UI to show/hide actions based on permissions.


Sources: src/Controller/UserController.php1-176 src/Model/User.php315-368




Input Type Definitions


The Light\Input\User class at src/Input/User.php defines three GraphQL input types using attribute-based configuration:


Input Type Variants































Input TypePurposeUnique FieldsUsage
CreateUserInputUser creationpassword, rolesaddUser mutation
UpdateUserInputUser updates(excludes password, excludes roles)updateUser mutation
UpdateMyInputSelf-updates(excludes password, username, join_date, etc.)User profile editing


Field Availability by Input Type




Diagram: Input Type Field Availability


The #[Field(for: "...")] annotation at src/Input/User.php13-68 controls which fields appear in each input type variant.


Sources: src/Input/User.php1-69




Integration with Other Systems


The UserController integrates with several other framework components:















































SystemIntegration PointPurpose
Auth Service#[InjectUser] annotationProvides current user context
RBACUser::is(), role checkingDetermines permissions and role membership
User ModelAll operationsData persistence and business logic
UserRole ModeladdUserRole assignment records
System TypeisValidPassword()Password policy validation
EventLogsave(), delete() hooksAutomatic audit trail
Config ModelVia System TypePassword policy configuration


For details on authentication and session management, see Authentication Architecture. For role and permission management beyond user assignment, see Role Hierarchy and Permissions.


Sources: src/Controller/UserController.php1-176
Refresh this wiki
On this page