UserService
Table of contents
1. Overview Table of Contents
The UserService class provides high-level user management operations such as account deactivation, password updates, profile image handling, and access restrictions. It is designed to support both user self-management and admin-level user administration.
Setup
use Core\Services\UserService;
✅ Common Use Cases
- Safely delete users (excluding admins)
- Manage and sort profile images
- Update and validate user passwords
- Handle account deactivation and reset flags
- Send user-related emails (e.g., password reset, deactivation)
2. ⚙️ Public Methods Table of Contents
deleteIfAllowed(int $id, bool $unlink = false): void
Deletes a user if they are not an admin. Optionally removes their profile images if $unlink is true.
UserService::deleteIfAllowed(5, true);
deleteProfileImage(Input $request): array
Deletes a profile image based on an ID passed via request. Returns a JSON-compatible response array.
$response = UserService::deleteProfileImage($request);
ensureAuthenticatedUser(Users $user): void
Ensures that the user being modified matches the currently logged-in user. If not, redirects with an error message.
UserService::ensureAuthenticatedUser($user);
handleProfileImages(Users $user, ?Uploads $uploads, ?string $sortedImages): void
Handles profile image uploading and image order sorting.
UserService::handleProfileImages($user, $uploads, $sortedJson);
updatePassword(Users $user, Input $request): bool
Updates the user’s password if the current password is correct and the new password passes validation.
$success = UserService::updatePassword($user, $request);
sendWhenSetToInactive(Users $user, bool $shouldSendEmail = false): void
Sends an account deactivation email if $shouldSendEmail is true.
UserService::sendWhenSetToInactive($user, true);
sendWhenSetToResetPW(Users $user, bool $shouldSendEmail = false): void
Sends a password reset email if $shouldSendEmail is true.
UserService::sendWhenSetToResetPW($user, true);
toggleAccountStatus(Users $user, Input $request, ?int $currentInactive = null): bool
Toggles the inactive status based on request input. Returns true if the account was just deactivated.
$shouldEmail = UserService::toggleAccountStatus($user, $request, $previousInactive);
toggleResetPassword(Users $user, Input $request, ?int $currentReset = null): bool
Toggles the reset_password flag based on request input. Returns true if it was just activated.
$shouldEmail = UserService::toggleResetPassword($user, $request, $previousReset);
3. 📦 Related ComponentsTable of Contents
AuthService– Used to validate current user identity and confirm password fields.ProfileImages– Handles image persistence, deletion, and sorting.Uploads– File upload handler.AccountDeactivatedMailer / PasswordResetMailer– Responsible for user notification emails.Users– Model representing application users.
4. Examples Table of Contents
A. Password Reset
You can use the UserService::toggleResetPassword and UserService::sendWhenSetToResetPW to send an E-mail to a user when an administrator sets the reset_password field for an account. An example is shown below:
public function setResetPasswordAction($id) {
$user = Users::findById((int)$id);
$resetPW = $user->reset_password;
DashboardService::checkIfCurrentUser($user);
if($this->request->isPost()) {
$this->request->csrfCheck();
$user->assign($this->request->get(), Users::blackListedFormKeys);
$shouldSendEmail = UserService::toggleResetPassword($user, $this->request, $resetPW);
if($user->save()) {
UserService::sendWhenSetToResetPW($user, $shouldSendEmail);
redirect('admindashboard.details', [$user->id]);
}
}
$this->view->user = $user;
$this->view->displayErrors = $user->getErrorMessages();
$this->view->postAction = route('admindashboard.setResetPassword', [$user->id]);
$this->view->render('admindashboard.set_reset_password', true, true);
}
The toggleResetPassword function manages the user’s reset_password field and returns true if a password reset E-mail should be sent. The sendWhenSetToResetPW function creates an event for sending the E-mail only if $shouldSendEmail is true. For example, when the administrator removes the reset_password status for a user.
B. Account Deactivation
Below is an example for sending an E-mail when the administrator deactivates an account:
public function setStatusAction($id) {
$user = Users::findById((int)$id);
$inactive = $user->inactive;
DashboardService::checkIfCurrentUser($user);
if($this->request->isPost()) {
$this->request->csrfCheck();
$user->assign($this->request->get(), Users::blackListedFormKeys);
$shouldSendEmail = UserService::toggleAccountStatus($user, $this->request, $inactive);
if($user->save()) {
UserService::sendWhenSetToInactive($user, $shouldSendEmail);
redirect('admindashboard.details', [$user->id]);
}
}
$this->view->user = $user;
$this->view->displayErrors = $user->getErrorMessages();
$this->view->postAction = route('admindashboard.setStatus', [$user->id]);
$this->view->render('admindashboard.set_account_status', true, true);
}
Just like above we follow a similar two step process. We toggle the active and login_attempts fields and send the email after save when appropriate.
4. 🧠 Notes Table of Contents
- Admin users (
["Admin"]ACL) are protected from deletion. - Upload handling assumes that
$_FILES['profileImage']is present for Uploads. - Email methods like
sendWhenSetToInactive()andsendWhenSetToResetPW()rely onAccountDeactivatedMailerandPasswordResetMailerrespectively. toggleAccountStatus()andtoggleResetPassword()help controllers determine if emails should be triggered post-form submission.