BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use BookStack\Activity;
   6 use Illuminate\Http\Request;
   7
   8 use Illuminate\Http\Response;
   9 use BookStack\Http\Requests;
  10 use BookStack\Repos\UserRepo;
  11 use BookStack\Services\SocialAuthService;
  12 use BookStack\User;
  13
  14 class UserController extends Controller
  15 {
  16
  17     protected $user;
  18     protected $userRepo;
  19
  20     /**
  21      * UserController constructor.
  22      * @param User     $user
  23      * @param UserRepo $userRepo
  24      */
  25     public function __construct(User $user, UserRepo $userRepo)
  26     {
  27         $this->user = $user;
  28         $this->userRepo = $userRepo;
  29         parent::__construct();
  30     }
  31
  32     /**
  33      * Display a listing of the users.
  34      * @return Response
  35      */
  36     public function index()
  37     {
  38         $users = $this->userRepo->getAllUsers();
  39         $this->setPageTitle('Users');
  40         return view('users/index', ['users' => $users]);
  41     }
  42
  43     /**
  44      * Show the form for creating a new user.
  45      * @return Response
  46      */
  47     public function create()
  48     {
  49         $this->checkPermission('users-manage');
  50         $authMethod = config('auth.method');
  51         return view('users/create', ['authMethod' => $authMethod]);
  52     }
  53
  54     /**
  55      * Store a newly created user in storage.
  56      * @param  Request $request
  57      * @return Response
  58      */
  59     public function store(Request $request)
  60     {
  61         $this->checkPermission('users-manage');
  62         $validationRules = [
  63             'name'             => 'required',
  64             'email'            => 'required|email|unique:users,email'
  65         ];
  66
  67         $authMethod = config('auth.method');
  68         if ($authMethod === 'standard') {
  69             $validationRules['password'] = 'required|min:5';
  70             $validationRules['password-confirm'] = 'required|same:password';
  71         } elseif ($authMethod === 'ldap') {
  72             $validationRules['external_auth_id'] = 'required';
  73         }
  74         $this->validate($request, $validationRules);
  75
  76
  77         $user = $this->user->fill($request->all());
  78
  79         if ($authMethod === 'standard') {
  80             $user->password = bcrypt($request->get('password'));
  81         } elseif ($authMethod === 'ldap') {
  82             $user->external_auth_id = $request->get('external_auth_id');
  83         }
  84
  85         $user->save();
  86
  87         if ($request->has('roles')) {
  88             $roles = $request->get('roles');
  89             $user->roles()->sync($roles);
  90         }
  91
  92         // Get avatar from gravatar and save
  93         if (!config('services.disable_services')) {
  94             $avatar = \Images::saveUserGravatar($user);
  95             $user->avatar()->associate($avatar);
  96             $user->save();
  97         }
  98
  99         return redirect('/settings/users');
 100     }
 101
 102     /**
 103      * Show the form for editing the specified user.
 104      * @param  int              $id
 105      * @param SocialAuthService $socialAuthService
 106      * @return Response
 107      */
 108     public function edit($id, SocialAuthService $socialAuthService)
 109     {
 110         $this->checkPermissionOr('users-manage', function () use ($id) {
 111             return $this->currentUser->id == $id;
 112         });
 113
 114         $authMethod = config('auth.method');
 115
 116         $user = $this->user->findOrFail($id);
 117         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 118         $this->setPageTitle('User Profile');
 119         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);
 120     }
 121
 122     /**
 123      * Update the specified user in storage.
 124      * @param  Request $request
 125      * @param  int     $id
 126      * @return Response
 127      */
 128     public function update(Request $request, $id)
 129     {
 130         $this->preventAccessForDemoUsers();
 131         $this->checkPermissionOr('users-manage', function () use ($id) {
 132             return $this->currentUser->id == $id;
 133         });
 134
 135         $this->validate($request, [
 136             'name'             => 'min:2',
 137             'email'            => 'min:2|email|unique:users,email,' . $id,
 138             'password'         => 'min:5|required_with:password_confirm',
 139             'password-confirm' => 'same:password|required_with:password'
 140         ], [
 141             'password-confirm.required_with' => 'Password confirmation required'
 142         ]);
 143
 144         $user = $this->user->findOrFail($id);
 145         $user->fill($request->all());
 146
 147         // Role updates
 148         if (userCan('users-manage') && $request->has('roles')) {
 149             $roles = $request->get('roles');
 150             $user->roles()->sync($roles);
 151         }
 152
 153         // Password updates
 154         if ($request->has('password') && $request->get('password') != '') {
 155             $password = $request->get('password');
 156             $user->password = bcrypt($password);
 157         }
 158
 159         // External auth id updates
 160         if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
 161             $user->external_auth_id = $request->get('external_auth_id');
 162         }
 163
 164         $user->save();
 165         session()->flash('success', 'User successfully updated');
 166         return redirect('/settings/users');
 167     }
 168
 169     /**
 170      * Show the user delete page.
 171      * @param $id
 172      * @return \Illuminate\View\View
 173      */
 174     public function delete($id)
 175     {
 176         $this->checkPermissionOr('users-manage', function () use ($id) {
 177             return $this->currentUser->id == $id;
 178         });
 179
 180         $user = $this->user->findOrFail($id);
 181         $this->setPageTitle('Delete User ' . $user->name);
 182         return view('users/delete', ['user' => $user]);
 183     }
 184
 185     /**
 186      * Remove the specified user from storage.
 187      * @param  int $id
 188      * @return Response
 189      */
 190     public function destroy($id)
 191     {
 192         $this->preventAccessForDemoUsers();
 193         $this->checkPermissionOr('users-manage', function () use ($id) {
 194             return $this->currentUser->id == $id;
 195         });
 196
 197         $user = $this->userRepo->getById($id);
 198         if ($this->userRepo->isOnlyAdmin($user)) {
 199             session()->flash('error', 'You cannot delete the only admin');
 200             return redirect($user->getEditUrl());
 201         }
 202         $this->userRepo->destroy($user);
 203
 204         return redirect('/settings/users');
 205     }
 206
 207     /**
 208      * Show the user profile page
 209      * @param $id
 210      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 211      */
 212     public function showProfilePage($id)
 213     {
 214         $user = $this->userRepo->getById($id);
 215         $userActivity = $this->userRepo->getActivity($user);
 216         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 217         $assetCounts = $this->userRepo->getAssetCounts($user);
 218         return view('users/profile', [
 219             'user' => $user,
 220             'activity' => $userActivity,
 221             'recentlyCreated' => $recentlyCreated,
 222             'assetCounts' => $assetCounts
 223         ]);
 224     }
 225 }