]> BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Set /app PHP code to PSR-2 standard
[bookstack] / app / Http / Controllers / UserController.php
1 <?php namespace BookStack\Http\Controllers;
2
3 use Exception;
4 use Illuminate\Http\Request;
5 use Illuminate\Http\Response;
6 use BookStack\Repos\UserRepo;
7 use BookStack\Services\SocialAuthService;
8 use BookStack\User;
9
10 class UserController extends Controller
11 {
12
13     protected $user;
14     protected $userRepo;
15
16     /**
17      * UserController constructor.
18      * @param User     $user
19      * @param UserRepo $userRepo
20      */
21     public function __construct(User $user, UserRepo $userRepo)
22     {
23         $this->user = $user;
24         $this->userRepo = $userRepo;
25         parent::__construct();
26     }
27
28     /**
29      * Display a listing of the users.
30      * @param Request $request
31      * @return Response
32      */
33     public function index(Request $request)
34     {
35         $this->checkPermission('users-manage');
36         $listDetails = [
37             'order' => $request->get('order', 'asc'),
38             'search' => $request->get('search', ''),
39             'sort' => $request->get('sort', 'name'),
40         ];
41         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
42         $this->setPageTitle(trans('settings.users'));
43         $users->appends($listDetails);
44         return view('users/index', ['users' => $users, 'listDetails' => $listDetails]);
45     }
46
47     /**
48      * Show the form for creating a new user.
49      * @return Response
50      */
51     public function create()
52     {
53         $this->checkPermission('users-manage');
54         $authMethod = config('auth.method');
55         $roles = $this->userRepo->getAllRoles();
56         return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
57     }
58
59     /**
60      * Store a newly created user in storage.
61      * @param  Request $request
62      * @return Response
63      */
64     public function store(Request $request)
65     {
66         $this->checkPermission('users-manage');
67         $validationRules = [
68             'name'             => 'required',
69             'email'            => 'required|email|unique:users,email'
70         ];
71
72         $authMethod = config('auth.method');
73         if ($authMethod === 'standard') {
74             $validationRules['password'] = 'required|min:5';
75             $validationRules['password-confirm'] = 'required|same:password';
76         } elseif ($authMethod === 'ldap') {
77             $validationRules['external_auth_id'] = 'required';
78         }
79         $this->validate($request, $validationRules);
80
81         $user = $this->user->fill($request->all());
82
83         if ($authMethod === 'standard') {
84             $user->password = bcrypt($request->get('password'));
85         } elseif ($authMethod === 'ldap') {
86             $user->external_auth_id = $request->get('external_auth_id');
87         }
88
89         $user->save();
90
91         if ($request->filled('roles')) {
92             $roles = $request->get('roles');
93             $user->roles()->sync($roles);
94         }
95
96         // Get avatar from gravatar and save
97         if (!config('services.disable_services')) {
98             try {
99                 $avatar = \Images::saveUserGravatar($user);
100                 $user->avatar()->associate($avatar);
101                 $user->save();
102             } catch (Exception $e) {
103                 \Log::error('Failed to save user gravatar image');
104             }
105         }
106
107         return redirect('/settings/users');
108     }
109
110     /**
111      * Show the form for editing the specified user.
112      * @param  int              $id
113      * @param SocialAuthService $socialAuthService
114      * @return Response
115      */
116     public function edit($id, SocialAuthService $socialAuthService)
117     {
118         $this->checkPermissionOr('users-manage', function () use ($id) {
119             return $this->currentUser->id == $id;
120         });
121
122         $user = $this->user->findOrFail($id);
123
124         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
125
126         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
127         $this->setPageTitle(trans('settings.user_profile'));
128         $roles = $this->userRepo->getAllRoles();
129         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
130     }
131
132     /**
133      * Update the specified user in storage.
134      * @param  Request $request
135      * @param  int     $id
136      * @return Response
137      */
138     public function update(Request $request, $id)
139     {
140         $this->preventAccessForDemoUsers();
141         $this->checkPermissionOr('users-manage', function () use ($id) {
142             return $this->currentUser->id == $id;
143         });
144
145         $this->validate($request, [
146             'name'             => 'min:2',
147             'email'            => 'min:2|email|unique:users,email,' . $id,
148             'password'         => 'min:5|required_with:password_confirm',
149             'password-confirm' => 'same:password|required_with:password',
150             'setting'          => 'array'
151         ]);
152
153         $user = $this->user->findOrFail($id);
154         $user->fill($request->all());
155
156         // Role updates
157         if (userCan('users-manage') && $request->filled('roles')) {
158             $roles = $request->get('roles');
159             $user->roles()->sync($roles);
160         }
161
162         // Password updates
163         if ($request->filled('password')) {
164             $password = $request->get('password');
165             $user->password = bcrypt($password);
166         }
167
168         // External auth id updates
169         if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
170             $user->external_auth_id = $request->get('external_auth_id');
171         }
172
173         // Save an user-specific settings
174         if ($request->filled('setting')) {
175             foreach ($request->get('setting') as $key => $value) {
176                 setting()->putUser($user, $key, $value);
177             }
178         }
179
180         $user->save();
181         session()->flash('success', trans('settings.users_edit_success'));
182
183         $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
184         return redirect($redirectUrl);
185     }
186
187     /**
188      * Show the user delete page.
189      * @param int $id
190      * @return \Illuminate\View\View
191      */
192     public function delete($id)
193     {
194         $this->checkPermissionOr('users-manage', function () use ($id) {
195             return $this->currentUser->id == $id;
196         });
197
198         $user = $this->user->findOrFail($id);
199         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
200         return view('users/delete', ['user' => $user]);
201     }
202
203     /**
204      * Remove the specified user from storage.
205      * @param  int $id
206      * @return Response
207      */
208     public function destroy($id)
209     {
210         $this->preventAccessForDemoUsers();
211         $this->checkPermissionOr('users-manage', function () use ($id) {
212             return $this->currentUser->id == $id;
213         });
214
215         $user = $this->userRepo->getById($id);
216
217         if ($this->userRepo->isOnlyAdmin($user)) {
218             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
219             return redirect($user->getEditUrl());
220         }
221
222         if ($user->system_name === 'public') {
223             session()->flash('error', trans('errors.users_cannot_delete_guest'));
224             return redirect($user->getEditUrl());
225         }
226
227         $this->userRepo->destroy($user);
228         session()->flash('success', trans('settings.users_delete_success'));
229
230         return redirect('/settings/users');
231     }
232
233     /**
234      * Show the user profile page
235      * @param $id
236      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
237      */
238     public function showProfilePage($id)
239     {
240         $user = $this->userRepo->getById($id);
241         $userActivity = $this->userRepo->getActivity($user);
242         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
243         $assetCounts = $this->userRepo->getAssetCounts($user);
244         return view('users/profile', [
245             'user' => $user,
246             'activity' => $userActivity,
247             'recentlyCreated' => $recentlyCreated,
248             'assetCounts' => $assetCounts
249         ]);
250     }
251
252     /**
253      * Update the user's preferred book-list display setting.
254      * @param $id
255      * @param Request $request
256      * @return \Illuminate\Http\RedirectResponse
257      */
258     public function switchBookView($id, Request $request)
259     {
260         $this->checkPermissionOr('users-manage', function () use ($id) {
261             return $this->currentUser->id == $id;
262         });
263
264         $viewType = $request->get('book_view_type');
265         if (!in_array($viewType, ['grid', 'list'])) {
266             $viewType = 'list';
267         }
268
269         $user = $this->user->findOrFail($id);
270         setting()->putUser($user, 'books_view_type', $viewType);
271
272         return redirect()->back(302, [], "/settings/users/$id");
273     }
274 }
The core source code for the BookStack project.