BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use Illuminate\Http\Request;
   6
   7 use Illuminate\Support\Facades\Hash;
   8 use BookStack\Http\Requests;
   9 use BookStack\Repos\UserRepo;
  10 use BookStack\Services\SocialAuthService;
  11 use BookStack\User;
  12
  13 class UserController extends Controller
  14 {
  15
  16     protected $user;
  17     protected $userRepo;
  18
  19     /**
  20      * UserController constructor.
  21      * @param $user
  22      */
  23     public function __construct(User $user, UserRepo $userRepo)
  24     {
  25         $this->user = $user;
  26         $this->userRepo = $userRepo;
  27         parent::__construct();
  28     }
  29
  30     /**
  31      * Display a listing of the users.
  32      *
  33      * @return Response
  34      */
  35     public function index()
  36     {
  37         $users = $this->user->all();
  38         return view('users/index', ['users' => $users]);
  39     }
  40
  41     /**
  42      * Show the form for creating a new user.
  43      *
  44      * @return Response
  45      */
  46     public function create()
  47     {
  48         $this->checkPermission('user-create');
  49         return view('users/create');
  50     }
  51
  52     /**
  53      * Store a newly created user in storage.
  54      *
  55      * @param  Request $request
  56      * @return Response
  57      */
  58     public function store(Request $request)
  59     {
  60         $this->checkPermission('user-create');
  61         $this->validate($request, [
  62             'name'             => 'required',
  63             'email'            => 'required|email',
  64             'password'         => 'required|min:5',
  65             'password-confirm' => 'required|same:password',
  66             'role'             => 'required|exists:roles,id'
  67         ]);
  68
  69         $user = $this->user->fill($request->all());
  70         $user->password = bcrypt($request->get('password'));
  71         $user->save();
  72
  73         $user->attachRoleId($request->get('role'));
  74         return redirect('/users');
  75     }
  76
  77
  78     /**
  79      * Show the form for editing the specified user.
  80      *
  81      * @param  int              $id
  82      * @param SocialAuthService $socialAuthService
  83      * @return Response
  84      */
  85     public function edit($id, SocialAuthService $socialAuthService)
  86     {
  87         $this->checkPermissionOr('user-update', function () use ($id) {
  88             return $this->currentUser->id == $id;
  89         });
  90
  91         $user = $this->user->findOrFail($id);
  92         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
  93         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers]);
  94     }
  95
  96     /**
  97      * Update the specified user in storage.
  98      *
  99      * @param  Request $request
 100      * @param  int     $id
 101      * @return Response
 102      */
 103     public function update(Request $request, $id)
 104     {
 105         $this->checkPermissionOr('user-update', function () use ($id) {
 106             return $this->currentUser->id == $id;
 107         });
 108         $this->validate($request, [
 109             'name'             => 'required',
 110             'email'            => 'required|email|unique:users,email,' . $id,
 111             'password'         => 'min:5',
 112             'password-confirm' => 'same:password',
 113             'role'             => 'exists:roles,id'
 114         ]);
 115
 116         $user = $this->user->findOrFail($id);
 117         $user->fill($request->except('password'));
 118
 119         if ($this->currentUser->can('user-update') && $request->has('role')) {
 120             $user->attachRoleId($request->get('role'));
 121         }
 122
 123         if ($request->has('password') && $request->get('password') != '') {
 124             $password = $request->get('password');
 125             $user->password = bcrypt($password);
 126         }
 127         $user->save();
 128         return redirect('/users');
 129     }
 130
 131     /**
 132      * Show the user delete page.
 133      * @param $id
 134      * @return \Illuminate\View\View
 135      */
 136     public function delete($id)
 137     {
 138         $this->checkPermissionOr('user-delete', function () use ($id) {
 139             return $this->currentUser->id == $id;
 140         });
 141         $user = $this->user->findOrFail($id);
 142         return view('users/delete', ['user' => $user]);
 143     }
 144
 145     /**
 146      * Remove the specified user from storage.
 147      *
 148      * @param  int $id
 149      * @return Response
 150      */
 151     public function destroy($id)
 152     {
 153         $this->checkPermissionOr('user-delete', function () use ($id) {
 154             return $this->currentUser->id == $id;
 155         });
 156         $user = $this->userRepo->getById($id);
 157         // Delete social accounts
 158         if($this->userRepo->isOnlyAdmin($user)) {
 159             session()->flash('error', 'You cannot delete the only admin');
 160             return redirect($user->getEditUrl());
 161         }
 162         $user->socialAccounts()->delete();
 163         $user->delete();
 164         return redirect('/users');
 165     }
 166 }