BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use Illuminate\Http\Request;
   6
   7 use Illuminate\Support\Facades\Hash;
   8 use BookStack\Http\Requests;
   9 use BookStack\Repos\UserRepo;
  10 use BookStack\Services\SocialAuthService;
  11 use BookStack\User;
  12
  13 class UserController extends Controller
  14 {
  15
  16     protected $user;
  17     protected $userRepo;
  18
  19     /**
  20      * UserController constructor.
  21      * @param $user
  22      */
  23     public function __construct(User $user, UserRepo $userRepo)
  24     {
  25         $this->user = $user;
  26         $this->userRepo = $userRepo;
  27         parent::__construct();
  28     }
  29
  30     /**
  31      * Display a listing of the users.
  32      *
  33      * @return Response
  34      */
  35     public function index()
  36     {
  37         $users = $this->user->all();
  38         $this->setPageTitle('Users');
  39         return view('users/index', ['users' => $users]);
  40     }
  41
  42     /**
  43      * Show the form for creating a new user.
  44      *
  45      * @return Response
  46      */
  47     public function create()
  48     {
  49         $this->checkPermission('user-create');
  50         return view('users/create');
  51     }
  52
  53     /**
  54      * Store a newly created user in storage.
  55      *
  56      * @param  Request $request
  57      * @return Response
  58      */
  59     public function store(Request $request)
  60     {
  61         $this->checkPermission('user-create');
  62         $this->validate($request, [
  63             'name'             => 'required',
  64             'email'            => 'required|email',
  65             'password'         => 'required|min:5',
  66             'password-confirm' => 'required|same:password',
  67             'role'             => 'required|exists:roles,id'
  68         ]);
  69
  70         $user = $this->user->fill($request->all());
  71         $user->password = bcrypt($request->get('password'));
  72         $user->save();
  73
  74         $user->attachRoleId($request->get('role'));
  75         return redirect('/users');
  76     }
  77
  78
  79     /**
  80      * Show the form for editing the specified user.
  81      *
  82      * @param  int              $id
  83      * @param SocialAuthService $socialAuthService
  84      * @return Response
  85      */
  86     public function edit($id, SocialAuthService $socialAuthService)
  87     {
  88         $this->checkPermissionOr('user-update', function () use ($id) {
  89             return $this->currentUser->id == $id;
  90         });
  91
  92         $user = $this->user->findOrFail($id);
  93         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
  94         $this->setPageTitle('User Profile');
  95         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers]);
  96     }
  97
  98     /**
  99      * Update the specified user in storage.
 100      *
 101      * @param  Request $request
 102      * @param  int     $id
 103      * @return Response
 104      */
 105     public function update(Request $request, $id)
 106     {
 107         $this->checkPermissionOr('user-update', function () use ($id) {
 108             return $this->currentUser->id == $id;
 109         });
 110         $this->validate($request, [
 111             'name'             => 'required',
 112             'email'            => 'required|email|unique:users,email,' . $id,
 113             'password'         => 'min:5',
 114             'password-confirm' => 'same:password',
 115             'role'             => 'exists:roles,id'
 116         ]);
 117
 118         $user = $this->user->findOrFail($id);
 119         $user->fill($request->except('password'));
 120
 121         if ($this->currentUser->can('user-update') && $request->has('role')) {
 122             $user->attachRoleId($request->get('role'));
 123         }
 124
 125         if ($request->has('password') && $request->get('password') != '') {
 126             $password = $request->get('password');
 127             $user->password = bcrypt($password);
 128         }
 129         $user->save();
 130         return redirect('/users');
 131     }
 132
 133     /**
 134      * Show the user delete page.
 135      * @param $id
 136      * @return \Illuminate\View\View
 137      */
 138     public function delete($id)
 139     {
 140         $this->checkPermissionOr('user-delete', function () use ($id) {
 141             return $this->currentUser->id == $id;
 142         });
 143         $user = $this->user->findOrFail($id);
 144         $this->setPageTitle('Delete User ' . $user->name);
 145         return view('users/delete', ['user' => $user]);
 146     }
 147
 148     /**
 149      * Remove the specified user from storage.
 150      *
 151      * @param  int $id
 152      * @return Response
 153      */
 154     public function destroy($id)
 155     {
 156         $this->checkPermissionOr('user-delete', function () use ($id) {
 157             return $this->currentUser->id == $id;
 158         });
 159         $user = $this->userRepo->getById($id);
 160         // Delete social accounts
 161         if($this->userRepo->isOnlyAdmin($user)) {
 162             session()->flash('error', 'You cannot delete the only admin');
 163             return redirect($user->getEditUrl());
 164         }
 165         $user->socialAccounts()->delete();
 166         $user->delete();
 167         return redirect('/users');
 168     }
 169 }