BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Auth\Access\SocialAuthService;
   4 use BookStack\Auth\User;
   5 use BookStack\Auth\UserRepo;
   6 use BookStack\Exceptions\UserUpdateException;
   7 use BookStack\Uploads\ImageRepo;
   8 use Illuminate\Http\Request;
   9 use Illuminate\Http\Response;
  10
  11 class UserController extends Controller
  12 {
  13
  14     protected $user;
  15     protected $userRepo;
  16     protected $imageRepo;
  17
  18     /**
  19      * UserController constructor.
  20      * @param User $user
  21      * @param UserRepo $userRepo
  22      * @param ImageRepo $imageRepo
  23      */
  24     public function __construct(User $user, UserRepo $userRepo, ImageRepo $imageRepo)
  25     {
  26         $this->user = $user;
  27         $this->userRepo = $userRepo;
  28         $this->imageRepo = $imageRepo;
  29         parent::__construct();
  30     }
  31
  32     /**
  33      * Display a listing of the users.
  34      * @param Request $request
  35      * @return Response
  36      */
  37     public function index(Request $request)
  38     {
  39         $this->checkPermission('users-manage');
  40         $listDetails = [
  41             'order' => $request->get('order', 'asc'),
  42             'search' => $request->get('search', ''),
  43             'sort' => $request->get('sort', 'name'),
  44         ];
  45         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  46         $this->setPageTitle(trans('settings.users'));
  47         $users->appends($listDetails);
  48         return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);
  49     }
  50
  51     /**
  52      * Show the form for creating a new user.
  53      * @return Response
  54      */
  55     public function create()
  56     {
  57         $this->checkPermission('users-manage');
  58         $authMethod = config('auth.method');
  59         $roles = $this->userRepo->getAllRoles();
  60         return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);
  61     }
  62
  63     /**
  64      * Store a newly created user in storage.
  65      * @param  Request $request
  66      * @return Response
  67      * @throws UserUpdateException
  68      */
  69     public function store(Request $request)
  70     {
  71         $this->checkPermission('users-manage');
  72         $validationRules = [
  73             'name'             => 'required',
  74             'email'            => 'required|email|unique:users,email'
  75         ];
  76
  77         $authMethod = config('auth.method');
  78         if ($authMethod === 'standard') {
  79             $validationRules['password'] = 'required|min:5';
  80             $validationRules['password-confirm'] = 'required|same:password';
  81         } elseif ($authMethod === 'ldap') {
  82             $validationRules['external_auth_id'] = 'required';
  83         }
  84         $this->validate($request, $validationRules);
  85
  86         $user = $this->user->fill($request->all());
  87
  88         if ($authMethod === 'standard') {
  89             $user->password = bcrypt($request->get('password'));
  90         } elseif ($authMethod === 'ldap') {
  91             $user->external_auth_id = $request->get('external_auth_id');
  92         }
  93
  94         $user->save();
  95
  96         if ($request->filled('roles')) {
  97             $roles = $request->get('roles');
  98             $this->userRepo->setUserRoles($user, $roles);
  99         }
 100
 101         $this->userRepo->downloadAndAssignUserAvatar($user);
 102
 103         return redirect('/settings/users');
 104     }
 105
 106     /**
 107      * Show the form for editing the specified user.
 108      * @param  int              $id
 109      * @param \BookStack\Auth\Access\SocialAuthService $socialAuthService
 110      * @return Response
 111      */
 112     public function edit($id, SocialAuthService $socialAuthService)
 113     {
 114         $this->checkPermissionOrCurrentUser('users-manage', $id);
 115
 116         $user = $this->user->findOrFail($id);
 117
 118         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 119
 120         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 121         $this->setPageTitle(trans('settings.user_profile'));
 122         $roles = $this->userRepo->getAllRoles();
 123         return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
 124     }
 125
 126     /**
 127      * Update the specified user in storage.
 128      * @param Request $request
 129      * @param int $id
 130      * @return Response
 131      * @throws UserUpdateException
 132      * @throws \BookStack\Exceptions\ImageUploadException
 133      */
 134     public function update(Request $request, $id)
 135     {
 136         $this->preventAccessForDemoUsers();
 137         $this->checkPermissionOrCurrentUser('users-manage', $id);
 138
 139         $this->validate($request, [
 140             'name'             => 'min:2',
 141             'email'            => 'min:2|email|unique:users,email,' . $id,
 142             'password'         => 'min:5|required_with:password_confirm',
 143             'password-confirm' => 'same:password|required_with:password',
 144             'setting'          => 'array',
 145             'profile_image'    => $this->imageRepo->getImageValidationRules(),
 146         ]);
 147
 148         $user = $this->userRepo->getById($id);
 149         $user->fill($request->except(['email']));
 150
 151         // Email updates
 152         if (userCan('users-manage') && $request->filled('email')) {
 153             $user->email = $request->get('email');
 154         }
 155
 156         // Role updates
 157         if (userCan('users-manage') && $request->filled('roles')) {
 158             $roles = $request->get('roles');
 159             $this->userRepo->setUserRoles($user, $roles);
 160         }
 161
 162         // Password updates
 163         if ($request->filled('password')) {
 164             $password = $request->get('password');
 165             $user->password = bcrypt($password);
 166         }
 167
 168         // External auth id updates
 169         if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
 170             $user->external_auth_id = $request->get('external_auth_id');
 171         }
 172
 173         // Save an user-specific settings
 174         if ($request->filled('setting')) {
 175             foreach ($request->get('setting') as $key => $value) {
 176                 setting()->putUser($user, $key, $value);
 177             }
 178         }
 179
 180         // Save profile image if in request
 181         if ($request->has('profile_image')) {
 182             $imageUpload = $request->file('profile_image');
 183             $this->imageRepo->destroyImage($user->avatar);
 184             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
 185             $user->image_id = $image->id;
 186         }
 187
 188         // Delete the profile image if set to
 189         if ($request->has('profile_image_reset')) {
 190             $this->imageRepo->destroyImage($user->avatar);
 191         }
 192
 193         $user->save();
 194         session()->flash('success', trans('settings.users_edit_success'));
 195
 196         $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
 197         return redirect($redirectUrl);
 198     }
 199
 200     /**
 201      * Show the user delete page.
 202      * @param int $id
 203      * @return \Illuminate\View\View
 204      */
 205     public function delete($id)
 206     {
 207         $this->checkPermissionOrCurrentUser('users-manage', $id);
 208
 209         $user = $this->userRepo->getById($id);
 210         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 211         return view('users.delete', ['user' => $user]);
 212     }
 213
 214     /**
 215      * Remove the specified user from storage.
 216      * @param  int $id
 217      * @return Response
 218      * @throws \Exception
 219      */
 220     public function destroy($id)
 221     {
 222         $this->preventAccessForDemoUsers();
 223         $this->checkPermissionOrCurrentUser('users-manage', $id);
 224
 225         $user = $this->userRepo->getById($id);
 226
 227         if ($this->userRepo->isOnlyAdmin($user)) {
 228             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
 229             return redirect($user->getEditUrl());
 230         }
 231
 232         if ($user->system_name === 'public') {
 233             session()->flash('error', trans('errors.users_cannot_delete_guest'));
 234             return redirect($user->getEditUrl());
 235         }
 236
 237         $this->userRepo->destroy($user);
 238         session()->flash('success', trans('settings.users_delete_success'));
 239
 240         return redirect('/settings/users');
 241     }
 242
 243     /**
 244      * Show the user profile page
 245      * @param $id
 246      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 247      */
 248     public function showProfilePage($id)
 249     {
 250         $user = $this->userRepo->getById($id);
 251
 252         $userActivity = $this->userRepo->getActivity($user);
 253         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 254         $assetCounts = $this->userRepo->getAssetCounts($user);
 255
 256         return view('users.profile', [
 257             'user' => $user,
 258             'activity' => $userActivity,
 259             'recentlyCreated' => $recentlyCreated,
 260             'assetCounts' => $assetCounts
 261         ]);
 262     }
 263
 264     /**
 265      * Update the user's preferred book-list display setting.
 266      * @param $id
 267      * @param Request $request
 268      * @return \Illuminate\Http\RedirectResponse
 269      */
 270     public function switchBookView($id, Request $request)
 271     {
 272         return $this->switchViewType($id, $request, 'books');
 273     }
 274
 275     /**
 276      * Update the user's preferred shelf-list display setting.
 277      * @param $id
 278      * @param Request $request
 279      * @return \Illuminate\Http\RedirectResponse
 280      */
 281     public function switchShelfView($id, Request $request)
 282     {
 283         return $this->switchViewType($id, $request, 'bookshelves');
 284     }
 285
 286     /**
 287      * For a type of list, switch with stored view type for a user.
 288      * @param integer $userId
 289      * @param Request $request
 290      * @param string $listName
 291      * @return \Illuminate\Http\RedirectResponse
 292      */
 293     protected function switchViewType($userId, Request $request, string $listName)
 294     {
 295         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 296
 297         $viewType = $request->get('view_type');
 298         if (!in_array($viewType, ['grid', 'list'])) {
 299             $viewType = 'list';
 300         }
 301
 302         $user = $this->userRepo->getById($userId);
 303         $key = $listName . '_view_type';
 304         setting()->putUser($user, $key, $viewType);
 305
 306         return redirect()->back(302, [], "/settings/users/$userId");
 307     }
 308
 309     /**
 310      * Change the stored sort type for a particular view.
 311      * @param string $id
 312      * @param string $type
 313      * @param Request $request
 314      * @return \Illuminate\Http\RedirectResponse
 315      */
 316     public function changeSort(string $id, string $type, Request $request)
 317     {
 318         $validSortTypes = ['books', 'bookshelves'];
 319         if (!in_array($type, $validSortTypes)) {
 320             return redirect()->back(500);
 321         }
 322         return $this->changeListSort($id, $request, $type);
 323     }
 324
 325     /**
 326      * Update the stored section expansion preference for the given user.
 327      * @param string $id
 328      * @param string $key
 329      * @param Request $request
 330      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
 331      */
 332     public function updateExpansionPreference(string $id, string $key, Request $request)
 333     {
 334         $this->checkPermissionOrCurrentUser('users-manage', $id);
 335         $keyWhitelist = ['home-details'];
 336         if (!in_array($key, $keyWhitelist)) {
 337             return response("Invalid key", 500);
 338         }
 339
 340         $newState = $request->get('expand', 'false');
 341
 342         $user = $this->user->findOrFail($id);
 343         setting()->putUser($user, 'section_expansion#' . $key, $newState);
 344         return response("", 204);
 345     }
 346
 347     /**
 348      * Changed the stored preference for a list sort order.
 349      * @param int $userId
 350      * @param Request $request
 351      * @param string $listName
 352      * @return \Illuminate\Http\RedirectResponse
 353      */
 354     protected function changeListSort(int $userId, Request $request, string $listName)
 355     {
 356         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 357
 358         $sort = $request->get('sort');
 359         if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {
 360             $sort = 'name';
 361         }
 362
 363         $order = $request->get('order');
 364         if (!in_array($order, ['asc', 'desc'])) {
 365             $order = 'asc';
 366         }
 367
 368         $user = $this->user->findOrFail($userId);
 369         $sortKey = $listName . '_sort';
 370         $orderKey = $listName . '_sort_order';
 371         setting()->putUser($user, $sortKey, $sort);
 372         setting()->putUser($user, $orderKey, $order);
 373
 374         return redirect()->back(302, [], "/settings/users/$userId");
 375     }
 376 }