BookStack Code Mirror - bookstack/blobdiff

-<?php namespace BookStack\Auth;

+<?php

-use Activity;

-use BookStack\Entities\Repos\EntityRepo;

+namespace BookStack\Auth;

+

+use BookStack\Actions\ActivityType;

+use BookStack\Auth\Access\UserInviteService;

+use BookStack\Entities\EntityProvider;

+use BookStack\Entities\Models\Book;

+use BookStack\Entities\Models\Bookshelf;

+use BookStack\Entities\Models\Chapter;

+use BookStack\Entities\Models\Page;

use BookStack\Exceptions\NotFoundException;

+use BookStack\Exceptions\NotifyException;

use BookStack\Exceptions\UserUpdateException;

-use BookStack\Uploads\Image;

+use BookStack\Facades\Activity;

+use BookStack\Uploads\UserAvatars;

use Exception;

use Illuminate\Database\Eloquent\Builder;

use Exception;

use Illuminate\Database\Eloquent\Builder;

-use Images;

+use Illuminate\Database\Eloquent\Collection;

+use Illuminate\Pagination\LengthAwarePaginator;

+use Illuminate\Support\Facades\Log;

+use Illuminate\Support\Str;

class UserRepo

{

class UserRepo

{

-

- protected $user;

- protected $role;

- protected $entityRepo;

+ protected $userAvatar;

+ protected $inviteService;

/**

* UserRepo constructor.

/**

* UserRepo constructor.

- * @param User $user

- * @param Role $role

- * @param EntityRepo $entityRepo

*/

- public function __construct(User $user, Role $role, EntityRepo $entityRepo)

+ public function __construct(UserAvatars $userAvatar, UserInviteService $inviteService)

{

- $this->user = $user;

- $this->role = $role;

- $this->entityRepo = $entityRepo;

+ $this->userAvatar = $userAvatar;

+ $this->inviteService = $inviteService;

}

/**

}

/**

- * @param string $email

- * @return User|null

+ * Get a user by their email address.

*/

- public function getByEmail($email)

+ public function getByEmail(string $email): ?User

{

- return $this->user->where('email', '=', $email)->first();

+ return User::query()->where('email', '=', $email)->first();

}

/**

}

/**

- * @param int $id

- * @return User

+ * Get a user by their ID.

*/

- public function getById($id)

+ public function getById(int $id): User

{

- return $this->user->newQuery()->findOrFail($id);

+ return User::query()->findOrFail($id);

}

/**

}

/**

- * Get all the users with their permissions.

- * @return Builder|static

+ * Get a user by their slug.

*/

- public function getAllUsers()

+ public function getBySlug(string $slug): User

{

- return $this->user->with('roles', 'avatar')->orderBy('name', 'asc')->get();

+ return User::query()->where('slug', '=', $slug)->firstOrFail();

+ }

+

+ /**

+ * Get all users as Builder for API.

+ */

+ public function getApiUsersBuilder(): Builder

+ {

+ return User::query()->select(['*'])

+ ->scopes('withLastActivityAt')

+ ->with(['avatar']);

}

/**

* Get all the users with their permissions in a paginated format.

}

/**

* Get all the users with their permissions in a paginated format.

- * @param int $count

- * @param $sortData

- * @return Builder|static

+ * Note: Due to the use of email search this should only be used when

+ * user is assumed to be trusted. (Admin users).

+ * Email search can be abused to extract email addresses.

*/

- public function getAllUsersPaginatedAndSorted($count, $sortData)

+ public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator

{

- $query = $this->user->with('roles', 'avatar')->orderBy($sortData['sort'], $sortData['order']);

+ $sort = $sortData['sort'];

+

+ $query = User::query()->select(['*'])

+ ->scopes(['withLastActivityAt'])

+ ->with(['roles', 'avatar'])

+ ->withCount('mfaValues')

+ ->orderBy($sort, $sortData['order']);

if ($sortData['search']) {

$term = '%' . $sortData['search'] . '%';

if ($sortData['search']) {

$term = '%' . $sortData['search'] . '%';

return $query->paginate($count);

}

return $query->paginate($count);

}

- /**

- * Creates a new user and attaches a role to them.

- * @param array $data

- * @param boolean $verifyEmail

- * @return \BookStack\Auth\User

- */

- public function registerNew(array $data, $verifyEmail = false)

- {

- $user = $this->create($data, $verifyEmail);

- $this->attachDefaultRole($user);

- $this->downloadAndAssignUserAvatar($user);

-

- return $user;

- }

-

- /**

- * Give a user the default role. Used when creating a new user.

- * @param User $user

- */

- public function attachDefaultRole(User $user)

- {

- $roleId = setting('registration-role');

- if ($roleId !== false && $user->roles()->where('id', '=', $roleId)->count() === 0) {

- $user->attachRoleId($roleId);

- }

-

/**

* Assign a user to a system-level role.

/**

* Assign a user to a system-level role.

- * @param User $user

- * @param $systemRoleName

+ *

* @throws NotFoundException

*/

* @throws NotFoundException

*/

- public function attachSystemRole(User $user, $systemRoleName)

+ public function attachSystemRole(User $user, string $systemRoleName)

{

- $role = $this->role->newQuery()->where('system_name', '=', $systemRoleName)->first();

- if ($role === null) {

+ $role = Role::getSystemRole($systemRoleName);

+ if (is_null($role)) {

throw new NotFoundException("Role '{$systemRoleName}' not found");

}

$user->attachRole($role);

throw new NotFoundException("Role '{$systemRoleName}' not found");

}

$user->attachRole($role);

/**

* Checks if the give user is the only admin.

/**

* Checks if the give user is the only admin.

- * @param \BookStack\Auth\User $user

- * @return bool

*/

- public function isOnlyAdmin(User $user)

+ public function isOnlyAdmin(User $user): bool

{

if (!$user->hasSystemRole('admin')) {

return false;

}

{

if (!$user->hasSystemRole('admin')) {

return false;

}

- $adminRole = $this->role->getSystemRole('admin');

- if ($adminRole->users->count() > 1) {

+ $adminRole = Role::getSystemRole('admin');

+ if ($adminRole->users()->count() > 1) {

return false;

}

return false;

}

+

return true;

}

/**

* Set the assigned user roles via an array of role IDs.

return true;

}

/**

* Set the assigned user roles via an array of role IDs.

- * @param User $user

- * @param array $roles

+ *

* @throws UserUpdateException

*/

public function setUserRoles(User $user, array $roles)

* @throws UserUpdateException

*/

public function setUserRoles(User $user, array $roles)

/**

* Check if the given user is the last admin and their new roles no longer

* contains the admin role.

/**

* Check if the given user is the last admin and their new roles no longer

* contains the admin role.

- * @param User $user

- * @param array $newRoles

- * @return bool

*/

- protected function demotingLastAdmin(User $user, array $newRoles) : bool

+ protected function demotingLastAdmin(User $user, array $newRoles): bool

{

if ($this->isOnlyAdmin($user)) {

{

if ($this->isOnlyAdmin($user)) {

- $adminRole = $this->role->getSystemRole('admin');

+ $adminRole = Role::getSystemRole('admin');

if (!in_array(strval($adminRole->id), $newRoles)) {

return true;

}

if (!in_array(strval($adminRole->id), $newRoles)) {

return true;

}

/**

}

/**

- * Create a new basic instance of user.

- * @param array $data

- * @param boolean $verifyEmail

- * @return \BookStack\Auth\User

+ * Create a new basic instance of user with the given pre-validated data.

+ *

+ * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data

+ */

+ public function createWithoutActivity(array $data, bool $emailConfirmed = false): User

+ {

+ $user = new User();

+ $user->name = $data['name'];

+ $user->email = $data['email'];

+ $user->password = bcrypt(empty($data['password']) ? Str::random(32) : $data['password']);

+ $user->email_confirmed = $emailConfirmed;

+ $user->external_auth_id = $data['external_auth_id'] ?? '';

+

+ $user->refreshSlug();

+ $user->save();

+

+ if (!empty($data['language'])) {

+ setting()->putUser($user, 'language', $data['language']);

+ }

+

+ if (isset($data['roles'])) {

+ $this->setUserRoles($user, $data['roles']);

+ }

+

+ $this->downloadAndAssignUserAvatar($user);

+

+ return $user;

+ }

+

+ /**

+ * As per "createWithoutActivity" but records a "create" activity.

+ *

+ * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data

+ */

+ public function create(array $data, bool $sendInvite = false): User

+ {

+ $user = $this->createWithoutActivity($data, true);

+

+ if ($sendInvite) {

+ $this->inviteService->sendInvitation($user);

+ }

+

+ Activity::add(ActivityType::USER_CREATE, $user);

+

+ return $user;

+ }

+

+ /**

+ * Update the given user with the given data.

+ *

+ * @param array{name: ?string, email: ?string, external_auth_id: ?string, password: ?string, roles: ?array<int>, language: ?string} $data

+ *

+ * @throws UserUpdateException

*/

- public function create(array $data, $verifyEmail = false)

+ public function update(User $user, array $data, bool $manageUsersAllowed): User

{

- return $this->user->forceCreate([

- 'name' => $data['name'],

- 'email' => $data['email'],

- 'password' => bcrypt($data['password']),

- 'email_confirmed' => $verifyEmail

- ]);

+ if (!empty($data['name'])) {

+ $user->name = $data['name'];

+ $user->refreshSlug();

+ }

+

+ if (!empty($data['email']) && $manageUsersAllowed) {

+ $user->email = $data['email'];

+ }

+

+ if (!empty($data['external_auth_id']) && $manageUsersAllowed) {

+ $user->external_auth_id = $data['external_auth_id'];

+ }

+

+ if (isset($data['roles']) && $manageUsersAllowed) {

+ $this->setUserRoles($user, $data['roles']);

+ }

+

+ if (!empty($data['password'])) {

+ $user->password = bcrypt($data['password']);

+ }

+

+ if (!empty($data['language'])) {

+ setting()->putUser($user, 'language', $data['language']);

+ }

+

+ $user->save();

+ Activity::add(ActivityType::USER_UPDATE, $user);

+

+ return $user;

}

/**

* Remove the given user from storage, Delete all related content.

}

/**

* Remove the given user from storage, Delete all related content.

- * @param \BookStack\Auth\User $user

+ *

* @throws Exception

*/

* @throws Exception

*/

- public function destroy(User $user)

+ public function destroy(User $user, ?int $newOwnerId = null)

{

+ $this->ensureDeletable($user);

+

$user->socialAccounts()->delete();

+ $user->apiTokens()->delete();

+ $user->favourites()->delete();

+ $user->mfaValues()->delete();

$user->delete();

-

+

// Delete user profile images

- $profileImages = Image::where('type', '=', 'user')->where('uploaded_to', '=', $user->id)->get();

- foreach ($profileImages as $image) {

- Images::destroy($image);

+ $this->userAvatar->destroyAllForUser($user);

+

+ if (!empty($newOwnerId)) {

+ $newOwner = User::query()->find($newOwnerId);

+ if (!is_null($newOwner)) {

+ $this->migrateOwnership($user, $newOwner);

+ }

}

+

+ Activity::add(ActivityType::USER_DELETE, $user);

}

/**

}

/**

- * Get the latest activity for a user.

- * @param \BookStack\Auth\User $user

- * @param int $count

- * @param int $page

- * @return array

+ * @throws NotifyException

*/

- public function getActivity(User $user, $count = 20, $page = 0)

+ protected function ensureDeletable(User $user): void

{

- return Activity::userActivity($user, $count, $page);

+ if ($this->isOnlyAdmin($user)) {

+ throw new NotifyException(trans('errors.users_cannot_delete_only_admin'), $user->getEditUrl());

+ }

+

+ if ($user->system_name === 'public') {

+ throw new NotifyException(trans('errors.users_cannot_delete_guest'), $user->getEditUrl());

+ }

+

+ /**

+ * Migrate ownership of items in the system from one user to another.

+ */

+ protected function migrateOwnership(User $fromUser, User $toUser)

+ {

+ $entities = (new EntityProvider())->all();

+ foreach ($entities as $instance) {

+ $instance->newQuery()->where('owned_by', '=', $fromUser->id)

+ ->update(['owned_by' => $toUser->id]);

+ }

}

/**

* Get the recently created content for this given user.

}

/**

* Get the recently created content for this given user.

- * @param \BookStack\Auth\User $user

- * @param int $count

- * @return mixed

*/

- public function getRecentlyCreated(User $user, $count = 20)

+ public function getRecentlyCreated(User $user, int $count = 20): array

{

- $createdByUserQuery = function (Builder $query) use ($user) {

- $query->where('created_by', '=', $user->id);

+ $query = function (Builder $query) use ($user, $count) {

+ return $query->orderBy('created_at', 'desc')

+ ->where('created_by', '=', $user->id)

+ ->take($count)

+ ->get();

};

return [

};

return [

- 'pages' => $this->entityRepo->getRecentlyCreated('page', $count, 0, $createdByUserQuery),

- 'chapters' => $this->entityRepo->getRecentlyCreated('chapter', $count, 0, $createdByUserQuery),

- 'books' => $this->entityRepo->getRecentlyCreated('book', $count, 0, $createdByUserQuery),

- 'shelves' => $this->entityRepo->getRecentlyCreated('bookshelf', $count, 0, $createdByUserQuery)

+ 'pages' => $query(Page::visible()->where('draft', '=', false)),

+ 'chapters' => $query(Chapter::visible()),

+ 'books' => $query(Book::visible()),

+ 'shelves' => $query(Bookshelf::visible()),

];

}

/**

* Get asset created counts for the give user.

];

}

/**

* Get asset created counts for the give user.

- * @param \BookStack\Auth\User $user

- * @return array

*/

- public function getAssetCounts(User $user)

+ public function getAssetCounts(User $user): array

{

+ $createdBy = ['created_by' => $user->id];

+

return [

- 'pages' => $this->entityRepo->getUserTotalCreated('page', $user),

- 'chapters' => $this->entityRepo->getUserTotalCreated('chapter', $user),

- 'books' => $this->entityRepo->getUserTotalCreated('book', $user),

- 'shelves' => $this->entityRepo->getUserTotalCreated('bookshelf', $user),

+ 'pages' => Page::visible()->where($createdBy)->count(),

+ 'chapters' => Chapter::visible()->where($createdBy)->count(),

+ 'books' => Book::visible()->where($createdBy)->count(),

+ 'shelves' => Bookshelf::visible()->where($createdBy)->count(),

];

}

/**

* Get the roles in the system that are assignable to a user.

];

}

/**

* Get the roles in the system that are assignable to a user.

- * @return mixed

- */

- public function getAllRoles()

- {

- return $this->role->newQuery()->orderBy('name', 'asc')->get();

- }

-

- /**

- * Get all the roles which can be given restricted access to

- * other entities in the system.

- * @return mixed

*/

- public function getRestrictableRoles()

+ public function getAllRoles(): Collection

{

- return $this->role->where('system_name', '!=', 'admin')->get();

+ return Role::query()->orderBy('display_name', 'asc')->get();

}

/**

* Get an avatar image for a user and set it as their avatar.

* Returns early if avatars disabled or not set in config.

}

/**

* Get an avatar image for a user and set it as their avatar.

* Returns early if avatars disabled or not set in config.

- * @param User $user

- * @return bool

*/

- public function downloadAndAssignUserAvatar(User $user)

+ public function downloadAndAssignUserAvatar(User $user): void

{

- if (!Images::avatarFetchEnabled()) {

- return false;

- }

-

try {

- $avatar = Images::saveUserAvatar($user);

- $user->avatar()->associate($avatar);

- $user->save();

- return true;

+ $this->userAvatar->fetchAndAssignToUser($user);

} catch (Exception $e) {

- \Log::error('Failed to save user avatar image');

- return false;

+ Log::error('Failed to save user avatar image');

}