]> BookStack Code Mirror - bookstack/blobdiff - app/Users/Controllers/UserController.php
projects / bookstack / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed OIDC Logout
[bookstack] / app / Users / Controllers / UserController.php
diff --git a/app/Users/Controllers/UserController.php b/app/Users/Controllers/UserController.php
index 5aad03766a7ba52ef24e349e4fca23dd33891b02..0cd48948f8ccc79a461931f141f8cb333bf41043 100644 (file)
--- a/app/Users/Controllers/UserController.php
+++ b/app/Users/Controllers/UserController.php
@@ -5,7 +5,7 @@ namespace BookStack\Users\Controllers;
 use BookStack\Access\SocialAuthService;
 use BookStack\Exceptions\ImageUploadException;
 use BookStack\Exceptions\UserUpdateException;
-use BookStack\Http\Controllers\Controller;
+use BookStack\Http\Controller;
 use BookStack\Uploads\ImageRepo;
 use BookStack\Users\Models\Role;
 use BookStack\Users\Queries\UsersAllPaginatedAndSorted;
@@ -19,13 +19,10 @@ use Illuminate\Validation\ValidationException;
 
 class UserController extends Controller
 {
-    protected UserRepo $userRepo;
-    protected ImageRepo $imageRepo;
-
-    public function __construct(UserRepo $userRepo, ImageRepo $imageRepo)
-    {
-        $this->userRepo = $userRepo;
-        $this->imageRepo = $imageRepo;
+    public function __construct(
+        protected UserRepo $userRepo,
+        protected ImageRepo $imageRepo
+    ) {
     }
 
     /**
@@ -106,6 +103,7 @@ class UserController extends Controller
      */
     public function edit(int $id, SocialAuthService $socialAuthService)
     {
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $user = $this->userRepo->getById($id);
@@ -136,6 +134,7 @@ class UserController extends Controller
     public function update(Request $request, int $id)
     {
         $this->preventAccessInDemoMode();
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $validated = $this->validate($request, [
@@ -179,6 +178,7 @@ class UserController extends Controller
      */
     public function delete(int $id)
     {
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $user = $this->userRepo->getById($id);
@@ -195,6 +195,7 @@ class UserController extends Controller
     public function destroy(Request $request, int $id)
     {
         $this->preventAccessInDemoMode();
+        $this->preventGuestAccess();
         $this->checkPermissionOrCurrentUser('users-manage', $id);
 
         $user = $this->userRepo->getById($id);
The core source code for the BookStack project.