BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/UserController.php

use Illuminate\Http\Request;

-use Illuminate\Support\Facades\Hash;

+use Illuminate\Http\Response;

use BookStack\Http\Requests;

use BookStack\Repos\UserRepo;

use BookStack\Services\SocialAuthService;

use BookStack\Http\Requests;

use BookStack\Repos\UserRepo;

use BookStack\Services\SocialAuthService;

/**

* Display a listing of the users.

/**

* Display a listing of the users.

- *

* @return Response

*/

public function index()

* @return Response

*/

public function index()

/**

* Show the form for creating a new user.

/**

* Show the form for creating a new user.

- *

* @return Response

*/

public function create()

{

$this->checkPermission('user-create');

* @return Response

*/

public function create()

{

$this->checkPermission('user-create');

- return view('users/create');

+ $authMethod = config('auth.method');

+ return view('users/create', ['authMethod' => $authMethod]);

}

/**

* Store a newly created user in storage.

}

/**

* Store a newly created user in storage.

- *

* @param Request $request

* @return Response

*/

public function store(Request $request)

{

$this->checkPermission('user-create');

* @param Request $request

* @return Response

*/

public function store(Request $request)

{

$this->checkPermission('user-create');

- $this->validate($request, [

+ $validationRules = [

'name' => 'required',

'email' => 'required|email|unique:users,email',

'name' => 'required',

'email' => 'required|email|unique:users,email',

- 'password' => 'required|min:5',

- 'password-confirm' => 'required|same:password',

'role' => 'required|exists:roles,id'

- ]);

+ ];

+

+ $authMethod = config('auth.method');

+ if ($authMethod === 'standard') {

+ $validationRules['password'] = 'required|min:5';

+ $validationRules['password-confirm'] = 'required|same:password';

+ } elseif ($authMethod === 'ldap') {

+ $validationRules['external_auth_id'] = 'required';

+ }

+ $this->validate($request, $validationRules);

+

$user = $this->user->fill($request->all());

- $user->password = bcrypt($request->get('password'));

- $user->save();

+ if ($authMethod === 'standard') {

+ $user->password = bcrypt($request->get('password'));

+ } elseif ($authMethod === 'ldap') {

+ $user->external_auth_id = $request->get('external_auth_id');

+ }

+

+ $user->save();

$user->attachRoleId($request->get('role'));

+

+ // Get avatar from gravatar and save

+ if (!config('services.disable_services')) {

+ $avatar = \Images::saveUserGravatar($user);

+ $user->avatar()->associate($avatar);

+ $user->save();

+ }

+

return redirect('/users');

}

/**

* Show the form for editing the specified user.

return redirect('/users');

}

/**

* Show the form for editing the specified user.

- *

* @param int $id

* @param SocialAuthService $socialAuthService

* @return Response

* @param int $id

* @param SocialAuthService $socialAuthService

* @return Response

return $this->currentUser->id == $id;

});

return $this->currentUser->id == $id;

});

+ $authMethod = config('auth.method');

+

$user = $this->user->findOrFail($id);

$activeSocialDrivers = $socialAuthService->getActiveDrivers();

$this->setPageTitle('User Profile');

$user = $this->user->findOrFail($id);

$activeSocialDrivers = $socialAuthService->getActiveDrivers();

$this->setPageTitle('User Profile');

- return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers]);

+ return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);

}

/**

* Update the specified user in storage.

}

/**

* Update the specified user in storage.

- *

* @param Request $request

* @param int $id

* @return Response

*/

public function update(Request $request, $id)

{

* @param Request $request

* @param int $id

* @return Response

*/

public function update(Request $request, $id)

{

+ $this->preventAccessForDemoUsers();

$this->checkPermissionOr('user-update', function () use ($id) {

return $this->currentUser->id == $id;

});

$this->checkPermissionOr('user-update', function () use ($id) {

return $this->currentUser->id == $id;

});

+

$this->validate($request, [

- 'name' => 'required',

- 'email' => 'required|email|unique:users,email,' . $id,

- 'password' => 'min:5',

- 'password-confirm' => 'same:password',

+ 'name' => 'min:2',

+ 'email' => 'min:2|email|unique:users,email,' . $id,

+ 'password' => 'min:5|required_with:password_confirm',

+ 'password-confirm' => 'same:password|required_with:password',

'role' => 'exists:roles,id'

+ ], [

+ 'password-confirm.required_with' => 'Password confirmation required'

]);

$user = $this->user->findOrFail($id);

]);

$user = $this->user->findOrFail($id);

- $user->fill($request->except('password'));

+ $user->fill($request->all());

+ // Role updates

if ($this->currentUser->can('user-update') && $request->has('role')) {

$user->attachRoleId($request->get('role'));

}

if ($this->currentUser->can('user-update') && $request->has('role')) {

$user->attachRoleId($request->get('role'));

}

+ // Password updates

if ($request->has('password') && $request->get('password') != '') {

$password = $request->get('password');

$user->password = bcrypt($password);

}

if ($request->has('password') && $request->get('password') != '') {

$password = $request->get('password');

$user->password = bcrypt($password);

}

+

+ // External auth id updates

+ if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {

+ $user->external_auth_id = $request->get('external_auth_id');

+ }

+

$user->save();

return redirect('/users');

}

$user->save();

return redirect('/users');

}

$this->checkPermissionOr('user-delete', function () use ($id) {

return $this->currentUser->id == $id;

});

$this->checkPermissionOr('user-delete', function () use ($id) {

return $this->currentUser->id == $id;

});

+

$user = $this->user->findOrFail($id);

$this->setPageTitle('Delete User ' . $user->name);

return view('users/delete', ['user' => $user]);

$user = $this->user->findOrFail($id);

$this->setPageTitle('Delete User ' . $user->name);

return view('users/delete', ['user' => $user]);

/**

* Remove the specified user from storage.

/**

* Remove the specified user from storage.

- *

* @param int $id

* @return Response

*/

public function destroy($id)

{

* @param int $id

* @return Response

*/

public function destroy($id)

{

+ $this->preventAccessForDemoUsers();

$this->checkPermissionOr('user-delete', function () use ($id) {

return $this->currentUser->id == $id;

});

$this->checkPermissionOr('user-delete', function () use ($id) {

return $this->currentUser->id == $id;

});

+

$user = $this->userRepo->getById($id);

- // Delete social accounts

- if($this->userRepo->isOnlyAdmin($user)) {

+ if ($this->userRepo->isOnlyAdmin($user)) {

session()->flash('error', 'You cannot delete the only admin');

return redirect($user->getEditUrl());

}

session()->flash('error', 'You cannot delete the only admin');

return redirect($user->getEditUrl());

}

- $user->socialAccounts()->delete();

- $user->delete();

+ $this->userRepo->destroy($user);

+

return redirect('/users');

}

return redirect('/users');

}