<?php namespace BookStack\Auth;
use BookStack\Api\ApiToken;
+use BookStack\Interfaces\Loggable;
use BookStack\Model;
use BookStack\Notifications\ResetPassword;
use BookStack\Uploads\Image;
use Carbon\Carbon;
+use Exception;
use Illuminate\Auth\Authenticatable;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Notifications\Notifiable;
+use Illuminate\Support\Collection;
/**
* Class User
- * @package BookStack\Auth
* @property string $id
* @property string $name
* @property string $email
* @property string $external_auth_id
* @property string $system_name
*/
-class User extends Model implements AuthenticatableContract, CanResetPasswordContract
+class User extends Model implements AuthenticatableContract, CanResetPasswordContract, Loggable
{
use Authenticatable, CanResetPassword, Notifiable;
*/
protected $fillable = ['name', 'email'];
+ protected $casts = ['last_activity_at' => 'datetime'];
+
/**
* The attributes excluded from the model's JSON form.
* @var array
*/
- protected $hidden = ['password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email'];
+ protected $hidden = [
+ 'password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email',
+ 'created_at', 'updated_at', 'image_id',
+ ];
/**
* This holds the user's permissions when loaded.
- * @var array
+ * @var ?Collection
*/
protected $permissions;
/**
* Check if the user has a role.
- * @param $role
- * @return mixed
*/
- public function hasRole($role)
+ public function hasRole($roleId): bool
{
- return $this->roles->pluck('name')->contains($role);
+ return $this->roles->pluck('id')->contains($roleId);
}
/**
}
}
+ /**
+ * Check if the user has a particular permission.
+ */
+ public function can(string $permissionName): bool
+ {
+ if ($this->email === 'guest') {
+ return false;
+ }
+
+ return $this->permissions()->contains($permissionName);
+ }
+
/**
* Get all permissions belonging to a the current user.
- * @param bool $cache
- * @return \Illuminate\Database\Eloquent\Relations\HasManyThrough
*/
- public function permissions($cache = true)
+ protected function permissions(): Collection
{
- if (isset($this->permissions) && $cache) {
+ if (isset($this->permissions)) {
return $this->permissions;
}
- $this->load('roles.permissions');
- $permissions = $this->roles->map(function ($role) {
- return $role->permissions;
- })->flatten()->unique();
- $this->permissions = $permissions;
- return $permissions;
+
+ $this->permissions = $this->newQuery()->getConnection()->table('role_user', 'ru')
+ ->select('role_permissions.name as name')->distinct()
+ ->leftJoin('permission_role', 'ru.role_id', '=', 'permission_role.role_id')
+ ->leftJoin('role_permissions', 'permission_role.permission_id', '=', 'role_permissions.id')
+ ->where('ru.user_id', '=', $this->id)
+ ->get()
+ ->pluck('name');
+
+ return $this->permissions;
}
/**
- * Check if the user has a particular permission.
- * @param $permissionName
- * @return bool
+ * Clear any cached permissions on this instance.
*/
- public function can($permissionName)
+ public function clearPermissionCache()
{
- if ($this->email === 'guest') {
- return false;
- }
- return $this->permissions()->pluck('name')->contains($permissionName);
+ $this->permissions = null;
}
/**
* Attach a role to this user.
- * @param Role $role
*/
public function attachRole(Role $role)
{
/**
* Get the social account associated with this user.
- * @return \Illuminate\Database\Eloquent\Relations\HasMany
+ * @return HasMany
*/
public function socialAccounts()
{
try {
$avatar = $this->avatar ? url($this->avatar->getThumb($size, $size, false)) : $default;
- } catch (\Exception $err) {
+ } catch (Exception $err) {
$avatar = $default;
}
return $avatar;
/**
* Get the avatar for the user.
- * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
+ * @return BelongsTo
*/
public function avatar()
{
return $this->hasMany(ApiToken::class);
}
+ /**
+ * Get the last activity time for this user.
+ */
+ public function scopeWithLastActivityAt(Builder $query)
+ {
+ $query->addSelect(['activities.created_at as last_activity_at'])
+ ->leftJoinSub(function (\Illuminate\Database\Query\Builder $query) {
+ $query->from('activities')->select('user_id')
+ ->selectRaw('max(created_at) as created_at')
+ ->groupBy('user_id');
+ }, 'activities', 'users.id', '=', 'activities.user_id');
+ }
+
/**
* Get the url for editing this user.
*/
{
$this->notify(new ResetPassword($token));
}
+
+ /**
+ * @inheritdoc
+ */
+ public function logDescriptor(): string
+ {
+ return "({$this->id}) {$this->name}";
+ }
}
projects / bookstack / blobdiff