-<?php namespace BookStack\Auth;
+<?php
-use Activity;
+namespace BookStack\Auth;
+
+use BookStack\Actions\ActivityType;
+use BookStack\Auth\Access\UserInviteService;
use BookStack\Entities\EntityProvider;
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\Bookshelf;
use BookStack\Entities\Models\Chapter;
use BookStack\Entities\Models\Page;
use BookStack\Exceptions\NotFoundException;
+use BookStack\Exceptions\NotifyException;
use BookStack\Exceptions\UserUpdateException;
-use BookStack\Uploads\Image;
+use BookStack\Facades\Activity;
use BookStack\Uploads\UserAvatars;
use Exception;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Pagination\LengthAwarePaginator;
-use Images;
-use Log;
+use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Str;
class UserRepo
{
protected $userAvatar;
+ protected $inviteService;
/**
* UserRepo constructor.
*/
- public function __construct(UserAvatars $userAvatar)
+ public function __construct(UserAvatars $userAvatar, UserInviteService $inviteService)
{
$this->userAvatar = $userAvatar;
+ $this->inviteService = $inviteService;
}
/**
}
/**
- * Get all the users with their permissions.
+ * Get a user by their slug.
*/
- public function getAllUsers(): Collection
+ public function getBySlug(string $slug): User
{
- return User::query()->with('roles', 'avatar')->orderBy('name', 'asc')->get();
+ return User::query()->where('slug', '=', $slug)->firstOrFail();
+ }
+
+ /**
+ * Get all users as Builder for API
+ */
+ public function getApiUsersBuilder(): Builder
+ {
+ return User::query()->select(['*'])
+ ->scopes('withLastActivityAt')
+ ->with(['avatar']);
}
/**
* Get all the users with their permissions in a paginated format.
+ * Note: Due to the use of email search this should only be used when
+ * user is assumed to be trusted. (Admin users).
+ * Email search can be abused to extract email addresses.
*/
public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator
{
$sort = $sortData['sort'];
$query = User::query()->select(['*'])
- ->withLastActivityAt()
+ ->scopes(['withLastActivityAt'])
->with(['roles', 'avatar'])
+ ->withCount('mfaValues')
->orderBy($sort, $sortData['order']);
if ($sortData['search']) {
return $query->paginate($count);
}
- /**
- * Creates a new user and attaches a role to them.
- */
- public function registerNew(array $data, bool $emailConfirmed = false): User
- {
- $user = $this->create($data, $emailConfirmed);
- $user->attachDefaultRole();
- $this->downloadAndAssignUserAvatar($user);
-
- return $user;
- }
-
/**
* Assign a user to a system-level role.
+ *
* @throws NotFoundException
*/
public function attachSystemRole(User $user, string $systemRoleName)
/**
* Set the assigned user roles via an array of role IDs.
+ *
* @throws UserUpdateException
*/
public function setUserRoles(User $user, array $roles)
* Check if the given user is the last admin and their new roles no longer
* contains the admin role.
*/
- protected function demotingLastAdmin(User $user, array $newRoles) : bool
+ protected function demotingLastAdmin(User $user, array $newRoles): bool
{
if ($this->isOnlyAdmin($user)) {
$adminRole = Role::getSystemRole('admin');
}
/**
- * Create a new basic instance of user.
+ * Create a new basic instance of user with the given pre-validated data.
+ * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data
*/
- public function create(array $data, bool $emailConfirmed = false): User
+ public function createWithoutActivity(array $data, bool $emailConfirmed = false): User
{
- $details = [
- 'name' => $data['name'],
- 'email' => $data['email'],
- 'password' => bcrypt($data['password']),
- 'email_confirmed' => $emailConfirmed,
- 'external_auth_id' => $data['external_auth_id'] ?? '',
- ];
- return User::query()->forceCreate($details);
+ $user = new User();
+ $user->name = $data['name'];
+ $user->email = $data['email'];
+ $user->password = bcrypt(empty($data['password']) ? Str::random(32) : $data['password']);
+ $user->email_confirmed = $emailConfirmed;
+ $user->external_auth_id = $data['external_auth_id'] ?? '';
+
+ $user->refreshSlug();
+ $user->save();
+
+ if (!empty($data['language'])) {
+ setting()->putUser($user, 'language', $data['language']);
+ }
+
+ if (isset($data['roles'])) {
+ $this->setUserRoles($user, $data['roles']);
+ }
+
+ $this->downloadAndAssignUserAvatar($user);
+
+ return $user;
+ }
+
+ /**
+ * As per "createWithoutActivity" but records a "create" activity.
+ * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data
+ */
+ public function create(array $data, bool $sendInvite = false): User
+ {
+ $user = $this->createWithoutActivity($data, true);
+
+ if ($sendInvite) {
+ $this->inviteService->sendInvitation($user);
+ }
+
+ Activity::add(ActivityType::USER_CREATE, $user);
+ return $user;
+ }
+
+ /**
+ * Update the given user with the given data.
+ * @param array{name: ?string, email: ?string, external_auth_id: ?string, password: ?string, roles: ?array<int>, language: ?string} $data
+ * @throws UserUpdateException
+ */
+ public function update(User $user, array $data, bool $manageUsersAllowed): User
+ {
+ if (!empty($data['name'])) {
+ $user->name = $data['name'];
+ $user->refreshSlug();
+ }
+
+ if (!empty($data['email']) && $manageUsersAllowed) {
+ $user->email = $data['email'];
+ }
+
+ if (!empty($data['external_auth_id']) && $manageUsersAllowed) {
+ $user->external_auth_id = $data['external_auth_id'];
+ }
+
+ if (isset($data['roles']) && $manageUsersAllowed) {
+ $this->setUserRoles($user, $data['roles']);
+ }
+
+ if (!empty($data['password'])) {
+ $user->password = bcrypt($data['password']);
+ }
+
+ if (!empty($data['language'])) {
+ setting()->putUser($user, 'language', $data['language']);
+ }
+
+ $user->save();
+ Activity::add(ActivityType::USER_UPDATE, $user);
+
+ return $user;
}
/**
* Remove the given user from storage, Delete all related content.
+ *
* @throws Exception
*/
public function destroy(User $user, ?int $newOwnerId = null)
{
+ $this->ensureDeletable($user);
+
$user->socialAccounts()->delete();
$user->apiTokens()->delete();
+ $user->favourites()->delete();
+ $user->mfaValues()->delete();
$user->delete();
-
- // Delete user profile images
- $profileImages = Image::query()->where('type', '=', 'user')
- ->where('uploaded_to', '=', $user->id)
- ->get();
- foreach ($profileImages as $image) {
- Images::destroy($image);
- }
+ // Delete user profile images
+ $this->userAvatar->destroyAllForUser($user);
if (!empty($newOwnerId)) {
$newOwner = User::query()->find($newOwnerId);
$this->migrateOwnership($user, $newOwner);
}
}
+
+ Activity::add(ActivityType::USER_DELETE, $user);
}
/**
- * Migrate ownership of items in the system from one user to another.
+ * @throws NotifyException
*/
- protected function migrateOwnership(User $fromUser, User $toUser)
+ protected function ensureDeletable(User $user): void
{
- $entities = (new EntityProvider)->all();
- foreach ($entities as $instance) {
- $instance->newQuery()->where('owned_by', '=', $fromUser->id)
- ->update(['owned_by' => $toUser->id]);
+ if ($this->isOnlyAdmin($user)) {
+ throw new NotifyException(trans('errors.users_cannot_delete_only_admin'), $user->getEditUrl());
+ }
+
+ if ($user->system_name === 'public') {
+ throw new NotifyException(trans('errors.users_cannot_delete_guest'), $user->getEditUrl());
}
}
/**
- * Get the latest activity for a user.
+ * Migrate ownership of items in the system from one user to another.
*/
- public function getActivity(User $user, int $count = 20, int $page = 0): array
+ protected function migrateOwnership(User $fromUser, User $toUser)
{
- return Activity::userActivity($user, $count, $page);
+ $entities = (new EntityProvider())->all();
+ foreach ($entities as $instance) {
+ $instance->newQuery()->where('owned_by', '=', $fromUser->id)
+ ->update(['owned_by' => $toUser->id]);
+ }
}
/**
};
return [
- 'pages' => $query(Page::visible()->where('draft', '=', false)),
+ 'pages' => $query(Page::visible()->where('draft', '=', false)),
'chapters' => $query(Chapter::visible()),
- 'books' => $query(Book::visible()),
- 'shelves' => $query(Bookshelf::visible()),
+ 'books' => $query(Book::visible()),
+ 'shelves' => $query(Bookshelf::visible()),
];
}
public function getAssetCounts(User $user): array
{
$createdBy = ['created_by' => $user->id];
+
return [
- 'pages' => Page::visible()->where($createdBy)->count(),
- 'chapters' => Chapter::visible()->where($createdBy)->count(),
- 'books' => Book::visible()->where($createdBy)->count(),
- 'shelves' => Bookshelf::visible()->where($createdBy)->count(),
+ 'pages' => Page::visible()->where($createdBy)->count(),
+ 'chapters' => Chapter::visible()->where($createdBy)->count(),
+ 'books' => Book::visible()->where($createdBy)->count(),
+ 'shelves' => Bookshelf::visible()->where($createdBy)->count(),
];
}
projects / bookstack / blobdiff