-<?php namespace BookStack\Auth;
+<?php
+namespace BookStack\Auth;
+
+use BookStack\Actions\Favourite;
+use BookStack\Api\ApiToken;
+use BookStack\Auth\Access\Mfa\MfaValue;
+use BookStack\Entities\Tools\SlugGenerator;
+use BookStack\Interfaces\Loggable;
+use BookStack\Interfaces\Sluggable;
use BookStack\Model;
use BookStack\Notifications\ResetPassword;
use BookStack\Uploads\Image;
use Carbon\Carbon;
+use Exception;
use Illuminate\Auth\Authenticatable;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
use Illuminate\Database\Eloquent\Relations\BelongsToMany;
+use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Notifications\Notifiable;
+use Illuminate\Support\Collection;
/**
- * Class User
- * @package BookStack\Auth
- * @property string $id
- * @property string $name
- * @property string $email
- * @property string $password
- * @property Carbon $created_at
- * @property Carbon $updated_at
- * @property bool $email_confirmed
- * @property int $image_id
- * @property string $external_auth_id
- * @property string $system_name
+ * Class User.
+ *
+ * @property int $id
+ * @property string $name
+ * @property string $slug
+ * @property string $email
+ * @property string $password
+ * @property Carbon $created_at
+ * @property Carbon $updated_at
+ * @property bool $email_confirmed
+ * @property int $image_id
+ * @property string $external_auth_id
+ * @property string $system_name
+ * @property Collection $roles
+ * @property Collection $mfaValues
*/
-class User extends Model implements AuthenticatableContract, CanResetPasswordContract
+class User extends Model implements AuthenticatableContract, CanResetPasswordContract, Loggable, Sluggable
{
- use Authenticatable, CanResetPassword, Notifiable;
+ use HasFactory;
+ use Authenticatable;
+ use CanResetPassword;
+ use Notifiable;
/**
* The database table used by the model.
+ *
* @var string
*/
protected $table = 'users';
/**
* The attributes that are mass assignable.
+ *
* @var array
*/
protected $fillable = ['name', 'email'];
+ protected $casts = ['last_activity_at' => 'datetime'];
+
/**
* The attributes excluded from the model's JSON form.
+ *
* @var array
*/
- protected $hidden = ['password', 'remember_token'];
+ protected $hidden = [
+ 'password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email',
+ 'created_at', 'updated_at', 'image_id',
+ ];
/**
* This holds the user's permissions when loaded.
- * @var array
+ *
+ * @var ?Collection
*/
protected $permissions;
/**
* This holds the default user when loaded.
+ *
* @var null|User
*/
protected static $defaultUser = null;
/**
* Returns the default public user.
- * @return User
*/
- public static function getDefault()
+ public static function getDefault(): self
{
if (!is_null(static::$defaultUser)) {
return static::$defaultUser;
}
-
- static::$defaultUser = static::where('system_name', '=', 'public')->first();
+
+ static::$defaultUser = static::query()->where('system_name', '=', 'public')->first();
+
return static::$defaultUser;
}
/**
* Check if the user is the default public user.
- * @return bool
*/
- public function isDefault()
+ public function isDefault(): bool
{
return $this->system_name === 'public';
}
/**
* The roles that belong to the user.
+ *
* @return BelongsToMany
*/
public function roles()
{
if ($this->id === 0) {
- return ;
+ return;
}
+
return $this->belongsToMany(Role::class);
}
/**
* Check if the user has a role.
- * @param $role
- * @return mixed
*/
- public function hasRole($role)
+ public function hasRole($roleId): bool
{
- return $this->roles->pluck('name')->contains($role);
+ return $this->roles->pluck('id')->contains($roleId);
}
/**
* Check if the user has a role.
- * @param $role
- * @return mixed
*/
- public function hasSystemRole($role)
+ public function hasSystemRole(string $roleSystemName): bool
{
- return $this->roles->pluck('system_name')->contains($role);
+ return $this->roles->pluck('system_name')->contains($roleSystemName);
}
/**
- * Get all permissions belonging to a the current user.
- * @param bool $cache
- * @return \Illuminate\Database\Eloquent\Relations\HasManyThrough
+ * Attach the default system role to this user.
*/
- public function permissions($cache = true)
+ public function attachDefaultRole(): void
{
- if (isset($this->permissions) && $cache) {
- return $this->permissions;
+ $roleId = setting('registration-role');
+ if ($roleId && $this->roles()->where('id', '=', $roleId)->count() === 0) {
+ $this->roles()->attach($roleId);
}
- $this->load('roles.permissions');
- $permissions = $this->roles->map(function ($role) {
- return $role->permissions;
- })->flatten()->unique();
- $this->permissions = $permissions;
- return $permissions;
}
/**
* Check if the user has a particular permission.
- * @param $permissionName
- * @return bool
*/
- public function can($permissionName)
+ public function can(string $permissionName): bool
{
if ($this->email === 'guest') {
return false;
}
- return $this->permissions()->pluck('name')->contains($permissionName);
+
+ return $this->permissions()->contains($permissionName);
}
/**
- * Attach a role to this user.
- * @param Role $role
+ * Get all permissions belonging to a the current user.
*/
- public function attachRole(Role $role)
+ protected function permissions(): Collection
{
- $this->attachRoleId($role->id);
+ if (isset($this->permissions)) {
+ return $this->permissions;
+ }
+
+ $this->permissions = $this->newQuery()->getConnection()->table('role_user', 'ru')
+ ->select('role_permissions.name as name')->distinct()
+ ->leftJoin('permission_role', 'ru.role_id', '=', 'permission_role.role_id')
+ ->leftJoin('role_permissions', 'permission_role.permission_id', '=', 'role_permissions.id')
+ ->where('ru.user_id', '=', $this->id)
+ ->pluck('name');
+
+ return $this->permissions;
+ }
+
+ /**
+ * Clear any cached permissions on this instance.
+ */
+ public function clearPermissionCache()
+ {
+ $this->permissions = null;
}
/**
- * Attach a role id to this user.
- * @param $id
+ * Attach a role to this user.
*/
- public function attachRoleId($id)
+ public function attachRole(Role $role)
{
- $this->roles()->attach($id);
+ $this->roles()->attach($role->id);
}
/**
* Get the social account associated with this user.
- * @return \Illuminate\Database\Eloquent\Relations\HasMany
*/
- public function socialAccounts()
+ public function socialAccounts(): HasMany
{
return $this->hasMany(SocialAccount::class);
}
/**
* Check if the user has a social account,
* If a driver is passed it checks for that single account type.
+ *
* @param bool|string $socialDriver
+ *
* @return bool
*/
public function hasSocialAccount($socialDriver = false)
}
/**
- * Returns the user's avatar,
- * @param int $size
- * @return string
+ * Returns a URL to the user's avatar.
*/
- public function getAvatar($size = 50)
+ public function getAvatar(int $size = 50): string
{
$default = url('/user_avatar.png');
$imageId = $this->image_id;
try {
$avatar = $this->avatar ? url($this->avatar->getThumb($size, $size, false)) : $default;
- } catch (\Exception $err) {
+ } catch (Exception $err) {
$avatar = $default;
}
+
return $avatar;
}
/**
* Get the avatar for the user.
- * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
*/
- public function avatar()
+ public function avatar(): BelongsTo
{
return $this->belongsTo(Image::class, 'image_id');
}
+ /**
+ * Get the API tokens assigned to this user.
+ */
+ public function apiTokens(): HasMany
+ {
+ return $this->hasMany(ApiToken::class);
+ }
+
+ /**
+ * Get the favourite instances for this user.
+ */
+ public function favourites(): HasMany
+ {
+ return $this->hasMany(Favourite::class);
+ }
+
+ /**
+ * Get the MFA values belonging to this use.
+ */
+ public function mfaValues(): HasMany
+ {
+ return $this->hasMany(MfaValue::class);
+ }
+
+ /**
+ * Get the last activity time for this user.
+ */
+ public function scopeWithLastActivityAt(Builder $query)
+ {
+ $query->addSelect(['activities.created_at as last_activity_at'])
+ ->leftJoinSub(function (\Illuminate\Database\Query\Builder $query) {
+ $query->from('activities')->select('user_id')
+ ->selectRaw('max(created_at) as created_at')
+ ->groupBy('user_id');
+ }, 'activities', 'users.id', '=', 'activities.user_id');
+ }
+
/**
* Get the url for editing this user.
- * @return string
*/
- public function getEditUrl()
+ public function getEditUrl(string $path = ''): string
{
- return url('/settings/users/' . $this->id);
+ $uri = '/settings/users/' . $this->id . '/' . trim($path, '/');
+
+ return url(rtrim($uri, '/'));
}
/**
* Get the url that links to this user's profile.
- * @return mixed
*/
- public function getProfileUrl()
+ public function getProfileUrl(): string
{
- return url('/user/' . $this->id);
+ return url('/user/' . $this->slug);
}
/**
* Get a shortened version of the user's name.
- * @param int $chars
- * @return string
*/
- public function getShortName($chars = 8)
+ public function getShortName(int $chars = 8): string
{
if (mb_strlen($this->name) <= $chars) {
return $this->name;
/**
* Send the password reset notification.
- * @param string $token
+ *
+ * @param string $token
+ *
* @return void
*/
public function sendPasswordResetNotification($token)
{
$this->notify(new ResetPassword($token));
}
+
+ /**
+ * {@inheritdoc}
+ */
+ public function logDescriptor(): string
+ {
+ return "({$this->id}) {$this->name}";
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function refreshSlug(): string
+ {
+ $this->slug = app(SlugGenerator::class)->generate($this);
+
+ return $this->slug;
+ }
}
projects / bookstack / blobdiff