X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/07626669dad962856e52dddeacb1a9f000f93150..refs/pull/2734/head:/app/Http/Controllers/Api/UserApiController.php

diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php
index e8b98525d..328241a83 100644
--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@@ -13,6 +13,10 @@ class UserApiController extends ApiController
     protected $user;
     protected $userRepo;
 
+    protected $printHidden = [
+        'email', 'created_at', 'updated_at', 'last_activity_at'
+    ];
+
 # TBD: Endpoints to create / update users
 #     protected $rules = [
 #         'create' => [
@@ -28,15 +32,30 @@ class UserApiController extends ApiController
     }
 
     /**
-     * Get a listing of pages visible to the user.
+     * Get a listing of users
      */
     public function list()
     {
+        $this->checkPermission('users-manage');
+
         $users = $this->userRepo->getUsersBuilder();
 
         return $this->apiListingResponse($users, [
-            'id', 'name', 'slug',
-            'email', 'created_at', 'updated_at',
-        ]);
+            'id', 'name', 'slug', 'email',
+            'created_at', 'updated_at', 'last_activity_at',
+        ], $this->printHidden);
+    }
+
+    /**
+     * View the details of a single user
+     */
+    public function read(string $id)
+    {
+        $this->checkPermission('users-manage');
+
+        $singleUser = $this->userRepo->getById($id);
+        $singleUser = $singleUser->makeVisible($this->printHidden);
+
+        return response()->json($singleUser);
     }
 }