X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/4442a2e6d1e914768db007b4c9ab114ac89f2938..refs/pull/84/head:/app/Http/Controllers/UserController.php

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index f166ce2e8..d59931640 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -35,7 +35,8 @@ class UserController extends Controller
      */
     public function index()
     {
-        $users = $this->user->all();
+        $this->checkPermission('users-manage');
+        $users = $this->userRepo->getAllUsers();
         $this->setPageTitle('Users');
         return view('users/index', ['users' => $users]);
     }
@@ -46,7 +47,7 @@ class UserController extends Controller
      */
     public function create()
     {
-        $this->checkPermission('user-create');
+        $this->checkPermission('users-manage');
         $authMethod = config('auth.method');
         return view('users/create', ['authMethod' => $authMethod]);
     }
@@ -58,11 +59,10 @@ class UserController extends Controller
      */
     public function store(Request $request)
     {
-        $this->checkPermission('user-create');
+        $this->checkPermission('users-manage');
         $validationRules = [
             'name'             => 'required',
-            'email'            => 'required|email|unique:users,email',
-            'role'             => 'required|exists:roles,id'
+            'email'            => 'required|email|unique:users,email'
         ];
 
         $authMethod = config('auth.method');
@@ -84,7 +84,11 @@ class UserController extends Controller
         }
 
         $user->save();
-        $user->attachRoleId($request->get('role'));
+
+        if ($request->has('roles')) {
+            $roles = $request->get('roles');
+            $user->roles()->sync($roles);
+        }
 
         // Get avatar from gravatar and save
         if (!config('services.disable_services')) {
@@ -104,7 +108,7 @@ class UserController extends Controller
      */
     public function edit($id, SocialAuthService $socialAuthService)
     {
-        $this->checkPermissionOr('user-update', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
@@ -125,7 +129,7 @@ class UserController extends Controller
     public function update(Request $request, $id)
     {
         $this->preventAccessForDemoUsers();
-        $this->checkPermissionOr('user-update', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
@@ -133,8 +137,7 @@ class UserController extends Controller
             'name'             => 'min:2',
             'email'            => 'min:2|email|unique:users,email,' . $id,
             'password'         => 'min:5|required_with:password_confirm',
-            'password-confirm' => 'same:password|required_with:password',
-            'role'             => 'exists:roles,id'
+            'password-confirm' => 'same:password|required_with:password'
         ], [
             'password-confirm.required_with' => 'Password confirmation required'
         ]);
@@ -143,8 +146,9 @@ class UserController extends Controller
         $user->fill($request->all());
 
         // Role updates
-        if ($this->currentUser->can('user-update') && $request->has('role')) {
-            $user->attachRoleId($request->get('role'));
+        if (userCan('users-manage') && $request->has('roles')) {
+            $roles = $request->get('roles');
+            $user->roles()->sync($roles);
         }
 
         // Password updates
@@ -154,12 +158,15 @@ class UserController extends Controller
         }
 
         // External auth id updates
-        if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {
+        if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
             $user->external_auth_id = $request->get('external_auth_id');
         }
 
         $user->save();
-        return redirect('/settings/users');
+        session()->flash('success', 'User successfully updated');
+
+        $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
+        return redirect($redirectUrl);
     }
 
     /**
@@ -169,7 +176,7 @@ class UserController extends Controller
      */
     public function delete($id)
     {
-        $this->checkPermissionOr('user-delete', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
@@ -186,7 +193,7 @@ class UserController extends Controller
     public function destroy($id)
     {
         $this->preventAccessForDemoUsers();
-        $this->checkPermissionOr('user-delete', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
@@ -209,7 +216,13 @@ class UserController extends Controller
     {
         $user = $this->userRepo->getById($id);
         $userActivity = $this->userRepo->getActivity($user);
-        $recentPages = $this->userRepo->getCreatedPages($user, 5, 0);
-        return view('users/profile', ['user' => $user, 'activity' => $userActivity, 'recentPages' => $recentPages]);
+        $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
+        $assetCounts = $this->userRepo->getAssetCounts($user);
+        return view('users/profile', [
+            'user' => $user,
+            'activity' => $userActivity,
+            'recentlyCreated' => $recentlyCreated,
+            'assetCounts' => $assetCounts
+        ]);
     }
 }