X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/615038ac6d35c6ce25d3553772a042af7b97283a..refs/pull/3138/head:/app/Auth/UserRepo.php

diff --git a/app/Auth/UserRepo.php b/app/Auth/UserRepo.php
index e437ff1e3..ff2e91ee2 100644
--- a/app/Auth/UserRepo.php
+++ b/app/Auth/UserRepo.php
@@ -1,6 +1,7 @@
-<?php namespace BookStack\Auth;
+<?php
+
+namespace BookStack\Auth;
 
-use Activity;
 use BookStack\Entities\EntityProvider;
 use BookStack\Entities\Models\Book;
 use BookStack\Entities\Models\Bookshelf;
@@ -8,14 +9,12 @@ use BookStack\Entities\Models\Chapter;
 use BookStack\Entities\Models\Page;
 use BookStack\Exceptions\NotFoundException;
 use BookStack\Exceptions\UserUpdateException;
-use BookStack\Uploads\Image;
 use BookStack\Uploads\UserAvatars;
 use Exception;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Pagination\LengthAwarePaginator;
-use Images;
-use Log;
+use Illuminate\Support\Facades\Log;
 
 class UserRepo
 {
@@ -63,14 +62,18 @@ class UserRepo
 
     /**
      * Get all the users with their permissions in a paginated format.
+     * Note: Due to the use of email search this should only be used when
+     * user is assumed to be trusted. (Admin users).
+     * Email search can be abused to extract email addresses.
      */
     public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator
     {
         $sort = $sortData['sort'];
 
         $query = User::query()->select(['*'])
-            ->withLastActivityAt()
+            ->scopes(['withLastActivityAt'])
             ->with(['roles', 'avatar'])
+            ->withCount('mfaValues')
             ->orderBy($sort, $sortData['order']);
 
         if ($sortData['search']) {
@@ -84,7 +87,7 @@ class UserRepo
         return $query->paginate($count);
     }
 
-     /**
+    /**
      * Creates a new user and attaches a role to them.
      */
     public function registerNew(array $data, bool $emailConfirmed = false): User
@@ -98,6 +101,7 @@ class UserRepo
 
     /**
      * Assign a user to a system-level role.
+     *
      * @throws NotFoundException
      */
     public function attachSystemRole(User $user, string $systemRoleName)
@@ -128,6 +132,7 @@ class UserRepo
 
     /**
      * Set the assigned user roles via an array of role IDs.
+     *
      * @throws UserUpdateException
      */
     public function setUserRoles(User $user, array $roles)
@@ -143,7 +148,7 @@ class UserRepo
      * Check if the given user is the last admin and their new roles no longer
      * contains the admin role.
      */
-    protected function demotingLastAdmin(User $user, array $newRoles) : bool
+    protected function demotingLastAdmin(User $user, array $newRoles): bool
     {
         if ($this->isOnlyAdmin($user)) {
             $adminRole = Role::getSystemRole('admin');
@@ -161,10 +166,10 @@ class UserRepo
     public function create(array $data, bool $emailConfirmed = false): User
     {
         $details = [
-            'name'     => $data['name'],
-            'email'    => $data['email'],
-            'password' => bcrypt($data['password']),
-            'email_confirmed' => $emailConfirmed,
+            'name'             => $data['name'],
+            'email'            => $data['email'],
+            'password'         => bcrypt($data['password']),
+            'email_confirmed'  => $emailConfirmed,
             'external_auth_id' => $data['external_auth_id'] ?? '',
         ];
 
@@ -178,22 +183,19 @@ class UserRepo
 
     /**
      * Remove the given user from storage, Delete all related content.
+     *
      * @throws Exception
      */
     public function destroy(User $user, ?int $newOwnerId = null)
     {
         $user->socialAccounts()->delete();
         $user->apiTokens()->delete();
+        $user->favourites()->delete();
+        $user->mfaValues()->delete();
         $user->delete();
-        
-        // Delete user profile images
-        $profileImages = Image::query()->where('type', '=', 'user')
-            ->where('uploaded_to', '=', $user->id)
-            ->get();
 
-        foreach ($profileImages as $image) {
-            Images::destroy($image);
-        }
+        // Delete user profile images
+        $this->userAvatar->destroyAllForUser($user);
 
         if (!empty($newOwnerId)) {
             $newOwner = User::query()->find($newOwnerId);
@@ -208,21 +210,13 @@ class UserRepo
      */
     protected function migrateOwnership(User $fromUser, User $toUser)
     {
-        $entities = (new EntityProvider)->all();
+        $entities = (new EntityProvider())->all();
         foreach ($entities as $instance) {
             $instance->newQuery()->where('owned_by', '=', $fromUser->id)
                 ->update(['owned_by' => $toUser->id]);
         }
     }
 
-    /**
-     * Get the latest activity for a user.
-     */
-    public function getActivity(User $user, int $count = 20, int $page = 0): array
-    {
-        return Activity::userActivity($user, $count, $page);
-    }
-
     /**
      * Get the recently created content for this given user.
      */
@@ -249,11 +243,12 @@ class UserRepo
     public function getAssetCounts(User $user): array
     {
         $createdBy = ['created_by' => $user->id];
+
         return [
-            'pages'    =>  Page::visible()->where($createdBy)->count(),
-            'chapters'    =>  Chapter::visible()->where($createdBy)->count(),
-            'books'    =>  Book::visible()->where($createdBy)->count(),
-            'shelves'    =>  Bookshelf::visible()->where($createdBy)->count(),
+            'pages'       => Page::visible()->where($createdBy)->count(),
+            'chapters'    => Chapter::visible()->where($createdBy)->count(),
+            'books'       => Book::visible()->where($createdBy)->count(),
+            'shelves'     => Bookshelf::visible()->where($createdBy)->count(),
         ];
     }