X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/9e1c8ec82aa856d2f17a07b9f16e9e4cafe1e073..refs/pull/3616/head:/app/Http/Controllers/Api/UserApiController.php diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php index 88350e0ea..4f0d30034 100644 --- a/app/Http/Controllers/Api/UserApiController.php +++ b/app/Http/Controllers/Api/UserApiController.php @@ -4,8 +4,10 @@ namespace BookStack\Http\Controllers\Api; use BookStack\Auth\User; use BookStack\Auth\UserRepo; +use BookStack\Exceptions\UserUpdateException; use Closure; use Illuminate\Http\Request; +use Illuminate\Support\Facades\DB; use Illuminate\Validation\Rules\Password; use Illuminate\Validation\Rules\Unique; @@ -14,31 +16,49 @@ class UserApiController extends ApiController protected $userRepo; protected $fieldsToExpose = [ - 'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id' + 'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id', ]; public function __construct(UserRepo $userRepo) { $this->userRepo = $userRepo; + + // Checks for all endpoints in this controller + $this->middleware(function ($request, $next) { + $this->checkPermission('users-manage'); + $this->preventAccessInDemoMode(); + + return $next($request); + }); } protected function rules(int $userId = null): array { return [ 'create' => [ + 'name' => ['required', 'min:2'], + 'email' => [ + 'required', 'min:2', 'email', new Unique('users', 'email'), + ], + 'external_auth_id' => ['string'], + 'language' => ['string'], + 'password' => [Password::default()], + 'roles' => ['array'], + 'roles.*' => ['integer'], + 'send_invite' => ['boolean'], ], 'update' => [ - 'name' => ['min:2'], + 'name' => ['min:2'], 'email' => [ 'min:2', 'email', - (new Unique('users', 'email'))->ignore($userId ?? null) + (new Unique('users', 'email'))->ignore($userId ?? null), ], 'external_auth_id' => ['string'], - 'language' => ['string'], - 'password' => [Password::default()], - 'roles' => ['array'], - 'roles.*' => ['integer'], + 'language' => ['string'], + 'password' => [Password::default()], + 'roles' => ['array'], + 'roles.*' => ['integer'], ], 'delete' => [ 'migrate_ownership_id' => ['integer', 'exists:users,id'], @@ -52,9 +72,9 @@ class UserApiController extends ApiController */ public function list() { - $this->checkPermission('users-manage'); - - $users = $this->userRepo->getApiUsersBuilder(); + $users = User::query()->select(['*']) + ->scopes('withLastActivityAt') + ->with(['avatar']); return $this->apiListingResponse($users, [ 'id', 'name', 'slug', 'email', 'external_auth_id', @@ -62,14 +82,31 @@ class UserApiController extends ApiController ], [Closure::fromCallable([$this, 'listFormatter'])]); } + /** + * Create a new user in the system. + * Requires permission to manage users. + */ + public function create(Request $request) + { + $data = $this->validate($request, $this->rules()['create']); + $sendInvite = ($data['send_invite'] ?? false) === true; + + $user = null; + DB::transaction(function () use ($data, $sendInvite, &$user) { + $user = $this->userRepo->create($data, $sendInvite); + }); + + $this->singleFormatter($user); + + return response()->json($user); + } + /** * View the details of a single user. * Requires permission to manage users. */ public function read(string $id) { - $this->checkPermission('users-manage'); - $user = $this->userRepo->getById($id); $this->singleFormatter($user); @@ -78,12 +115,12 @@ class UserApiController extends ApiController /** * Update an existing user in the system. - * @throws \BookStack\Exceptions\UserUpdateException + * Requires permission to manage users. + * + * @throws UserUpdateException */ public function update(Request $request, string $id) { - $this->checkPermission('users-manage'); - $data = $this->validate($request, $this->rules($id)['update']); $user = $this->userRepo->getById($id); $this->userRepo->update($user, $data, userCan('users-manage')); @@ -100,8 +137,6 @@ class UserApiController extends ApiController */ public function delete(Request $request, string $id) { - $this->checkPermission('users-manage'); - $user = $this->userRepo->getById($id); $newOwnerId = $request->get('migrate_ownership_id', null);