X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/3153/head:/app/Auth/UserRepo.php diff --git a/app/Auth/UserRepo.php b/app/Auth/UserRepo.php index 29a0ebc14..ff2e91ee2 100644 --- a/app/Auth/UserRepo.php +++ b/app/Auth/UserRepo.php @@ -1,6 +1,7 @@ -findOrFail($id); } + /** + * Get a user by their slug. + */ + public function getBySlug(string $slug): User + { + return User::query()->where('slug', '=', $slug)->firstOrFail(); + } + /** * Get all the users with their permissions. */ @@ -55,14 +62,18 @@ class UserRepo /** * Get all the users with their permissions in a paginated format. + * Note: Due to the use of email search this should only be used when + * user is assumed to be trusted. (Admin users). + * Email search can be abused to extract email addresses. */ public function getAllUsersPaginatedAndSorted(int $count, array $sortData): LengthAwarePaginator { $sort = $sortData['sort']; $query = User::query()->select(['*']) - ->withLastActivityAt() + ->scopes(['withLastActivityAt']) ->with(['roles', 'avatar']) + ->withCount('mfaValues') ->orderBy($sort, $sortData['order']); if ($sortData['search']) { @@ -76,7 +87,7 @@ class UserRepo return $query->paginate($count); } - /** + /** * Creates a new user and attaches a role to them. */ public function registerNew(array $data, bool $emailConfirmed = false): User @@ -90,6 +101,7 @@ class UserRepo /** * Assign a user to a system-level role. + * * @throws NotFoundException */ public function attachSystemRole(User $user, string $systemRoleName) @@ -120,6 +132,7 @@ class UserRepo /** * Set the assigned user roles via an array of role IDs. + * * @throws UserUpdateException */ public function setUserRoles(User $user, array $roles) @@ -135,7 +148,7 @@ class UserRepo * Check if the given user is the last admin and their new roles no longer * contains the admin role. */ - protected function demotingLastAdmin(User $user, array $newRoles) : bool + protected function demotingLastAdmin(User $user, array $newRoles): bool { if ($this->isOnlyAdmin($user)) { $adminRole = Role::getSystemRole('admin'); @@ -153,33 +166,36 @@ class UserRepo public function create(array $data, bool $emailConfirmed = false): User { $details = [ - 'name' => $data['name'], - 'email' => $data['email'], - 'password' => bcrypt($data['password']), - 'email_confirmed' => $emailConfirmed, + 'name' => $data['name'], + 'email' => $data['email'], + 'password' => bcrypt($data['password']), + 'email_confirmed' => $emailConfirmed, 'external_auth_id' => $data['external_auth_id'] ?? '', ]; - return User::query()->forceCreate($details); + + $user = new User(); + $user->forceFill($details); + $user->refreshSlug(); + $user->save(); + + return $user; } /** * Remove the given user from storage, Delete all related content. + * * @throws Exception */ public function destroy(User $user, ?int $newOwnerId = null) { $user->socialAccounts()->delete(); $user->apiTokens()->delete(); + $user->favourites()->delete(); + $user->mfaValues()->delete(); $user->delete(); - - // Delete user profile images - $profileImages = Image::query()->where('type', '=', 'user') - ->where('uploaded_to', '=', $user->id) - ->get(); - foreach ($profileImages as $image) { - Images::destroy($image); - } + // Delete user profile images + $this->userAvatar->destroyAllForUser($user); if (!empty($newOwnerId)) { $newOwner = User::query()->find($newOwnerId); @@ -194,21 +210,13 @@ class UserRepo */ protected function migrateOwnership(User $fromUser, User $toUser) { - $entities = (new EntityProvider)->all(); + $entities = (new EntityProvider())->all(); foreach ($entities as $instance) { $instance->newQuery()->where('owned_by', '=', $fromUser->id) ->update(['owned_by' => $toUser->id]); } } - /** - * Get the latest activity for a user. - */ - public function getActivity(User $user, int $count = 20, int $page = 0): array - { - return Activity::userActivity($user, $count, $page); - } - /** * Get the recently created content for this given user. */ @@ -235,11 +243,12 @@ class UserRepo public function getAssetCounts(User $user): array { $createdBy = ['created_by' => $user->id]; + return [ - 'pages' => Page::visible()->where($createdBy)->count(), - 'chapters' => Chapter::visible()->where($createdBy)->count(), - 'books' => Book::visible()->where($createdBy)->count(), - 'shelves' => Bookshelf::visible()->where($createdBy)->count(), + 'pages' => Page::visible()->where($createdBy)->count(), + 'chapters' => Chapter::visible()->where($createdBy)->count(), + 'books' => Book::visible()->where($createdBy)->count(), + 'shelves' => Bookshelf::visible()->where($createdBy)->count(), ]; }