X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a868012048215d9ad080eee3e7bd66cfe9b1beaf..refs/pull/4726/head:/app/Users/Controllers/UserAccountController.php

diff --git a/app/Users/Controllers/UserAccountController.php b/app/Users/Controllers/UserAccountController.php
index 3dd13b851..708a91e9d 100644
--- a/app/Users/Controllers/UserAccountController.php
+++ b/app/Users/Controllers/UserAccountController.php
@@ -2,11 +2,12 @@
 
 namespace BookStack\Users\Controllers;
 
-use BookStack\Access\SocialAuthService;
+use BookStack\Access\SocialDriverManager;
 use BookStack\Http\Controller;
 use BookStack\Permissions\PermissionApplicator;
 use BookStack\Settings\UserNotificationPreferences;
 use BookStack\Settings\UserShortcutMap;
+use BookStack\Uploads\ImageRepo;
 use BookStack\Users\UserRepo;
 use Closure;
 use Illuminate\Http\Request;
@@ -24,15 +25,62 @@ class UserAccountController extends Controller
     }
 
     /**
-     * Show the overview for user preferences.
+     * Redirect the root my-account path to the main/first category.
+     * Required as a controller method, instead of the Route::redirect helper,
+     * to ensure the URL is generated correctly.
      */
-    public function index()
+    public function redirect()
     {
-        $mfaMethods = user()->mfaValues->groupBy('method');
+        return redirect('/my-account/profile');
+    }
 
-        return view('users.account.index', [
-            'mfaMethods' => $mfaMethods,
+    /**
+     * Show the profile form interface.
+     */
+    public function showProfile()
+    {
+        $this->setPageTitle(trans('preferences.profile'));
+
+        return view('users.account.profile', [
+            'model' => user(),
+            'category' => 'profile',
+        ]);
+    }
+
+    /**
+     * Handle the submission of the user profile form.
+     */
+    public function updateProfile(Request $request, ImageRepo $imageRepo)
+    {
+        $this->preventAccessInDemoMode();
+
+        $user = user();
+        $validated = $this->validate($request, [
+            'name'             => ['min:2', 'max:100'],
+            'email'            => ['min:2', 'email', 'unique:users,email,' . $user->id],
+            'language'         => ['string', 'max:15', 'alpha_dash'],
+            'profile_image'    => array_merge(['nullable'], $this->getImageValidationRules()),
         ]);
+
+        $this->userRepo->update($user, $validated, userCan('users-manage'));
+
+        // Save profile image if in request
+        if ($request->hasFile('profile_image')) {
+            $imageUpload = $request->file('profile_image');
+            $imageRepo->destroyImage($user->avatar);
+            $image = $imageRepo->saveNew($imageUpload, 'user', $user->id);
+            $user->image_id = $image->id;
+            $user->save();
+        }
+
+        // Delete the profile image if reset option is in request
+        if ($request->has('profile_image_reset')) {
+            $imageRepo->destroyImage($user->avatar);
+            $user->image_id = 0;
+            $user->save();
+        }
+
+        return redirect('/my-account/profile');
     }
 
     /**
@@ -96,6 +144,7 @@ class UserAccountController extends Controller
      */
     public function updateNotifications(Request $request)
     {
+        $this->preventAccessInDemoMode();
         $this->checkPermission('receive-notifications');
         $data = $this->validate($request, [
            'preferences' => ['required', 'array'],
@@ -112,9 +161,9 @@ class UserAccountController extends Controller
     /**
      * Show the view for the "Access & Security" account options.
      */
-    public function showAuth(SocialAuthService $socialAuthService)
+    public function showAuth(SocialDriverManager $socialDriverManager)
     {
-        $mfaMethods = user()->mfaValues->groupBy('method');
+        $mfaMethods = user()->mfaValues()->get()->groupBy('method');
 
         $this->setPageTitle(trans('preferences.auth'));
 
@@ -122,7 +171,7 @@ class UserAccountController extends Controller
             'category' => 'auth',
             'mfaMethods' => $mfaMethods,
             'authMethod' => config('auth.method'),
-            'activeSocialDrivers' => $socialAuthService->getActiveDrivers(),
+            'activeSocialDrivers' => $socialDriverManager->getActive(),
         ]);
     }
 
@@ -131,6 +180,8 @@ class UserAccountController extends Controller
      */
     public function updatePassword(Request $request)
     {
+        $this->preventAccessInDemoMode();
+
         if (config('auth.method') !== 'standard') {
             $this->showPermissionError();
         }
@@ -146,4 +197,31 @@ class UserAccountController extends Controller
 
         return redirect('/my-account/auth');
     }
+
+    /**
+     * Show the user self-delete page.
+     */
+    public function delete()
+    {
+        $this->setPageTitle(trans('preferences.delete_my_account'));
+
+        return view('users.account.delete', [
+            'category' => 'profile',
+        ]);
+    }
+
+    /**
+     * Remove the current user from the system.
+     */
+    public function destroy(Request $request)
+    {
+        $this->preventAccessInDemoMode();
+
+        $requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;
+        $newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null;
+
+        $this->userRepo->destroy(user(), $newOwnerId);
+
+        return redirect('/');
+    }
 }