X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/d336ba687460d2bca898e86c12a26224fc36f071..refs/pull/2734/head:/app/Auth/User.php

diff --git a/app/Auth/User.php b/app/Auth/User.php
index 69f424cac..9855ab4e7 100644
--- a/app/Auth/User.php
+++ b/app/Auth/User.php
@@ -1,23 +1,30 @@
 <?php namespace BookStack\Auth;
 
 use BookStack\Api\ApiToken;
+use BookStack\Entities\Tools\SlugGenerator;
+use BookStack\Interfaces\Loggable;
+use BookStack\Interfaces\Sluggable;
 use BookStack\Model;
 use BookStack\Notifications\ResetPassword;
 use BookStack\Uploads\Image;
 use Carbon\Carbon;
+use Exception;
 use Illuminate\Auth\Authenticatable;
 use Illuminate\Auth\Passwords\CanResetPassword;
 use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
 use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;
+use Illuminate\Database\Eloquent\Builder;
+use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\BelongsToMany;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Notifications\Notifiable;
+use Illuminate\Support\Collection;
 
 /**
  * Class User
- * @package BookStack\Auth
  * @property string $id
  * @property string $name
+ * @property string $slug
  * @property string $email
  * @property string $password
  * @property Carbon $created_at
@@ -26,8 +33,9 @@ use Illuminate\Notifications\Notifiable;
  * @property int $image_id
  * @property string $external_auth_id
  * @property string $system_name
+ * @property Collection $roles
  */
-class User extends Model implements AuthenticatableContract, CanResetPasswordContract
+class User extends Model implements AuthenticatableContract, CanResetPasswordContract, Loggable, Sluggable
 {
     use Authenticatable, CanResetPassword, Notifiable;
 
@@ -43,15 +51,20 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
      */
     protected $fillable = ['name', 'email'];
 
+    protected $casts = ['last_activity_at' => 'datetime'];
+
     /**
      * The attributes excluded from the model's JSON form.
      * @var array
      */
-    protected $hidden = ['password', 'remember_token'];
+    protected $hidden = [
+        'password', 'remember_token', 'system_name', 'email_confirmed', 'external_auth_id', 'email',
+        'created_at', 'updated_at', 'image_id',
+    ];
 
     /**
      * This holds the user's permissions when loaded.
-     * @var array
+     * @var ?Collection
      */
     protected $permissions;
 
@@ -63,23 +76,21 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
     /**
      * Returns the default public user.
-     * @return User
      */
-    public static function getDefault()
+    public static function getDefault(): User
     {
         if (!is_null(static::$defaultUser)) {
             return static::$defaultUser;
         }
         
-        static::$defaultUser = static::where('system_name', '=', 'public')->first();
+        static::$defaultUser = static::query()->where('system_name', '=', 'public')->first();
         return static::$defaultUser;
     }
 
     /**
      * Check if the user is the default public user.
-     * @return bool
      */
-    public function isDefault()
+    public function isDefault(): bool
     {
         return $this->system_name === 'public';
     }
@@ -98,78 +109,83 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
     /**
      * Check if the user has a role.
-     * @param $role
-     * @return mixed
      */
-    public function hasRole($role)
+    public function hasRole($roleId): bool
     {
-        return $this->roles->pluck('name')->contains($role);
+        return $this->roles->pluck('id')->contains($roleId);
     }
 
     /**
      * Check if the user has a role.
-     * @param $role
-     * @return mixed
      */
-    public function hasSystemRole($role)
+    public function hasSystemRole(string $roleSystemName): bool
     {
-        return $this->roles->pluck('system_name')->contains($role);
+        return $this->roles->pluck('system_name')->contains($roleSystemName);
     }
 
     /**
-     * Get all permissions belonging to a the current user.
-     * @param bool $cache
-     * @return \Illuminate\Database\Eloquent\Relations\HasManyThrough
+     * Attach the default system role to this user.
      */
-    public function permissions($cache = true)
+    public function attachDefaultRole(): void
     {
-        if (isset($this->permissions) && $cache) {
-            return $this->permissions;
+        $roleId = setting('registration-role');
+        if ($roleId && $this->roles()->where('id', '=', $roleId)->count() === 0) {
+            $this->roles()->attach($roleId);
         }
-        $this->load('roles.permissions');
-        $permissions = $this->roles->map(function ($role) {
-            return $role->permissions;
-        })->flatten()->unique();
-        $this->permissions = $permissions;
-        return $permissions;
     }
 
     /**
      * Check if the user has a particular permission.
-     * @param $permissionName
-     * @return bool
      */
-    public function can($permissionName)
+    public function can(string $permissionName): bool
     {
         if ($this->email === 'guest') {
             return false;
         }
-        return $this->permissions()->pluck('name')->contains($permissionName);
+
+        return $this->permissions()->contains($permissionName);
     }
 
     /**
-     * Attach a role to this user.
-     * @param Role $role
+     * Get all permissions belonging to a the current user.
      */
-    public function attachRole(Role $role)
+    protected function permissions(): Collection
+    {
+        if (isset($this->permissions)) {
+            return $this->permissions;
+        }
+
+        $this->permissions = $this->newQuery()->getConnection()->table('role_user', 'ru')
+            ->select('role_permissions.name as name')->distinct()
+            ->leftJoin('permission_role', 'ru.role_id', '=', 'permission_role.role_id')
+            ->leftJoin('role_permissions', 'permission_role.permission_id', '=', 'role_permissions.id')
+            ->where('ru.user_id', '=', $this->id)
+            ->get()
+            ->pluck('name');
+
+        return $this->permissions;
+    }
+
+    /**
+     * Clear any cached permissions on this instance.
+     */
+    public function clearPermissionCache()
     {
-        $this->attachRoleId($role->id);
+        $this->permissions = null;
     }
 
     /**
-     * Attach a role id to this user.
-     * @param $id
+     * Attach a role to this user.
      */
-    public function attachRoleId($id)
+    public function attachRole(Role $role)
     {
-        $this->roles()->attach($id);
+        $this->roles()->attach($role->id);
     }
 
     /**
      * Get the social account associated with this user.
-     * @return \Illuminate\Database\Eloquent\Relations\HasMany
      */
-    public function socialAccounts()
+    public function socialAccounts(): HasMany
     {
         return $this->hasMany(SocialAccount::class);
     }
@@ -190,11 +206,9 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
     }
 
     /**
-     * Returns the user's avatar,
-     * @param int $size
-     * @return string
+     * Returns a URL to the user's avatar
      */
-    public function getAvatar($size = 50)
+    public function getAvatar(int $size = 50): string
     {
         $default = url('/http/source.bookstackapp.com/user_avatar.png');
         $imageId = $this->image_id;
@@ -204,7 +218,7 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
         try {
             $avatar = $this->avatar ? url($this->avatar->getThumb($size, $size, false)) : $default;
-        } catch (\Exception $err) {
+        } catch (Exception $err) {
             $avatar = $default;
         }
         return $avatar;
@@ -212,9 +226,8 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
 
     /**
      * Get the avatar for the user.
-     * @return \Illuminate\Database\Eloquent\Relations\BelongsTo
      */
-    public function avatar()
+    public function avatar(): BelongsTo
     {
         return $this->belongsTo(Image::class, 'image_id');
     }
@@ -227,6 +240,19 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
         return $this->hasMany(ApiToken::class);
     }
 
+    /**
+     * Get the last activity time for this user.
+     */
+    public function scopeWithLastActivityAt(Builder $query)
+    {
+        $query->addSelect(['activities.created_at as last_activity_at'])
+            ->leftJoinSub(function (\Illuminate\Database\Query\Builder $query) {
+                $query->from('activities')->select('user_id')
+                    ->selectRaw('max(created_at) as created_at')
+                    ->groupBy('user_id');
+            }, 'activities', 'users.id', '=', 'activities.user_id');
+    }
+
     /**
      * Get the url for editing this user.
      */
@@ -241,15 +267,13 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
      */
     public function getProfileUrl(): string
     {
-        return url('/http/source.bookstackapp.com/user/' . $this->id);
+        return url('/http/source.bookstackapp.com/user/' . $this->slug);
     }
 
     /**
      * Get a shortened version of the user's name.
-     * @param int $chars
-     * @return string
      */
-    public function getShortName($chars = 8)
+    public function getShortName(int $chars = 8): string
     {
         if (mb_strlen($this->name) <= $chars) {
             return $this->name;
@@ -272,4 +296,21 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
     {
         $this->notify(new ResetPassword($token));
     }
+
+    /**
+     * @inheritdoc
+     */
+    public function logDescriptor(): string
+    {
+        return "({$this->id}) {$this->name}";
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function refreshSlug(): string
+    {
+        $this->slug = app(SlugGenerator::class)->generate($this);
+        return $this->slug;
+    }
 }