BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Auth\Access\SocialAuthService;
   4 use BookStack\Auth\User;
   5 use BookStack\Auth\UserRepo;
   6 use BookStack\Exceptions\UserUpdateException;
   7 use BookStack\Uploads\ImageRepo;
   8 use Illuminate\Http\Request;
   9 use Illuminate\Http\Response;
  10
  11 class UserController extends Controller
  12 {
  13
  14     protected $user;
  15     protected $userRepo;
  16     protected $imageRepo;
  17
  18     /**
  19      * UserController constructor.
  20      * @param User $user
  21      * @param UserRepo $userRepo
  22      * @param ImageRepo $imageRepo
  23      */
  24     public function __construct(User $user, UserRepo $userRepo, ImageRepo $imageRepo)
  25     {
  26         $this->user = $user;
  27         $this->userRepo = $userRepo;
  28         $this->imageRepo = $imageRepo;
  29         parent::__construct();
  30     }
  31
  32     /**
  33      * Display a listing of the users.
  34      * @param Request $request
  35      * @return Response
  36      */
  37     public function index(Request $request)
  38     {
  39         $this->checkPermission('users-manage');
  40         $listDetails = [
  41             'order' => $request->get('order', 'asc'),
  42             'search' => $request->get('search', ''),
  43             'sort' => $request->get('sort', 'name'),
  44         ];
  45         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  46         $this->setPageTitle(trans('settings.users'));
  47         $users->appends($listDetails);
  48         return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);
  49     }
  50
  51     /**
  52      * Show the form for creating a new user.
  53      * @return Response
  54      */
  55     public function create()
  56     {
  57         $this->checkPermission('users-manage');
  58         $authMethod = config('auth.method');
  59         $roles = $this->userRepo->getAllRoles();
  60         return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);
  61     }
  62
  63     /**
  64      * Store a newly created user in storage.
  65      * @param  Request $request
  66      * @return Response
  67      * @throws UserUpdateException
  68      */
  69     public function store(Request $request)
  70     {
  71         $this->checkPermission('users-manage');
  72         $validationRules = [
  73             'name'             => 'required',
  74             'email'            => 'required|email|unique:users,email'
  75         ];
  76
  77         $authMethod = config('auth.method');
  78         if ($authMethod === 'standard') {
  79             $validationRules['password'] = 'required|min:5';
  80             $validationRules['password-confirm'] = 'required|same:password';
  81         } elseif ($authMethod === 'ldap') {
  82             $validationRules['external_auth_id'] = 'required';
  83         }
  84         $this->validate($request, $validationRules);
  85
  86         $user = $this->user->fill($request->all());
  87
  88         if ($authMethod === 'standard') {
  89             $user->password = bcrypt($request->get('password'));
  90         } elseif ($authMethod === 'ldap') {
  91             $user->external_auth_id = $request->get('external_auth_id');
  92         }
  93
  94         $user->save();
  95
  96         if ($request->filled('roles')) {
  97             $roles = $request->get('roles');
  98             $this->userRepo->setUserRoles($user, $roles);
  99         }
 100
 101         $this->userRepo->downloadAndAssignUserAvatar($user);
 102
 103         return redirect('/settings/users');
 104     }
 105
 106     /**
 107      * Show the form for editing the specified user.
 108      * @param  int              $id
 109      * @param \BookStack\Auth\Access\SocialAuthService $socialAuthService
 110      * @return Response
 111      */
 112     public function edit($id, SocialAuthService $socialAuthService)
 113     {
 114         $this->checkPermissionOrCurrentUser('users-manage', $id);
 115
 116         $user = $this->user->findOrFail($id);
 117
 118         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 119
 120         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 121         $this->setPageTitle(trans('settings.user_profile'));
 122         $roles = $this->userRepo->getAllRoles();
 123         return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
 124     }
 125
 126     /**
 127      * Update the specified user in storage.
 128      * @param Request $request
 129      * @param int $id
 130      * @return Response
 131      * @throws UserUpdateException
 132      * @throws \BookStack\Exceptions\ImageUploadException
 133      */
 134     public function update(Request $request, $id)
 135     {
 136         $this->preventAccessForDemoUsers();
 137         $this->checkPermissionOrCurrentUser('users-manage', $id);
 138
 139         $this->validate($request, [
 140             'name'             => 'min:2',
 141             'email'            => 'min:2|email|unique:users,email,' . $id,
 142             'password'         => 'min:5|required_with:password_confirm',
 143             'password-confirm' => 'same:password|required_with:password',
 144             'setting'          => 'array',
 145             'profile_image'    => $this->imageRepo->getImageValidationRules(),
 146         ]);
 147
 148         $user = $this->userRepo->getById($id);
 149         $user->fill($request->all());
 150
 151         // Role updates
 152         if (userCan('users-manage') && $request->filled('roles')) {
 153             $roles = $request->get('roles');
 154             $this->userRepo->setUserRoles($user, $roles);
 155         }
 156
 157         // Password updates
 158         if ($request->filled('password')) {
 159             $password = $request->get('password');
 160             $user->password = bcrypt($password);
 161         }
 162
 163         // External auth id updates
 164         if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
 165             $user->external_auth_id = $request->get('external_auth_id');
 166         }
 167
 168         // Save an user-specific settings
 169         if ($request->filled('setting')) {
 170             foreach ($request->get('setting') as $key => $value) {
 171                 setting()->putUser($user, $key, $value);
 172             }
 173         }
 174
 175         // Save profile image if in request
 176         if ($request->has('profile_image')) {
 177             $imageUpload = $request->file('profile_image');
 178             $this->imageRepo->destroyImage($user->avatar);
 179             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
 180             $user->image_id = $image->id;
 181         }
 182
 183         // Delete the profile image if set to
 184         if ($request->has('profile_image_reset')) {
 185             $this->imageRepo->destroyImage($user->avatar);
 186         }
 187
 188         $user->save();
 189         session()->flash('success', trans('settings.users_edit_success'));
 190
 191         $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
 192         return redirect($redirectUrl);
 193     }
 194
 195     /**
 196      * Show the user delete page.
 197      * @param int $id
 198      * @return \Illuminate\View\View
 199      */
 200     public function delete($id)
 201     {
 202         $this->checkPermissionOrCurrentUser('users-manage', $id);
 203
 204         $user = $this->userRepo->getById($id);
 205         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 206         return view('users.delete', ['user' => $user]);
 207     }
 208
 209     /**
 210      * Remove the specified user from storage.
 211      * @param  int $id
 212      * @return Response
 213      * @throws \Exception
 214      */
 215     public function destroy($id)
 216     {
 217         $this->preventAccessForDemoUsers();
 218         $this->checkPermissionOrCurrentUser('users-manage', $id);
 219
 220         $user = $this->userRepo->getById($id);
 221
 222         if ($this->userRepo->isOnlyAdmin($user)) {
 223             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
 224             return redirect($user->getEditUrl());
 225         }
 226
 227         if ($user->system_name === 'public') {
 228             session()->flash('error', trans('errors.users_cannot_delete_guest'));
 229             return redirect($user->getEditUrl());
 230         }
 231
 232         $this->userRepo->destroy($user);
 233         session()->flash('success', trans('settings.users_delete_success'));
 234
 235         return redirect('/settings/users');
 236     }
 237
 238     /**
 239      * Show the user profile page
 240      * @param $id
 241      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 242      */
 243     public function showProfilePage($id)
 244     {
 245         $user = $this->userRepo->getById($id);
 246
 247         $userActivity = $this->userRepo->getActivity($user);
 248         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 249         $assetCounts = $this->userRepo->getAssetCounts($user);
 250
 251         return view('users.profile', [
 252             'user' => $user,
 253             'activity' => $userActivity,
 254             'recentlyCreated' => $recentlyCreated,
 255             'assetCounts' => $assetCounts
 256         ]);
 257     }
 258
 259     /**
 260      * Update the user's preferred book-list display setting.
 261      * @param $id
 262      * @param Request $request
 263      * @return \Illuminate\Http\RedirectResponse
 264      */
 265     public function switchBookView($id, Request $request)
 266     {
 267         return $this->switchViewType($id, $request, 'books');
 268     }
 269
 270     /**
 271      * Update the user's preferred shelf-list display setting.
 272      * @param $id
 273      * @param Request $request
 274      * @return \Illuminate\Http\RedirectResponse
 275      */
 276     public function switchShelfView($id, Request $request)
 277     {
 278         return $this->switchViewType($id, $request, 'bookshelves');
 279     }
 280
 281     /**
 282      * For a type of list, switch with stored view type for a user.
 283      * @param integer $userId
 284      * @param Request $request
 285      * @param string $listName
 286      * @return \Illuminate\Http\RedirectResponse
 287      */
 288     protected function switchViewType($userId, Request $request, string $listName)
 289     {
 290         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 291
 292         $viewType = $request->get('view_type');
 293         if (!in_array($viewType, ['grid', 'list'])) {
 294             $viewType = 'list';
 295         }
 296
 297         $user = $this->userRepo->getById($userId);
 298         $key = $listName . '_view_type';
 299         setting()->putUser($user, $key, $viewType);
 300
 301         return redirect()->back(302, [], "/settings/users/$userId");
 302     }
 303
 304     /**
 305      * Change the stored sort type for a particular view.
 306      * @param string $id
 307      * @param string $type
 308      * @param Request $request
 309      * @return \Illuminate\Http\RedirectResponse
 310      */
 311     public function changeSort(string $id, string $type, Request $request)
 312     {
 313         $validSortTypes = ['books', 'bookshelves'];
 314         if (!in_array($type, $validSortTypes)) {
 315             return redirect()->back(500);
 316         }
 317         return $this->changeListSort($id, $request, $type);
 318     }
 319
 320     /**
 321      * Update the stored section expansion preference for the given user.
 322      * @param string $id
 323      * @param string $key
 324      * @param Request $request
 325      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
 326      */
 327     public function updateExpansionPreference(string $id, string $key, Request $request)
 328     {
 329         $this->checkPermissionOrCurrentUser('users-manage', $id);
 330         $keyWhitelist = ['home-details'];
 331         if (!in_array($key, $keyWhitelist)) {
 332             return response("Invalid key", 500);
 333         }
 334
 335         $newState = $request->get('expand', 'false');
 336
 337         $user = $this->user->findOrFail($id);
 338         setting()->putUser($user, 'section_expansion#' . $key, $newState);
 339         return response("", 204);
 340     }
 341
 342     /**
 343      * Changed the stored preference for a list sort order.
 344      * @param int $userId
 345      * @param Request $request
 346      * @param string $listName
 347      * @return \Illuminate\Http\RedirectResponse
 348      */
 349     protected function changeListSort(int $userId, Request $request, string $listName)
 350     {
 351         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 352
 353         $sort = $request->get('sort');
 354         if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {
 355             $sort = 'name';
 356         }
 357
 358         $order = $request->get('order');
 359         if (!in_array($order, ['asc', 'desc'])) {
 360             $order = 'asc';
 361         }
 362
 363         $user = $this->user->findOrFail($userId);
 364         $sortKey = $listName . '_sort';
 365         $orderKey = $listName . '_sort_order';
 366         setting()->putUser($user, $sortKey, $sort);
 367         setting()->putUser($user, $orderKey, $order);
 368
 369         return redirect()->back(302, [], "/settings/users/$userId");
 370     }
 371 }