1 <?php namespace BookStack\Http\Controllers;
3 use BookStack\Auth\Access\SocialAuthService;
4 use BookStack\Auth\Access\UserInviteService;
5 use BookStack\Auth\User;
6 use BookStack\Auth\UserRepo;
7 use BookStack\Exceptions\UserUpdateException;
8 use BookStack\Uploads\ImageRepo;
9 use Illuminate\Http\Request;
10 use Illuminate\Http\Response;
11 use Illuminate\Support\Str;
13 class UserController extends Controller
18 protected $inviteService;
22 * UserController constructor.
24 * @param UserRepo $userRepo
25 * @param UserInviteService $inviteService
26 * @param ImageRepo $imageRepo
28 public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)
31 $this->userRepo = $userRepo;
32 $this->inviteService = $inviteService;
33 $this->imageRepo = $imageRepo;
34 parent::__construct();
38 * Display a listing of the users.
39 * @param Request $request
42 public function index(Request $request)
44 $this->checkPermission('users-manage');
46 'order' => $request->get('order', 'asc'),
47 'search' => $request->get('search', ''),
48 'sort' => $request->get('sort', 'name'),
50 $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
51 $this->setPageTitle(trans('settings.users'));
52 $users->appends($listDetails);
53 return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);
57 * Show the form for creating a new user.
60 public function create()
62 $this->checkPermission('users-manage');
63 $authMethod = config('auth.method');
64 $roles = $this->userRepo->getAllRoles();
65 return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);
69 * Store a newly created user in storage.
70 * @param Request $request
72 * @throws UserUpdateException
74 public function store(Request $request)
76 $this->checkPermission('users-manage');
79 'email' => 'required|email|unique:users,email'
82 $authMethod = config('auth.method');
83 $sendInvite = ($request->get('send_invite', 'false') === 'true');
85 if ($authMethod === 'standard' && !$sendInvite) {
86 $validationRules['password'] = 'required|min:6';
87 $validationRules['password-confirm'] = 'required|same:password';
88 } elseif ($authMethod === 'ldap') {
89 $validationRules['external_auth_id'] = 'required';
91 $this->validate($request, $validationRules);
93 $user = $this->user->fill($request->all());
95 if ($authMethod === 'standard') {
96 $user->password = bcrypt($request->get('password', Str::random(32)));
97 } elseif ($authMethod === 'ldap') {
98 $user->external_auth_id = $request->get('external_auth_id');
104 $this->inviteService->sendInvitation($user);
107 if ($request->filled('roles')) {
108 $roles = $request->get('roles');
109 $this->userRepo->setUserRoles($user, $roles);
112 $this->userRepo->downloadAndAssignUserAvatar($user);
114 return redirect('/settings/users');
118 * Show the form for editing the specified user.
120 * @param \BookStack\Auth\Access\SocialAuthService $socialAuthService
123 public function edit($id, SocialAuthService $socialAuthService)
125 $this->checkPermissionOrCurrentUser('users-manage', $id);
127 $user = $this->user->findOrFail($id);
129 $authMethod = ($user->system_name) ? 'system' : config('auth.method');
131 $activeSocialDrivers = $socialAuthService->getActiveDrivers();
132 $this->setPageTitle(trans('settings.user_profile'));
133 $roles = $this->userRepo->getAllRoles();
134 return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
138 * Update the specified user in storage.
139 * @param Request $request
142 * @throws UserUpdateException
143 * @throws \BookStack\Exceptions\ImageUploadException
145 public function update(Request $request, $id)
147 $this->preventAccessForDemoUsers();
148 $this->checkPermissionOrCurrentUser('users-manage', $id);
150 $this->validate($request, [
152 'email' => 'min:2|email|unique:users,email,' . $id,
153 'password' => 'min:6|required_with:password_confirm',
154 'password-confirm' => 'same:password|required_with:password',
155 'setting' => 'array',
156 'profile_image' => $this->imageRepo->getImageValidationRules(),
159 $user = $this->userRepo->getById($id);
160 $user->fill($request->except(['email']));
163 if (userCan('users-manage') && $request->filled('email')) {
164 $user->email = $request->get('email');
168 if (userCan('users-manage') && $request->filled('roles')) {
169 $roles = $request->get('roles');
170 $this->userRepo->setUserRoles($user, $roles);
174 if ($request->filled('password')) {
175 $password = $request->get('password');
176 $user->password = bcrypt($password);
179 // External auth id updates
180 if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
181 $user->external_auth_id = $request->get('external_auth_id');
184 // Save an user-specific settings
185 if ($request->filled('setting')) {
186 foreach ($request->get('setting') as $key => $value) {
187 setting()->putUser($user, $key, $value);
191 // Save profile image if in request
192 if ($request->has('profile_image')) {
193 $imageUpload = $request->file('profile_image');
194 $this->imageRepo->destroyImage($user->avatar);
195 $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
196 $user->image_id = $image->id;
199 // Delete the profile image if set to
200 if ($request->has('profile_image_reset')) {
201 $this->imageRepo->destroyImage($user->avatar);
205 session()->flash('success', trans('settings.users_edit_success'));
207 $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
208 return redirect($redirectUrl);
212 * Show the user delete page.
214 * @return \Illuminate\View\View
216 public function delete($id)
218 $this->checkPermissionOrCurrentUser('users-manage', $id);
220 $user = $this->userRepo->getById($id);
221 $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
222 return view('users.delete', ['user' => $user]);
226 * Remove the specified user from storage.
231 public function destroy($id)
233 $this->preventAccessForDemoUsers();
234 $this->checkPermissionOrCurrentUser('users-manage', $id);
236 $user = $this->userRepo->getById($id);
238 if ($this->userRepo->isOnlyAdmin($user)) {
239 session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
240 return redirect($user->getEditUrl());
243 if ($user->system_name === 'public') {
244 session()->flash('error', trans('errors.users_cannot_delete_guest'));
245 return redirect($user->getEditUrl());
248 $this->userRepo->destroy($user);
249 session()->flash('success', trans('settings.users_delete_success'));
251 return redirect('/settings/users');
255 * Show the user profile page
257 * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
259 public function showProfilePage($id)
261 $user = $this->userRepo->getById($id);
263 $userActivity = $this->userRepo->getActivity($user);
264 $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
265 $assetCounts = $this->userRepo->getAssetCounts($user);
267 return view('users.profile', [
269 'activity' => $userActivity,
270 'recentlyCreated' => $recentlyCreated,
271 'assetCounts' => $assetCounts
276 * Update the user's preferred book-list display setting.
278 * @param Request $request
279 * @return \Illuminate\Http\RedirectResponse
281 public function switchBookView($id, Request $request)
283 return $this->switchViewType($id, $request, 'books');
287 * Update the user's preferred shelf-list display setting.
289 * @param Request $request
290 * @return \Illuminate\Http\RedirectResponse
292 public function switchShelfView($id, Request $request)
294 return $this->switchViewType($id, $request, 'bookshelves');
298 * For a type of list, switch with stored view type for a user.
299 * @param integer $userId
300 * @param Request $request
301 * @param string $listName
302 * @return \Illuminate\Http\RedirectResponse
304 protected function switchViewType($userId, Request $request, string $listName)
306 $this->checkPermissionOrCurrentUser('users-manage', $userId);
308 $viewType = $request->get('view_type');
309 if (!in_array($viewType, ['grid', 'list'])) {
313 $user = $this->userRepo->getById($userId);
314 $key = $listName . '_view_type';
315 setting()->putUser($user, $key, $viewType);
317 return redirect()->back(302, [], "/settings/users/$userId");
321 * Change the stored sort type for a particular view.
323 * @param string $type
324 * @param Request $request
325 * @return \Illuminate\Http\RedirectResponse
327 public function changeSort(string $id, string $type, Request $request)
329 $validSortTypes = ['books', 'bookshelves'];
330 if (!in_array($type, $validSortTypes)) {
331 return redirect()->back(500);
333 return $this->changeListSort($id, $request, $type);
337 * Update the stored section expansion preference for the given user.
340 * @param Request $request
341 * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
343 public function updateExpansionPreference(string $id, string $key, Request $request)
345 $this->checkPermissionOrCurrentUser('users-manage', $id);
346 $keyWhitelist = ['home-details'];
347 if (!in_array($key, $keyWhitelist)) {
348 return response("Invalid key", 500);
351 $newState = $request->get('expand', 'false');
353 $user = $this->user->findOrFail($id);
354 setting()->putUser($user, 'section_expansion#' . $key, $newState);
355 return response("", 204);
359 * Changed the stored preference for a list sort order.
361 * @param Request $request
362 * @param string $listName
363 * @return \Illuminate\Http\RedirectResponse
365 protected function changeListSort(int $userId, Request $request, string $listName)
367 $this->checkPermissionOrCurrentUser('users-manage', $userId);
369 $sort = $request->get('sort');
370 if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {
374 $order = $request->get('order');
375 if (!in_array($order, ['asc', 'desc'])) {
379 $user = $this->user->findOrFail($userId);
380 $sortKey = $listName . '_sort';
381 $orderKey = $listName . '_sort_order';
382 setting()->putUser($user, $sortKey, $sort);
383 setting()->putUser($user, $orderKey, $order);
385 return redirect()->back(302, [], "/settings/users/$userId");
projects / bookstack / blob