BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use BookStack\Activity;
   6 use Illuminate\Http\Request;
   7
   8 use Illuminate\Http\Response;
   9 use BookStack\Http\Requests;
  10 use BookStack\Repos\UserRepo;
  11 use BookStack\Services\SocialAuthService;
  12 use BookStack\User;
  13
  14 class UserController extends Controller
  15 {
  16
  17     protected $user;
  18     protected $userRepo;
  19
  20     /**
  21      * UserController constructor.
  22      * @param User     $user
  23      * @param UserRepo $userRepo
  24      */
  25     public function __construct(User $user, UserRepo $userRepo)
  26     {
  27         $this->user = $user;
  28         $this->userRepo = $userRepo;
  29         parent::__construct();
  30     }
  31
  32     /**
  33      * Display a listing of the users.
  34      * @return Response
  35      */
  36     public function index()
  37     {
  38         $this->checkPermission('users-manage');
  39         $users = $this->userRepo->getAllUsers();
  40         $this->setPageTitle('Users');
  41         return view('users/index', ['users' => $users]);
  42     }
  43
  44     /**
  45      * Show the form for creating a new user.
  46      * @return Response
  47      */
  48     public function create()
  49     {
  50         $this->checkPermission('users-manage');
  51         $authMethod = config('auth.method');
  52         return view('users/create', ['authMethod' => $authMethod]);
  53     }
  54
  55     /**
  56      * Store a newly created user in storage.
  57      * @param  Request $request
  58      * @return Response
  59      */
  60     public function store(Request $request)
  61     {
  62         $this->checkPermission('users-manage');
  63         $validationRules = [
  64             'name'             => 'required',
  65             'email'            => 'required|email|unique:users,email'
  66         ];
  67
  68         $authMethod = config('auth.method');
  69         if ($authMethod === 'standard') {
  70             $validationRules['password'] = 'required|min:5';
  71             $validationRules['password-confirm'] = 'required|same:password';
  72         } elseif ($authMethod === 'ldap') {
  73             $validationRules['external_auth_id'] = 'required';
  74         }
  75         $this->validate($request, $validationRules);
  76
  77
  78         $user = $this->user->fill($request->all());
  79
  80         if ($authMethod === 'standard') {
  81             $user->password = bcrypt($request->get('password'));
  82         } elseif ($authMethod === 'ldap') {
  83             $user->external_auth_id = $request->get('external_auth_id');
  84         }
  85
  86         $user->save();
  87
  88         if ($request->has('roles')) {
  89             $roles = $request->get('roles');
  90             $user->roles()->sync($roles);
  91         }
  92
  93         // Get avatar from gravatar and save
  94         if (!config('services.disable_services')) {
  95             $avatar = \Images::saveUserGravatar($user);
  96             $user->avatar()->associate($avatar);
  97             $user->save();
  98         }
  99
 100         return redirect('/settings/users');
 101     }
 102
 103     /**
 104      * Show the form for editing the specified user.
 105      * @param  int              $id
 106      * @param SocialAuthService $socialAuthService
 107      * @return Response
 108      */
 109     public function edit($id, SocialAuthService $socialAuthService)
 110     {
 111         $this->checkPermissionOr('users-manage', function () use ($id) {
 112             return $this->currentUser->id == $id;
 113         });
 114
 115         $authMethod = config('auth.method');
 116
 117         $user = $this->user->findOrFail($id);
 118         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 119         $this->setPageTitle('User Profile');
 120         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);
 121     }
 122
 123     /**
 124      * Update the specified user in storage.
 125      * @param  Request $request
 126      * @param  int     $id
 127      * @return Response
 128      */
 129     public function update(Request $request, $id)
 130     {
 131         $this->preventAccessForDemoUsers();
 132         $this->checkPermissionOr('users-manage', function () use ($id) {
 133             return $this->currentUser->id == $id;
 134         });
 135
 136         $this->validate($request, [
 137             'name'             => 'min:2',
 138             'email'            => 'min:2|email|unique:users,email,' . $id,
 139             'password'         => 'min:5|required_with:password_confirm',
 140             'password-confirm' => 'same:password|required_with:password'
 141         ], [
 142             'password-confirm.required_with' => 'Password confirmation required'
 143         ]);
 144
 145         $user = $this->user->findOrFail($id);
 146         $user->fill($request->all());
 147
 148         // Role updates
 149         if (userCan('users-manage') && $request->has('roles')) {
 150             $roles = $request->get('roles');
 151             $user->roles()->sync($roles);
 152         }
 153
 154         // Password updates
 155         if ($request->has('password') && $request->get('password') != '') {
 156             $password = $request->get('password');
 157             $user->password = bcrypt($password);
 158         }
 159
 160         // External auth id updates
 161         if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
 162             $user->external_auth_id = $request->get('external_auth_id');
 163         }
 164
 165         $user->save();
 166         session()->flash('success', 'User successfully updated');
 167
 168         $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
 169         return redirect($redirectUrl);
 170     }
 171
 172     /**
 173      * Show the user delete page.
 174      * @param $id
 175      * @return \Illuminate\View\View
 176      */
 177     public function delete($id)
 178     {
 179         $this->checkPermissionOr('users-manage', function () use ($id) {
 180             return $this->currentUser->id == $id;
 181         });
 182
 183         $user = $this->user->findOrFail($id);
 184         $this->setPageTitle('Delete User ' . $user->name);
 185         return view('users/delete', ['user' => $user]);
 186     }
 187
 188     /**
 189      * Remove the specified user from storage.
 190      * @param  int $id
 191      * @return Response
 192      */
 193     public function destroy($id)
 194     {
 195         $this->preventAccessForDemoUsers();
 196         $this->checkPermissionOr('users-manage', function () use ($id) {
 197             return $this->currentUser->id == $id;
 198         });
 199
 200         $user = $this->userRepo->getById($id);
 201         if ($this->userRepo->isOnlyAdmin($user)) {
 202             session()->flash('error', 'You cannot delete the only admin');
 203             return redirect($user->getEditUrl());
 204         }
 205         $this->userRepo->destroy($user);
 206
 207         return redirect('/settings/users');
 208     }
 209
 210     /**
 211      * Show the user profile page
 212      * @param $id
 213      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 214      */
 215     public function showProfilePage($id)
 216     {
 217         $user = $this->userRepo->getById($id);
 218         $userActivity = $this->userRepo->getActivity($user);
 219         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 220         $assetCounts = $this->userRepo->getAssetCounts($user);
 221         return view('users/profile', [
 222             'user' => $user,
 223             'activity' => $userActivity,
 224             'recentlyCreated' => $recentlyCreated,
 225             'assetCounts' => $assetCounts
 226         ]);
 227     }
 228 }