]> BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php
Added content to user profile pages
[bookstack] / app / Http / Controllers / UserController.php
1 <?php
2
3 namespace BookStack\Http\Controllers;
4
5 use BookStack\Activity;
6 use Illuminate\Http\Request;
7
8 use Illuminate\Http\Response;
9 use BookStack\Http\Requests;
10 use BookStack\Repos\UserRepo;
11 use BookStack\Services\SocialAuthService;
12 use BookStack\User;
13
14 class UserController extends Controller
15 {
16
17     protected $user;
18     protected $userRepo;
19
20     /**
21      * UserController constructor.
22      * @param User     $user
23      * @param UserRepo $userRepo
24      */
25     public function __construct(User $user, UserRepo $userRepo)
26     {
27         $this->user = $user;
28         $this->userRepo = $userRepo;
29         parent::__construct();
30     }
31
32     /**
33      * Display a listing of the users.
34      * @return Response
35      */
36     public function index()
37     {
38         $users = $this->user->all();
39         $this->setPageTitle('Users');
40         return view('users/index', ['users' => $users]);
41     }
42
43     /**
44      * Show the form for creating a new user.
45      * @return Response
46      */
47     public function create()
48     {
49         $this->checkPermission('user-create');
50         $authMethod = config('auth.method');
51         return view('users/create', ['authMethod' => $authMethod]);
52     }
53
54     /**
55      * Store a newly created user in storage.
56      * @param  Request $request
57      * @return Response
58      */
59     public function store(Request $request)
60     {
61         $this->checkPermission('user-create');
62         $validationRules = [
63             'name'             => 'required',
64             'email'            => 'required|email|unique:users,email',
65             'role'             => 'required|exists:roles,id'
66         ];
67
68         $authMethod = config('auth.method');
69         if ($authMethod === 'standard') {
70             $validationRules['password'] = 'required|min:5';
71             $validationRules['password-confirm'] = 'required|same:password';
72         } elseif ($authMethod === 'ldap') {
73             $validationRules['external_auth_id'] = 'required';
74         }
75         $this->validate($request, $validationRules);
76
77
78         $user = $this->user->fill($request->all());
79
80         if ($authMethod === 'standard') {
81             $user->password = bcrypt($request->get('password'));
82         } elseif ($authMethod === 'ldap') {
83             $user->external_auth_id = $request->get('external_auth_id');
84         }
85
86         $user->save();
87         $user->attachRoleId($request->get('role'));
88
89         // Get avatar from gravatar and save
90         if (!config('services.disable_services')) {
91             $avatar = \Images::saveUserGravatar($user);
92             $user->avatar()->associate($avatar);
93             $user->save();
94         }
95
96         return redirect('/settings/users');
97     }
98
99     /**
100      * Show the form for editing the specified user.
101      * @param  int              $id
102      * @param SocialAuthService $socialAuthService
103      * @return Response
104      */
105     public function edit($id, SocialAuthService $socialAuthService)
106     {
107         $this->checkPermissionOr('user-update', function () use ($id) {
108             return $this->currentUser->id == $id;
109         });
110
111         $authMethod = config('auth.method');
112
113         $user = $this->user->findOrFail($id);
114         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
115         $this->setPageTitle('User Profile');
116         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);
117     }
118
119     /**
120      * Update the specified user in storage.
121      * @param  Request $request
122      * @param  int     $id
123      * @return Response
124      */
125     public function update(Request $request, $id)
126     {
127         $this->preventAccessForDemoUsers();
128         $this->checkPermissionOr('user-update', function () use ($id) {
129             return $this->currentUser->id == $id;
130         });
131
132         $this->validate($request, [
133             'name'             => 'min:2',
134             'email'            => 'min:2|email|unique:users,email,' . $id,
135             'password'         => 'min:5|required_with:password_confirm',
136             'password-confirm' => 'same:password|required_with:password',
137             'role'             => 'exists:roles,id'
138         ], [
139             'password-confirm.required_with' => 'Password confirmation required'
140         ]);
141
142         $user = $this->user->findOrFail($id);
143         $user->fill($request->all());
144
145         // Role updates
146         if ($this->currentUser->can('user-update') && $request->has('role')) {
147             $user->attachRoleId($request->get('role'));
148         }
149
150         // Password updates
151         if ($request->has('password') && $request->get('password') != '') {
152             $password = $request->get('password');
153             $user->password = bcrypt($password);
154         }
155
156         // External auth id updates
157         if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {
158             $user->external_auth_id = $request->get('external_auth_id');
159         }
160
161         $user->save();
162         return redirect('/settings/users');
163     }
164
165     /**
166      * Show the user delete page.
167      * @param $id
168      * @return \Illuminate\View\View
169      */
170     public function delete($id)
171     {
172         $this->checkPermissionOr('user-delete', function () use ($id) {
173             return $this->currentUser->id == $id;
174         });
175
176         $user = $this->user->findOrFail($id);
177         $this->setPageTitle('Delete User ' . $user->name);
178         return view('users/delete', ['user' => $user]);
179     }
180
181     /**
182      * Remove the specified user from storage.
183      * @param  int $id
184      * @return Response
185      */
186     public function destroy($id)
187     {
188         $this->preventAccessForDemoUsers();
189         $this->checkPermissionOr('user-delete', function () use ($id) {
190             return $this->currentUser->id == $id;
191         });
192
193         $user = $this->userRepo->getById($id);
194         if ($this->userRepo->isOnlyAdmin($user)) {
195             session()->flash('error', 'You cannot delete the only admin');
196             return redirect($user->getEditUrl());
197         }
198         $this->userRepo->destroy($user);
199
200         return redirect('/settings/users');
201     }
202
203     /**
204      * Show the user profile page
205      * @param $id
206      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
207      */
208     public function showProfilePage($id)
209     {
210         $user = $this->userRepo->getById($id);
211         $userActivity = $this->userRepo->getActivity($user);
212         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
213         $assetCounts = $this->userRepo->getAssetCounts($user);
214         return view('users/profile', [
215             'user' => $user,
216             'activity' => $userActivity,
217             'recentlyCreated' => $recentlyCreated,
218             'assetCounts' => $assetCounts
219         ]);
220     }
221 }