BookStack Code Mirror - bookstack/blob - app/Http/Controllers/RoleController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use BookStack\Auth\Permissions\PermissionsRepo;
   6 use BookStack\Auth\Queries\RolesAllPaginatedAndSorted;
   7 use BookStack\Auth\Role;
   8 use BookStack\Exceptions\PermissionsException;
   9 use BookStack\Util\SimpleListOptions;
  10 use Exception;
  11 use Illuminate\Http\Request;
  12 use Illuminate\Validation\ValidationException;
  13
  14 class RoleController extends Controller
  15 {
  16     protected PermissionsRepo $permissionsRepo;
  17
  18     public function __construct(PermissionsRepo $permissionsRepo)
  19     {
  20         $this->permissionsRepo = $permissionsRepo;
  21     }
  22
  23     /**
  24      * Show a listing of the roles in the system.
  25      */
  26     public function index(Request $request)
  27     {
  28         $this->checkPermission('user-roles-manage');
  29
  30         $listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([
  31             'display_name' => trans('common.sort_name'),
  32             'users_count' => trans('settings.roles_assigned_users'),
  33             'permissions_count' => trans('settings.roles_permissions_provided'),
  34             'created_at' => trans('common.sort_created_at'),
  35             'updated_at' => trans('common.sort_updated_at'),
  36         ]);
  37
  38         $roles = (new RolesAllPaginatedAndSorted())->run(20, $listOptions);
  39         $roles->appends($listOptions->getPaginationAppends());
  40
  41         $this->setPageTitle(trans('settings.roles'));
  42
  43         return view('settings.roles.index', [
  44             'roles'       => $roles,
  45             'listOptions' => $listOptions,
  46         ]);
  47     }
  48
  49     /**
  50      * Show the form to create a new role.
  51      */
  52     public function create(Request $request)
  53     {
  54         $this->checkPermission('user-roles-manage');
  55
  56         /** @var ?Role $role */
  57         $role = null;
  58         if ($request->has('copy_from')) {
  59             $role = Role::query()->find($request->get('copy_from'));
  60         }
  61
  62         if ($role) {
  63             $role->display_name .= ' (' . trans('common.copy') . ')';
  64         }
  65
  66         $this->setPageTitle(trans('settings.role_create'));
  67
  68         return view('settings.roles.create', ['role' => $role]);
  69     }
  70
  71     /**
  72      * Store a new role in the system.
  73      */
  74     public function store(Request $request)
  75     {
  76         $this->checkPermission('user-roles-manage');
  77         $data = $this->validate($request, [
  78             'display_name' => ['required', 'min:3', 'max:180'],
  79             'description'  => ['max:180'],
  80             'external_auth_id' => ['string'],
  81             'permissions'  => ['array'],
  82             'mfa_enforced' => ['string'],
  83         ]);
  84
  85         $data['permissions'] = array_keys($data['permissions'] ?? []);
  86         $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
  87         $this->permissionsRepo->saveNewRole($data);
  88
  89         return redirect('/settings/roles');
  90     }
  91
  92     /**
  93      * Show the form for editing a user role.
  94      */
  95     public function edit(string $id)
  96     {
  97         $this->checkPermission('user-roles-manage');
  98         $role = $this->permissionsRepo->getRoleById($id);
  99
 100         $this->setPageTitle(trans('settings.role_edit'));
 101
 102         return view('settings.roles.edit', ['role' => $role]);
 103     }
 104
 105     /**
 106      * Updates a user role.
 107      */
 108     public function update(Request $request, string $id)
 109     {
 110         $this->checkPermission('user-roles-manage');
 111         $data = $this->validate($request, [
 112             'display_name' => ['required', 'min:3', 'max:180'],
 113             'description'  => ['max:180'],
 114             'external_auth_id' => ['string'],
 115             'permissions'  => ['array'],
 116             'mfa_enforced' => ['string'],
 117         ]);
 118
 119         $data['permissions'] = array_keys($data['permissions'] ?? []);
 120         $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
 121         $this->permissionsRepo->updateRole($id, $data);
 122
 123         return redirect('/settings/roles');
 124     }
 125
 126     /**
 127      * Show the view to delete a role.
 128      * Offers the chance to migrate users.
 129      */
 130     public function showDelete(string $id)
 131     {
 132         $this->checkPermission('user-roles-manage');
 133         $role = $this->permissionsRepo->getRoleById($id);
 134         $roles = $this->permissionsRepo->getAllRolesExcept($role);
 135         $blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
 136         $roles->prepend($blankRole);
 137
 138         $this->setPageTitle(trans('settings.role_delete'));
 139
 140         return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);
 141     }
 142
 143     /**
 144      * Delete a role from the system,
 145      * Migrate from a previous role if set.
 146      *
 147      * @throws Exception
 148      */
 149     public function delete(Request $request, string $id)
 150     {
 151         $this->checkPermission('user-roles-manage');
 152
 153         try {
 154             $migrateRoleId = intval($request->get('migrate_role_id') ?: "0");
 155             $this->permissionsRepo->deleteRole($id, $migrateRoleId);
 156         } catch (PermissionsException $e) {
 157             $this->showErrorNotification($e->getMessage());
 158
 159             return redirect()->back();
 160         }
 161
 162         return redirect('/settings/roles');
 163     }
 164 }