BookStack Code Mirror - bookstack/blob - app/Http/Controllers/RoleController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use BookStack\Auth\Permissions\PermissionsRepo;
   6 use BookStack\Auth\Queries\RolesAllPaginatedAndSorted;
   7 use BookStack\Auth\Role;
   8 use BookStack\Exceptions\PermissionsException;
   9 use BookStack\Util\SimpleListOptions;
  10 use Exception;
  11 use Illuminate\Http\Request;
  12 use Illuminate\Validation\ValidationException;
  13
  14 class RoleController extends Controller
  15 {
  16     protected PermissionsRepo $permissionsRepo;
  17
  18     public function __construct(PermissionsRepo $permissionsRepo)
  19     {
  20         $this->permissionsRepo = $permissionsRepo;
  21     }
  22
  23     /**
  24      * Show a listing of the roles in the system.
  25      */
  26     public function index(Request $request)
  27     {
  28         $this->checkPermission('user-roles-manage');
  29
  30         $listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([
  31             'display_name' => trans('common.sort_name'),
  32             'users_count' => trans('settings.roles_assigned_users'),
  33             'permissions_count' => trans('settings.roles_permissions_provided'),
  34             'created_at' => trans('common.sort_created_at'),
  35             'updated_at' => trans('common.sort_updated_at'),
  36         ]);
  37
  38         $roles = (new RolesAllPaginatedAndSorted())->run(20, $listOptions);
  39         $roles->appends($listOptions->getPaginationAppends());
  40
  41         $this->setPageTitle(trans('settings.roles'));
  42
  43         return view('settings.roles.index', [
  44             'roles'       => $roles,
  45             'listOptions' => $listOptions,
  46         ]);
  47     }
  48
  49     /**
  50      * Show the form to create a new role.
  51      */
  52     public function create(Request $request)
  53     {
  54         $this->checkPermission('user-roles-manage');
  55
  56         /** @var ?Role $role */
  57         $role = null;
  58         if ($request->has('copy_from')) {
  59             $role = Role::query()->find($request->get('copy_from'));
  60         }
  61
  62         if ($role) {
  63             $role->display_name .= ' (' . trans('common.copy') . ')';
  64         }
  65
  66         $this->setPageTitle(trans('settings.role_create'));
  67
  68         return view('settings.roles.create', ['role' => $role]);
  69     }
  70
  71     /**
  72      * Store a new role in the system.
  73      */
  74     public function store(Request $request)
  75     {
  76         $this->checkPermission('user-roles-manage');
  77         $data = $this->validate($request, [
  78             'display_name' => ['required', 'min:3', 'max:180'],
  79             'description'  => ['max:180'],
  80             'external_auth_id' => ['string'],
  81             'permissions'  => ['array'],
  82             'mfa_enforced' => ['string'],
  83         ]);
  84
  85         $data['permissions'] = array_keys($data['permissions'] ?? []);
  86         $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
  87         $this->permissionsRepo->saveNewRole($data);
  88
  89         return redirect('/settings/roles');
  90     }
  91
  92     /**
  93      * Show the form for editing a user role.
  94      */
  95     public function edit(string $id)
  96     {
  97         $this->checkPermission('user-roles-manage');
  98         $role = $this->permissionsRepo->getRoleById($id);
  99
 100         $this->setPageTitle(trans('settings.role_edit'));
 101
 102         return view('settings.roles.edit', ['role' => $role]);
 103     }
 104
 105     /**
 106      * Updates a user role.
 107      */
 108     public function update(Request $request, string $id)
 109     {
 110         $this->checkPermission('user-roles-manage');
 111         $data = $this->validate($request, [
 112             'display_name' => ['required', 'min:3', 'max:180'],
 113             'description'  => ['max:180'],
 114             'external_auth_id' => ['string'],
 115             'permissions'  => ['array'],
 116             'mfa_enforced' => ['string'],
 117         ]);
 118
 119         if (isset($data['permissions'])) {
 120             $data['permissions'] = array_keys($data['permissions']);
 121         }
 122
 123         if (isset($data['mfa_enforced'])) {
 124             $data['mfa_enforced'] = $data['mfa_enforced'] === 'true';
 125         }
 126
 127         $this->permissionsRepo->updateRole($id, $data);
 128
 129         return redirect('/settings/roles');
 130     }
 131
 132     /**
 133      * Show the view to delete a role.
 134      * Offers the chance to migrate users.
 135      */
 136     public function showDelete(string $id)
 137     {
 138         $this->checkPermission('user-roles-manage');
 139         $role = $this->permissionsRepo->getRoleById($id);
 140         $roles = $this->permissionsRepo->getAllRolesExcept($role);
 141         $blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
 142         $roles->prepend($blankRole);
 143
 144         $this->setPageTitle(trans('settings.role_delete'));
 145
 146         return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);
 147     }
 148
 149     /**
 150      * Delete a role from the system,
 151      * Migrate from a previous role if set.
 152      *
 153      * @throws Exception
 154      */
 155     public function delete(Request $request, string $id)
 156     {
 157         $this->checkPermission('user-roles-manage');
 158
 159         try {
 160             $this->permissionsRepo->deleteRole($id, $request->get('migrate_role_id', 0));
 161         } catch (PermissionsException $e) {
 162             $this->showErrorNotification($e->getMessage());
 163
 164             return redirect()->back();
 165         }
 166
 167         return redirect('/settings/roles');
 168     }
 169 }