BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Auth\Access\SocialAuthService;
   4 use BookStack\Auth\User;
   5 use BookStack\Auth\UserRepo;
   6 use BookStack\Exceptions\UserUpdateException;
   7 use BookStack\Uploads\ImageRepo;
   8 use Illuminate\Http\Request;
   9 use Illuminate\Http\Response;
  10
  11 class UserController extends Controller
  12 {
  13
  14     protected $user;
  15     protected $userRepo;
  16     protected $imageRepo;
  17
  18     /**
  19      * UserController constructor.
  20      * @param User $user
  21      * @param UserRepo $userRepo
  22      * @param ImageRepo $imageRepo
  23      */
  24     public function __construct(User $user, UserRepo $userRepo, ImageRepo $imageRepo)
  25     {
  26         $this->user = $user;
  27         $this->userRepo = $userRepo;
  28         $this->imageRepo = $imageRepo;
  29         parent::__construct();
  30     }
  31
  32     /**
  33      * Display a listing of the users.
  34      * @param Request $request
  35      * @return Response
  36      */
  37     public function index(Request $request)
  38     {
  39         $this->checkPermission('users-manage');
  40         $listDetails = [
  41             'order' => $request->get('order', 'asc'),
  42             'search' => $request->get('search', ''),
  43             'sort' => $request->get('sort', 'name'),
  44         ];
  45         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  46         $this->setPageTitle(trans('settings.users'));
  47         $users->appends($listDetails);
  48         return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);
  49     }
  50
  51     /**
  52      * Show the form for creating a new user.
  53      * @return Response
  54      */
  55     public function create()
  56     {
  57         $this->checkPermission('users-manage');
  58         $authMethod = config('auth.method');
  59         $roles = $this->userRepo->getAllRoles();
  60         return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);
  61     }
  62
  63     /**
  64      * Store a newly created user in storage.
  65      * @param  Request $request
  66      * @return Response
  67      * @throws UserUpdateException
  68      */
  69     public function store(Request $request)
  70     {
  71         $this->checkPermission('users-manage');
  72         $validationRules = [
  73             'name'             => 'required',
  74             'email'            => 'required|email|unique:users,email'
  75         ];
  76
  77         $authMethod = config('auth.method');
  78         if ($authMethod === 'standard') {
  79             $validationRules['password'] = 'required|min:5';
  80             $validationRules['password-confirm'] = 'required|same:password';
  81         } elseif ($authMethod === 'ldap') {
  82             $validationRules['external_auth_id'] = 'required';
  83         }
  84         $this->validate($request, $validationRules);
  85
  86         $user = $this->user->fill($request->all());
  87
  88         if ($authMethod === 'standard') {
  89             $user->password = bcrypt($request->get('password'));
  90         } elseif ($authMethod === 'ldap') {
  91             $user->external_auth_id = $request->get('external_auth_id');
  92         }
  93
  94         $user->save();
  95
  96         if ($request->filled('roles')) {
  97             $roles = $request->get('roles');
  98             $this->userRepo->setUserRoles($user, $roles);
  99         }
 100
 101         // TODO - Check this uses new profile assignment
 102         $this->userRepo->downloadAndAssignUserAvatar($user);
 103
 104         return redirect('/settings/users');
 105     }
 106
 107     /**
 108      * Show the form for editing the specified user.
 109      * @param  int              $id
 110      * @param \BookStack\Auth\Access\SocialAuthService $socialAuthService
 111      * @return Response
 112      */
 113     public function edit($id, SocialAuthService $socialAuthService)
 114     {
 115         $this->checkPermissionOrCurrentUser('users-manage', $id);
 116
 117         $user = $this->user->findOrFail($id);
 118
 119         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 120
 121         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 122         $this->setPageTitle(trans('settings.user_profile'));
 123         $roles = $this->userRepo->getAllRoles();
 124         return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
 125     }
 126
 127     /**
 128      * Update the specified user in storage.
 129      * @param Request $request
 130      * @param int $id
 131      * @return Response
 132      * @throws UserUpdateException
 133      * @throws \BookStack\Exceptions\ImageUploadException
 134      */
 135     public function update(Request $request, $id)
 136     {
 137         $this->preventAccessForDemoUsers();
 138         $this->checkPermissionOrCurrentUser('users-manage', $id);
 139
 140         $this->validate($request, [
 141             'name'             => 'min:2',
 142             'email'            => 'min:2|email|unique:users,email,' . $id,
 143             'password'         => 'min:5|required_with:password_confirm',
 144             'password-confirm' => 'same:password|required_with:password',
 145             'setting'          => 'array',
 146             'profile_image'    => $this->imageRepo->getImageValidationRules(),
 147         ]);
 148
 149         $user = $this->userRepo->getById($id);
 150         $user->fill($request->all());
 151
 152         // Role updates
 153         if (userCan('users-manage') && $request->filled('roles')) {
 154             $roles = $request->get('roles');
 155             $this->userRepo->setUserRoles($user, $roles);
 156         }
 157
 158         // Password updates
 159         if ($request->filled('password')) {
 160             $password = $request->get('password');
 161             $user->password = bcrypt($password);
 162         }
 163
 164         // External auth id updates
 165         if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
 166             $user->external_auth_id = $request->get('external_auth_id');
 167         }
 168
 169         // Save an user-specific settings
 170         if ($request->filled('setting')) {
 171             foreach ($request->get('setting') as $key => $value) {
 172                 setting()->putUser($user, $key, $value);
 173             }
 174         }
 175
 176         // Save profile image if in request
 177         if ($request->has('profile_image')) {
 178             $imageUpload = $request->file('profile_image');
 179             $this->imageRepo->destroyImage($user->avatar);
 180             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
 181             $user->image_id = $image->id;
 182         }
 183
 184         // Delete the profile image if set to
 185         if ($request->has('profile_image_reset')) {
 186             $this->imageRepo->destroyImage($user->avatar);
 187         }
 188
 189         $user->save();
 190         session()->flash('success', trans('settings.users_edit_success'));
 191
 192         $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
 193         return redirect($redirectUrl);
 194     }
 195
 196     /**
 197      * Show the user delete page.
 198      * @param int $id
 199      * @return \Illuminate\View\View
 200      */
 201     public function delete($id)
 202     {
 203         $this->checkPermissionOrCurrentUser('users-manage', $id);
 204
 205         $user = $this->userRepo->getById($id);
 206         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 207         return view('users.delete', ['user' => $user]);
 208     }
 209
 210     /**
 211      * Remove the specified user from storage.
 212      * @param  int $id
 213      * @return Response
 214      * @throws \Exception
 215      */
 216     public function destroy($id)
 217     {
 218         $this->preventAccessForDemoUsers();
 219         $this->checkPermissionOrCurrentUser('users-manage', $id);
 220
 221         $user = $this->userRepo->getById($id);
 222
 223         if ($this->userRepo->isOnlyAdmin($user)) {
 224             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
 225             return redirect($user->getEditUrl());
 226         }
 227
 228         if ($user->system_name === 'public') {
 229             session()->flash('error', trans('errors.users_cannot_delete_guest'));
 230             return redirect($user->getEditUrl());
 231         }
 232
 233         $this->userRepo->destroy($user);
 234         session()->flash('success', trans('settings.users_delete_success'));
 235
 236         return redirect('/settings/users');
 237     }
 238
 239     /**
 240      * Show the user profile page
 241      * @param $id
 242      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 243      */
 244     public function showProfilePage($id)
 245     {
 246         $user = $this->userRepo->getById($id);
 247
 248         $userActivity = $this->userRepo->getActivity($user);
 249         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 250         $assetCounts = $this->userRepo->getAssetCounts($user);
 251
 252         return view('users.profile', [
 253             'user' => $user,
 254             'activity' => $userActivity,
 255             'recentlyCreated' => $recentlyCreated,
 256             'assetCounts' => $assetCounts
 257         ]);
 258     }
 259
 260     /**
 261      * Update the user's preferred book-list display setting.
 262      * @param $id
 263      * @param Request $request
 264      * @return \Illuminate\Http\RedirectResponse
 265      */
 266     public function switchBookView($id, Request $request)
 267     {
 268         return $this->switchViewType($id, $request, 'books');
 269     }
 270
 271     /**
 272      * Update the user's preferred shelf-list display setting.
 273      * @param $id
 274      * @param Request $request
 275      * @return \Illuminate\Http\RedirectResponse
 276      */
 277     public function switchShelfView($id, Request $request)
 278     {
 279         return $this->switchViewType($id, $request, 'bookshelves');
 280     }
 281
 282     /**
 283      * For a type of list, switch with stored view type for a user.
 284      * @param integer $userId
 285      * @param Request $request
 286      * @param string $listName
 287      * @return \Illuminate\Http\RedirectResponse
 288      */
 289     protected function switchViewType($userId, Request $request, string $listName)
 290     {
 291         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 292
 293         $viewType = $request->get('view_type');
 294         if (!in_array($viewType, ['grid', 'list'])) {
 295             $viewType = 'list';
 296         }
 297
 298         $user = $this->userRepo->getById($userId);
 299         $key = $listName . '_view_type';
 300         setting()->putUser($user, $key, $viewType);
 301
 302         return redirect()->back(302, [], "/settings/users/$userId");
 303     }
 304
 305     /**
 306      * Change the stored sort type for a particular view.
 307      * @param string $id
 308      * @param string $type
 309      * @param Request $request
 310      * @return \Illuminate\Http\RedirectResponse
 311      */
 312     public function changeSort(string $id, string $type, Request $request)
 313     {
 314         $validSortTypes = ['books', 'bookshelves'];
 315         if (!in_array($type, $validSortTypes)) {
 316             return redirect()->back(500);
 317         }
 318         return $this->changeListSort($id, $request, $type);
 319     }
 320
 321     /**
 322      * Update the stored section expansion preference for the given user.
 323      * @param string $id
 324      * @param string $key
 325      * @param Request $request
 326      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
 327      */
 328     public function updateExpansionPreference(string $id, string $key, Request $request)
 329     {
 330         $this->checkPermissionOrCurrentUser('users-manage', $id);
 331         $keyWhitelist = ['home-details'];
 332         if (!in_array($key, $keyWhitelist)) {
 333             return response("Invalid key", 500);
 334         }
 335
 336         $newState = $request->get('expand', 'false');
 337
 338         $user = $this->user->findOrFail($id);
 339         setting()->putUser($user, 'section_expansion#' . $key, $newState);
 340         return response("", 204);
 341     }
 342
 343     /**
 344      * Changed the stored preference for a list sort order.
 345      * @param int $userId
 346      * @param Request $request
 347      * @param string $listName
 348      * @return \Illuminate\Http\RedirectResponse
 349      */
 350     protected function changeListSort(int $userId, Request $request, string $listName)
 351     {
 352         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 353
 354         $sort = $request->get('sort');
 355         if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {
 356             $sort = 'name';
 357         }
 358
 359         $order = $request->get('order');
 360         if (!in_array($order, ['asc', 'desc'])) {
 361             $order = 'asc';
 362         }
 363
 364         $user = $this->user->findOrFail($userId);
 365         $sortKey = $listName . '_sort';
 366         $orderKey = $listName . '_sort_order';
 367         setting()->putUser($user, $sortKey, $sort);
 368         setting()->putUser($user, $orderKey, $order);
 369
 370         return redirect()->back(302, [], "/settings/users/$userId");
 371     }
 372
 373 }