BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Auth\Access\SocialAuthService;
   4 use BookStack\Auth\User;
   5 use BookStack\Auth\UserRepo;
   6 use Illuminate\Http\Request;
   7 use Illuminate\Http\Response;
   8
   9 class UserController extends Controller
  10 {
  11
  12     protected $user;
  13     protected $userRepo;
  14
  15     /**
  16      * UserController constructor.
  17      * @param User     $user
  18      * @param \BookStack\Auth\UserRepo $userRepo
  19      */
  20     public function __construct(User $user, UserRepo $userRepo)
  21     {
  22         $this->user = $user;
  23         $this->userRepo = $userRepo;
  24         parent::__construct();
  25     }
  26
  27     /**
  28      * Display a listing of the users.
  29      * @param Request $request
  30      * @return Response
  31      */
  32     public function index(Request $request)
  33     {
  34         $this->checkPermission('users-manage');
  35         $listDetails = [
  36             'order' => $request->get('order', 'asc'),
  37             'search' => $request->get('search', ''),
  38             'sort' => $request->get('sort', 'name'),
  39         ];
  40         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  41         $this->setPageTitle(trans('settings.users'));
  42         $users->appends($listDetails);
  43         return view('users/index', ['users' => $users, 'listDetails' => $listDetails]);
  44     }
  45
  46     /**
  47      * Show the form for creating a new user.
  48      * @return Response
  49      */
  50     public function create()
  51     {
  52         $this->checkPermission('users-manage');
  53         $authMethod = config('auth.method');
  54         $roles = $this->userRepo->getAllRoles();
  55         return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
  56     }
  57
  58     /**
  59      * Store a newly created user in storage.
  60      * @param  Request $request
  61      * @return Response
  62      */
  63     public function store(Request $request)
  64     {
  65         $this->checkPermission('users-manage');
  66         $validationRules = [
  67             'name'             => 'required',
  68             'email'            => 'required|email|unique:users,email'
  69         ];
  70
  71         $authMethod = config('auth.method');
  72         if ($authMethod === 'standard') {
  73             $validationRules['password'] = 'required|min:5';
  74             $validationRules['password-confirm'] = 'required|same:password';
  75         } elseif ($authMethod === 'ldap') {
  76             $validationRules['external_auth_id'] = 'required';
  77         }
  78         $this->validate($request, $validationRules);
  79
  80         $user = $this->user->fill($request->all());
  81
  82         if ($authMethod === 'standard') {
  83             $user->password = bcrypt($request->get('password'));
  84         } elseif ($authMethod === 'ldap') {
  85             $user->external_auth_id = $request->get('external_auth_id');
  86         }
  87
  88         $user->save();
  89
  90         if ($request->filled('roles')) {
  91             $roles = $request->get('roles');
  92             $user->roles()->sync($roles);
  93         }
  94
  95         $this->userRepo->downloadGravatarToUserAvatar($user);
  96
  97         return redirect('/settings/users');
  98     }
  99
 100     /**
 101      * Show the form for editing the specified user.
 102      * @param  int              $id
 103      * @param \BookStack\Auth\Access\SocialAuthService $socialAuthService
 104      * @return Response
 105      */
 106     public function edit($id, SocialAuthService $socialAuthService)
 107     {
 108         $this->checkPermissionOr('users-manage', function () use ($id) {
 109             return $this->currentUser->id == $id;
 110         });
 111
 112         $user = $this->user->findOrFail($id);
 113
 114         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 115
 116         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 117         $this->setPageTitle(trans('settings.user_profile'));
 118         $roles = $this->userRepo->getAllRoles();
 119         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
 120     }
 121
 122     /**
 123      * Update the specified user in storage.
 124      * @param  Request $request
 125      * @param  int     $id
 126      * @return Response
 127      */
 128     public function update(Request $request, $id)
 129     {
 130         $this->preventAccessForDemoUsers();
 131         $this->checkPermissionOr('users-manage', function () use ($id) {
 132             return $this->currentUser->id == $id;
 133         });
 134
 135         $this->validate($request, [
 136             'name'             => 'min:2',
 137             'email'            => 'min:2|email|unique:users,email,' . $id,
 138             'password'         => 'min:5|required_with:password_confirm',
 139             'password-confirm' => 'same:password|required_with:password',
 140             'setting'          => 'array'
 141         ]);
 142
 143         $user = $this->user->findOrFail($id);
 144         $user->fill($request->all());
 145
 146         // Role updates
 147         if (userCan('users-manage') && $request->filled('roles')) {
 148             $roles = $request->get('roles');
 149             $user->roles()->sync($roles);
 150         }
 151
 152         // Password updates
 153         if ($request->filled('password')) {
 154             $password = $request->get('password');
 155             $user->password = bcrypt($password);
 156         }
 157
 158         // External auth id updates
 159         if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
 160             $user->external_auth_id = $request->get('external_auth_id');
 161         }
 162
 163         // Save an user-specific settings
 164         if ($request->filled('setting')) {
 165             foreach ($request->get('setting') as $key => $value) {
 166                 setting()->putUser($user, $key, $value);
 167             }
 168         }
 169
 170         $user->save();
 171         session()->flash('success', trans('settings.users_edit_success'));
 172
 173         $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
 174         return redirect($redirectUrl);
 175     }
 176
 177     /**
 178      * Show the user delete page.
 179      * @param int $id
 180      * @return \Illuminate\View\View
 181      */
 182     public function delete($id)
 183     {
 184         $this->checkPermissionOr('users-manage', function () use ($id) {
 185             return $this->currentUser->id == $id;
 186         });
 187
 188         $user = $this->user->findOrFail($id);
 189         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 190         return view('users/delete', ['user' => $user]);
 191     }
 192
 193     /**
 194      * Remove the specified user from storage.
 195      * @param  int $id
 196      * @return Response
 197      */
 198     public function destroy($id)
 199     {
 200         $this->preventAccessForDemoUsers();
 201         $this->checkPermissionOr('users-manage', function () use ($id) {
 202             return $this->currentUser->id == $id;
 203         });
 204
 205         $user = $this->userRepo->getById($id);
 206
 207         if ($this->userRepo->isOnlyAdmin($user)) {
 208             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
 209             return redirect($user->getEditUrl());
 210         }
 211
 212         if ($user->system_name === 'public') {
 213             session()->flash('error', trans('errors.users_cannot_delete_guest'));
 214             return redirect($user->getEditUrl());
 215         }
 216
 217         $this->userRepo->destroy($user);
 218         session()->flash('success', trans('settings.users_delete_success'));
 219
 220         return redirect('/settings/users');
 221     }
 222
 223     /**
 224      * Show the user profile page
 225      * @param $id
 226      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 227      */
 228     public function showProfilePage($id)
 229     {
 230         $user = $this->userRepo->getById($id);
 231         $userActivity = $this->userRepo->getActivity($user);
 232         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 233         $assetCounts = $this->userRepo->getAssetCounts($user);
 234         return view('users/profile', [
 235             'user' => $user,
 236             'activity' => $userActivity,
 237             'recentlyCreated' => $recentlyCreated,
 238             'assetCounts' => $assetCounts
 239         ]);
 240     }
 241
 242     /**
 243      * Update the user's preferred book-list display setting.
 244      * @param $id
 245      * @param Request $request
 246      * @return \Illuminate\Http\RedirectResponse
 247      */
 248     public function switchBookView($id, Request $request)
 249     {
 250         return $this->switchViewType($id, $request, 'books');
 251     }
 252
 253     /**
 254      * Update the user's preferred shelf-list display setting.
 255      * @param $id
 256      * @param Request $request
 257      * @return \Illuminate\Http\RedirectResponse
 258      */
 259     public function switchShelfView($id, Request $request)
 260     {
 261         return $this->switchViewType($id, $request, 'bookshelves');
 262     }
 263
 264     /**
 265      * For a type of list, switch with stored view type for a user.
 266      * @param integer $userId
 267      * @param Request $request
 268      * @param string $listName
 269      * @return \Illuminate\Http\RedirectResponse
 270      */
 271     protected function switchViewType($userId, Request $request, string $listName)
 272     {
 273         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 274
 275         $viewType = $request->get('view_type');
 276         if (!in_array($viewType, ['grid', 'list'])) {
 277             $viewType = 'list';
 278         }
 279
 280         $user = $this->user->findOrFail($userId);
 281         $key = $listName . '_view_type';
 282         setting()->putUser($user, $key, $viewType);
 283
 284         return redirect()->back(302, [], "/settings/users/$userId");
 285     }
 286
 287     /**
 288      * Change the stored sort type for the books view.
 289      * @param $id
 290      * @param Request $request
 291      * @return \Illuminate\Http\RedirectResponse
 292      */
 293     public function changeBooksSort($id, Request $request)
 294     {
 295         // TODO - Test this endpoint
 296         return $this->changeListSort($id, $request, 'books');
 297     }
 298
 299     /**
 300      * Changed the stored preference for a list sort order.
 301      * @param int $userId
 302      * @param Request $request
 303      * @param string $listName
 304      * @return \Illuminate\Http\RedirectResponse
 305      */
 306     protected function changeListSort(int $userId, Request $request, string $listName)
 307     {
 308         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 309
 310         $sort = $request->get('sort');
 311         if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {
 312             $sort = 'name';
 313         }
 314
 315         $order = $request->get('order');
 316         if (!in_array($order, ['asc', 'desc'])) {
 317             $order = 'asc';
 318         }
 319
 320         $user = $this->user->findOrFail($userId);
 321         $sortKey = $listName . '_sort';
 322         $orderKey = $listName . '_sort_order';
 323         setting()->putUser($user, $sortKey, $sort);
 324         setting()->putUser($user, $orderKey, $order);
 325
 326         return redirect()->back(302, [], "/settings/users/$userId");
 327     }
 328
 329 }