BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Actions\ActivityType;
   4 use BookStack\Auth\Access\SocialAuthService;
   5 use BookStack\Auth\Access\UserInviteService;
   6 use BookStack\Auth\User;
   7 use BookStack\Auth\UserRepo;
   8 use BookStack\Exceptions\UserUpdateException;
   9 use BookStack\Uploads\ImageRepo;
  10 use Illuminate\Http\Request;
  11 use Illuminate\Support\Str;
  12
  13 class UserController extends Controller
  14 {
  15
  16     protected $user;
  17     protected $userRepo;
  18     protected $inviteService;
  19     protected $imageRepo;
  20
  21     /**
  22      * UserController constructor.
  23      */
  24     public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)
  25     {
  26         $this->user = $user;
  27         $this->userRepo = $userRepo;
  28         $this->inviteService = $inviteService;
  29         $this->imageRepo = $imageRepo;
  30     }
  31
  32     /**
  33      * Display a listing of the users.
  34      */
  35     public function index(Request $request)
  36     {
  37         $this->checkPermission('users-manage');
  38         $listDetails = [
  39             'order' => $request->get('order', 'asc'),
  40             'search' => $request->get('search', ''),
  41             'sort' => $request->get('sort', 'name'),
  42         ];
  43         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  44         $this->setPageTitle(trans('settings.users'));
  45         $users->appends($listDetails);
  46         return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);
  47     }
  48
  49     /**
  50      * Show the form for creating a new user.
  51      */
  52     public function create()
  53     {
  54         $this->checkPermission('users-manage');
  55         $authMethod = config('auth.method');
  56         $roles = $this->userRepo->getAllRoles();
  57         return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);
  58     }
  59
  60     /**
  61      * Store a newly created user in storage.
  62      * @throws UserUpdateException
  63      * @throws \Illuminate\Validation\ValidationException
  64      */
  65     public function store(Request $request)
  66     {
  67         $this->checkPermission('users-manage');
  68         $validationRules = [
  69             'name'  => 'required',
  70             'email' => 'required|email|unique:users,email'
  71         ];
  72
  73         $authMethod = config('auth.method');
  74         $sendInvite = ($request->get('send_invite', 'false') === 'true');
  75
  76         if ($authMethod === 'standard' && !$sendInvite) {
  77             $validationRules['password'] = 'required|min:6';
  78             $validationRules['password-confirm'] = 'required|same:password';
  79         } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
  80             $validationRules['external_auth_id'] = 'required';
  81         }
  82         $this->validate($request, $validationRules);
  83
  84         $user = $this->user->fill($request->all());
  85
  86         if ($authMethod === 'standard') {
  87             $user->password = bcrypt($request->get('password', Str::random(32)));
  88         } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {
  89             $user->external_auth_id = $request->get('external_auth_id');
  90         }
  91
  92         $user->save();
  93
  94         if ($sendInvite) {
  95             $this->inviteService->sendInvitation($user);
  96         }
  97
  98         if ($request->filled('roles')) {
  99             $roles = $request->get('roles');
 100             $this->userRepo->setUserRoles($user, $roles);
 101         }
 102
 103         $this->userRepo->downloadAndAssignUserAvatar($user);
 104
 105         $this->logActivity(ActivityType::USER_CREATE, $user);
 106         return redirect('/settings/users');
 107     }
 108
 109     /**
 110      * Show the form for editing the specified user.
 111      */
 112     public function edit(int $id, SocialAuthService $socialAuthService)
 113     {
 114         $this->checkPermissionOrCurrentUser('users-manage', $id);
 115
 116         $user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id);
 117
 118         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 119
 120         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 121         $this->setPageTitle(trans('settings.user_profile'));
 122         $roles = $this->userRepo->getAllRoles();
 123         return view('users.edit', [
 124             'user' => $user,
 125             'activeSocialDrivers' => $activeSocialDrivers,
 126             'authMethod' => $authMethod,
 127             'roles' => $roles
 128         ]);
 129     }
 130
 131     /**
 132      * Update the specified user in storage.
 133      * @throws UserUpdateException
 134      * @throws \BookStack\Exceptions\ImageUploadException
 135      * @throws \Illuminate\Validation\ValidationException
 136      */
 137     public function update(Request $request, int $id)
 138     {
 139         $this->preventAccessInDemoMode();
 140         $this->checkPermissionOrCurrentUser('users-manage', $id);
 141
 142         $this->validate($request, [
 143             'name'             => 'min:2',
 144             'email'            => 'min:2|email|unique:users,email,' . $id,
 145             'password'         => 'min:6|required_with:password_confirm',
 146             'password-confirm' => 'same:password|required_with:password',
 147             'setting'          => 'array',
 148             'profile_image'    => 'nullable|' . $this->getImageValidationRules(),
 149         ]);
 150
 151         $user = $this->userRepo->getById($id);
 152         $user->fill($request->except(['email']));
 153
 154         // Email updates
 155         if (userCan('users-manage') && $request->filled('email')) {
 156             $user->email = $request->get('email');
 157         }
 158
 159         // Role updates
 160         if (userCan('users-manage') && $request->filled('roles')) {
 161             $roles = $request->get('roles');
 162             $this->userRepo->setUserRoles($user, $roles);
 163         }
 164
 165         // Password updates
 166         if ($request->filled('password')) {
 167             $password = $request->get('password');
 168             $user->password = bcrypt($password);
 169         }
 170
 171         // External auth id updates
 172         if (user()->can('users-manage') && $request->filled('external_auth_id')) {
 173             $user->external_auth_id = $request->get('external_auth_id');
 174         }
 175
 176         // Save an user-specific settings
 177         if ($request->filled('setting')) {
 178             foreach ($request->get('setting') as $key => $value) {
 179                 setting()->putUser($user, $key, $value);
 180             }
 181         }
 182
 183         // Save profile image if in request
 184         if ($request->hasFile('profile_image')) {
 185             $imageUpload = $request->file('profile_image');
 186             $this->imageRepo->destroyImage($user->avatar);
 187             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
 188             $user->image_id = $image->id;
 189         }
 190
 191         // Delete the profile image if reset option is in request
 192         if ($request->has('profile_image_reset')) {
 193             $this->imageRepo->destroyImage($user->avatar);
 194         }
 195
 196         $user->save();
 197         $this->showSuccessNotification(trans('settings.users_edit_success'));
 198         $this->logActivity(ActivityType::USER_UPDATE, $user);
 199
 200         $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
 201         return redirect($redirectUrl);
 202     }
 203
 204     /**
 205      * Show the user delete page.
 206      */
 207     public function delete(int $id)
 208     {
 209         $this->checkPermissionOrCurrentUser('users-manage', $id);
 210
 211         $user = $this->userRepo->getById($id);
 212         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 213         return view('users.delete', ['user' => $user]);
 214     }
 215
 216     /**
 217      * Remove the specified user from storage.
 218      * @throws \Exception
 219      */
 220     public function destroy(Request $request, int $id)
 221     {
 222         $this->preventAccessInDemoMode();
 223         $this->checkPermissionOrCurrentUser('users-manage', $id);
 224
 225         $user = $this->userRepo->getById($id);
 226         $newOwnerId = $request->get('new_owner_id', null);
 227
 228         if ($this->userRepo->isOnlyAdmin($user)) {
 229             $this->showErrorNotification(trans('errors.users_cannot_delete_only_admin'));
 230             return redirect($user->getEditUrl());
 231         }
 232
 233         if ($user->system_name === 'public') {
 234             $this->showErrorNotification(trans('errors.users_cannot_delete_guest'));
 235             return redirect($user->getEditUrl());
 236         }
 237
 238         $this->userRepo->destroy($user, $newOwnerId);
 239         $this->showSuccessNotification(trans('settings.users_delete_success'));
 240         $this->logActivity(ActivityType::USER_DELETE, $user);
 241
 242         return redirect('/settings/users');
 243     }
 244
 245     /**
 246      * Show the user profile page
 247      */
 248     public function showProfilePage($id)
 249     {
 250         $user = $this->userRepo->getById($id);
 251
 252         $userActivity = $this->userRepo->getActivity($user);
 253         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5);
 254         $assetCounts = $this->userRepo->getAssetCounts($user);
 255
 256         return view('users.profile', [
 257             'user' => $user,
 258             'activity' => $userActivity,
 259             'recentlyCreated' => $recentlyCreated,
 260             'assetCounts' => $assetCounts
 261         ]);
 262     }
 263
 264     /**
 265      * Update the user's preferred book-list display setting.
 266      */
 267     public function switchBooksView(Request $request, int $id)
 268     {
 269         return $this->switchViewType($id, $request, 'books');
 270     }
 271
 272     /**
 273      * Update the user's preferred shelf-list display setting.
 274      */
 275     public function switchShelvesView(Request $request, int $id)
 276     {
 277         return $this->switchViewType($id, $request, 'bookshelves');
 278     }
 279
 280     /**
 281      * Update the user's preferred shelf-view book list display setting.
 282      */
 283     public function switchShelfView(Request $request, int $id)
 284     {
 285         return $this->switchViewType($id, $request, 'bookshelf');
 286     }
 287
 288     /**
 289      * For a type of list, switch with stored view type for a user.
 290      */
 291     protected function switchViewType(int $userId, Request $request, string $listName)
 292     {
 293         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 294
 295         $viewType = $request->get('view_type');
 296         if (!in_array($viewType, ['grid', 'list'])) {
 297             $viewType = 'list';
 298         }
 299
 300         $user = $this->userRepo->getById($userId);
 301         $key = $listName . '_view_type';
 302         setting()->putUser($user, $key, $viewType);
 303
 304         return redirect()->back(302, [], "/settings/users/$userId");
 305     }
 306
 307     /**
 308      * Change the stored sort type for a particular view.
 309      */
 310     public function changeSort(Request $request, string $id, string $type)
 311     {
 312         $validSortTypes = ['books', 'bookshelves'];
 313         if (!in_array($type, $validSortTypes)) {
 314             return redirect()->back(500);
 315         }
 316         return $this->changeListSort($id, $request, $type);
 317     }
 318
 319     /**
 320      * Toggle dark mode for the current user.
 321      */
 322     public function toggleDarkMode()
 323     {
 324         $enabled = setting()->getForCurrentUser('dark-mode-enabled', false);
 325         setting()->putUser(user(), 'dark-mode-enabled', $enabled ? 'false' : 'true');
 326         return redirect()->back();
 327     }
 328
 329     /**
 330      * Update the stored section expansion preference for the given user.
 331      */
 332     public function updateExpansionPreference(Request $request, string $id, string $key)
 333     {
 334         $this->checkPermissionOrCurrentUser('users-manage', $id);
 335         $keyWhitelist = ['home-details'];
 336         if (!in_array($key, $keyWhitelist)) {
 337             return response("Invalid key", 500);
 338         }
 339
 340         $newState = $request->get('expand', 'false');
 341
 342         $user = $this->user->findOrFail($id);
 343         setting()->putUser($user, 'section_expansion#' . $key, $newState);
 344         return response("", 204);
 345     }
 346
 347     /**
 348      * Changed the stored preference for a list sort order.
 349      */
 350     protected function changeListSort(int $userId, Request $request, string $listName)
 351     {
 352         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 353
 354         $sort = $request->get('sort');
 355         if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {
 356             $sort = 'name';
 357         }
 358
 359         $order = $request->get('order');
 360         if (!in_array($order, ['asc', 'desc'])) {
 361             $order = 'asc';
 362         }
 363
 364         $user = $this->user->findOrFail($userId);
 365         $sortKey = $listName . '_sort';
 366         $orderKey = $listName . '_sort_order';
 367         setting()->putUser($user, $sortKey, $sort);
 368         setting()->putUser($user, $orderKey, $order);
 369
 370         return redirect()->back(302, [], "/settings/users/$userId");
 371     }
 372 }