BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use Illuminate\Http\Request;
   6
   7 use Illuminate\Support\Facades\Hash;
   8 use BookStack\Http\Requests;
   9 use BookStack\Repos\UserRepo;
  10 use BookStack\Services\SocialAuthService;
  11 use BookStack\User;
  12
  13 class UserController extends Controller
  14 {
  15
  16     protected $user;
  17     protected $userRepo;
  18
  19     /**
  20      * UserController constructor.
  21      * @param User     $user
  22      * @param UserRepo $userRepo
  23      */
  24     public function __construct(User $user, UserRepo $userRepo)
  25     {
  26         $this->user = $user;
  27         $this->userRepo = $userRepo;
  28         parent::__construct();
  29     }
  30
  31     /**
  32      * Display a listing of the users.
  33      *
  34      * @return Response
  35      */
  36     public function index()
  37     {
  38         $users = $this->user->all();
  39         $this->setPageTitle('Users');
  40         return view('users/index', ['users' => $users]);
  41     }
  42
  43     /**
  44      * Show the form for creating a new user.
  45      *
  46      * @return Response
  47      */
  48     public function create()
  49     {
  50         $this->checkPermission('user-create');
  51         return view('users/create');
  52     }
  53
  54     /**
  55      * Store a newly created user in storage.
  56      *
  57      * @param  Request $request
  58      * @return Response
  59      */
  60     public function store(Request $request)
  61     {
  62         $this->checkPermission('user-create');
  63         $this->validate($request, [
  64             'name'             => 'required',
  65             'email'            => 'required|email|unique:users,email',
  66             'password'         => 'required|min:5',
  67             'password-confirm' => 'required|same:password',
  68             'role'             => 'required|exists:roles,id'
  69         ]);
  70
  71         $user = $this->user->fill($request->all());
  72         $user->password = bcrypt($request->get('password'));
  73         $user->save();
  74
  75         $user->attachRoleId($request->get('role'));
  76         return redirect('/users');
  77     }
  78
  79
  80     /**
  81      * Show the form for editing the specified user.
  82      *
  83      * @param  int              $id
  84      * @param SocialAuthService $socialAuthService
  85      * @return Response
  86      */
  87     public function edit($id, SocialAuthService $socialAuthService)
  88     {
  89         $this->checkPermissionOr('user-update', function () use ($id) {
  90             return $this->currentUser->id == $id;
  91         });
  92
  93         $user = $this->user->findOrFail($id);
  94         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
  95         $this->setPageTitle('User Profile');
  96         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers]);
  97     }
  98
  99     /**
 100      * Update the specified user in storage.
 101      *
 102      * @param  Request $request
 103      * @param  int     $id
 104      * @return Response
 105      */
 106     public function update(Request $request, $id)
 107     {
 108         $this->checkPermissionOr('user-update', function () use ($id) {
 109             return $this->currentUser->id == $id;
 110         });
 111         $this->validate($request, [
 112             'name'             => 'required',
 113             'email'            => 'required|email|unique:users,email,' . $id,
 114             'password'         => 'min:5',
 115             'password-confirm' => 'same:password',
 116             'role'             => 'exists:roles,id'
 117         ]);
 118
 119         $user = $this->user->findOrFail($id);
 120         $user->fill($request->except('password'));
 121
 122         if ($this->currentUser->can('user-update') && $request->has('role')) {
 123             $user->attachRoleId($request->get('role'));
 124         }
 125
 126         if ($request->has('password') && $request->get('password') != '') {
 127             $password = $request->get('password');
 128             $user->password = bcrypt($password);
 129         }
 130         $user->save();
 131         return redirect('/users');
 132     }
 133
 134     /**
 135      * Show the user delete page.
 136      * @param $id
 137      * @return \Illuminate\View\View
 138      */
 139     public function delete($id)
 140     {
 141         $this->checkPermissionOr('user-delete', function () use ($id) {
 142             return $this->currentUser->id == $id;
 143         });
 144         $user = $this->user->findOrFail($id);
 145         $this->setPageTitle('Delete User ' . $user->name);
 146         return view('users/delete', ['user' => $user]);
 147     }
 148
 149     /**
 150      * Remove the specified user from storage.
 151      *
 152      * @param  int $id
 153      * @return Response
 154      */
 155     public function destroy($id)
 156     {
 157         $this->checkPermissionOr('user-delete', function () use ($id) {
 158             return $this->currentUser->id == $id;
 159         });
 160         $user = $this->userRepo->getById($id);
 161         // Delete social accounts
 162         if($this->userRepo->isOnlyAdmin($user)) {
 163             session()->flash('error', 'You cannot delete the only admin');
 164             return redirect($user->getEditUrl());
 165         }
 166         $user->socialAccounts()->delete();
 167         $user->delete();
 168         return redirect('/users');
 169     }
 170 }