3 namespace BookStack\Http\Controllers\Api;
5 use BookStack\Auth\User;
6 use BookStack\Auth\UserRepo;
7 use BookStack\Exceptions\UserUpdateException;
9 use Illuminate\Http\Request;
10 use Illuminate\Support\Facades\DB;
11 use Illuminate\Validation\Rules\Password;
12 use Illuminate\Validation\Rules\Unique;
14 class UserApiController extends ApiController
18 protected $fieldsToExpose = [
19 'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id',
22 public function __construct(UserRepo $userRepo)
24 $this->userRepo = $userRepo;
26 // Checks for all endpoints in this controller
27 $this->middleware(function ($request, $next) {
28 $this->checkPermission('users-manage');
29 $this->preventAccessInDemoMode();
31 return $next($request);
35 protected function rules(int $userId = null): array
39 'name' => ['required', 'min:2', 'max:100'],
41 'required', 'min:2', 'email', new Unique('users', 'email'),
43 'external_auth_id' => ['string'],
44 'language' => ['string', 'max:15', 'alpha_dash'],
45 'password' => [Password::default()],
47 'roles.*' => ['integer'],
48 'send_invite' => ['boolean'],
51 'name' => ['min:2', 'max:100'],
55 (new Unique('users', 'email'))->ignore($userId ?? null),
57 'external_auth_id' => ['string'],
58 'language' => ['string', 'max:15', 'alpha_dash'],
59 'password' => [Password::default()],
61 'roles.*' => ['integer'],
64 'migrate_ownership_id' => ['integer', 'exists:users,id'],
70 * Get a listing of users in the system.
71 * Requires permission to manage users.
73 public function list()
75 $users = User::query()->select(['*'])
76 ->scopes('withLastActivityAt')
79 return $this->apiListingResponse($users, [
80 'id', 'name', 'slug', 'email', 'external_auth_id',
81 'created_at', 'updated_at', 'last_activity_at',
82 ], [Closure::fromCallable([$this, 'listFormatter'])]);
86 * Create a new user in the system.
87 * Requires permission to manage users.
89 public function create(Request $request)
91 $data = $this->validate($request, $this->rules()['create']);
92 $sendInvite = ($data['send_invite'] ?? false) === true;
95 DB::transaction(function () use ($data, $sendInvite, &$user) {
96 $user = $this->userRepo->create($data, $sendInvite);
99 $this->singleFormatter($user);
101 return response()->json($user);
105 * View the details of a single user.
106 * Requires permission to manage users.
108 public function read(string $id)
110 $user = $this->userRepo->getById($id);
111 $this->singleFormatter($user);
113 return response()->json($user);
117 * Update an existing user in the system.
118 * Requires permission to manage users.
120 * @throws UserUpdateException
122 public function update(Request $request, string $id)
124 $data = $this->validate($request, $this->rules($id)['update']);
125 $user = $this->userRepo->getById($id);
126 $this->userRepo->update($user, $data, userCan('users-manage'));
127 $this->singleFormatter($user);
129 return response()->json($user);
133 * Delete a user from the system.
134 * Can optionally accept a user id via `migrate_ownership_id` to indicate
135 * who should be the new owner of their related content.
136 * Requires permission to manage users.
138 public function delete(Request $request, string $id)
140 $user = $this->userRepo->getById($id);
141 $newOwnerId = $request->get('migrate_ownership_id', null);
143 $this->userRepo->destroy($user, $newOwnerId);
145 return response('', 204);
149 * Format the given user model for single-result display.
151 protected function singleFormatter(User $user)
153 $this->listFormatter($user);
154 $user->load('roles:id,display_name');
155 $user->makeVisible(['roles']);
159 * Format the given user model for a listing multi-result display.
161 protected function listFormatter(User $user)
163 $user->makeVisible($this->fieldsToExpose);
164 $user->setAttribute('profile_url', $user->getProfileUrl());
165 $user->setAttribute('edit_url', $user->getEditUrl());
166 $user->setAttribute('avatar_url', $user->getAvatar());
projects / bookstack / blob