BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use BookStack\Activity;
   6 use Exception;
   7 use Illuminate\Http\Request;
   8
   9 use Illuminate\Http\Response;
  10 use BookStack\Http\Requests;
  11 use BookStack\Repos\UserRepo;
  12 use BookStack\Services\SocialAuthService;
  13 use BookStack\User;
  14
  15 class UserController extends Controller
  16 {
  17
  18     protected $user;
  19     protected $userRepo;
  20
  21     /**
  22      * UserController constructor.
  23      * @param User     $user
  24      * @param UserRepo $userRepo
  25      */
  26     public function __construct(User $user, UserRepo $userRepo)
  27     {
  28         $this->user = $user;
  29         $this->userRepo = $userRepo;
  30         parent::__construct();
  31     }
  32
  33     /**
  34      * Display a listing of the users.
  35      * @param Request $request
  36      * @return Response
  37      */
  38     public function index(Request $request)
  39     {
  40         $this->checkPermission('users-manage');
  41         $listDetails = [
  42             'order' => $request->has('order') ? $request->get('order') : 'asc',
  43             'search' => $request->has('search') ? $request->get('search') : '',
  44             'sort' => $request->has('sort') ? $request->get('sort') : 'name',
  45         ];
  46         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  47         $this->setPageTitle(trans('settings.users'));
  48         $users->appends($listDetails);
  49         return view('users/index', ['users' => $users, 'listDetails' => $listDetails]);
  50     }
  51
  52     /**
  53      * Show the form for creating a new user.
  54      * @return Response
  55      */
  56     public function create()
  57     {
  58         $this->checkPermission('users-manage');
  59         $authMethod = config('auth.method');
  60         $roles = $this->userRepo->getAllRoles();
  61         return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
  62     }
  63
  64     /**
  65      * Store a newly created user in storage.
  66      * @param  Request $request
  67      * @return Response
  68      */
  69     public function store(Request $request)
  70     {
  71         $this->checkPermission('users-manage');
  72         $validationRules = [
  73             'name'             => 'required',
  74             'email'            => 'required|email|unique:users,email'
  75         ];
  76
  77         $authMethod = config('auth.method');
  78         if ($authMethod === 'standard') {
  79             $validationRules['password'] = 'required|min:5';
  80             $validationRules['password-confirm'] = 'required|same:password';
  81         } elseif ($authMethod === 'ldap') {
  82             $validationRules['external_auth_id'] = 'required';
  83         }
  84         $this->validate($request, $validationRules);
  85
  86         $user = $this->user->fill($request->all());
  87
  88         if ($authMethod === 'standard') {
  89             $user->password = bcrypt($request->get('password'));
  90         } elseif ($authMethod === 'ldap') {
  91             $user->external_auth_id = $request->get('external_auth_id');
  92         }
  93
  94         $user->save();
  95
  96         if ($request->has('roles')) {
  97             $roles = $request->get('roles');
  98             $user->roles()->sync($roles);
  99         }
 100
 101         // Get avatar from gravatar and save
 102         if (!config('services.disable_services')) {
 103             try {
 104                 $avatar = \Images::saveUserGravatar($user);
 105                 $user->avatar()->associate($avatar);
 106                 $user->save();
 107             } catch (Exception $e) {
 108                 \Log::error('Failed to save user gravatar image');
 109             }
 110
 111         }
 112
 113         return redirect('/settings/users');
 114     }
 115
 116     /**
 117      * Show the form for editing the specified user.
 118      * @param  int              $id
 119      * @param SocialAuthService $socialAuthService
 120      * @return Response
 121      */
 122     public function edit($id, SocialAuthService $socialAuthService)
 123     {
 124         $this->checkPermissionOr('users-manage', function () use ($id) {
 125             return $this->currentUser->id == $id;
 126         });
 127
 128         $user = $this->user->findOrFail($id);
 129
 130         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 131
 132         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 133         $this->setPageTitle(trans('settings.user_profile'));
 134         $roles = $this->userRepo->getAllRoles();
 135         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
 136     }
 137
 138     /**
 139      * Update the specified user in storage.
 140      * @param  Request $request
 141      * @param  int     $id
 142      * @return Response
 143      */
 144     public function update(Request $request, $id)
 145     {
 146         $this->preventAccessForDemoUsers();
 147         $this->checkPermissionOr('users-manage', function () use ($id) {
 148             return $this->currentUser->id == $id;
 149         });
 150
 151         $this->validate($request, [
 152             'name'             => 'min:2',
 153             'email'            => 'min:2|email|unique:users,email,' . $id,
 154             'password'         => 'min:5|required_with:password_confirm',
 155             'password-confirm' => 'same:password|required_with:password'
 156         ]);
 157
 158         $user = $this->user->findOrFail($id);
 159         $user->fill($request->all());
 160
 161         // Role updates
 162         if (userCan('users-manage') && $request->has('roles')) {
 163             $roles = $request->get('roles');
 164             $user->roles()->sync($roles);
 165         }
 166
 167         // Password updates
 168         if ($request->has('password') && $request->get('password') != '') {
 169             $password = $request->get('password');
 170             $user->password = bcrypt($password);
 171         }
 172
 173         // External auth id updates
 174         if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
 175             $user->external_auth_id = $request->get('external_auth_id');
 176         }
 177
 178         $user->save();
 179         session()->flash('success', trans('settings.users_edit_success'));
 180
 181         $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
 182         return redirect($redirectUrl);
 183     }
 184
 185     /**
 186      * Show the user delete page.
 187      * @param int $id
 188      * @return \Illuminate\View\View
 189      */
 190     public function delete($id)
 191     {
 192         $this->checkPermissionOr('users-manage', function () use ($id) {
 193             return $this->currentUser->id == $id;
 194         });
 195
 196         $user = $this->user->findOrFail($id);
 197         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 198         return view('users/delete', ['user' => $user]);
 199     }
 200
 201     /**
 202      * Remove the specified user from storage.
 203      * @param  int $id
 204      * @return Response
 205      */
 206     public function destroy($id)
 207     {
 208         $this->preventAccessForDemoUsers();
 209         $this->checkPermissionOr('users-manage', function () use ($id) {
 210             return $this->currentUser->id == $id;
 211         });
 212
 213         $user = $this->userRepo->getById($id);
 214
 215         if ($this->userRepo->isOnlyAdmin($user)) {
 216             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
 217             return redirect($user->getEditUrl());
 218         }
 219
 220         if ($user->system_name === 'public') {
 221             session()->flash('error', trans('errors.users_cannot_delete_guest'));
 222             return redirect($user->getEditUrl());
 223         }
 224
 225         $this->userRepo->destroy($user);
 226         session()->flash('success', trans('settings.users_delete_success'));
 227
 228         return redirect('/settings/users');
 229     }
 230
 231     /**
 232      * Show the user profile page
 233      * @param $id
 234      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 235      */
 236     public function showProfilePage($id)
 237     {
 238         $user = $this->userRepo->getById($id);
 239         $userActivity = $this->userRepo->getActivity($user);
 240         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 241         $assetCounts = $this->userRepo->getAssetCounts($user);
 242         return view('users/profile', [
 243             'user' => $user,
 244             'activity' => $userActivity,
 245             'recentlyCreated' => $recentlyCreated,
 246             'assetCounts' => $assetCounts
 247         ]);
 248     }
 249 }