BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Auth\Access\SocialAuthService;
   4 use BookStack\Auth\Access\UserInviteService;
   5 use BookStack\Auth\User;
   6 use BookStack\Auth\UserRepo;
   7 use BookStack\Exceptions\UserUpdateException;
   8 use BookStack\Uploads\ImageRepo;
   9 use Illuminate\Http\Request;
  10 use Illuminate\Http\Response;
  11 use Illuminate\Support\Str;
  12
  13 class UserController extends Controller
  14 {
  15
  16     protected $user;
  17     protected $userRepo;
  18     protected $inviteService;
  19     protected $imageRepo;
  20
  21     /**
  22      * UserController constructor.
  23      * @param User $user
  24      * @param UserRepo $userRepo
  25      * @param UserInviteService $inviteService
  26      * @param ImageRepo $imageRepo
  27      */
  28     public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)
  29     {
  30         $this->user = $user;
  31         $this->userRepo = $userRepo;
  32         $this->inviteService = $inviteService;
  33         $this->imageRepo = $imageRepo;
  34         parent::__construct();
  35     }
  36
  37     /**
  38      * Display a listing of the users.
  39      * @param Request $request
  40      * @return Response
  41      */
  42     public function index(Request $request)
  43     {
  44         $this->checkPermission('users-manage');
  45         $listDetails = [
  46             'order' => $request->get('order', 'asc'),
  47             'search' => $request->get('search', ''),
  48             'sort' => $request->get('sort', 'name'),
  49         ];
  50         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  51         $this->setPageTitle(trans('settings.users'));
  52         $users->appends($listDetails);
  53         return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);
  54     }
  55
  56     /**
  57      * Show the form for creating a new user.
  58      * @return Response
  59      */
  60     public function create()
  61     {
  62         $this->checkPermission('users-manage');
  63         $authMethod = config('auth.method');
  64         $roles = $this->userRepo->getAllRoles();
  65         return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);
  66     }
  67
  68     /**
  69      * Store a newly created user in storage.
  70      * @param  Request $request
  71      * @return Response
  72      * @throws UserUpdateException
  73      */
  74     public function store(Request $request)
  75     {
  76         $this->checkPermission('users-manage');
  77         $validationRules = [
  78             'name'             => 'required',
  79             'email'            => 'required|email|unique:users,email'
  80         ];
  81
  82         $authMethod = config('auth.method');
  83         $sendInvite = ($request->get('send_invite', 'false') === 'true');
  84
  85         if ($authMethod === 'standard' && !$sendInvite) {
  86             $validationRules['password'] = 'required|min:6';
  87             $validationRules['password-confirm'] = 'required|same:password';
  88         } elseif ($authMethod === 'ldap') {
  89             $validationRules['external_auth_id'] = 'required';
  90         }
  91         $this->validate($request, $validationRules);
  92
  93         $user = $this->user->fill($request->all());
  94
  95         if ($authMethod === 'standard') {
  96             $user->password = bcrypt($request->get('password', Str::random(32)));
  97         } elseif ($authMethod === 'ldap') {
  98             $user->external_auth_id = $request->get('external_auth_id');
  99         }
 100
 101         $user->save();
 102
 103         if ($sendInvite) {
 104             $this->inviteService->sendInvitation($user);
 105         }
 106
 107         if ($request->filled('roles')) {
 108             $roles = $request->get('roles');
 109             $this->userRepo->setUserRoles($user, $roles);
 110         }
 111
 112         $this->userRepo->downloadAndAssignUserAvatar($user);
 113
 114         return redirect('/settings/users');
 115     }
 116
 117     /**
 118      * Show the form for editing the specified user.
 119      */
 120     public function edit(int $id, SocialAuthService $socialAuthService)
 121     {
 122         $this->checkPermissionOrCurrentUser('users-manage', $id);
 123
 124         $user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id);
 125
 126         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 127
 128         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 129         $this->setPageTitle(trans('settings.user_profile'));
 130         $roles = $this->userRepo->getAllRoles();
 131         return view('users.edit', [
 132             'user' => $user,
 133             'activeSocialDrivers' => $activeSocialDrivers,
 134             'authMethod' => $authMethod,
 135             'roles' => $roles
 136         ]);
 137     }
 138
 139     /**
 140      * Update the specified user in storage.
 141      * @param Request $request
 142      * @param int $id
 143      * @return Response
 144      * @throws UserUpdateException
 145      * @throws \BookStack\Exceptions\ImageUploadException
 146      */
 147     public function update(Request $request, $id)
 148     {
 149         $this->preventAccessInDemoMode();
 150         $this->checkPermissionOrCurrentUser('users-manage', $id);
 151
 152         $this->validate($request, [
 153             'name'             => 'min:2',
 154             'email'            => 'min:2|email|unique:users,email,' . $id,
 155             'password'         => 'min:6|required_with:password_confirm',
 156             'password-confirm' => 'same:password|required_with:password',
 157             'setting'          => 'array',
 158             'profile_image'    => 'nullable|' . $this->getImageValidationRules(),
 159         ]);
 160
 161         $user = $this->userRepo->getById($id);
 162         $user->fill($request->except(['email']));
 163
 164         // Email updates
 165         if (userCan('users-manage') && $request->filled('email')) {
 166             $user->email = $request->get('email');
 167         }
 168
 169         // Role updates
 170         if (userCan('users-manage') && $request->filled('roles')) {
 171             $roles = $request->get('roles');
 172             $this->userRepo->setUserRoles($user, $roles);
 173         }
 174
 175         // Password updates
 176         if ($request->filled('password')) {
 177             $password = $request->get('password');
 178             $user->password = bcrypt($password);
 179         }
 180
 181         // External auth id updates
 182         if (user()->can('users-manage') && $request->filled('external_auth_id')) {
 183             $user->external_auth_id = $request->get('external_auth_id');
 184         }
 185
 186         // Save an user-specific settings
 187         if ($request->filled('setting')) {
 188             foreach ($request->get('setting') as $key => $value) {
 189                 setting()->putUser($user, $key, $value);
 190             }
 191         }
 192
 193         // Save profile image if in request
 194         if ($request->hasFile('profile_image')) {
 195             $imageUpload = $request->file('profile_image');
 196             $this->imageRepo->destroyImage($user->avatar);
 197             $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);
 198             $user->image_id = $image->id;
 199         }
 200
 201         // Delete the profile image if set to
 202         if ($request->has('profile_image_reset')) {
 203             $this->imageRepo->destroyImage($user->avatar);
 204         }
 205
 206         $user->save();
 207         $this->showSuccessNotification(trans('settings.users_edit_success'));
 208
 209         $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);
 210         return redirect($redirectUrl);
 211     }
 212
 213     /**
 214      * Show the user delete page.
 215      * @param int $id
 216      * @return \Illuminate\View\View
 217      */
 218     public function delete($id)
 219     {
 220         $this->checkPermissionOrCurrentUser('users-manage', $id);
 221
 222         $user = $this->userRepo->getById($id);
 223         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 224         return view('users.delete', ['user' => $user]);
 225     }
 226
 227     /**
 228      * Remove the specified user from storage.
 229      * @param  int $id
 230      * @return Response
 231      * @throws \Exception
 232      */
 233     public function destroy($id)
 234     {
 235         $this->preventAccessInDemoMode();
 236         $this->checkPermissionOrCurrentUser('users-manage', $id);
 237
 238         $user = $this->userRepo->getById($id);
 239
 240         if ($this->userRepo->isOnlyAdmin($user)) {
 241             $this->showErrorNotification(trans('errors.users_cannot_delete_only_admin'));
 242             return redirect($user->getEditUrl());
 243         }
 244
 245         if ($user->system_name === 'public') {
 246             $this->showErrorNotification(trans('errors.users_cannot_delete_guest'));
 247             return redirect($user->getEditUrl());
 248         }
 249
 250         $this->userRepo->destroy($user);
 251         $this->showSuccessNotification(trans('settings.users_delete_success'));
 252
 253         return redirect('/settings/users');
 254     }
 255
 256     /**
 257      * Show the user profile page
 258      * @param $id
 259      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 260      */
 261     public function showProfilePage($id)
 262     {
 263         $user = $this->userRepo->getById($id);
 264
 265         $userActivity = $this->userRepo->getActivity($user);
 266         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5);
 267         $assetCounts = $this->userRepo->getAssetCounts($user);
 268
 269         return view('users.profile', [
 270             'user' => $user,
 271             'activity' => $userActivity,
 272             'recentlyCreated' => $recentlyCreated,
 273             'assetCounts' => $assetCounts
 274         ]);
 275     }
 276
 277     /**
 278      * Update the user's preferred book-list display setting.
 279      * @param Request $request
 280      * @param $id
 281      * @return \Illuminate\Http\RedirectResponse
 282      */
 283     public function switchBookView(Request $request, $id)
 284     {
 285         return $this->switchViewType($id, $request, 'books');
 286     }
 287
 288     /**
 289      * Update the user's preferred shelf-list display setting.
 290      * @param Request $request
 291      * @param $id
 292      * @return \Illuminate\Http\RedirectResponse
 293      */
 294     public function switchShelfView(Request $request, $id)
 295     {
 296         return $this->switchViewType($id, $request, 'bookshelves');
 297     }
 298
 299     /**
 300      * For a type of list, switch with stored view type for a user.
 301      * @param integer $userId
 302      * @param Request $request
 303      * @param string $listName
 304      * @return \Illuminate\Http\RedirectResponse
 305      */
 306     protected function switchViewType($userId, Request $request, string $listName)
 307     {
 308         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 309
 310         $viewType = $request->get('view_type');
 311         if (!in_array($viewType, ['grid', 'list'])) {
 312             $viewType = 'list';
 313         }
 314
 315         $user = $this->userRepo->getById($userId);
 316         $key = $listName . '_view_type';
 317         setting()->putUser($user, $key, $viewType);
 318
 319         return redirect()->back(302, [], "/settings/users/$userId");
 320     }
 321
 322     /**
 323      * Change the stored sort type for a particular view.
 324      * @param Request $request
 325      * @param string $id
 326      * @param string $type
 327      * @return \Illuminate\Http\RedirectResponse
 328      */
 329     public function changeSort(Request $request, string $id, string $type)
 330     {
 331         $validSortTypes = ['books', 'bookshelves'];
 332         if (!in_array($type, $validSortTypes)) {
 333             return redirect()->back(500);
 334         }
 335         return $this->changeListSort($id, $request, $type);
 336     }
 337
 338     /**
 339      * Update the stored section expansion preference for the given user.
 340      * @param Request $request
 341      * @param string $id
 342      * @param string $key
 343      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response
 344      */
 345     public function updateExpansionPreference(Request $request, string $id, string $key)
 346     {
 347         $this->checkPermissionOrCurrentUser('users-manage', $id);
 348         $keyWhitelist = ['home-details'];
 349         if (!in_array($key, $keyWhitelist)) {
 350             return response("Invalid key", 500);
 351         }
 352
 353         $newState = $request->get('expand', 'false');
 354
 355         $user = $this->user->findOrFail($id);
 356         setting()->putUser($user, 'section_expansion#' . $key, $newState);
 357         return response("", 204);
 358     }
 359
 360     /**
 361      * Changed the stored preference for a list sort order.
 362      * @param int $userId
 363      * @param Request $request
 364      * @param string $listName
 365      * @return \Illuminate\Http\RedirectResponse
 366      */
 367     protected function changeListSort(int $userId, Request $request, string $listName)
 368     {
 369         $this->checkPermissionOrCurrentUser('users-manage', $userId);
 370
 371         $sort = $request->get('sort');
 372         if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {
 373             $sort = 'name';
 374         }
 375
 376         $order = $request->get('order');
 377         if (!in_array($order, ['asc', 'desc'])) {
 378             $order = 'asc';
 379         }
 380
 381         $user = $this->user->findOrFail($userId);
 382         $sortKey = $listName . '_sort';
 383         $orderKey = $listName . '_sort_order';
 384         setting()->putUser($user, $sortKey, $sort);
 385         setting()->putUser($user, $orderKey, $order);
 386
 387         return redirect()->back(302, [], "/settings/users/$userId");
 388     }
 389 }