BookStack Code Mirror - bookstack/blob - app/Users/Controllers/UserAccountController.php

   1 <?php
   2
   3 namespace BookStack\Users\Controllers;
   4
   5 use BookStack\Access\SocialAuthService;
   6 use BookStack\Http\Controller;
   7 use BookStack\Permissions\PermissionApplicator;
   8 use BookStack\Settings\UserNotificationPreferences;
   9 use BookStack\Settings\UserShortcutMap;
  10 use BookStack\Uploads\ImageRepo;
  11 use BookStack\Users\UserRepo;
  12 use Closure;
  13 use Illuminate\Http\Request;
  14 use Illuminate\Validation\Rules\Password;
  15
  16 class UserAccountController extends Controller
  17 {
  18     public function __construct(
  19         protected UserRepo $userRepo,
  20     ) {
  21         $this->middleware(function (Request $request, Closure $next) {
  22             $this->preventGuestAccess();
  23             $this->preventAccessInDemoMode();
  24             return $next($request);
  25         });
  26     }
  27
  28     /**
  29      * Redirect the root my-account path to the main/first category.
  30      * Required as a controller method, instead of the Route::redirect helper,
  31      * to ensure the URL is generated correctly.
  32      */
  33     public function redirect()
  34     {
  35         return redirect('/my-account/profile');
  36     }
  37
  38     /**
  39      * Show the profile form interface.
  40      */
  41     public function showProfile()
  42     {
  43         return view('users.account.profile', [
  44             'model' => user(),
  45             'category' => 'profile',
  46         ]);
  47     }
  48
  49     /**
  50      * Handle the submission of the user profile form.
  51      */
  52     public function updateProfile(Request $request, ImageRepo $imageRepo)
  53     {
  54         $user = user();
  55         $validated = $this->validate($request, [
  56             'name'             => ['min:2', 'max:100'],
  57             'email'            => ['min:2', 'email', 'unique:users,email,' . $user->id],
  58             'language'         => ['string', 'max:15', 'alpha_dash'],
  59             'profile_image'    => array_merge(['nullable'], $this->getImageValidationRules()),
  60         ]);
  61
  62         $this->userRepo->update($user, $validated, userCan('users-manage'));
  63
  64         // Save profile image if in request
  65         if ($request->hasFile('profile_image')) {
  66             $imageUpload = $request->file('profile_image');
  67             $imageRepo->destroyImage($user->avatar);
  68             $image = $imageRepo->saveNew($imageUpload, 'user', $user->id);
  69             $user->image_id = $image->id;
  70             $user->save();
  71         }
  72
  73         // Delete the profile image if reset option is in request
  74         if ($request->has('profile_image_reset')) {
  75             $imageRepo->destroyImage($user->avatar);
  76             $user->image_id = 0;
  77             $user->save();
  78         }
  79
  80         return redirect('/my-account/profile');
  81     }
  82
  83     /**
  84      * Show the user-specific interface shortcuts.
  85      */
  86     public function showShortcuts()
  87     {
  88         $shortcuts = UserShortcutMap::fromUserPreferences();
  89         $enabled = setting()->getForCurrentUser('ui-shortcuts-enabled', false);
  90
  91         $this->setPageTitle(trans('preferences.shortcuts_interface'));
  92
  93         return view('users.account.shortcuts', [
  94             'category' => 'shortcuts',
  95             'shortcuts' => $shortcuts,
  96             'enabled' => $enabled,
  97         ]);
  98     }
  99
 100     /**
 101      * Update the user-specific interface shortcuts.
 102      */
 103     public function updateShortcuts(Request $request)
 104     {
 105         $enabled = $request->get('enabled') === 'true';
 106         $providedShortcuts = $request->get('shortcut', []);
 107         $shortcuts = new UserShortcutMap($providedShortcuts);
 108
 109         setting()->putForCurrentUser('ui-shortcuts', $shortcuts->toJson());
 110         setting()->putForCurrentUser('ui-shortcuts-enabled', $enabled);
 111
 112         $this->showSuccessNotification(trans('preferences.shortcuts_update_success'));
 113
 114         return redirect('/my-account/shortcuts');
 115     }
 116
 117     /**
 118      * Show the notification preferences for the current user.
 119      */
 120     public function showNotifications(PermissionApplicator $permissions)
 121     {
 122         $this->checkPermission('receive-notifications');
 123
 124         $preferences = (new UserNotificationPreferences(user()));
 125
 126         $query = user()->watches()->getQuery();
 127         $query = $permissions->restrictEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');
 128         $query = $permissions->filterDeletedFromEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');
 129         $watches = $query->with('watchable')->paginate(20);
 130
 131         $this->setPageTitle(trans('preferences.notifications'));
 132         return view('users.account.notifications', [
 133             'category' => 'notifications',
 134             'preferences' => $preferences,
 135             'watches' => $watches,
 136         ]);
 137     }
 138
 139     /**
 140      * Update the notification preferences for the current user.
 141      */
 142     public function updateNotifications(Request $request)
 143     {
 144         $this->checkPermission('receive-notifications');
 145         $data = $this->validate($request, [
 146            'preferences' => ['required', 'array'],
 147            'preferences.*' => ['required', 'string'],
 148         ]);
 149
 150         $preferences = (new UserNotificationPreferences(user()));
 151         $preferences->updateFromSettingsArray($data['preferences']);
 152         $this->showSuccessNotification(trans('preferences.notifications_update_success'));
 153
 154         return redirect('/my-account/notifications');
 155     }
 156
 157     /**
 158      * Show the view for the "Access & Security" account options.
 159      */
 160     public function showAuth(SocialAuthService $socialAuthService)
 161     {
 162         $mfaMethods = user()->mfaValues->groupBy('method');
 163
 164         $this->setPageTitle(trans('preferences.auth'));
 165
 166         return view('users.account.auth', [
 167             'category' => 'auth',
 168             'mfaMethods' => $mfaMethods,
 169             'authMethod' => config('auth.method'),
 170             'activeSocialDrivers' => $socialAuthService->getActiveDrivers(),
 171         ]);
 172     }
 173
 174     /**
 175      * Handle the submission for the auth change password form.
 176      */
 177     public function updatePassword(Request $request)
 178     {
 179         if (config('auth.method') !== 'standard') {
 180             $this->showPermissionError();
 181         }
 182
 183         $validated = $this->validate($request, [
 184             'password'         => ['required_with:password_confirm', Password::default()],
 185             'password-confirm' => ['same:password', 'required_with:password'],
 186         ]);
 187
 188         $this->userRepo->update(user(), $validated, false);
 189
 190         $this->showSuccessNotification(trans('preferences.auth_change_password_success'));
 191
 192         return redirect('/my-account/auth');
 193     }
 194 }