BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use Exception;
   4 use Illuminate\Http\Request;
   5 use Illuminate\Http\Response;
   6 use BookStack\Repos\UserRepo;
   7 use BookStack\Services\SocialAuthService;
   8 use BookStack\User;
   9
  10 class UserController extends Controller
  11 {
  12
  13     protected $user;
  14     protected $userRepo;
  15
  16     /**
  17      * UserController constructor.
  18      * @param User     $user
  19      * @param UserRepo $userRepo
  20      */
  21     public function __construct(User $user, UserRepo $userRepo)
  22     {
  23         $this->user = $user;
  24         $this->userRepo = $userRepo;
  25         parent::__construct();
  26     }
  27
  28     /**
  29      * Display a listing of the users.
  30      * @param Request $request
  31      * @return Response
  32      */
  33     public function index(Request $request)
  34     {
  35         $this->checkPermission('users-manage');
  36         $listDetails = [
  37             'order' => $request->get('order', 'asc'),
  38             'search' => $request->get('search', ''),
  39             'sort' => $request->get('sort', 'name'),
  40         ];
  41         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  42         $this->setPageTitle(trans('settings.users'));
  43         $users->appends($listDetails);
  44         return view('users/index', ['users' => $users, 'listDetails' => $listDetails]);
  45     }
  46
  47     /**
  48      * Show the form for creating a new user.
  49      * @return Response
  50      */
  51     public function create()
  52     {
  53         $this->checkPermission('users-manage');
  54         $authMethod = config('auth.method');
  55         $roles = $this->userRepo->getAllRoles();
  56         return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
  57     }
  58
  59     /**
  60      * Store a newly created user in storage.
  61      * @param  Request $request
  62      * @return Response
  63      */
  64     public function store(Request $request)
  65     {
  66         $this->checkPermission('users-manage');
  67         $validationRules = [
  68             'name'             => 'required',
  69             'email'            => 'required|email|unique:users,email'
  70         ];
  71
  72         $authMethod = config('auth.method');
  73         if ($authMethod === 'standard') {
  74             $validationRules['password'] = 'required|min:5';
  75             $validationRules['password-confirm'] = 'required|same:password';
  76         } elseif ($authMethod === 'ldap') {
  77             $validationRules['external_auth_id'] = 'required';
  78         }
  79         $this->validate($request, $validationRules);
  80
  81         $user = $this->user->fill($request->all());
  82
  83         if ($authMethod === 'standard') {
  84             $user->password = bcrypt($request->get('password'));
  85         } elseif ($authMethod === 'ldap') {
  86             $user->external_auth_id = $request->get('external_auth_id');
  87         }
  88
  89         $user->save();
  90
  91         if ($request->filled('roles')) {
  92             $roles = $request->get('roles');
  93             $user->roles()->sync($roles);
  94         }
  95
  96         $this->userRepo->downloadGravatarToUserAvatar($user);
  97
  98         return redirect('/settings/users');
  99     }
 100
 101     /**
 102      * Show the form for editing the specified user.
 103      * @param  int              $id
 104      * @param SocialAuthService $socialAuthService
 105      * @return Response
 106      */
 107     public function edit($id, SocialAuthService $socialAuthService)
 108     {
 109         $this->checkPermissionOr('users-manage', function () use ($id) {
 110             return $this->currentUser->id == $id;
 111         });
 112
 113         $user = $this->user->findOrFail($id);
 114
 115         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 116
 117         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 118         $this->setPageTitle(trans('settings.user_profile'));
 119         $roles = $this->userRepo->getAllRoles();
 120         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
 121     }
 122
 123     /**
 124      * Update the specified user in storage.
 125      * @param  Request $request
 126      * @param  int     $id
 127      * @return Response
 128      */
 129     public function update(Request $request, $id)
 130     {
 131         $this->preventAccessForDemoUsers();
 132         $this->checkPermissionOr('users-manage', function () use ($id) {
 133             return $this->currentUser->id == $id;
 134         });
 135
 136         $this->validate($request, [
 137             'name'             => 'min:2',
 138             'email'            => 'min:2|email|unique:users,email,' . $id,
 139             'password'         => 'min:5|required_with:password_confirm',
 140             'password-confirm' => 'same:password|required_with:password',
 141             'setting'          => 'array'
 142         ]);
 143
 144         $user = $this->user->findOrFail($id);
 145         $user->fill($request->all());
 146
 147         // Role updates
 148         if (userCan('users-manage') && $request->filled('roles')) {
 149             $roles = $request->get('roles');
 150             $user->roles()->sync($roles);
 151         }
 152
 153         // Password updates
 154         if ($request->filled('password')) {
 155             $password = $request->get('password');
 156             $user->password = bcrypt($password);
 157         }
 158
 159         // External auth id updates
 160         if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
 161             $user->external_auth_id = $request->get('external_auth_id');
 162         }
 163
 164         // Save an user-specific settings
 165         if ($request->filled('setting')) {
 166             foreach ($request->get('setting') as $key => $value) {
 167                 setting()->putUser($user, $key, $value);
 168             }
 169         }
 170
 171         $user->save();
 172         session()->flash('success', trans('settings.users_edit_success'));
 173
 174         $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
 175         return redirect($redirectUrl);
 176     }
 177
 178     /**
 179      * Show the user delete page.
 180      * @param int $id
 181      * @return \Illuminate\View\View
 182      */
 183     public function delete($id)
 184     {
 185         $this->checkPermissionOr('users-manage', function () use ($id) {
 186             return $this->currentUser->id == $id;
 187         });
 188
 189         $user = $this->user->findOrFail($id);
 190         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 191         return view('users/delete', ['user' => $user]);
 192     }
 193
 194     /**
 195      * Remove the specified user from storage.
 196      * @param  int $id
 197      * @return Response
 198      */
 199     public function destroy($id)
 200     {
 201         $this->preventAccessForDemoUsers();
 202         $this->checkPermissionOr('users-manage', function () use ($id) {
 203             return $this->currentUser->id == $id;
 204         });
 205
 206         $user = $this->userRepo->getById($id);
 207
 208         if ($this->userRepo->isOnlyAdmin($user)) {
 209             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
 210             return redirect($user->getEditUrl());
 211         }
 212
 213         if ($user->system_name === 'public') {
 214             session()->flash('error', trans('errors.users_cannot_delete_guest'));
 215             return redirect($user->getEditUrl());
 216         }
 217
 218         $this->userRepo->destroy($user);
 219         session()->flash('success', trans('settings.users_delete_success'));
 220
 221         return redirect('/settings/users');
 222     }
 223
 224     /**
 225      * Show the user profile page
 226      * @param $id
 227      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 228      */
 229     public function showProfilePage($id)
 230     {
 231         $user = $this->userRepo->getById($id);
 232         $userActivity = $this->userRepo->getActivity($user);
 233         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 234         $assetCounts = $this->userRepo->getAssetCounts($user);
 235         return view('users/profile', [
 236             'user' => $user,
 237             'activity' => $userActivity,
 238             'recentlyCreated' => $recentlyCreated,
 239             'assetCounts' => $assetCounts
 240         ]);
 241     }
 242
 243     /**
 244      * Update the user's preferred book-list display setting.
 245      * @param $id
 246      * @param Request $request
 247      * @return \Illuminate\Http\RedirectResponse
 248      */
 249     public function switchBookView($id, Request $request)
 250     {
 251         $this->checkPermissionOr('users-manage', function () use ($id) {
 252             return $this->currentUser->id == $id;
 253         });
 254
 255         $viewType = $request->get('view_type');
 256         if (!in_array($viewType, ['grid', 'list'])) {
 257             $viewType = 'list';
 258         }
 259
 260         $user = $this->user->findOrFail($id);
 261         setting()->putUser($user, 'books_view_type', $viewType);
 262
 263         return redirect()->back(302, [], "/settings/users/$id");
 264     }
 265
 266     /**
 267      * Update the user's preferred shelf-list display setting.
 268      * @param $id
 269      * @param Request $request
 270      * @return \Illuminate\Http\RedirectResponse
 271      */
 272     public function switchShelfView($id, Request $request)
 273     {
 274         $this->checkPermissionOr('users-manage', function () use ($id) {
 275             return $this->currentUser->id == $id;
 276         });
 277
 278         $viewType = $request->get('view_type');
 279         if (!in_array($viewType, ['grid', 'list'])) {
 280             $viewType = 'list';
 281         }
 282
 283         $user = $this->user->findOrFail($id);
 284         setting()->putUser($user, 'bookshelves_view_type', $viewType);
 285
 286         return redirect()->back(302, [], "/settings/users/$id");
 287     }
 288 }