BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use Exception;
   4 use Illuminate\Http\Request;
   5 use Illuminate\Http\Response;
   6 use BookStack\Repos\UserRepo;
   7 use BookStack\Services\SocialAuthService;
   8 use BookStack\User;
   9
  10 class UserController extends Controller
  11 {
  12
  13     protected $user;
  14     protected $userRepo;
  15
  16     /**
  17      * UserController constructor.
  18      * @param User     $user
  19      * @param UserRepo $userRepo
  20      */
  21     public function __construct(User $user, UserRepo $userRepo)
  22     {
  23         $this->user = $user;
  24         $this->userRepo = $userRepo;
  25         parent::__construct();
  26     }
  27
  28     /**
  29      * Display a listing of the users.
  30      * @param Request $request
  31      * @return Response
  32      */
  33     public function index(Request $request)
  34     {
  35         $this->checkPermission('users-manage');
  36         $listDetails = [
  37             'order' => $request->has('order') ? $request->get('order') : 'asc',
  38             'search' => $request->has('search') ? $request->get('search') : '',
  39             'sort' => $request->has('sort') ? $request->get('sort') : 'name',
  40         ];
  41         $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
  42         $this->setPageTitle(trans('settings.users'));
  43         $users->appends($listDetails);
  44         return view('users/index', ['users' => $users, 'listDetails' => $listDetails]);
  45     }
  46
  47     /**
  48      * Show the form for creating a new user.
  49      * @return Response
  50      */
  51     public function create()
  52     {
  53         $this->checkPermission('users-manage');
  54         $authMethod = config('auth.method');
  55         $roles = $this->userRepo->getAllRoles();
  56         return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
  57     }
  58
  59     /**
  60      * Store a newly created user in storage.
  61      * @param  Request $request
  62      * @return Response
  63      */
  64     public function store(Request $request)
  65     {
  66         $this->checkPermission('users-manage');
  67         $validationRules = [
  68             'name'             => 'required',
  69             'email'            => 'required|email|unique:users,email'
  70         ];
  71
  72         $authMethod = config('auth.method');
  73         if ($authMethod === 'standard') {
  74             $validationRules['password'] = 'required|min:5';
  75             $validationRules['password-confirm'] = 'required|same:password';
  76         } elseif ($authMethod === 'ldap') {
  77             $validationRules['external_auth_id'] = 'required';
  78         }
  79         $this->validate($request, $validationRules);
  80
  81         $user = $this->user->fill($request->all());
  82
  83         if ($authMethod === 'standard') {
  84             $user->password = bcrypt($request->get('password'));
  85         } elseif ($authMethod === 'ldap') {
  86             $user->external_auth_id = $request->get('external_auth_id');
  87         }
  88
  89         $user->save();
  90
  91         if ($request->has('roles')) {
  92             $roles = $request->get('roles');
  93             $user->roles()->sync($roles);
  94         }
  95
  96         // Get avatar from gravatar and save
  97         if (!config('services.disable_services')) {
  98             try {
  99                 $avatar = \Images::saveUserGravatar($user);
 100                 $user->avatar()->associate($avatar);
 101                 $user->save();
 102             } catch (Exception $e) {
 103                 \Log::error('Failed to save user gravatar image');
 104             }
 105
 106         }
 107
 108         return redirect('/settings/users');
 109     }
 110
 111     /**
 112      * Show the form for editing the specified user.
 113      * @param  int              $id
 114      * @param SocialAuthService $socialAuthService
 115      * @return Response
 116      */
 117     public function edit($id, SocialAuthService $socialAuthService)
 118     {
 119         $this->checkPermissionOr('users-manage', function () use ($id) {
 120             return $this->currentUser->id == $id;
 121         });
 122
 123         $user = $this->user->findOrFail($id);
 124
 125         $authMethod = ($user->system_name) ? 'system' : config('auth.method');
 126
 127         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
 128         $this->setPageTitle(trans('settings.user_profile'));
 129         $roles = $this->userRepo->getAllRoles();
 130         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
 131     }
 132
 133     /**
 134      * Update the specified user in storage.
 135      * @param  Request $request
 136      * @param  int     $id
 137      * @return Response
 138      */
 139     public function update(Request $request, $id)
 140     {
 141         $this->preventAccessForDemoUsers();
 142         $this->checkPermissionOr('users-manage', function () use ($id) {
 143             return $this->currentUser->id == $id;
 144         });
 145
 146         $this->validate($request, [
 147             'name'             => 'min:2',
 148             'email'            => 'min:2|email|unique:users,email,' . $id,
 149             'password'         => 'min:5|required_with:password_confirm',
 150             'password-confirm' => 'same:password|required_with:password',
 151             'setting'          => 'array'
 152         ]);
 153
 154         $user = $this->user->findOrFail($id);
 155         $user->fill($request->all());
 156
 157         // Role updates
 158         if (userCan('users-manage') && $request->has('roles')) {
 159             $roles = $request->get('roles');
 160             $user->roles()->sync($roles);
 161         }
 162
 163         // Password updates
 164         if ($request->has('password') && $request->get('password') != '') {
 165             $password = $request->get('password');
 166             $user->password = bcrypt($password);
 167         }
 168
 169         // External auth id updates
 170         if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
 171             $user->external_auth_id = $request->get('external_auth_id');
 172         }
 173
 174         // Save an user-specific settings
 175         if ($request->has('setting')) {
 176             foreach ($request->get('setting') as $key => $value) {
 177                 setting()->putUser($user, $key, $value);
 178             }
 179         }
 180
 181         $user->save();
 182         session()->flash('success', trans('settings.users_edit_success'));
 183
 184         $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
 185         return redirect($redirectUrl);
 186     }
 187
 188     /**
 189      * Show the user delete page.
 190      * @param int $id
 191      * @return \Illuminate\View\View
 192      */
 193     public function delete($id)
 194     {
 195         $this->checkPermissionOr('users-manage', function () use ($id) {
 196             return $this->currentUser->id == $id;
 197         });
 198
 199         $user = $this->user->findOrFail($id);
 200         $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
 201         return view('users/delete', ['user' => $user]);
 202     }
 203
 204     /**
 205      * Remove the specified user from storage.
 206      * @param  int $id
 207      * @return Response
 208      */
 209     public function destroy($id)
 210     {
 211         $this->preventAccessForDemoUsers();
 212         $this->checkPermissionOr('users-manage', function () use ($id) {
 213             return $this->currentUser->id == $id;
 214         });
 215
 216         $user = $this->userRepo->getById($id);
 217
 218         if ($this->userRepo->isOnlyAdmin($user)) {
 219             session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
 220             return redirect($user->getEditUrl());
 221         }
 222
 223         if ($user->system_name === 'public') {
 224             session()->flash('error', trans('errors.users_cannot_delete_guest'));
 225             return redirect($user->getEditUrl());
 226         }
 227
 228         $this->userRepo->destroy($user);
 229         session()->flash('success', trans('settings.users_delete_success'));
 230
 231         return redirect('/settings/users');
 232     }
 233
 234     /**
 235      * Show the user profile page
 236      * @param $id
 237      * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
 238      */
 239     public function showProfilePage($id)
 240     {
 241         $user = $this->userRepo->getById($id);
 242         $userActivity = $this->userRepo->getActivity($user);
 243         $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
 244         $assetCounts = $this->userRepo->getAssetCounts($user);
 245         return view('users/profile', [
 246             'user' => $user,
 247             'activity' => $userActivity,
 248             'recentlyCreated' => $recentlyCreated,
 249             'assetCounts' => $assetCounts
 250         ]);
 251     }
 252 }