BookStack Code Mirror - bookstack/blob - app/Users/Controllers/RoleController.php

   1 <?php
   2
   3 namespace BookStack\Users\Controllers;
   4
   5 use BookStack\Exceptions\PermissionsException;
   6 use BookStack\Http\Controller;
   7 use BookStack\Permissions\PermissionsRepo;
   8 use BookStack\Users\Models\Role;
   9 use BookStack\Users\Queries\RolesAllPaginatedAndSorted;
  10 use BookStack\Util\SimpleListOptions;
  11 use Exception;
  12 use Illuminate\Http\Request;
  13
  14 class RoleController extends Controller
  15 {
  16     public function __construct(
  17         protected PermissionsRepo $permissionsRepo
  18     ) {
  19     }
  20
  21     /**
  22      * Show a listing of the roles in the system.
  23      */
  24     public function index(Request $request)
  25     {
  26         $this->checkPermission('user-roles-manage');
  27
  28         $listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([
  29             'display_name' => trans('common.sort_name'),
  30             'users_count' => trans('settings.roles_assigned_users'),
  31             'permissions_count' => trans('settings.roles_permissions_provided'),
  32             'created_at' => trans('common.sort_created_at'),
  33             'updated_at' => trans('common.sort_updated_at'),
  34         ]);
  35
  36         $roles = (new RolesAllPaginatedAndSorted())->run(20, $listOptions);
  37         $roles->appends($listOptions->getPaginationAppends());
  38
  39         $this->setPageTitle(trans('settings.roles'));
  40
  41         return view('settings.roles.index', [
  42             'roles'       => $roles,
  43             'listOptions' => $listOptions,
  44         ]);
  45     }
  46
  47     /**
  48      * Show the form to create a new role.
  49      */
  50     public function create(Request $request)
  51     {
  52         $this->checkPermission('user-roles-manage');
  53
  54         /** @var ?Role $role */
  55         $role = null;
  56         if ($request->has('copy_from')) {
  57             $role = Role::query()->find($request->get('copy_from'));
  58         }
  59
  60         if ($role) {
  61             $role->display_name .= ' (' . trans('common.copy') . ')';
  62         }
  63
  64         $this->setPageTitle(trans('settings.role_create'));
  65
  66         return view('settings.roles.create', ['role' => $role]);
  67     }
  68
  69     /**
  70      * Store a new role in the system.
  71      */
  72     public function store(Request $request)
  73     {
  74         $this->checkPermission('user-roles-manage');
  75         $data = $this->validate($request, [
  76             'display_name' => ['required', 'min:3', 'max:180'],
  77             'description'  => ['max:180'],
  78             'external_auth_id' => ['string'],
  79             'permissions'  => ['array'],
  80             'mfa_enforced' => ['string'],
  81         ]);
  82
  83         $data['permissions'] = array_keys($data['permissions'] ?? []);
  84         $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
  85         $this->permissionsRepo->saveNewRole($data);
  86
  87         return redirect('/settings/roles');
  88     }
  89
  90     /**
  91      * Show the form for editing a user role.
  92      */
  93     public function edit(string $id)
  94     {
  95         $this->checkPermission('user-roles-manage');
  96         $role = $this->permissionsRepo->getRoleById($id);
  97
  98         $this->setPageTitle(trans('settings.role_edit'));
  99
 100         return view('settings.roles.edit', ['role' => $role]);
 101     }
 102
 103     /**
 104      * Updates a user role.
 105      */
 106     public function update(Request $request, string $id)
 107     {
 108         $this->checkPermission('user-roles-manage');
 109         $data = $this->validate($request, [
 110             'display_name' => ['required', 'min:3', 'max:180'],
 111             'description'  => ['max:180'],
 112             'external_auth_id' => ['string'],
 113             'permissions'  => ['array'],
 114             'mfa_enforced' => ['string'],
 115         ]);
 116
 117         $data['permissions'] = array_keys($data['permissions'] ?? []);
 118         $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
 119         $this->permissionsRepo->updateRole($id, $data);
 120
 121         return redirect('/settings/roles');
 122     }
 123
 124     /**
 125      * Show the view to delete a role.
 126      * Offers the chance to migrate users.
 127      */
 128     public function showDelete(string $id)
 129     {
 130         $this->checkPermission('user-roles-manage');
 131         $role = $this->permissionsRepo->getRoleById($id);
 132         $roles = $this->permissionsRepo->getAllRolesExcept($role);
 133         $blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
 134         $roles->prepend($blankRole);
 135
 136         $this->setPageTitle(trans('settings.role_delete'));
 137
 138         return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);
 139     }
 140
 141     /**
 142      * Delete a role from the system,
 143      * Migrate from a previous role if set.
 144      *
 145      * @throws Exception
 146      */
 147     public function delete(Request $request, string $id)
 148     {
 149         $this->checkPermission('user-roles-manage');
 150
 151         try {
 152             $migrateRoleId = intval($request->get('migrate_role_id') ?: "0");
 153             $this->permissionsRepo->deleteRole($id, $migrateRoleId);
 154         } catch (PermissionsException $e) {
 155             $this->showErrorNotification($e->getMessage());
 156
 157             return redirect()->back();
 158         }
 159
 160         return redirect('/settings/roles');
 161     }
 162 }