3 namespace BookStack\Auth;
5 use BookStack\Actions\ActivityType;
6 use BookStack\Auth\Access\UserInviteService;
7 use BookStack\Entities\EntityProvider;
8 use BookStack\Exceptions\NotifyException;
9 use BookStack\Exceptions\UserUpdateException;
10 use BookStack\Facades\Activity;
11 use BookStack\Uploads\UserAvatars;
13 use Illuminate\Support\Facades\Hash;
14 use Illuminate\Support\Facades\Log;
15 use Illuminate\Support\Str;
19 protected UserAvatars $userAvatar;
20 protected UserInviteService $inviteService;
23 * UserRepo constructor.
25 public function __construct(UserAvatars $userAvatar, UserInviteService $inviteService)
27 $this->userAvatar = $userAvatar;
28 $this->inviteService = $inviteService;
32 * Get a user by their email address.
34 public function getByEmail(string $email): ?User
36 return User::query()->where('email', '=', $email)->first();
40 * Get a user by their ID.
42 public function getById(int $id): User
44 return User::query()->findOrFail($id);
48 * Get a user by their slug.
50 public function getBySlug(string $slug): User
52 return User::query()->where('slug', '=', $slug)->firstOrFail();
56 * Create a new basic instance of user with the given pre-validated data.
58 * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data
60 public function createWithoutActivity(array $data, bool $emailConfirmed = false): User
63 $user->name = $data['name'];
64 $user->email = $data['email'];
65 $user->password = Hash::make(empty($data['password']) ? Str::random(32) : $data['password']);
66 $user->email_confirmed = $emailConfirmed;
67 $user->external_auth_id = $data['external_auth_id'] ?? '';
72 if (!empty($data['language'])) {
73 setting()->putUser($user, 'language', $data['language']);
76 if (isset($data['roles'])) {
77 $this->setUserRoles($user, $data['roles']);
80 $this->downloadAndAssignUserAvatar($user);
86 * As per "createWithoutActivity" but records a "create" activity.
88 * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data
90 public function create(array $data, bool $sendInvite = false): User
92 $user = $this->createWithoutActivity($data, true);
95 $this->inviteService->sendInvitation($user);
98 Activity::add(ActivityType::USER_CREATE, $user);
104 * Update the given user with the given data.
106 * @param array{name: ?string, email: ?string, external_auth_id: ?string, password: ?string, roles: ?array<int>, language: ?string} $data
108 * @throws UserUpdateException
110 public function update(User $user, array $data, bool $manageUsersAllowed): User
112 if (!empty($data['name'])) {
113 $user->name = $data['name'];
114 $user->refreshSlug();
117 if (!empty($data['email']) && $manageUsersAllowed) {
118 $user->email = $data['email'];
121 if (!empty($data['external_auth_id']) && $manageUsersAllowed) {
122 $user->external_auth_id = $data['external_auth_id'];
125 if (isset($data['roles']) && $manageUsersAllowed) {
126 $this->setUserRoles($user, $data['roles']);
129 if (!empty($data['password'])) {
130 $user->password = Hash::make($data['password']);
133 if (!empty($data['language'])) {
134 setting()->putUser($user, 'language', $data['language']);
138 Activity::add(ActivityType::USER_UPDATE, $user);
144 * Remove the given user from storage, Delete all related content.
148 public function destroy(User $user, ?int $newOwnerId = null)
150 $this->ensureDeletable($user);
152 $user->socialAccounts()->delete();
153 $user->apiTokens()->delete();
154 $user->favourites()->delete();
155 $user->mfaValues()->delete();
158 // Delete user profile images
159 $this->userAvatar->destroyAllForUser($user);
161 if (!empty($newOwnerId)) {
162 $newOwner = User::query()->find($newOwnerId);
163 if (!is_null($newOwner)) {
164 $this->migrateOwnership($user, $newOwner);
168 Activity::add(ActivityType::USER_DELETE, $user);
172 * @throws NotifyException
174 protected function ensureDeletable(User $user): void
176 if ($this->isOnlyAdmin($user)) {
177 throw new NotifyException(trans('errors.users_cannot_delete_only_admin'), $user->getEditUrl());
180 if ($user->system_name === 'public') {
181 throw new NotifyException(trans('errors.users_cannot_delete_guest'), $user->getEditUrl());
186 * Migrate ownership of items in the system from one user to another.
188 protected function migrateOwnership(User $fromUser, User $toUser)
190 $entities = (new EntityProvider())->all();
191 foreach ($entities as $instance) {
192 $instance->newQuery()->where('owned_by', '=', $fromUser->id)
193 ->update(['owned_by' => $toUser->id]);
198 * Get an avatar image for a user and set it as their avatar.
199 * Returns early if avatars disabled or not set in config.
201 protected function downloadAndAssignUserAvatar(User $user): void
204 $this->userAvatar->fetchAndAssignToUser($user);
205 } catch (Exception $e) {
206 Log::error('Failed to save user avatar image');
211 * Checks if the give user is the only admin.
213 protected function isOnlyAdmin(User $user): bool
215 if (!$user->hasSystemRole('admin')) {
219 $adminRole = Role::getSystemRole('admin');
220 if ($adminRole->users()->count() > 1) {
228 * Set the assigned user roles via an array of role IDs.
230 * @throws UserUpdateException
232 protected function setUserRoles(User $user, array $roles)
234 if ($this->demotingLastAdmin($user, $roles)) {
235 throw new UserUpdateException(trans('errors.role_cannot_remove_only_admin'), $user->getEditUrl());
238 $user->roles()->sync($roles);
242 * Check if the given user is the last admin and their new roles no longer
243 * contains the admin role.
245 protected function demotingLastAdmin(User $user, array $newRoles): bool
247 if ($this->isOnlyAdmin($user)) {
248 $adminRole = Role::getSystemRole('admin');
249 if (!in_array(strval($adminRole->id), $newRoles)) {
projects / bookstack / blob