BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

1 <?php namespace BookStack\Http\Controllers;

3 use BookStack\Auth\Access\SocialAuthService;

4 use BookStack\Auth\User;

5 use BookStack\Auth\UserRepo;

6 use BookStack\Exceptions\UserUpdateException;

7 use BookStack\Uploads\ImageRepo;

8 use Illuminate\Http\Request;

9 use Illuminate\Http\Response;

11 class UserController extends Controller

12 {

14 protected $user;

15 protected $userRepo;

16 protected $imageRepo;

18 /**

19 * UserController constructor.

20 * @param User $user

21 * @param UserRepo $userRepo

22 * @param ImageRepo $imageRepo

23 */

24 public function __construct(User $user, UserRepo $userRepo, ImageRepo $imageRepo)

25 {

26 $this->user = $user;

27 $this->userRepo = $userRepo;

28 $this->imageRepo = $imageRepo;

29 parent::__construct();

30 }

32 /**

33 * Display a listing of the users.

34 * @param Request $request

35 * @return Response

36 */

37 public function index(Request $request)

38 {

39 $this->checkPermission('users-manage');

40 $listDetails = [

41 'order' => $request->get('order', 'asc'),

42 'search' => $request->get('search', ''),

43 'sort' => $request->get('sort', 'name'),

44 ];

45 $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);

46 $this->setPageTitle(trans('settings.users'));

47 $users->appends($listDetails);

48 return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);

49 }

51 /**

52 * Show the form for creating a new user.

53 * @return Response

54 */

55 public function create()

56 {

57 $this->checkPermission('users-manage');

58 $authMethod = config('auth.method');

59 $roles = $this->userRepo->getAllRoles();

60 return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);

61 }

63 /**

64 * Store a newly created user in storage.

65 * @param Request $request

66 * @return Response

67 * @throws UserUpdateException

68 */

69 public function store(Request $request)

70 {

71 $this->checkPermission('users-manage');

72 $validationRules = [

73 'name' => 'required',

74 'email' => 'required|email|unique:users,email'

75 ];

77 $authMethod = config('auth.method');

78 if ($authMethod === 'standard') {

79 $validationRules['password'] = 'required|min:5';

80 $validationRules['password-confirm'] = 'required|same:password';

81 } elseif ($authMethod === 'ldap') {

82 $validationRules['external_auth_id'] = 'required';

83 }

84 $this->validate($request, $validationRules);

86 $user = $this->user->fill($request->all());

88 if ($authMethod === 'standard') {

89 $user->password = bcrypt($request->get('password'));

90 } elseif ($authMethod === 'ldap') {

91 $user->external_auth_id = $request->get('external_auth_id');

92 }

94 $user->save();

96 if ($request->filled('roles')) {

97 $roles = $request->get('roles');

98 $this->userRepo->setUserRoles($user, $roles);

99 }

100

101 $this->userRepo->downloadAndAssignUserAvatar($user);

102

103 return redirect('/settings/users');

104 }

105

106 /**

107 * Show the form for editing the specified user.

108 * @param int $id

109 * @param \BookStack\Auth\Access\SocialAuthService $socialAuthService

110 * @return Response

111 */

112 public function edit($id, SocialAuthService $socialAuthService)

113 {

114 $this->checkPermissionOrCurrentUser('users-manage', $id);

115

116 $user = $this->user->findOrFail($id);

117

118 $authMethod = ($user->system_name) ? 'system' : config('auth.method');

119

120 $activeSocialDrivers = $socialAuthService->getActiveDrivers();

121 $this->setPageTitle(trans('settings.user_profile'));

122 $roles = $this->userRepo->getAllRoles();

123 return view('users.edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);

124 }

125

126 /**

127 * Update the specified user in storage.

128 * @param Request $request

129 * @param int $id

130 * @return Response

131 * @throws UserUpdateException

132 * @throws \BookStack\Exceptions\ImageUploadException

133 */

134 public function update(Request $request, $id)

135 {

136 $this->preventAccessForDemoUsers();

137 $this->checkPermissionOrCurrentUser('users-manage', $id);

138

139 $this->validate($request, [

140 'name' => 'min:2',

141 'email' => 'min:2|email|unique:users,email,' . $id,

142 'password' => 'min:5|required_with:password_confirm',

143 'password-confirm' => 'same:password|required_with:password',

144 'setting' => 'array',

145 'profile_image' => $this->imageRepo->getImageValidationRules(),

146 ]);

147

148 $user = $this->userRepo->getById($id);

149 $user->fill($request->except(['email']));

150

151 // Email updates

152 if (userCan('users-manage') && $request->filled('email')) {

153 $user->email = $request->get('email');

154 }

155

156 // Role updates

157 if (userCan('users-manage') && $request->filled('roles')) {

158 $roles = $request->get('roles');

159 $this->userRepo->setUserRoles($user, $roles);

160 }

161

162 // Password updates

163 if ($request->filled('password')) {

164 $password = $request->get('password');

165 $user->password = bcrypt($password);

166 }

167

168 // External auth id updates

169 if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {

170 $user->external_auth_id = $request->get('external_auth_id');

171 }

172

173 // Save an user-specific settings

174 if ($request->filled('setting')) {

175 foreach ($request->get('setting') as $key => $value) {

176 setting()->putUser($user, $key, $value);

177 }

178 }

179

180 // Save profile image if in request

181 if ($request->has('profile_image')) {

182 $imageUpload = $request->file('profile_image');

183 $this->imageRepo->destroyImage($user->avatar);

184 $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);

185 $user->image_id = $image->id;

186 }

187

188 // Delete the profile image if set to

189 if ($request->has('profile_image_reset')) {

190 $this->imageRepo->destroyImage($user->avatar);

191 }

192

193 $user->save();

194 session()->flash('success', trans('settings.users_edit_success'));

195

196 $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);

197 return redirect($redirectUrl);

198 }

199

200 /**

201 * Show the user delete page.

202 * @param int $id

203 * @return \Illuminate\View\View

204 */

205 public function delete($id)

206 {

207 $this->checkPermissionOrCurrentUser('users-manage', $id);

208

209 $user = $this->userRepo->getById($id);

210 $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));

211 return view('users.delete', ['user' => $user]);

212 }

213

214 /**

215 * Remove the specified user from storage.

216 * @param int $id

217 * @return Response

218 * @throws \Exception

219 */

220 public function destroy($id)

221 {

222 $this->preventAccessForDemoUsers();

223 $this->checkPermissionOrCurrentUser('users-manage', $id);

224

225 $user = $this->userRepo->getById($id);

226

227 if ($this->userRepo->isOnlyAdmin($user)) {

228 session()->flash('error', trans('errors.users_cannot_delete_only_admin'));

229 return redirect($user->getEditUrl());

230 }

231

232 if ($user->system_name === 'public') {

233 session()->flash('error', trans('errors.users_cannot_delete_guest'));

234 return redirect($user->getEditUrl());

235 }

236

237 $this->userRepo->destroy($user);

238 session()->flash('success', trans('settings.users_delete_success'));

239

240 return redirect('/settings/users');

241 }

242

243 /**

244 * Show the user profile page

245 * @param $id

246 * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View

247 */

248 public function showProfilePage($id)

249 {

250 $user = $this->userRepo->getById($id);

251

252 $userActivity = $this->userRepo->getActivity($user);

253 $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);

254 $assetCounts = $this->userRepo->getAssetCounts($user);

255

256 return view('users.profile', [

257 'user' => $user,

258 'activity' => $userActivity,

259 'recentlyCreated' => $recentlyCreated,

260 'assetCounts' => $assetCounts

261 ]);

262 }

263

264 /**

265 * Update the user's preferred book-list display setting.

266 * @param $id

267 * @param Request $request

268 * @return \Illuminate\Http\RedirectResponse

269 */

270 public function switchBookView($id, Request $request)

271 {

272 return $this->switchViewType($id, $request, 'books');

273 }

274

275 /**

276 * Update the user's preferred shelf-list display setting.

277 * @param $id

278 * @param Request $request

279 * @return \Illuminate\Http\RedirectResponse

280 */

281 public function switchShelfView($id, Request $request)

282 {

283 return $this->switchViewType($id, $request, 'bookshelves');

284 }

285

286 /**

287 * For a type of list, switch with stored view type for a user.

288 * @param integer $userId

289 * @param Request $request

290 * @param string $listName

291 * @return \Illuminate\Http\RedirectResponse

292 */

293 protected function switchViewType($userId, Request $request, string $listName)

294 {

295 $this->checkPermissionOrCurrentUser('users-manage', $userId);

296

297 $viewType = $request->get('view_type');

298 if (!in_array($viewType, ['grid', 'list'])) {

299 $viewType = 'list';

300 }

301

302 $user = $this->userRepo->getById($userId);

303 $key = $listName . '_view_type';

304 setting()->putUser($user, $key, $viewType);

305

306 return redirect()->back(302, [], "/settings/users/$userId");

307 }

308

309 /**

310 * Change the stored sort type for a particular view.

311 * @param string $id

312 * @param string $type

313 * @param Request $request

314 * @return \Illuminate\Http\RedirectResponse

315 */

316 public function changeSort(string $id, string $type, Request $request)

317 {

318 $validSortTypes = ['books', 'bookshelves'];

319 if (!in_array($type, $validSortTypes)) {

320 return redirect()->back(500);

321 }

322 return $this->changeListSort($id, $request, $type);

323 }

324

325 /**

326 * Update the stored section expansion preference for the given user.

327 * @param string $id

328 * @param string $key

329 * @param Request $request

330 * @return \Illuminate\Contracts\Routing\ResponseFactory|\Symfony\Component\HttpFoundation\Response

331 */

332 public function updateExpansionPreference(string $id, string $key, Request $request)

333 {

334 $this->checkPermissionOrCurrentUser('users-manage', $id);

335 $keyWhitelist = ['home-details'];

336 if (!in_array($key, $keyWhitelist)) {

337 return response("Invalid key", 500);

338 }

339

340 $newState = $request->get('expand', 'false');

341

342 $user = $this->user->findOrFail($id);

343 setting()->putUser($user, 'section_expansion#' . $key, $newState);

344 return response("", 204);

345 }

346

347 /**

348 * Changed the stored preference for a list sort order.

349 * @param int $userId

350 * @param Request $request

351 * @param string $listName

352 * @return \Illuminate\Http\RedirectResponse

353 */

354 protected function changeListSort(int $userId, Request $request, string $listName)

355 {

356 $this->checkPermissionOrCurrentUser('users-manage', $userId);

357

358 $sort = $request->get('sort');

359 if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {

360 $sort = 'name';

361 }

362

363 $order = $request->get('order');

364 if (!in_array($order, ['asc', 'desc'])) {

365 $order = 'asc';

366 }

367

368 $user = $this->user->findOrFail($userId);

369 $sortKey = $listName . '_sort';

370 $orderKey = $listName . '_sort_order';

371 setting()->putUser($user, $sortKey, $sort);

372 setting()->putUser($user, $orderKey, $order);

373

374 return redirect()->back(302, [], "/settings/users/$userId");

375 }

376 }