BookStack Code Mirror - bookstack/blob - app/Http/Controllers/UserController.php

1 <?php namespace BookStack\Http\Controllers;

3 use BookStack\Actions\ActivityType;

4 use BookStack\Auth\Access\SocialAuthService;

5 use BookStack\Auth\Access\UserInviteService;

6 use BookStack\Auth\User;

7 use BookStack\Auth\UserRepo;

8 use BookStack\Exceptions\UserUpdateException;

9 use BookStack\Uploads\ImageRepo;

10 use Illuminate\Http\Request;

11 use Illuminate\Support\Str;

13 class UserController extends Controller

14 {

16 protected $user;

17 protected $userRepo;

18 protected $inviteService;

19 protected $imageRepo;

21 /**

22 * UserController constructor.

23 */

24 public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)

25 {

26 $this->user = $user;

27 $this->userRepo = $userRepo;

28 $this->inviteService = $inviteService;

29 $this->imageRepo = $imageRepo;

30 }

32 /**

33 * Display a listing of the users.

34 */

35 public function index(Request $request)

36 {

37 $this->checkPermission('users-manage');

38 $listDetails = [

39 'order' => $request->get('order', 'asc'),

40 'search' => $request->get('search', ''),

41 'sort' => $request->get('sort', 'name'),

42 ];

43 $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);

45 $this->setPageTitle(trans('settings.users'));

46 $users->appends($listDetails);

47 return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);

48 }

50 /**

51 * Show the form for creating a new user.

52 */

53 public function create()

54 {

55 $this->checkPermission('users-manage');

56 $authMethod = config('auth.method');

57 $roles = $this->userRepo->getAllRoles();

58 return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);

59 }

61 /**

62 * Store a newly created user in storage.

63 * @throws UserUpdateException

64 * @throws \Illuminate\Validation\ValidationException

65 */

66 public function store(Request $request)

67 {

68 $this->checkPermission('users-manage');

69 $validationRules = [

70 'name' => 'required',

71 'email' => 'required|email|unique:users,email'

72 ];

74 $authMethod = config('auth.method');

75 $sendInvite = ($request->get('send_invite', 'false') === 'true');

77 if ($authMethod === 'standard' && !$sendInvite) {

78 $validationRules['password'] = 'required|min:6';

79 $validationRules['password-confirm'] = 'required|same:password';

80 } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {

81 $validationRules['external_auth_id'] = 'required';

82 }

83 $this->validate($request, $validationRules);

85 $user = $this->user->fill($request->all());

87 if ($authMethod === 'standard') {

88 $user->password = bcrypt($request->get('password', Str::random(32)));

89 } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {

90 $user->external_auth_id = $request->get('external_auth_id');

91 }

93 $user->save();

95 if ($sendInvite) {

96 $this->inviteService->sendInvitation($user);

97 }

99 if ($request->filled('roles')) {

100 $roles = $request->get('roles');

101 $this->userRepo->setUserRoles($user, $roles);

102 }

103

104 $this->userRepo->downloadAndAssignUserAvatar($user);

105

106 $this->logActivity(ActivityType::USER_CREATE, $user);

107 return redirect('/settings/users');

108 }

109

110 /**

111 * Show the form for editing the specified user.

112 */

113 public function edit(int $id, SocialAuthService $socialAuthService)

114 {

115 $this->checkPermissionOrCurrentUser('users-manage', $id);

116

117 $user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id);

118

119 $authMethod = ($user->system_name) ? 'system' : config('auth.method');

120

121 $activeSocialDrivers = $socialAuthService->getActiveDrivers();

122 $this->setPageTitle(trans('settings.user_profile'));

123 $roles = $this->userRepo->getAllRoles();

124 return view('users.edit', [

125 'user' => $user,

126 'activeSocialDrivers' => $activeSocialDrivers,

127 'authMethod' => $authMethod,

128 'roles' => $roles

129 ]);

130 }

131

132 /**

133 * Update the specified user in storage.

134 * @throws UserUpdateException

135 * @throws \BookStack\Exceptions\ImageUploadException

136 * @throws \Illuminate\Validation\ValidationException

137 */

138 public function update(Request $request, int $id)

139 {

140 $this->preventAccessInDemoMode();

141 $this->checkPermissionOrCurrentUser('users-manage', $id);

142

143 $this->validate($request, [

144 'name' => 'min:2',

145 'email' => 'min:2|email|unique:users,email,' . $id,

146 'password' => 'min:6|required_with:password_confirm',

147 'password-confirm' => 'same:password|required_with:password',

148 'setting' => 'array',

149 'profile_image' => 'nullable|' . $this->getImageValidationRules(),

150 ]);

151

152 $user = $this->userRepo->getById($id);

153 $user->fill($request->except(['email']));

154

155 // Email updates

156 if (userCan('users-manage') && $request->filled('email')) {

157 $user->email = $request->get('email');

158 }

159

160 // Role updates

161 if (userCan('users-manage') && $request->filled('roles')) {

162 $roles = $request->get('roles');

163 $this->userRepo->setUserRoles($user, $roles);

164 }

165

166 // Password updates

167 if ($request->filled('password')) {

168 $password = $request->get('password');

169 $user->password = bcrypt($password);

170 }

171

172 // External auth id updates

173 if (user()->can('users-manage') && $request->filled('external_auth_id')) {

174 $user->external_auth_id = $request->get('external_auth_id');

175 }

176

177 // Save an user-specific settings

178 if ($request->filled('setting')) {

179 foreach ($request->get('setting') as $key => $value) {

180 setting()->putUser($user, $key, $value);

181 }

182 }

183

184 // Save profile image if in request

185 if ($request->hasFile('profile_image')) {

186 $imageUpload = $request->file('profile_image');

187 $this->imageRepo->destroyImage($user->avatar);

188 $image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);

189 $user->image_id = $image->id;

190 }

191

192 // Delete the profile image if reset option is in request

193 if ($request->has('profile_image_reset')) {

194 $this->imageRepo->destroyImage($user->avatar);

195 }

196

197 $user->save();

198 $this->showSuccessNotification(trans('settings.users_edit_success'));

199 $this->logActivity(ActivityType::USER_UPDATE, $user);

200

201 $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);

202 return redirect($redirectUrl);

203 }

204

205 /**

206 * Show the user delete page.

207 */

208 public function delete(int $id)

209 {

210 $this->checkPermissionOrCurrentUser('users-manage', $id);

211

212 $user = $this->userRepo->getById($id);

213 $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));

214 return view('users.delete', ['user' => $user]);

215 }

216

217 /**

218 * Remove the specified user from storage.

219 * @throws \Exception

220 */

221 public function destroy(Request $request, int $id)

222 {

223 $this->preventAccessInDemoMode();

224 $this->checkPermissionOrCurrentUser('users-manage', $id);

225

226 $user = $this->userRepo->getById($id);

227 $newOwnerId = $request->get('new_owner_id', null);

228

229 if ($this->userRepo->isOnlyAdmin($user)) {

230 $this->showErrorNotification(trans('errors.users_cannot_delete_only_admin'));

231 return redirect($user->getEditUrl());

232 }

233

234 if ($user->system_name === 'public') {

235 $this->showErrorNotification(trans('errors.users_cannot_delete_guest'));

236 return redirect($user->getEditUrl());

237 }

238

239 $this->userRepo->destroy($user, $newOwnerId);

240 $this->showSuccessNotification(trans('settings.users_delete_success'));

241 $this->logActivity(ActivityType::USER_DELETE, $user);

242

243 return redirect('/settings/users');

244 }

245

246 /**

247 * Show the user profile page

248 */

249 public function showProfilePage($id)

250 {

251 $user = $this->userRepo->getById($id);

252

253 $userActivity = $this->userRepo->getActivity($user);

254 $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5);

255 $assetCounts = $this->userRepo->getAssetCounts($user);

256

257 return view('users.profile', [

258 'user' => $user,

259 'activity' => $userActivity,

260 'recentlyCreated' => $recentlyCreated,

261 'assetCounts' => $assetCounts

262 ]);

263 }

264

265 /**

266 * Update the user's preferred book-list display setting.

267 */

268 public function switchBooksView(Request $request, int $id)

269 {

270 return $this->switchViewType($id, $request, 'books');

271 }

272

273 /**

274 * Update the user's preferred shelf-list display setting.

275 */

276 public function switchShelvesView(Request $request, int $id)

277 {

278 return $this->switchViewType($id, $request, 'bookshelves');

279 }

280

281 /**

282 * Update the user's preferred shelf-view book list display setting.

283 */

284 public function switchShelfView(Request $request, int $id)

285 {

286 return $this->switchViewType($id, $request, 'bookshelf');

287 }

288

289 /**

290 * For a type of list, switch with stored view type for a user.

291 */

292 protected function switchViewType(int $userId, Request $request, string $listName)

293 {

294 $this->checkPermissionOrCurrentUser('users-manage', $userId);

295

296 $viewType = $request->get('view_type');

297 if (!in_array($viewType, ['grid', 'list'])) {

298 $viewType = 'list';

299 }

300

301 $user = $this->userRepo->getById($userId);

302 $key = $listName . '_view_type';

303 setting()->putUser($user, $key, $viewType);

304

305 return redirect()->back(302, [], "/settings/users/$userId");

306 }

307

308 /**

309 * Change the stored sort type for a particular view.

310 */

311 public function changeSort(Request $request, string $id, string $type)

312 {

313 $validSortTypes = ['books', 'bookshelves'];

314 if (!in_array($type, $validSortTypes)) {

315 return redirect()->back(500);

316 }

317 return $this->changeListSort($id, $request, $type);

318 }

319

320 /**

321 * Toggle dark mode for the current user.

322 */

323 public function toggleDarkMode()

324 {

325 $enabled = setting()->getForCurrentUser('dark-mode-enabled', false);

326 setting()->putUser(user(), 'dark-mode-enabled', $enabled ? 'false' : 'true');

327 return redirect()->back();

328 }

329

330 /**

331 * Update the stored section expansion preference for the given user.

332 */

333 public function updateExpansionPreference(Request $request, string $id, string $key)

334 {

335 $this->checkPermissionOrCurrentUser('users-manage', $id);

336 $keyWhitelist = ['home-details'];

337 if (!in_array($key, $keyWhitelist)) {

338 return response("Invalid key", 500);

339 }

340

341 $newState = $request->get('expand', 'false');

342

343 $user = $this->user->findOrFail($id);

344 setting()->putUser($user, 'section_expansion#' . $key, $newState);

345 return response("", 204);

346 }

347

348 /**

349 * Changed the stored preference for a list sort order.

350 */

351 protected function changeListSort(int $userId, Request $request, string $listName)

352 {

353 $this->checkPermissionOrCurrentUser('users-manage', $userId);

354

355 $sort = $request->get('sort');

356 if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {

357 $sort = 'name';

358 }

359

360 $order = $request->get('order');

361 if (!in_array($order, ['asc', 'desc'])) {

362 $order = 'asc';

363 }

364

365 $user = $this->user->findOrFail($userId);

366 $sortKey = $listName . '_sort';

367 $orderKey = $listName . '_sort_order';

368 setting()->putUser($user, $sortKey, $sort);

369 setting()->putUser($user, $orderKey, $order);

370

371 return redirect()->back(302, [], "/settings/users/$userId");

372 }

373 }