BookStack Code Mirror - bookstack/blob

1 <?php

3 namespace BookStack\Users;

5 use BookStack\Access\UserInviteException;

6 use BookStack\Access\UserInviteService;

7 use BookStack\Activity\ActivityType;

8 use BookStack\Entities\EntityProvider;

9 use BookStack\Exceptions\NotifyException;

10 use BookStack\Exceptions\UserUpdateException;

11 use BookStack\Facades\Activity;

12 use BookStack\Uploads\UserAvatars;

13 use BookStack\Users\Models\Role;

14 use BookStack\Users\Models\User;

15 use Exception;

16 use Illuminate\Support\Facades\Hash;

17 use Illuminate\Support\Facades\Log;

18 use Illuminate\Support\Str;

20 class UserRepo

21 {

22 public function __construct(

23 protected UserAvatars $userAvatar,

24 protected UserInviteService $inviteService

25 ) {

26 }

29 /**

30 * Get a user by their email address.

31 */

32 public function getByEmail(string $email): ?User

33 {

34 return User::query()->where('email', '=', $email)->first();

35 }

37 /**

38 * Get a user by their ID.

39 */

40 public function getById(int $id): User

41 {

42 return User::query()->findOrFail($id);

43 }

45 /**

46 * Get a user by their slug.

47 */

48 public function getBySlug(string $slug): User

49 {

50 return User::query()->where('slug', '=', $slug)->firstOrFail();

51 }

53 /**

54 * Create a new basic instance of user with the given pre-validated data.

55 *

56 * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data

57 */

58 public function createWithoutActivity(array $data, bool $emailConfirmed = false): User

59 {

60 $user = new User();

61 $user->name = $data['name'];

62 $user->email = $data['email'];

63 $user->password = Hash::make(empty($data['password']) ? Str::random(32) : $data['password']);

64 $user->email_confirmed = $emailConfirmed;

65 $user->external_auth_id = $data['external_auth_id'] ?? '';

67 $user->refreshSlug();

68 $user->save();

70 if (!empty($data['language'])) {

71 setting()->putUser($user, 'language', $data['language']);

72 }

74 if (isset($data['roles'])) {

75 $this->setUserRoles($user, $data['roles']);

76 }

78 $this->downloadAndAssignUserAvatar($user);

80 return $user;

81 }

83 /**

84 * As per "createWithoutActivity" but records a "create" activity.

85 *

86 * @param array{name: string, email: string, password: ?string, external_auth_id: ?string, language: ?string, roles: ?array} $data

87 * @throws UserInviteException

88 */

89 public function create(array $data, bool $sendInvite = false): User

90 {

91 $user = $this->createWithoutActivity($data, true);

93 if ($sendInvite) {

94 $this->inviteService->sendInvitation($user);

95 }

97 Activity::add(ActivityType::USER_CREATE, $user);

99 return $user;

100 }

101

102 /**

103 * Update the given user with the given data.

104 *

105 * @param array{name: ?string, email: ?string, external_auth_id: ?string, password: ?string, roles: ?array<int>, language: ?string} $data

106 *

107 * @throws UserUpdateException

108 */

109 public function update(User $user, array $data, bool $manageUsersAllowed): User

110 {

111 if (!empty($data['name'])) {

112 $user->name = $data['name'];

113 $user->refreshSlug();

114 }

115

116 if (!empty($data['email']) && $manageUsersAllowed) {

117 $user->email = $data['email'];

118 }

119

120 if (!empty($data['external_auth_id']) && $manageUsersAllowed) {

121 $user->external_auth_id = $data['external_auth_id'];

122 }

123

124 if (isset($data['roles']) && $manageUsersAllowed) {

125 $this->setUserRoles($user, $data['roles']);

126 }

127

128 if (!empty($data['password'])) {

129 $user->password = Hash::make($data['password']);

130 }

131

132 if (!empty($data['language'])) {

133 setting()->putUser($user, 'language', $data['language']);

134 }

135

136 $user->save();

137 Activity::add(ActivityType::USER_UPDATE, $user);

138

139 return $user;

140 }

141

142 /**

143 * Remove the given user from storage, Delete all related content.

144 *

145 * @throws Exception

146 */

147 public function destroy(User $user, ?int $newOwnerId = null)

148 {

149 $this->ensureDeletable($user);

150

151 $user->socialAccounts()->delete();

152 $user->apiTokens()->delete();

153 $user->favourites()->delete();

154 $user->mfaValues()->delete();

155 $user->watches()->delete();

156 $user->delete();

157

158 // Delete user profile images

159 $this->userAvatar->destroyAllForUser($user);

160

161 // Delete related activities

162 setting()->deleteUserSettings($user->id);

163

164 if (!empty($newOwnerId)) {

165 $newOwner = User::query()->find($newOwnerId);

166 if (!is_null($newOwner)) {

167 $this->migrateOwnership($user, $newOwner);

168 }

169 }

170

171 Activity::add(ActivityType::USER_DELETE, $user);

172 }

173

174 /**

175 * @throws NotifyException

176 */

177 protected function ensureDeletable(User $user): void

178 {

179 if ($this->isOnlyAdmin($user)) {

180 throw new NotifyException(trans('errors.users_cannot_delete_only_admin'), $user->getEditUrl());

181 }

182

183 if ($user->system_name === 'public') {

184 throw new NotifyException(trans('errors.users_cannot_delete_guest'), $user->getEditUrl());

185 }

186 }

187

188 /**

189 * Migrate ownership of items in the system from one user to another.

190 */

191 protected function migrateOwnership(User $fromUser, User $toUser)

192 {

193 $entities = (new EntityProvider())->all();

194 foreach ($entities as $instance) {

195 $instance->newQuery()->where('owned_by', '=', $fromUser->id)

196 ->update(['owned_by' => $toUser->id]);

197 }

198 }

199

200 /**

201 * Get an avatar image for a user and set it as their avatar.

202 * Returns early if avatars disabled or not set in config.

203 */

204 protected function downloadAndAssignUserAvatar(User $user): void

205 {

206 try {

207 $this->userAvatar->fetchAndAssignToUser($user);

208 } catch (Exception $e) {

209 Log::error('Failed to save user avatar image');

210 }

211 }

212

213 /**

214 * Checks if the give user is the only admin.

215 */

216 protected function isOnlyAdmin(User $user): bool

217 {

218 if (!$user->hasSystemRole('admin')) {

219 return false;

220 }

221

222 $adminRole = Role::getSystemRole('admin');

223 if ($adminRole->users()->count() > 1) {

224 return false;

225 }

226

227 return true;

228 }

229

230 /**

231 * Set the assigned user roles via an array of role IDs.

232 *

233 * @throws UserUpdateException

234 */

235 protected function setUserRoles(User $user, array $roles)

236 {

237 $roles = array_filter(array_values($roles));

238

239 if ($this->demotingLastAdmin($user, $roles)) {

240 throw new UserUpdateException(trans('errors.role_cannot_remove_only_admin'), $user->getEditUrl());

241 }

242

243 $user->roles()->sync($roles);

244 }

245

246 /**

247 * Check if the given user is the last admin and their new roles no longer

248 * contains the admin role.

249 */

250 protected function demotingLastAdmin(User $user, array $newRoles): bool

251 {

252 if ($this->isOnlyAdmin($user)) {

253 $adminRole = Role::getSystemRole('admin');

254 if (!in_array(strval($adminRole->id), $newRoles)) {

255 return true;

256 }

257 }

258

259 return false;

260 }

261 }