]> BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/UserController.php
Adds test cases and fixes an issue with the permission checking.
[bookstack] / app / Http / Controllers / UserController.php
index 6956b8d18e0937cd3455d684c4b738cf64d184b4..397bb2922b6f558a5a2ede8e12c3f6275ccdc1bc 100644 (file)
@@ -1,12 +1,8 @@
-<?php
+<?php namespace BookStack\Http\Controllers;
 
-namespace BookStack\Http\Controllers;
-
-use BookStack\Activity;
+use Exception;
 use Illuminate\Http\Request;
-
 use Illuminate\Http\Response;
-use BookStack\Http\Requests;
 use BookStack\Repos\UserRepo;
 use BookStack\Services\SocialAuthService;
 use BookStack\User;
@@ -31,14 +27,21 @@ class UserController extends Controller
 
     /**
      * Display a listing of the users.
+     * @param Request $request
      * @return Response
      */
-    public function index()
+    public function index(Request $request)
     {
         $this->checkPermission('users-manage');
-        $users = $this->userRepo->getAllUsers();
-        $this->setPageTitle('Users');
-        return view('users/index', ['users' => $users]);
+        $listDetails = [
+            'order' => $request->get('order', 'asc'),
+            'search' => $request->get('search', ''),
+            'sort' => $request->get('sort', 'name'),
+        ];
+        $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
+        $this->setPageTitle(trans('settings.users'));
+        $users->appends($listDetails);
+        return view('users/index', ['users' => $users, 'listDetails' => $listDetails]);
     }
 
     /**
@@ -49,7 +52,7 @@ class UserController extends Controller
     {
         $this->checkPermission('users-manage');
         $authMethod = config('auth.method');
-        $roles = $this->userRepo->getAssignableRoles();
+        $roles = $this->userRepo->getAllRoles();
         return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
     }
 
@@ -75,7 +78,6 @@ class UserController extends Controller
         }
         $this->validate($request, $validationRules);
 
-
         $user = $this->user->fill($request->all());
 
         if ($authMethod === 'standard') {
@@ -86,16 +88,21 @@ class UserController extends Controller
 
         $user->save();
 
-        if ($request->has('roles')) {
+        if ($request->filled('roles')) {
             $roles = $request->get('roles');
             $user->roles()->sync($roles);
         }
 
         // Get avatar from gravatar and save
         if (!config('services.disable_services')) {
-            $avatar = \Images::saveUserGravatar($user);
-            $user->avatar()->associate($avatar);
-            $user->save();
+            try {
+                $avatar = \Images::saveUserGravatar($user);
+                $user->avatar()->associate($avatar);
+                $user->save();
+            } catch (Exception $e) {
+                \Log::error('Failed to save user gravatar image');
+            }
+
         }
 
         return redirect('/settings/users');
@@ -113,12 +120,13 @@ class UserController extends Controller
             return $this->currentUser->id == $id;
         });
 
-        $authMethod = config('auth.method');
-
         $user = $this->user->findOrFail($id);
+
+        $authMethod = ($user->system_name) ? 'system' : config('auth.method');
+
         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
-        $this->setPageTitle('User Profile');
-        $roles = $this->userRepo->getAssignableRoles();
+        $this->setPageTitle(trans('settings.user_profile'));
+        $roles = $this->userRepo->getAllRoles();
         return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
     }
 
@@ -139,33 +147,39 @@ class UserController extends Controller
             'name'             => 'min:2',
             'email'            => 'min:2|email|unique:users,email,' . $id,
             'password'         => 'min:5|required_with:password_confirm',
-            'password-confirm' => 'same:password|required_with:password'
-        ], [
-            'password-confirm.required_with' => 'Password confirmation required'
+            'password-confirm' => 'same:password|required_with:password',
+            'setting'          => 'array'
         ]);
 
         $user = $this->user->findOrFail($id);
         $user->fill($request->all());
 
         // Role updates
-        if (userCan('users-manage') && $request->has('roles')) {
+        if (userCan('users-manage') && $request->filled('roles')) {
             $roles = $request->get('roles');
             $user->roles()->sync($roles);
         }
 
         // Password updates
-        if ($request->has('password') && $request->get('password') != '') {
+        if ($request->filled('password')) {
             $password = $request->get('password');
             $user->password = bcrypt($password);
         }
 
         // External auth id updates
-        if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
+        if ($this->currentUser->can('users-manage') && $request->filled('external_auth_id')) {
             $user->external_auth_id = $request->get('external_auth_id');
         }
 
+        // Save an user-specific settings
+        if ($request->filled('setting')) {
+            foreach ($request->get('setting') as $key => $value) {
+                setting()->putUser($user, $key, $value);
+            }
+        }
+
         $user->save();
-        session()->flash('success', 'User successfully updated');
+        session()->flash('success', trans('settings.users_edit_success'));
 
         $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
         return redirect($redirectUrl);
@@ -173,7 +187,7 @@ class UserController extends Controller
 
     /**
      * Show the user delete page.
-     * @param $id
+     * @param int $id
      * @return \Illuminate\View\View
      */
     public function delete($id)
@@ -183,7 +197,7 @@ class UserController extends Controller
         });
 
         $user = $this->user->findOrFail($id);
-        $this->setPageTitle('Delete User ' . $user->name);
+        $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));
         return view('users/delete', ['user' => $user]);
     }
 
@@ -200,11 +214,19 @@ class UserController extends Controller
         });
 
         $user = $this->userRepo->getById($id);
+
         if ($this->userRepo->isOnlyAdmin($user)) {
-            session()->flash('error', 'You cannot delete the only admin');
+            session()->flash('error', trans('errors.users_cannot_delete_only_admin'));
             return redirect($user->getEditUrl());
         }
+
+        if ($user->system_name === 'public') {
+            session()->flash('error', trans('errors.users_cannot_delete_guest'));
+            return redirect($user->getEditUrl());
+        }
+
         $this->userRepo->destroy($user);
+        session()->flash('success', trans('settings.users_delete_success'));
 
         return redirect('/settings/users');
     }
@@ -227,4 +249,27 @@ class UserController extends Controller
             'assetCounts' => $assetCounts
         ]);
     }
+
+    public function switchBookView($id, Request $request) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
+            return $this->currentUser->id == $id;
+        });
+        $viewType = $request->get('book_view_type');
+
+        if (!in_array($viewType, ['grid', 'list'])) {
+            $viewType = 'list';
+        }
+
+        $user = $this->user->findOrFail($id);
+        setting()->putUser($user, 'books_view_type', $viewType);
+
+        $previousUrl = url()->previous();
+        if (empty($previousUrl)) {
+            // if no previous URL, redirect to settings
+            return redirect("/settings/users/$id");
+        } else {
+            // redirect to the previous page.
+            return redirect($previousUrl);
+        }
+    }
 }