BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/UserController.php

index bf25eafb2d8ad544a4a408f32e4ceec6b75f27a8..6956b8d18e0937cd3455d684c4b738cf64d184b4 100644 (file)

--- a/app/Http/Controllers/UserController.php

+++ b/app/Http/Controllers/UserController.php

@@ -2,6 +2,7 @@

namespace BookStack\Http\Controllers;

+use BookStack\Activity;

use Illuminate\Http\Request;

use Illuminate\Http\Response;

@@ -34,7 +35,8 @@ class UserController extends Controller

public function index()

{

- $users = $this->user->all();

+ $this->checkPermission('users-manage');

+ $users = $this->userRepo->getAllUsers();

$this->setPageTitle('Users');

return view('users/index', ['users' => $users]);

}

@@ -45,9 +47,10 @@ class UserController extends Controller

public function create()

{

- $this->checkPermission('user-create');

+ $this->checkPermission('users-manage');

$authMethod = config('auth.method');

- return view('users/create', ['authMethod' => $authMethod]);

+ $roles = $this->userRepo->getAssignableRoles();

+ return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);

}

/**

@@ -57,11 +60,10 @@ class UserController extends Controller

public function store(Request $request)

{

- $this->checkPermission('user-create');

+ $this->checkPermission('users-manage');

$validationRules = [

'name' => 'required',

- 'email' => 'required|email|unique:users,email',

- 'role' => 'required|exists:roles,id'

+ 'email' => 'required|email|unique:users,email'

];

$authMethod = config('auth.method');

@@ -83,7 +85,11 @@ class UserController extends Controller

}

$user->save();

- $user->attachRoleId($request->get('role'));

+ if ($request->has('roles')) {

+ $roles = $request->get('roles');

+ $user->roles()->sync($roles);

+ }

// Get avatar from gravatar and save

if (!config('services.disable_services')) {

@@ -92,10 +98,9 @@ class UserController extends Controller

$user->save();

}

- return redirect('/users');

+ return redirect('/settings/users');

}

/**

* Show the form for editing the specified user.

* @param int $id

@@ -104,7 +109,7 @@ class UserController extends Controller

public function edit($id, SocialAuthService $socialAuthService)

{

- $this->checkPermissionOr('user-update', function () use ($id) {

+ $this->checkPermissionOr('users-manage', function () use ($id) {

return $this->currentUser->id == $id;

});

@@ -113,7 +118,8 @@ class UserController extends Controller

$user = $this->user->findOrFail($id);

$activeSocialDrivers = $socialAuthService->getActiveDrivers();

$this->setPageTitle('User Profile');

- return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);

+ $roles = $this->userRepo->getAssignableRoles();

+ return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);

}

/**

@@ -125,7 +131,7 @@ class UserController extends Controller

public function update(Request $request, $id)

{

$this->preventAccessForDemoUsers();

- $this->checkPermissionOr('user-update', function () use ($id) {

+ $this->checkPermissionOr('users-manage', function () use ($id) {

return $this->currentUser->id == $id;

});

@@ -133,8 +139,7 @@ class UserController extends Controller

'name' => 'min:2',

'email' => 'min:2|email|unique:users,email,' . $id,

'password' => 'min:5|required_with:password_confirm',

- 'password-confirm' => 'same:password|required_with:password',

- 'role' => 'exists:roles,id'

+ 'password-confirm' => 'same:password|required_with:password'

], [

'password-confirm.required_with' => 'Password confirmation required'

]);

@@ -143,8 +148,9 @@ class UserController extends Controller

$user->fill($request->all());

// Role updates

- if ($this->currentUser->can('user-update') && $request->has('role')) {

- $user->attachRoleId($request->get('role'));

+ if (userCan('users-manage') && $request->has('roles')) {

+ $roles = $request->get('roles');

+ $user->roles()->sync($roles);

}

// Password updates

@@ -154,12 +160,15 @@ class UserController extends Controller

}

// External auth id updates

- if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {

+ if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {

$user->external_auth_id = $request->get('external_auth_id');

}

$user->save();

- return redirect('/users');

+ session()->flash('success', 'User successfully updated');

+ $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;

+ return redirect($redirectUrl);

}

/**

@@ -169,7 +178,7 @@ class UserController extends Controller

public function delete($id)

{

- $this->checkPermissionOr('user-delete', function () use ($id) {

+ $this->checkPermissionOr('users-manage', function () use ($id) {

return $this->currentUser->id == $id;

});

@@ -186,7 +195,7 @@ class UserController extends Controller

public function destroy($id)

{

$this->preventAccessForDemoUsers();

- $this->checkPermissionOr('user-delete', function () use ($id) {

+ $this->checkPermissionOr('users-manage', function () use ($id) {

return $this->currentUser->id == $id;

});

@@ -197,6 +206,25 @@ class UserController extends Controller

}

$this->userRepo->destroy($user);

- return redirect('/users');

+ return redirect('/settings/users');

+ }

+ /**

+ * Show the user profile page

+ * @param $id

+ * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View

+ */

+ public function showProfilePage($id)

+ {

+ $user = $this->userRepo->getById($id);

+ $userActivity = $this->userRepo->getActivity($user);

+ $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);

+ $assetCounts = $this->userRepo->getAssetCounts($user);

+ return view('users/profile', [

+ 'user' => $user,

+ 'activity' => $userActivity,

+ 'recentlyCreated' => $recentlyCreated,

+ 'assetCounts' => $assetCounts

+ ]);

}