BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/UserController.php

-<?php namespace BookStack\Http\Controllers;

+<?php

+

+namespace BookStack\Http\Controllers;

-use BookStack\Actions\ActivityType;

use BookStack\Auth\Access\SocialAuthService;

-use BookStack\Auth\Access\UserInviteService;

+use BookStack\Auth\Queries\AllUsersPaginatedAndSorted;

+use BookStack\Auth\Role;

use BookStack\Auth\User;

use BookStack\Auth\UserRepo;

use BookStack\Auth\User;

use BookStack\Auth\UserRepo;

+use BookStack\Exceptions\ImageUploadException;

use BookStack\Exceptions\UserUpdateException;

use BookStack\Uploads\ImageRepo;

use BookStack\Exceptions\UserUpdateException;

use BookStack\Uploads\ImageRepo;

+use Exception;

use Illuminate\Http\Request;

-use Illuminate\Support\Str;

+use Illuminate\Support\Facades\DB;

+use Illuminate\Validation\Rules\Password;

+use Illuminate\Validation\ValidationException;

class UserController extends Controller

{

class UserController extends Controller

{

-

- protected $user;

protected $userRepo;

- protected $inviteService;

protected $imageRepo;

/**

* UserController constructor.

*/

protected $imageRepo;

/**

* UserController constructor.

*/

- public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)

+ public function __construct(UserRepo $userRepo, ImageRepo $imageRepo)

{

- $this->user = $user;

$this->userRepo = $userRepo;

- $this->inviteService = $inviteService;

$this->imageRepo = $imageRepo;

}

$this->imageRepo = $imageRepo;

}

{

$this->checkPermission('users-manage');

$listDetails = [

{

$this->checkPermission('users-manage');

$listDetails = [

- 'order' => $request->get('order', 'asc'),

+ 'order' => $request->get('order', 'asc'),

'search' => $request->get('search', ''),

- 'sort' => $request->get('sort', 'name'),

+ 'sort' => $request->get('sort', 'name'),

];

- $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);

+

+ $users = (new AllUsersPaginatedAndSorted())->run(20, $listDetails);

$this->setPageTitle(trans('settings.users'));

$users->appends($listDetails);

$this->setPageTitle(trans('settings.users'));

$users->appends($listDetails);

- return view('users.index', ['users' => $users, 'listDetails' => $listDetails]);

+

+ return view('users.index', [

+ 'users' => $users,

+ 'listDetails' => $listDetails,

+ ]);

}

/**

}

/**

{

$this->checkPermission('users-manage');

$authMethod = config('auth.method');

{

$this->checkPermission('users-manage');

$authMethod = config('auth.method');

- $roles = $this->userRepo->getAllRoles();

+ $roles = Role::query()->orderBy('display_name', 'asc')->get();

+ $this->setPageTitle(trans('settings.users_add_new'));

+

return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);

}

/**

return view('users.create', ['authMethod' => $authMethod, 'roles' => $roles]);

}

/**

- * Store a newly created user in storage.

- * @throws UserUpdateException

- * @throws \Illuminate\Validation\ValidationException

+ * Store a new user in storage.

+ *

+ * @throws ValidationException

*/

public function store(Request $request)

{

$this->checkPermission('users-manage');

*/

public function store(Request $request)

{

$this->checkPermission('users-manage');

- $validationRules = [

- 'name' => 'required',

- 'email' => 'required|email|unique:users,email'

- ];

$authMethod = config('auth.method');

$sendInvite = ($request->get('send_invite', 'false') === 'true');

$authMethod = config('auth.method');

$sendInvite = ($request->get('send_invite', 'false') === 'true');

+ $externalAuth = $authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'oidc';

+ $passwordRequired = ($authMethod === 'standard' && !$sendInvite);

- if ($authMethod === 'standard' && !$sendInvite) {

- $validationRules['password'] = 'required|min:6';

- $validationRules['password-confirm'] = 'required|same:password';

- } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {

- $validationRules['external_auth_id'] = 'required';

- }

- $this->validate($request, $validationRules);

-

- $user = $this->user->fill($request->all());

-

- if ($authMethod === 'standard') {

- $user->password = bcrypt($request->get('password', Str::random(32)));

- } elseif ($authMethod === 'ldap' || $authMethod === 'saml2') {

- $user->external_auth_id = $request->get('external_auth_id');

- }

-

- $user->save();

-

- if ($sendInvite) {

- $this->inviteService->sendInvitation($user);

- }

+ $validationRules = [

+ 'name' => ['required'],

+ 'email' => ['required', 'email', 'unique:users,email'],

+ 'language' => ['string'],

+ 'roles' => ['array'],

+ 'roles.*' => ['integer'],

+ 'password' => $passwordRequired ? ['required', Password::default()] : null,

+ 'password-confirm' => $passwordRequired ? ['required', 'same:password'] : null,

+ 'external_auth_id' => $externalAuth ? ['required'] : null,

+ ];

- if ($request->filled('roles')) {

- $roles = $request->get('roles');

- $this->userRepo->setUserRoles($user, $roles);

- }

+ $validated = $this->validate($request, array_filter($validationRules));

- $this->userRepo->downloadAndAssignUserAvatar($user);

+ DB::transaction(function () use ($validated, $sendInvite) {

+ $this->userRepo->create($validated, $sendInvite);

+ });

- $this->logActivity(ActivityType::USER_CREATE, $user);

return redirect('/settings/users');

}

return redirect('/settings/users');

}

{

$this->checkPermissionOrCurrentUser('users-manage', $id);

{

$this->checkPermissionOrCurrentUser('users-manage', $id);

- $user = $this->user->newQuery()->with(['apiTokens'])->findOrFail($id);

+ /** @var User $user */

+ $user = User::query()->with(['apiTokens', 'mfaValues'])->findOrFail($id);

$authMethod = ($user->system_name) ? 'system' : config('auth.method');

$activeSocialDrivers = $socialAuthService->getActiveDrivers();

$authMethod = ($user->system_name) ? 'system' : config('auth.method');

$activeSocialDrivers = $socialAuthService->getActiveDrivers();

+ $mfaMethods = $user->mfaValues->groupBy('method');

$this->setPageTitle(trans('settings.user_profile'));

- $roles = $this->userRepo->getAllRoles();

+ $roles = Role::query()->orderBy('display_name', 'asc')->get();

+

return view('users.edit', [

- 'user' => $user,

+ 'user' => $user,

'activeSocialDrivers' => $activeSocialDrivers,

- 'authMethod' => $authMethod,

- 'roles' => $roles

+ 'mfaMethods' => $mfaMethods,

+ 'authMethod' => $authMethod,

+ 'roles' => $roles,

]);

}

/**

* Update the specified user in storage.

]);

}

/**

* Update the specified user in storage.

+ *

* @throws UserUpdateException

- * @throws \BookStack\Exceptions\ImageUploadException

- * @throws \Illuminate\Validation\ValidationException

+ * @throws ImageUploadException

+ * @throws ValidationException

*/

public function update(Request $request, int $id)

{

$this->preventAccessInDemoMode();

$this->checkPermissionOrCurrentUser('users-manage', $id);

*/

public function update(Request $request, int $id)

{

$this->preventAccessInDemoMode();

$this->checkPermissionOrCurrentUser('users-manage', $id);

- $this->validate($request, [

- 'name' => 'min:2',

- 'email' => 'min:2|email|unique:users,email,' . $id,

- 'password' => 'min:6|required_with:password_confirm',

- 'password-confirm' => 'same:password|required_with:password',

- 'setting' => 'array',

- 'profile_image' => 'nullable|' . $this->getImageValidationRules(),

+ $validated = $this->validate($request, [

+ 'name' => ['min:2'],

+ 'email' => ['min:2', 'email', 'unique:users,email,' . $id],

+ 'password' => ['required_with:password_confirm', Password::default()],

+ 'password-confirm' => ['same:password', 'required_with:password'],

+ 'language' => ['string'],

+ 'roles' => ['array'],

+ 'roles.*' => ['integer'],

+ 'external_auth_id' => ['string'],

+ 'profile_image' => array_merge(['nullable'], $this->getImageValidationRules()),

]);

$user = $this->userRepo->getById($id);

]);

$user = $this->userRepo->getById($id);

- $user->fill($request->except(['email']));

-

- // Email updates

- if (userCan('users-manage') && $request->filled('email')) {

- $user->email = $request->get('email');

- }

-

- // Role updates

- if (userCan('users-manage') && $request->filled('roles')) {

- $roles = $request->get('roles');

- $this->userRepo->setUserRoles($user, $roles);

- }

-

- // Password updates

- if ($request->filled('password')) {

- $password = $request->get('password');

- $user->password = bcrypt($password);

- }

-

- // External auth id updates

- if (user()->can('users-manage') && $request->filled('external_auth_id')) {

- $user->external_auth_id = $request->get('external_auth_id');

- }

-

- // Save an user-specific settings

- if ($request->filled('setting')) {

- foreach ($request->get('setting') as $key => $value) {

- setting()->putUser($user, $key, $value);

- }

+ $this->userRepo->update($user, $validated, userCan('users-manage'));

// Save profile image if in request

if ($request->hasFile('profile_image')) {

// Save profile image if in request

if ($request->hasFile('profile_image')) {

$this->imageRepo->destroyImage($user->avatar);

$image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);

$user->image_id = $image->id;

$this->imageRepo->destroyImage($user->avatar);

$image = $this->imageRepo->saveNew($imageUpload, 'user', $user->id);

$user->image_id = $image->id;

+ $user->save();

}

// Delete the profile image if reset option is in request

}

// Delete the profile image if reset option is in request

$this->imageRepo->destroyImage($user->avatar);

}

$this->imageRepo->destroyImage($user->avatar);

}

- $user->save();

- $this->showSuccessNotification(trans('settings.users_edit_success'));

- $this->logActivity(ActivityType::USER_UPDATE, $user);

+ $redirectUrl = userCan('users-manage') ? '/settings/users' : "/settings/users/{$user->id}";

- $redirectUrl = userCan('users-manage') ? '/settings/users' : ('/settings/users/' . $user->id);

return redirect($redirectUrl);

}

return redirect($redirectUrl);

}

$user = $this->userRepo->getById($id);

$this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));

$user = $this->userRepo->getById($id);

$this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name]));

+

return view('users.delete', ['user' => $user]);

}

/**

* Remove the specified user from storage.

return view('users.delete', ['user' => $user]);

}

/**

* Remove the specified user from storage.

- * @throws \Exception

+ *

+ * @throws Exception

*/

public function destroy(Request $request, int $id)

{

*/

public function destroy(Request $request, int $id)

{

$user = $this->userRepo->getById($id);

$newOwnerId = $request->get('new_owner_id', null);

$user = $this->userRepo->getById($id);

$newOwnerId = $request->get('new_owner_id', null);

- if ($this->userRepo->isOnlyAdmin($user)) {

- $this->showErrorNotification(trans('errors.users_cannot_delete_only_admin'));

- return redirect($user->getEditUrl());

- }

-

- if ($user->system_name === 'public') {

- $this->showErrorNotification(trans('errors.users_cannot_delete_guest'));

- return redirect($user->getEditUrl());

- }

-

$this->userRepo->destroy($user, $newOwnerId);

- $this->showSuccessNotification(trans('settings.users_delete_success'));

- $this->logActivity(ActivityType::USER_DELETE, $user);

return redirect('/settings/users');

}

return redirect('/settings/users');

}

- /**

- * Show the user profile page

- */

- public function showProfilePage($id)

- {

- $user = $this->userRepo->getById($id);

-

- $userActivity = $this->userRepo->getActivity($user);

- $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5);

- $assetCounts = $this->userRepo->getAssetCounts($user);

-

- return view('users.profile', [

- 'user' => $user,

- 'activity' => $userActivity,

- 'recentlyCreated' => $recentlyCreated,

- 'assetCounts' => $assetCounts

- ]);

- }

-

/**

* Update the user's preferred book-list display setting.

*/

/**

* Update the user's preferred book-list display setting.

*/

public function changeSort(Request $request, string $id, string $type)

{

*/

public function changeSort(Request $request, string $id, string $type)

{

- $validSortTypes = ['books', 'bookshelves'];

+ $validSortTypes = ['books', 'bookshelves', 'shelf_books'];

if (!in_array($type, $validSortTypes)) {

return redirect()->back(500);

}

if (!in_array($type, $validSortTypes)) {

return redirect()->back(500);

}

+

return $this->changeListSort($id, $request, $type);

}

return $this->changeListSort($id, $request, $type);

}

{

$enabled = setting()->getForCurrentUser('dark-mode-enabled', false);

setting()->putUser(user(), 'dark-mode-enabled', $enabled ? 'false' : 'true');

{

$enabled = setting()->getForCurrentUser('dark-mode-enabled', false);

setting()->putUser(user(), 'dark-mode-enabled', $enabled ? 'false' : 'true');

+

return redirect()->back();

}

return redirect()->back();

}

$this->checkPermissionOrCurrentUser('users-manage', $id);

$keyWhitelist = ['home-details'];

if (!in_array($key, $keyWhitelist)) {

$this->checkPermissionOrCurrentUser('users-manage', $id);

$keyWhitelist = ['home-details'];

if (!in_array($key, $keyWhitelist)) {

- return response("Invalid key", 500);

+ return response('Invalid key', 500);

}

$newState = $request->get('expand', 'false');

}

$newState = $request->get('expand', 'false');

- $user = $this->user->findOrFail($id);

+ $user = $this->userRepo->getById($id);

setting()->putUser($user, 'section_expansion#' . $key, $newState);

- return response("", 204);

+

+ return response('', 204);

}

/**

}

/**

$this->checkPermissionOrCurrentUser('users-manage', $userId);

$sort = $request->get('sort');

$this->checkPermissionOrCurrentUser('users-manage', $userId);

$sort = $request->get('sort');

- if (!in_array($sort, ['name', 'created_at', 'updated_at'])) {

+ if (!in_array($sort, ['name', 'created_at', 'updated_at', 'default'])) {

$sort = 'name';

}

$sort = 'name';

}

$order = 'asc';

}

$order = 'asc';

}

- $user = $this->user->findOrFail($userId);

+ $user = $this->userRepo->getById($userId);

$sortKey = $listName . '_sort';

$orderKey = $listName . '_sort_order';

setting()->putUser($user, $sortKey, $sort);

$sortKey = $listName . '_sort';

$orderKey = $listName . '_sort_order';

setting()->putUser($user, $sortKey, $sort);