X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/46e6e239dc644b6949e6609c27339c62a84bc711..refs/pull/3850/head:/app/Http/Controllers/Api/UserApiController.php

diff --git a/app/Http/Controllers/Api/UserApiController.php b/app/Http/Controllers/Api/UserApiController.php
index aa2a2481c..64e9d732d 100644
--- a/app/Http/Controllers/Api/UserApiController.php
+++ b/app/Http/Controllers/Api/UserApiController.php
@@ -16,7 +16,7 @@ class UserApiController extends ApiController
     protected $userRepo;
 
     protected $fieldsToExpose = [
-        'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id'
+        'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id',
     ];
 
     public function __construct(UserRepo $userRepo)
@@ -27,6 +27,7 @@ class UserApiController extends ApiController
         $this->middleware(function ($request, $next) {
             $this->checkPermission('users-manage');
             $this->preventAccessInDemoMode();
+
             return $next($request);
         });
     }
@@ -35,29 +36,29 @@ class UserApiController extends ApiController
     {
         return [
             'create' => [
-                'name' => ['required', 'min:2'],
+                'name'  => ['required', 'min:2', 'max:100'],
                 'email' => [
-                    'required', 'min:2', 'email', new Unique('users', 'email')
+                    'required', 'min:2', 'email', new Unique('users', 'email'),
                 ],
                 'external_auth_id' => ['string'],
-                'language' => ['string'],
-                'password' => [Password::default()],
-                'roles' => ['array'],
-                'roles.*' => ['integer'],
-                'send_invite' => ['boolean'],
+                'language'         => ['string', 'max:15', 'alpha_dash'],
+                'password'         => [Password::default()],
+                'roles'            => ['array'],
+                'roles.*'          => ['integer'],
+                'send_invite'      => ['boolean'],
             ],
             'update' => [
-                'name' => ['min:2'],
+                'name'  => ['min:2', 'max:100'],
                 'email' => [
                     'min:2',
                     'email',
-                    (new Unique('users', 'email'))->ignore($userId ?? null)
+                    (new Unique('users', 'email'))->ignore($userId ?? null),
                 ],
                 'external_auth_id' => ['string'],
-                'language' => ['string'],
-                'password' => [Password::default()],
-                'roles' => ['array'],
-                'roles.*' => ['integer'],
+                'language'         => ['string', 'max:15', 'alpha_dash'],
+                'password'         => [Password::default()],
+                'roles'            => ['array'],
+                'roles.*'          => ['integer'],
             ],
             'delete' => [
                 'migrate_ownership_id' => ['integer', 'exists:users,id'],
@@ -71,7 +72,9 @@ class UserApiController extends ApiController
      */
     public function list()
     {
-        $users = $this->userRepo->getApiUsersBuilder();
+        $users = User::query()->select(['*'])
+            ->scopes('withLastActivityAt')
+            ->with(['avatar']);
 
         return $this->apiListingResponse($users, [
             'id', 'name', 'slug', 'email', 'external_auth_id',
@@ -113,6 +116,7 @@ class UserApiController extends ApiController
     /**
      * Update an existing user in the system.
      * Requires permission to manage users.
+     *
      * @throws UserUpdateException
      */
     public function update(Request $request, string $id)