X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/7bcd967fd9a6dc25be81fcccbe7f1d4df17a7b3e..refs/pull/140/head:/app/Http/Controllers/UserController.php

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 325d3118f..053d9ebd5 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -2,6 +2,7 @@
 
 namespace BookStack\Http\Controllers;
 
+use BookStack\Activity;
 use Illuminate\Http\Request;
 
 use Illuminate\Http\Response;
@@ -30,13 +31,21 @@ class UserController extends Controller
 
     /**
      * Display a listing of the users.
+     * @param Request $request
      * @return Response
      */
-    public function index()
+    public function index(Request $request)
     {
-        $users = $this->user->all();
+        $this->checkPermission('users-manage');
+        $listDetails = [
+            'order' => $request->has('order') ? $request->get('order') : 'asc',
+            'search' => $request->has('search') ? $request->get('search') : '',
+            'sort' => $request->has('sort') ? $request->get('sort') : 'name',
+        ];
+        $users = $this->userRepo->getAllUsersPaginatedAndSorted(20, $listDetails);
         $this->setPageTitle('Users');
-        return view('users/index', ['users' => $users]);
+        $users->appends($listDetails);
+        return view('users/index', ['users' => $users, 'listDetails' => $listDetails]);
     }
 
     /**
@@ -45,9 +54,10 @@ class UserController extends Controller
      */
     public function create()
     {
-        $this->checkPermission('user-create');
+        $this->checkPermission('users-manage');
         $authMethod = config('auth.method');
-        return view('users/create', ['authMethod' => $authMethod]);
+        $roles = $this->userRepo->getAssignableRoles();
+        return view('users/create', ['authMethod' => $authMethod, 'roles' => $roles]);
     }
 
     /**
@@ -57,11 +67,10 @@ class UserController extends Controller
      */
     public function store(Request $request)
     {
-        $this->checkPermission('user-create');
+        $this->checkPermission('users-manage');
         $validationRules = [
             'name'             => 'required',
-            'email'            => 'required|email|unique:users,email',
-            'role'             => 'required|exists:roles,id'
+            'email'            => 'required|email|unique:users,email'
         ];
 
         $authMethod = config('auth.method');
@@ -83,7 +92,11 @@ class UserController extends Controller
         }
 
         $user->save();
-        $user->attachRoleId($request->get('role'));
+
+        if ($request->has('roles')) {
+            $roles = $request->get('roles');
+            $user->roles()->sync($roles);
+        }
 
         // Get avatar from gravatar and save
         if (!config('services.disable_services')) {
@@ -92,10 +105,9 @@ class UserController extends Controller
             $user->save();
         }
 
-        return redirect('/users');
+        return redirect('/settings/users');
     }
 
-
     /**
      * Show the form for editing the specified user.
      * @param  int              $id
@@ -104,7 +116,7 @@ class UserController extends Controller
      */
     public function edit($id, SocialAuthService $socialAuthService)
     {
-        $this->checkPermissionOr('user-update', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
@@ -113,7 +125,8 @@ class UserController extends Controller
         $user = $this->user->findOrFail($id);
         $activeSocialDrivers = $socialAuthService->getActiveDrivers();
         $this->setPageTitle('User Profile');
-        return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);
+        $roles = $this->userRepo->getAssignableRoles();
+        return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod, 'roles' => $roles]);
     }
 
     /**
@@ -125,16 +138,15 @@ class UserController extends Controller
     public function update(Request $request, $id)
     {
         $this->preventAccessForDemoUsers();
-        $this->checkPermissionOr('user-update', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
         $this->validate($request, [
-            'name'             => 'required',
-            'email'            => 'required|email|unique:users,email,' . $id,
+            'name'             => 'min:2',
+            'email'            => 'min:2|email|unique:users,email,' . $id,
             'password'         => 'min:5|required_with:password_confirm',
-            'password-confirm' => 'same:password|required_with:password',
-            'role'             => 'exists:roles,id'
+            'password-confirm' => 'same:password|required_with:password'
         ], [
             'password-confirm.required_with' => 'Password confirmation required'
         ]);
@@ -143,8 +155,9 @@ class UserController extends Controller
         $user->fill($request->all());
 
         // Role updates
-        if ($this->currentUser->can('user-update') && $request->has('role')) {
-            $user->attachRoleId($request->get('role'));
+        if (userCan('users-manage') && $request->has('roles')) {
+            $roles = $request->get('roles');
+            $user->roles()->sync($roles);
         }
 
         // Password updates
@@ -154,12 +167,15 @@ class UserController extends Controller
         }
 
         // External auth id updates
-        if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {
+        if ($this->currentUser->can('users-manage') && $request->has('external_auth_id')) {
             $user->external_auth_id = $request->get('external_auth_id');
         }
 
         $user->save();
-        return redirect('/users');
+        session()->flash('success', 'User successfully updated');
+
+        $redirectUrl = userCan('users-manage') ? '/settings/users' : '/settings/users/' . $user->id;
+        return redirect($redirectUrl);
     }
 
     /**
@@ -169,7 +185,7 @@ class UserController extends Controller
      */
     public function delete($id)
     {
-        $this->checkPermissionOr('user-delete', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
@@ -186,17 +202,39 @@ class UserController extends Controller
     public function destroy($id)
     {
         $this->preventAccessForDemoUsers();
-        $this->checkPermissionOr('user-delete', function () use ($id) {
+        $this->checkPermissionOr('users-manage', function () use ($id) {
             return $this->currentUser->id == $id;
         });
 
         $user = $this->userRepo->getById($id);
+
         if ($this->userRepo->isOnlyAdmin($user)) {
             session()->flash('error', 'You cannot delete the only admin');
             return redirect($user->getEditUrl());
         }
+
         $this->userRepo->destroy($user);
+        session()->flash('success', 'User successfully removed');
 
-        return redirect('/users');
+        return redirect('/settings/users');
+    }
+
+    /**
+     * Show the user profile page
+     * @param $id
+     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
+     */
+    public function showProfilePage($id)
+    {
+        $user = $this->userRepo->getById($id);
+        $userActivity = $this->userRepo->getActivity($user);
+        $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
+        $assetCounts = $this->userRepo->getAssetCounts($user);
+        return view('users/profile', [
+            'user' => $user,
+            'activity' => $userActivity,
+            'recentlyCreated' => $recentlyCreated,
+            'assetCounts' => $assetCounts
+        ]);
     }
 }