BookStack/app/Http/Controllers/UserController.php

<?php

namespace BookStack\Http\Controllers;

use BookStack\Activity;
use Illuminate\Http\Request;

use Illuminate\Http\Response;
use BookStack\Http\Requests;
use BookStack\Repos\UserRepo;
use BookStack\Services\SocialAuthService;
use BookStack\User;

class UserController extends Controller
{

    protected $user;
    protected $userRepo;

    /**
     * UserController constructor.
     * @param User     $user
     * @param UserRepo $userRepo
     */
    public function __construct(User $user, UserRepo $userRepo)
    {
        $this->user = $user;
        $this->userRepo = $userRepo;
        parent::__construct();
    }

    /**
     * Display a listing of the users.
     * @return Response
     */
    public function index()
    {
        $users = $this->user->all();
        $this->setPageTitle('Users');
        return view('users/index', ['users' => $users]);
    }

    /**
     * Show the form for creating a new user.
     * @return Response
     */
    public function create()
    {
        $this->checkPermission('user-create');
        $authMethod = config('auth.method');
        return view('users/create', ['authMethod' => $authMethod]);
    }

    /**
     * Store a newly created user in storage.
     * @param  Request $request
     * @return Response
     */
    public function store(Request $request)
    {
        $this->checkPermission('user-create');
        $validationRules = [
            'name'             => 'required',
            'email'            => 'required|email|unique:users,email',
            'role'             => 'required|exists:roles,id'
        ];

        $authMethod = config('auth.method');
        if ($authMethod === 'standard') {
            $validationRules['password'] = 'required|min:5';
            $validationRules['password-confirm'] = 'required|same:password';
        } elseif ($authMethod === 'ldap') {
            $validationRules['external_auth_id'] = 'required';
        }
        $this->validate($request, $validationRules);


        $user = $this->user->fill($request->all());

        if ($authMethod === 'standard') {
            $user->password = bcrypt($request->get('password'));
        } elseif ($authMethod === 'ldap') {
            $user->external_auth_id = $request->get('external_auth_id');
        }

        $user->save();
        $user->attachRoleId($request->get('role'));

        // Get avatar from gravatar and save
        if (!config('services.disable_services')) {
            $avatar = \Images::saveUserGravatar($user);
            $user->avatar()->associate($avatar);
            $user->save();
        }

        return redirect('/settings/users');
    }

    /**
     * Show the form for editing the specified user.
     * @param  int              $id
     * @param SocialAuthService $socialAuthService
     * @return Response
     */
    public function edit($id, SocialAuthService $socialAuthService)
    {
        $this->checkPermissionOr('user-update', function () use ($id) {
            return $this->currentUser->id == $id;
        });

        $authMethod = config('auth.method');

        $user = $this->user->findOrFail($id);
        $activeSocialDrivers = $socialAuthService->getActiveDrivers();
        $this->setPageTitle('User Profile');
        return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);
    }

    /**
     * Update the specified user in storage.
     * @param  Request $request
     * @param  int     $id
     * @return Response
     */
    public function update(Request $request, $id)
    {
        $this->preventAccessForDemoUsers();
        $this->checkPermissionOr('user-update', function () use ($id) {
            return $this->currentUser->id == $id;
        });

        $this->validate($request, [
            'name'             => 'min:2',
            'email'            => 'min:2|email|unique:users,email,' . $id,
            'password'         => 'min:5|required_with:password_confirm',
            'password-confirm' => 'same:password|required_with:password',
            'role'             => 'exists:roles,id'
        ], [
            'password-confirm.required_with' => 'Password confirmation required'
        ]);

        $user = $this->user->findOrFail($id);
        $user->fill($request->all());

        // Role updates
        if ($this->currentUser->can('user-update') && $request->has('role')) {
            $user->attachRoleId($request->get('role'));
        }

        // Password updates
        if ($request->has('password') && $request->get('password') != '') {
            $password = $request->get('password');
            $user->password = bcrypt($password);
        }

        // External auth id updates
        if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {
            $user->external_auth_id = $request->get('external_auth_id');
        }

        $user->save();
        return redirect('/settings/users');
    }

    /**
     * Show the user delete page.
     * @param $id
     * @return \Illuminate\View\View
     */
    public function delete($id)
    {
        $this->checkPermissionOr('user-delete', function () use ($id) {
            return $this->currentUser->id == $id;
        });

        $user = $this->user->findOrFail($id);
        $this->setPageTitle('Delete User ' . $user->name);
        return view('users/delete', ['user' => $user]);
    }

    /**
     * Remove the specified user from storage.
     * @param  int $id
     * @return Response
     */
    public function destroy($id)
    {
        $this->preventAccessForDemoUsers();
        $this->checkPermissionOr('user-delete', function () use ($id) {
            return $this->currentUser->id == $id;
        });

        $user = $this->userRepo->getById($id);
        if ($this->userRepo->isOnlyAdmin($user)) {
            session()->flash('error', 'You cannot delete the only admin');
            return redirect($user->getEditUrl());
        }
        $this->userRepo->destroy($user);

        return redirect('/settings/users');
    }

    /**
     * Show the user profile page
     * @param $id
     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
     */
    public function showProfilePage($id)
    {
        $user = $this->userRepo->getById($id);
        $userActivity = $this->userRepo->getActivity($user);
        $recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);
        $assetCounts = $this->userRepo->getAssetCounts($user);
        return view('users/profile', [
            'user' => $user,
            'activity' => $userActivity,
            'recentlyCreated' => $recentlyCreated,
            'assetCounts' => $assetCounts
        ]);
    }
}
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`<?php`

Change application namespace to BookStack 2015-09-10 14:31:09 -04:00			`namespace BookStack\Http\Controllers;`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00
Started work on user profile pages 2016-02-16 16:25:11 -05:00			`use BookStack\Activity;`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`use Illuminate\Http\Request;`

Cleaned up gravatar image importing 2015-12-14 15:13:32 -05:00			`use Illuminate\Http\Response;`
Change application namespace to BookStack 2015-09-10 14:31:09 -04:00			`use BookStack\Http\Requests;`
			`use BookStack\Repos\UserRepo;`
			`use BookStack\Services\SocialAuthService;`
			`use BookStack\User;`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00
			`class UserController extends Controller`
			`{`

			`protected $user;`
Got registration process working with social accounts 2015-09-06 07:14:32 -04:00			`protected $userRepo;`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00
			`/**`
			`* UserController constructor.`
Added mulit image-type compatability to manager & app and added scaled image selection 2015-12-08 17:04:59 -05:00			`* @param User $user`
			`* @param UserRepo $userRepo`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`*/`
Got registration process working with social accounts 2015-09-06 07:14:32 -04:00			`public function __construct(User $user, UserRepo $userRepo)`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`{`
			`$this->user = $user;`
Got registration process working with social accounts 2015-09-06 07:14:32 -04:00			`$this->userRepo = $userRepo;`
Added permission system 2015-08-29 10:03:42 -04:00			`parent::__construct();`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`

			`/**`
			`* Display a listing of the users.`
			`* @return Response`
			`*/`
			`public function index()`
			`{`
			`$users = $this->user->all();`
Added custom meta titles to many pages. Closes #30. 2015-12-05 09:41:51 -05:00			`$this->setPageTitle('Users');`
Added permission system 2015-08-29 10:03:42 -04:00			`return view('users/index', ['users' => $users]);`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`

			`/**`
			`* Show the form for creating a new user.`
			`* @return Response`
			`*/`
			`public function create()`
			`{`
Added permission system 2015-08-29 10:03:42 -04:00			`$this->checkPermission('user-create');`
Updated user interfaces for LDAP and added email from LDAP 2016-01-13 17:22:30 -05:00			`$authMethod = config('auth.method');`
			`return view('users/create', ['authMethod' => $authMethod]);`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`

			`/**`
			`* Store a newly created user in storage.`
Added permission system 2015-08-29 10:03:42 -04:00			`* @param Request $request`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`* @return Response`
			`*/`
			`public function store(Request $request)`
			`{`
Added permission system 2015-08-29 10:03:42 -04:00			`$this->checkPermission('user-create');`
Increased LDAP testing and fixed any Auth-based bugs found 2016-01-17 10:20:07 -05:00			`$validationRules = [`
Added permission system 2015-08-29 10:03:42 -04:00			`'name' => 'required',`
Added custom user avatars 2015-12-09 17:30:55 -05:00			`'email' => 'required\|email\|unique:users,email',`
Added permission system 2015-08-29 10:03:42 -04:00			`'role' => 'required\|exists:roles,id'`
Increased LDAP testing and fixed any Auth-based bugs found 2016-01-17 10:20:07 -05:00			`];`

			`$authMethod = config('auth.method');`
			`if ($authMethod === 'standard') {`
			`$validationRules['password'] = 'required\|min:5';`
			`$validationRules['password-confirm'] = 'required\|same:password';`
			`} elseif ($authMethod === 'ldap') {`
			`$validationRules['external_auth_id'] = 'required';`
			`}`
			`$this->validate($request, $validationRules);`

Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00
			`$user = $this->user->fill($request->all());`
Added permission system 2015-08-29 10:03:42 -04:00
Increased LDAP testing and fixed any Auth-based bugs found 2016-01-17 10:20:07 -05:00			`if ($authMethod === 'standard') {`
			`$user->password = bcrypt($request->get('password'));`
			`} elseif ($authMethod === 'ldap') {`
			`$user->external_auth_id = $request->get('external_auth_id');`
			`}`

			`$user->save();`
Added permission system 2015-08-29 10:03:42 -04:00			`$user->attachRoleId($request->get('role'));`
Cleaned up gravatar image importing 2015-12-14 15:13:32 -05:00
			`// Get avatar from gravatar and save`
Updated laravel to 5.2 and started ldap implementation 2016-01-09 14:23:35 -05:00			`if (!config('services.disable_services')) {`
Cleaned up gravatar image importing 2015-12-14 15:13:32 -05:00			`$avatar = \Images::saveUserGravatar($user);`
			`$user->avatar()->associate($avatar);`
			`$user->save();`
			`}`

Started work on user profile pages 2016-02-16 16:25:11 -05:00			`return redirect('/settings/users');`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`

			`/**`
			`* Show the form for editing the specified user.`
Made social accounts attachable 2015-09-04 15:40:36 -04:00			`* @param int $id`
			`* @param SocialAuthService $socialAuthService`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`* @return Response`
			`*/`
Made social accounts attachable 2015-09-04 15:40:36 -04:00			`public function edit($id, SocialAuthService $socialAuthService)`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`{`
Added permission system 2015-08-29 10:03:42 -04:00			`$this->checkPermissionOr('user-update', function () use ($id) {`
			`return $this->currentUser->id == $id;`
			`});`
Made social accounts attachable 2015-09-04 15:40:36 -04:00
Updated user interfaces for LDAP and added email from LDAP 2016-01-13 17:22:30 -05:00			`$authMethod = config('auth.method');`

Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`$user = $this->user->findOrFail($id);`
Made social accounts attachable 2015-09-04 15:40:36 -04:00			`$activeSocialDrivers = $socialAuthService->getActiveDrivers();`
Added custom meta titles to many pages. Closes #30. 2015-12-05 09:41:51 -05:00			`$this->setPageTitle('User Profile');`
Updated user interfaces for LDAP and added email from LDAP 2016-01-13 17:22:30 -05:00			`return view('users/edit', ['user' => $user, 'activeSocialDrivers' => $activeSocialDrivers, 'authMethod' => $authMethod]);`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`

			`/**`
			`* Update the specified user in storage.`
Added permission system 2015-08-29 10:03:42 -04:00			`* @param Request $request`
			`* @param int $id`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`* @return Response`
			`*/`
			`public function update(Request $request, $id)`
			`{`
Added public build folder and support for a demo mode 2015-12-31 12:57:34 -05:00			`$this->preventAccessForDemoUsers();`
Added permission system 2015-08-29 10:03:42 -04:00			`$this->checkPermissionOr('user-update', function () use ($id) {`
			`return $this->currentUser->id == $id;`
			`});`
Added public build folder and support for a demo mode 2015-12-31 12:57:34 -05:00
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`$this->validate($request, [`
Fixed bug preventing LDAP users updating thier profile Made email not required when a profile is updated. LDAP users without admin privileges could did not have an email field to submit therefore could previously not update thier profile. 2016-02-08 15:35:23 -05:00			`'name' => 'min:2',`
			`'email' => 'min:2\|email\|unique:users,email,' . $id,`
Added more tests to increase test coverage 2016-01-02 09:48:35 -05:00			`'password' => 'min:5\|required_with:password_confirm',`
			`'password-confirm' => 'same:password\|required_with:password',`
Added permission system 2015-08-29 10:03:42 -04:00			`'role' => 'exists:roles,id'`
Added more tests to increase test coverage 2016-01-02 09:48:35 -05:00			`], [`
			`'password-confirm.required_with' => 'Password confirmation required'`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`]);`

			`$user = $this->user->findOrFail($id);`
Updated user interfaces for LDAP and added email from LDAP 2016-01-13 17:22:30 -05:00			`$user->fill($request->all());`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00
Updated user interfaces for LDAP and added email from LDAP 2016-01-13 17:22:30 -05:00			`// Role updates`
Added permission system 2015-08-29 10:03:42 -04:00			`if ($this->currentUser->can('user-update') && $request->has('role')) {`
			`$user->attachRoleId($request->get('role'));`
			`}`

Updated user interfaces for LDAP and added email from LDAP 2016-01-13 17:22:30 -05:00			`// Password updates`
Added permission system 2015-08-29 10:03:42 -04:00			`if ($request->has('password') && $request->get('password') != '') {`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`$password = $request->get('password');`
Cleaned up some unessasary facade usage 2015-09-05 07:29:47 -04:00			`$user->password = bcrypt($password);`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`
Added more tests to increase test coverage 2016-01-02 09:48:35 -05:00
Updated user interfaces for LDAP and added email from LDAP 2016-01-13 17:22:30 -05:00			`// External auth id updates`
			`if ($this->currentUser->can('user-update') && $request->has('external_auth_id')) {`
			`$user->external_auth_id = $request->get('external_auth_id');`
			`}`

Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`$user->save();`
Started work on user profile pages 2016-02-16 16:25:11 -05:00			`return redirect('/settings/users');`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`

			`/**`
			`* Show the user delete page.`
			`* @param $id`
			`* @return \Illuminate\View\View`
			`*/`
			`public function delete($id)`
			`{`
Added permission system 2015-08-29 10:03:42 -04:00			`$this->checkPermissionOr('user-delete', function () use ($id) {`
			`return $this->currentUser->id == $id;`
			`});`
Added public build folder and support for a demo mode 2015-12-31 12:57:34 -05:00
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`$user = $this->user->findOrFail($id);`
Added custom meta titles to many pages. Closes #30. 2015-12-05 09:41:51 -05:00			`$this->setPageTitle('Delete User ' . $user->name);`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`return view('users/delete', ['user' => $user]);`
			`}`

			`/**`
			`* Remove the specified user from storage.`
Added permission system 2015-08-29 10:03:42 -04:00			`* @param int $id`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`* @return Response`
			`*/`
			`public function destroy($id)`
			`{`
Added public build folder and support for a demo mode 2015-12-31 12:57:34 -05:00			`$this->preventAccessForDemoUsers();`
Added permission system 2015-08-29 10:03:42 -04:00			`$this->checkPermissionOr('user-delete', function () use ($id) {`
			`return $this->currentUser->id == $id;`
			`});`
Cleaned up gravatar image importing 2015-12-14 15:13:32 -05:00
Fixed name retrieval on missing users and added tests to cover along with some test helper methods 2015-12-15 14:27:36 -05:00			`$user = $this->userRepo->getById($id);`
Cleaned up gravatar image importing 2015-12-14 15:13:32 -05:00			`if ($this->userRepo->isOnlyAdmin($user)) {`
Got registration process working with social accounts 2015-09-06 07:14:32 -04:00			`session()->flash('error', 'You cannot delete the only admin');`
			`return redirect($user->getEditUrl());`
			`}`
Fixed name retrieval on missing users and added tests to cover along with some test helper methods 2015-12-15 14:27:36 -05:00			`$this->userRepo->destroy($user);`
Cleaned up gravatar image importing 2015-12-14 15:13:32 -05:00
Started work on user profile pages 2016-02-16 16:25:11 -05:00			`return redirect('/settings/users');`
			`}`

			`/**`
			`* Show the user profile page`
			`* @param $id`
			`* @return \Illuminate\Contracts\View\Factory\|\Illuminate\View\View`
			`*/`
			`public function showProfilePage($id)`
			`{`
			`$user = $this->userRepo->getById($id);`
			`$userActivity = $this->userRepo->getActivity($user);`
Added content to user profile pages 2016-02-17 17:11:48 -05:00			`$recentlyCreated = $this->userRepo->getRecentlyCreated($user, 5, 0);`
			`$assetCounts = $this->userRepo->getAssetCounts($user);`
			`return view('users/profile', [`
			`'user' => $user,`
			`'activity' => $userActivity,`
			`'recentlyCreated' => $recentlyCreated,`
			`'assetCounts' => $assetCounts`
			`]);`
Added User managment. Fixes #5 2015-08-08 15:05:30 -04:00			`}`
			`}`