diff --git a/app/Users/Controllers/UserController.php b/app/Users/Controllers/UserController.php index 0cd48948f..507c7cf06 100644 --- a/app/Users/Controllers/UserController.php +++ b/app/Users/Controllers/UserController.php @@ -103,8 +103,7 @@ class UserController extends Controller */ public function edit(int $id, SocialAuthService $socialAuthService) { - $this->preventGuestAccess(); - $this->checkPermissionOrCurrentUser('users-manage', $id); + $this->checkPermission('users-manage'); $user = $this->userRepo->getById($id); $user->load(['apiTokens', 'mfaValues']); @@ -134,8 +133,7 @@ class UserController extends Controller public function update(Request $request, int $id) { $this->preventAccessInDemoMode(); - $this->preventGuestAccess(); - $this->checkPermissionOrCurrentUser('users-manage', $id); + $this->checkPermission('users-manage'); $validated = $this->validate($request, [ 'name' => ['min:2', 'max:100'], @@ -150,7 +148,7 @@ class UserController extends Controller ]); $user = $this->userRepo->getById($id); - $this->userRepo->update($user, $validated, userCan('users-manage')); + $this->userRepo->update($user, $validated, true); // Save profile image if in request if ($request->hasFile('profile_image')) { @@ -168,9 +166,7 @@ class UserController extends Controller $user->save(); } - $redirectUrl = userCan('users-manage') ? '/settings/users' : "/settings/users/{$user->id}"; - - return redirect($redirectUrl); + return redirect('/settings/users'); } /** @@ -178,8 +174,7 @@ class UserController extends Controller */ public function delete(int $id) { - $this->preventGuestAccess(); - $this->checkPermissionOrCurrentUser('users-manage', $id); + $this->checkPermission('users-manage'); $user = $this->userRepo->getById($id); $this->setPageTitle(trans('settings.users_delete_named', ['userName' => $user->name])); @@ -195,8 +190,7 @@ class UserController extends Controller public function destroy(Request $request, int $id) { $this->preventAccessInDemoMode(); - $this->preventGuestAccess(); - $this->checkPermissionOrCurrentUser('users-manage', $id); + $this->checkPermission('users-manage'); $user = $this->userRepo->getById($id); $newOwnerId = intval($request->get('new_owner_id')) ?: null; diff --git a/lang/en/settings.php b/lang/en/settings.php index 579c4b5c8..dfd0f7841 100644 --- a/lang/en/settings.php +++ b/lang/en/settings.php @@ -193,7 +193,7 @@ return [ 'users_send_invite_text' => 'You can choose to send this user an invitation email which allows them to set their own password otherwise you can set their password yourself.', 'users_send_invite_option' => 'Send user invite email', 'users_external_auth_id' => 'External Authentication ID', - 'users_external_auth_id_desc' => 'This is the ID used to match this user when communicating with your external authentication system.', + 'users_external_auth_id_desc' => 'When an external authentication system is in use (such as SAML2, OIDC or LDAP) this is the ID which links this BookStack user to the authentication system account. You can ignore this field if using the default email-based authentication.', 'users_password_warning' => 'Only fill the below if you would like to change the password for this user.', 'users_system_public' => 'This user represents any guest users that visit your instance. It cannot be used to log in but is assigned automatically.', 'users_delete' => 'Delete User', diff --git a/resources/views/users/edit.blade.php b/resources/views/users/edit.blade.php index e6b477a12..1254a1330 100644 --- a/resources/views/users/edit.blade.php +++ b/resources/views/users/edit.blade.php @@ -38,7 +38,7 @@
- {{ trans('common.cancel') }} @if($authMethod !== 'system') id}/delete") }}" @@ -100,9 +100,7 @@ @endif - @if((user()->id === $user->id && userCan('access-api')) || userCan('users-manage')) - @include('users.api-tokens.parts.list', ['user' => $user]) - @endif + @include('users.api-tokens.parts.list', ['user' => $user])
@stop diff --git a/resources/views/users/parts/form.blade.php b/resources/views/users/parts/form.blade.php index d9f958837..bf1eb08a7 100644 --- a/resources/views/users/parts/form.blade.php +++ b/resources/views/users/parts/form.blade.php @@ -11,7 +11,7 @@ @if($authMethod === 'ldap' || $authMethod === 'system')

{{ trans('settings.users_details_desc_no_email') }}

@endif -
+
@include('form.text', ['name' => 'name']) @@ -23,29 +23,26 @@ @endif
+
+
+ +
+

{{ trans('settings.users_external_auth_id_desc') }}

+ @include('form.text', ['name' => 'external_auth_id']) +
+
+
-@if(in_array($authMethod, ['ldap', 'saml2', 'oidc']) && userCan('users-manage')) -
-
- -

{{ trans('settings.users_external_auth_id_desc') }}

-
-
- @include('form.text', ['name' => 'external_auth_id']) -
+
+ +

{{ trans('settings.users_role_desc') }}

+
+ @include('form.role-checkboxes', ['name' => 'roles', 'roles' => $roles])
-@endif - -@if(userCan('users-manage')) -
- -

{{ trans('settings.users_role_desc') }}

-
- @include('form.role-checkboxes', ['name' => 'roles', 'roles' => $roles]) -
-
-@endif +
@if($authMethod === 'standard')