2021-05-05 19:46:14 +08:00
|
|
|
<?php
|
|
|
|
|
|
2023-05-18 00:56:55 +08:00
|
|
|
namespace BookStack\Users\Controllers;
|
2021-05-05 19:46:14 +08:00
|
|
|
|
2022-02-04 08:26:19 +08:00
|
|
|
use BookStack\Exceptions\UserUpdateException;
|
2023-05-19 03:53:39 +08:00
|
|
|
use BookStack\Http\ApiController;
|
2023-05-18 00:56:55 +08:00
|
|
|
use BookStack\Users\Models\User;
|
|
|
|
|
use BookStack\Users\UserRepo;
|
2022-02-03 20:33:26 +08:00
|
|
|
use Closure;
|
2022-02-03 23:12:50 +08:00
|
|
|
use Illuminate\Http\Request;
|
2022-02-04 08:26:19 +08:00
|
|
|
use Illuminate\Support\Facades\DB;
|
2022-02-04 00:52:28 +08:00
|
|
|
use Illuminate\Validation\Rules\Password;
|
|
|
|
|
use Illuminate\Validation\Rules\Unique;
|
2021-05-05 19:46:14 +08:00
|
|
|
|
|
|
|
|
class UserApiController extends ApiController
|
|
|
|
|
{
|
2023-02-18 21:51:18 +08:00
|
|
|
protected UserRepo $userRepo;
|
2021-05-05 19:46:14 +08:00
|
|
|
|
2023-02-18 21:51:18 +08:00
|
|
|
protected array $fieldsToExpose = [
|
2022-02-08 23:29:58 +08:00
|
|
|
'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id',
|
2021-05-06 17:10:49 +08:00
|
|
|
];
|
|
|
|
|
|
2022-02-03 20:33:26 +08:00
|
|
|
public function __construct(UserRepo $userRepo)
|
2021-05-05 19:46:14 +08:00
|
|
|
{
|
|
|
|
|
$this->userRepo = $userRepo;
|
2022-02-04 08:26:19 +08:00
|
|
|
|
|
|
|
|
// Checks for all endpoints in this controller
|
|
|
|
|
$this->middleware(function ($request, $next) {
|
|
|
|
|
$this->checkPermission('users-manage');
|
|
|
|
|
$this->preventAccessInDemoMode();
|
2022-02-08 23:29:58 +08:00
|
|
|
|
2022-02-04 08:26:19 +08:00
|
|
|
return $next($request);
|
|
|
|
|
});
|
2021-05-05 19:46:14 +08:00
|
|
|
}
|
|
|
|
|
|
2022-02-04 00:52:28 +08:00
|
|
|
protected function rules(int $userId = null): array
|
|
|
|
|
{
|
|
|
|
|
return [
|
|
|
|
|
'create' => [
|
2022-08-09 19:40:59 +08:00
|
|
|
'name' => ['required', 'min:2', 'max:100'],
|
2022-02-04 08:26:19 +08:00
|
|
|
'email' => [
|
2022-02-08 23:29:58 +08:00
|
|
|
'required', 'min:2', 'email', new Unique('users', 'email'),
|
2022-02-04 08:26:19 +08:00
|
|
|
],
|
|
|
|
|
'external_auth_id' => ['string'],
|
2022-08-05 00:24:04 +08:00
|
|
|
'language' => ['string', 'max:15', 'alpha_dash'],
|
2022-02-08 23:29:58 +08:00
|
|
|
'password' => [Password::default()],
|
|
|
|
|
'roles' => ['array'],
|
|
|
|
|
'roles.*' => ['integer'],
|
|
|
|
|
'send_invite' => ['boolean'],
|
2022-02-04 00:52:28 +08:00
|
|
|
],
|
|
|
|
|
'update' => [
|
2022-08-09 19:40:59 +08:00
|
|
|
'name' => ['min:2', 'max:100'],
|
2022-02-04 00:52:28 +08:00
|
|
|
'email' => [
|
|
|
|
|
'min:2',
|
|
|
|
|
'email',
|
2022-02-08 23:29:58 +08:00
|
|
|
(new Unique('users', 'email'))->ignore($userId ?? null),
|
2022-02-04 00:52:28 +08:00
|
|
|
],
|
|
|
|
|
'external_auth_id' => ['string'],
|
2022-08-05 00:24:04 +08:00
|
|
|
'language' => ['string', 'max:15', 'alpha_dash'],
|
2022-02-08 23:29:58 +08:00
|
|
|
'password' => [Password::default()],
|
|
|
|
|
'roles' => ['array'],
|
|
|
|
|
'roles.*' => ['integer'],
|
2022-02-04 00:52:28 +08:00
|
|
|
],
|
|
|
|
|
'delete' => [
|
|
|
|
|
'migrate_ownership_id' => ['integer', 'exists:users,id'],
|
|
|
|
|
],
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-05 19:46:14 +08:00
|
|
|
/**
|
2022-02-03 20:33:26 +08:00
|
|
|
* Get a listing of users in the system.
|
|
|
|
|
* Requires permission to manage users.
|
2021-05-05 19:46:14 +08:00
|
|
|
*/
|
|
|
|
|
public function list()
|
|
|
|
|
{
|
2023-06-18 01:18:17 +08:00
|
|
|
$users = User::query()->select(['users.*'])
|
2022-02-13 20:56:26 +08:00
|
|
|
->scopes('withLastActivityAt')
|
|
|
|
|
->with(['avatar']);
|
2021-05-05 19:46:14 +08:00
|
|
|
|
|
|
|
|
return $this->apiListingResponse($users, [
|
2022-02-03 20:33:26 +08:00
|
|
|
'id', 'name', 'slug', 'email', 'external_auth_id',
|
2021-05-06 17:10:49 +08:00
|
|
|
'created_at', 'updated_at', 'last_activity_at',
|
2022-02-03 20:33:26 +08:00
|
|
|
], [Closure::fromCallable([$this, 'listFormatter'])]);
|
2021-05-06 17:10:49 +08:00
|
|
|
}
|
|
|
|
|
|
2022-02-04 08:26:19 +08:00
|
|
|
/**
|
|
|
|
|
* Create a new user in the system.
|
2022-02-04 08:44:56 +08:00
|
|
|
* Requires permission to manage users.
|
2022-02-04 08:26:19 +08:00
|
|
|
*/
|
|
|
|
|
public function create(Request $request)
|
|
|
|
|
{
|
|
|
|
|
$data = $this->validate($request, $this->rules()['create']);
|
|
|
|
|
$sendInvite = ($data['send_invite'] ?? false) === true;
|
|
|
|
|
|
|
|
|
|
$user = null;
|
|
|
|
|
DB::transaction(function () use ($data, $sendInvite, &$user) {
|
|
|
|
|
$user = $this->userRepo->create($data, $sendInvite);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
$this->singleFormatter($user);
|
|
|
|
|
|
|
|
|
|
return response()->json($user);
|
|
|
|
|
}
|
|
|
|
|
|
2021-05-06 17:10:49 +08:00
|
|
|
/**
|
2022-02-03 20:33:26 +08:00
|
|
|
* View the details of a single user.
|
|
|
|
|
* Requires permission to manage users.
|
2021-05-06 17:10:49 +08:00
|
|
|
*/
|
|
|
|
|
public function read(string $id)
|
|
|
|
|
{
|
2022-02-04 00:52:28 +08:00
|
|
|
$user = $this->userRepo->getById($id);
|
|
|
|
|
$this->singleFormatter($user);
|
|
|
|
|
|
|
|
|
|
return response()->json($user);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Update an existing user in the system.
|
2022-02-04 08:44:56 +08:00
|
|
|
* Requires permission to manage users.
|
2022-02-08 23:29:58 +08:00
|
|
|
*
|
2022-02-04 08:26:19 +08:00
|
|
|
* @throws UserUpdateException
|
2022-02-04 00:52:28 +08:00
|
|
|
*/
|
|
|
|
|
public function update(Request $request, string $id)
|
|
|
|
|
{
|
|
|
|
|
$data = $this->validate($request, $this->rules($id)['update']);
|
|
|
|
|
$user = $this->userRepo->getById($id);
|
|
|
|
|
$this->userRepo->update($user, $data, userCan('users-manage'));
|
|
|
|
|
$this->singleFormatter($user);
|
2021-05-06 17:10:49 +08:00
|
|
|
|
2022-02-04 00:52:28 +08:00
|
|
|
return response()->json($user);
|
2021-05-05 19:46:14 +08:00
|
|
|
}
|
2022-02-03 20:33:26 +08:00
|
|
|
|
2022-02-03 23:12:50 +08:00
|
|
|
/**
|
|
|
|
|
* Delete a user from the system.
|
|
|
|
|
* Can optionally accept a user id via `migrate_ownership_id` to indicate
|
|
|
|
|
* who should be the new owner of their related content.
|
|
|
|
|
* Requires permission to manage users.
|
|
|
|
|
*/
|
|
|
|
|
public function delete(Request $request, string $id)
|
|
|
|
|
{
|
|
|
|
|
$user = $this->userRepo->getById($id);
|
|
|
|
|
$newOwnerId = $request->get('migrate_ownership_id', null);
|
|
|
|
|
|
|
|
|
|
$this->userRepo->destroy($user, $newOwnerId);
|
|
|
|
|
|
|
|
|
|
return response('', 204);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-03 20:33:26 +08:00
|
|
|
/**
|
|
|
|
|
* Format the given user model for single-result display.
|
|
|
|
|
*/
|
|
|
|
|
protected function singleFormatter(User $user)
|
|
|
|
|
{
|
|
|
|
|
$this->listFormatter($user);
|
|
|
|
|
$user->load('roles:id,display_name');
|
|
|
|
|
$user->makeVisible(['roles']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Format the given user model for a listing multi-result display.
|
|
|
|
|
*/
|
|
|
|
|
protected function listFormatter(User $user)
|
|
|
|
|
{
|
|
|
|
|
$user->makeVisible($this->fieldsToExpose);
|
|
|
|
|
$user->setAttribute('profile_url', $user->getProfileUrl());
|
|
|
|
|
$user->setAttribute('edit_url', $user->getEditUrl());
|
|
|
|
|
$user->setAttribute('avatar_url', $user->getAvatar());
|
|
|
|
|
}
|
2021-05-05 19:46:14 +08:00
|
|
|
}
|
