| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace BookStack\Http\Controllers\Api; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | use BookStack\Auth\User; | 
					
						
							|  |  |  | use BookStack\Auth\UserRepo; | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  | use BookStack\Exceptions\UserUpdateException; | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  | use Closure; | 
					
						
							| 
									
										
										
										
											2022-02-03 23:12:50 +08:00
										 |  |  | use Illuminate\Http\Request; | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  | use Illuminate\Support\Facades\DB; | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  | use Illuminate\Validation\Rules\Password; | 
					
						
							|  |  |  | use Illuminate\Validation\Rules\Unique; | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | class UserApiController extends ApiController | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  |     protected $userRepo; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  |     protected $fieldsToExpose = [ | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |         'email', 'created_at', 'updated_at', 'last_activity_at', 'external_auth_id', | 
					
						
							| 
									
										
										
										
											2021-05-06 17:10:49 +08:00
										 |  |  |     ]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  |     public function __construct(UserRepo $userRepo) | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  |     { | 
					
						
							|  |  |  |         $this->userRepo = $userRepo; | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // Checks for all endpoints in this controller
 | 
					
						
							|  |  |  |         $this->middleware(function ($request, $next) { | 
					
						
							|  |  |  |             $this->checkPermission('users-manage'); | 
					
						
							|  |  |  |             $this->preventAccessInDemoMode(); | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  |             return $next($request); | 
					
						
							|  |  |  |         }); | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |     protected function rules(int $userId = null): array | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return [ | 
					
						
							|  |  |  |             'create' => [ | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |                 'name'  => ['required', 'min:2'], | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  |                 'email' => [ | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |                     'required', 'min:2', 'email', new Unique('users', 'email'), | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  |                 ], | 
					
						
							|  |  |  |                 'external_auth_id' => ['string'], | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |                 'language'         => ['string'], | 
					
						
							|  |  |  |                 'password'         => [Password::default()], | 
					
						
							|  |  |  |                 'roles'            => ['array'], | 
					
						
							|  |  |  |                 'roles.*'          => ['integer'], | 
					
						
							|  |  |  |                 'send_invite'      => ['boolean'], | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |             ], | 
					
						
							|  |  |  |             'update' => [ | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |                 'name'  => ['min:2'], | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |                 'email' => [ | 
					
						
							|  |  |  |                     'min:2', | 
					
						
							|  |  |  |                     'email', | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |                     (new Unique('users', 'email'))->ignore($userId ?? null), | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |                 ], | 
					
						
							|  |  |  |                 'external_auth_id' => ['string'], | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |                 'language'         => ['string'], | 
					
						
							|  |  |  |                 'password'         => [Password::default()], | 
					
						
							|  |  |  |                 'roles'            => ['array'], | 
					
						
							|  |  |  |                 'roles.*'          => ['integer'], | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |             ], | 
					
						
							|  |  |  |             'delete' => [ | 
					
						
							|  |  |  |                 'migrate_ownership_id' => ['integer', 'exists:users,id'], | 
					
						
							|  |  |  |             ], | 
					
						
							|  |  |  |         ]; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  |      * Get a listing of users in the system. | 
					
						
							|  |  |  |      * Requires permission to manage users. | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function list() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-02-13 20:56:26 +08:00
										 |  |  |         $users = User::query()->select(['*']) | 
					
						
							|  |  |  |             ->scopes('withLastActivityAt') | 
					
						
							|  |  |  |             ->with(['avatar']); | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return $this->apiListingResponse($users, [ | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  |             'id', 'name', 'slug', 'email', 'external_auth_id', | 
					
						
							| 
									
										
										
										
											2021-05-06 17:10:49 +08:00
										 |  |  |             'created_at', 'updated_at', 'last_activity_at', | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  |         ], [Closure::fromCallable([$this, 'listFormatter'])]); | 
					
						
							| 
									
										
										
										
											2021-05-06 17:10:49 +08:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Create a new user in the system. | 
					
						
							| 
									
										
										
										
											2022-02-04 08:44:56 +08:00
										 |  |  |      * Requires permission to manage users. | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function create(Request $request) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $data = $this->validate($request, $this->rules()['create']); | 
					
						
							|  |  |  |         $sendInvite = ($data['send_invite'] ?? false) === true; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $user = null; | 
					
						
							|  |  |  |         DB::transaction(function () use ($data, $sendInvite, &$user) { | 
					
						
							|  |  |  |             $user = $this->userRepo->create($data, $sendInvite); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->singleFormatter($user); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return response()->json($user); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-05-06 17:10:49 +08:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  |      * View the details of a single user. | 
					
						
							|  |  |  |      * Requires permission to manage users. | 
					
						
							| 
									
										
										
										
											2021-05-06 17:10:49 +08:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function read(string $id) | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |         $user = $this->userRepo->getById($id); | 
					
						
							|  |  |  |         $this->singleFormatter($user); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return response()->json($user); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Update an existing user in the system. | 
					
						
							| 
									
										
										
										
											2022-02-04 08:44:56 +08:00
										 |  |  |      * Requires permission to manage users. | 
					
						
							| 
									
										
										
										
											2022-02-08 23:29:58 +08:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2022-02-04 08:26:19 +08:00
										 |  |  |      * @throws UserUpdateException | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function update(Request $request, string $id) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $data = $this->validate($request, $this->rules($id)['update']); | 
					
						
							|  |  |  |         $user = $this->userRepo->getById($id); | 
					
						
							|  |  |  |         $this->userRepo->update($user, $data, userCan('users-manage')); | 
					
						
							|  |  |  |         $this->singleFormatter($user); | 
					
						
							| 
									
										
										
										
											2021-05-06 17:10:49 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-04 00:52:28 +08:00
										 |  |  |         return response()->json($user); | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-03 23:12:50 +08:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Delete a user from the system. | 
					
						
							|  |  |  |      * Can optionally accept a user id via `migrate_ownership_id` to indicate | 
					
						
							|  |  |  |      * who should be the new owner of their related content. | 
					
						
							|  |  |  |      * Requires permission to manage users. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function delete(Request $request, string $id) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $user = $this->userRepo->getById($id); | 
					
						
							|  |  |  |         $newOwnerId = $request->get('migrate_ownership_id', null); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->userRepo->destroy($user, $newOwnerId); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return response('', 204); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-03 20:33:26 +08:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Format the given user model for single-result display. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function singleFormatter(User $user) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->listFormatter($user); | 
					
						
							|  |  |  |         $user->load('roles:id,display_name'); | 
					
						
							|  |  |  |         $user->makeVisible(['roles']); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Format the given user model for a listing multi-result display. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function listFormatter(User $user) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $user->makeVisible($this->fieldsToExpose); | 
					
						
							|  |  |  |         $user->setAttribute('profile_url', $user->getProfileUrl()); | 
					
						
							|  |  |  |         $user->setAttribute('edit_url', $user->getEditUrl()); | 
					
						
							|  |  |  |         $user->setAttribute('avatar_url', $user->getAvatar()); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2021-05-05 19:46:14 +08:00
										 |  |  | } |