2023-10-17 20:11:10 +08:00
|
|
|
<?php
|
|
|
|
|
|
|
|
namespace BookStack\Users\Controllers;
|
|
|
|
|
2023-12-06 21:49:53 +08:00
|
|
|
use BookStack\Access\SocialDriverManager;
|
2023-10-17 20:11:10 +08:00
|
|
|
use BookStack\Http\Controller;
|
|
|
|
use BookStack\Permissions\PermissionApplicator;
|
|
|
|
use BookStack\Settings\UserNotificationPreferences;
|
|
|
|
use BookStack\Settings\UserShortcutMap;
|
2023-10-18 19:39:57 +08:00
|
|
|
use BookStack\Uploads\ImageRepo;
|
2023-10-17 20:11:10 +08:00
|
|
|
use BookStack\Users\UserRepo;
|
2023-10-18 00:38:07 +08:00
|
|
|
use Closure;
|
2023-10-17 20:11:10 +08:00
|
|
|
use Illuminate\Http\Request;
|
2023-10-18 00:38:07 +08:00
|
|
|
use Illuminate\Validation\Rules\Password;
|
2023-10-17 20:11:10 +08:00
|
|
|
|
|
|
|
class UserAccountController extends Controller
|
|
|
|
{
|
|
|
|
public function __construct(
|
2023-10-18 00:38:07 +08:00
|
|
|
protected UserRepo $userRepo,
|
2023-10-17 20:11:10 +08:00
|
|
|
) {
|
2023-10-18 00:38:07 +08:00
|
|
|
$this->middleware(function (Request $request, Closure $next) {
|
|
|
|
$this->preventGuestAccess();
|
|
|
|
return $next($request);
|
|
|
|
});
|
2023-10-17 20:11:10 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2023-10-19 00:53:58 +08:00
|
|
|
* Redirect the root my-account path to the main/first category.
|
|
|
|
* Required as a controller method, instead of the Route::redirect helper,
|
|
|
|
* to ensure the URL is generated correctly.
|
2023-10-17 20:11:10 +08:00
|
|
|
*/
|
2023-10-19 00:53:58 +08:00
|
|
|
public function redirect()
|
2023-10-17 20:11:10 +08:00
|
|
|
{
|
2023-10-19 00:53:58 +08:00
|
|
|
return redirect('/my-account/profile');
|
2023-10-17 20:11:10 +08:00
|
|
|
}
|
|
|
|
|
2023-10-18 19:39:57 +08:00
|
|
|
/**
|
|
|
|
* Show the profile form interface.
|
|
|
|
*/
|
|
|
|
public function showProfile()
|
|
|
|
{
|
2023-10-19 22:24:48 +08:00
|
|
|
$this->setPageTitle(trans('preferences.profile'));
|
|
|
|
|
2023-10-18 19:39:57 +08:00
|
|
|
return view('users.account.profile', [
|
|
|
|
'model' => user(),
|
|
|
|
'category' => 'profile',
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handle the submission of the user profile form.
|
|
|
|
*/
|
|
|
|
public function updateProfile(Request $request, ImageRepo $imageRepo)
|
|
|
|
{
|
2023-10-30 20:07:18 +08:00
|
|
|
$this->preventAccessInDemoMode();
|
|
|
|
|
2023-10-18 19:39:57 +08:00
|
|
|
$user = user();
|
|
|
|
$validated = $this->validate($request, [
|
|
|
|
'name' => ['min:2', 'max:100'],
|
|
|
|
'email' => ['min:2', 'email', 'unique:users,email,' . $user->id],
|
|
|
|
'language' => ['string', 'max:15', 'alpha_dash'],
|
|
|
|
'profile_image' => array_merge(['nullable'], $this->getImageValidationRules()),
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->userRepo->update($user, $validated, userCan('users-manage'));
|
|
|
|
|
|
|
|
// Save profile image if in request
|
|
|
|
if ($request->hasFile('profile_image')) {
|
|
|
|
$imageUpload = $request->file('profile_image');
|
|
|
|
$imageRepo->destroyImage($user->avatar);
|
|
|
|
$image = $imageRepo->saveNew($imageUpload, 'user', $user->id);
|
|
|
|
$user->image_id = $image->id;
|
|
|
|
$user->save();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Delete the profile image if reset option is in request
|
|
|
|
if ($request->has('profile_image_reset')) {
|
|
|
|
$imageRepo->destroyImage($user->avatar);
|
|
|
|
$user->image_id = 0;
|
|
|
|
$user->save();
|
|
|
|
}
|
|
|
|
|
|
|
|
return redirect('/my-account/profile');
|
|
|
|
}
|
|
|
|
|
2023-10-17 20:11:10 +08:00
|
|
|
/**
|
|
|
|
* Show the user-specific interface shortcuts.
|
|
|
|
*/
|
|
|
|
public function showShortcuts()
|
|
|
|
{
|
|
|
|
$shortcuts = UserShortcutMap::fromUserPreferences();
|
|
|
|
$enabled = setting()->getForCurrentUser('ui-shortcuts-enabled', false);
|
|
|
|
|
|
|
|
$this->setPageTitle(trans('preferences.shortcuts_interface'));
|
|
|
|
|
|
|
|
return view('users.account.shortcuts', [
|
2023-10-18 00:38:07 +08:00
|
|
|
'category' => 'shortcuts',
|
2023-10-17 20:11:10 +08:00
|
|
|
'shortcuts' => $shortcuts,
|
|
|
|
'enabled' => $enabled,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the user-specific interface shortcuts.
|
|
|
|
*/
|
|
|
|
public function updateShortcuts(Request $request)
|
|
|
|
{
|
|
|
|
$enabled = $request->get('enabled') === 'true';
|
|
|
|
$providedShortcuts = $request->get('shortcut', []);
|
|
|
|
$shortcuts = new UserShortcutMap($providedShortcuts);
|
|
|
|
|
|
|
|
setting()->putForCurrentUser('ui-shortcuts', $shortcuts->toJson());
|
|
|
|
setting()->putForCurrentUser('ui-shortcuts-enabled', $enabled);
|
|
|
|
|
|
|
|
$this->showSuccessNotification(trans('preferences.shortcuts_update_success'));
|
|
|
|
|
|
|
|
return redirect('/my-account/shortcuts');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Show the notification preferences for the current user.
|
|
|
|
*/
|
|
|
|
public function showNotifications(PermissionApplicator $permissions)
|
|
|
|
{
|
|
|
|
$this->checkPermission('receive-notifications');
|
|
|
|
|
|
|
|
$preferences = (new UserNotificationPreferences(user()));
|
|
|
|
|
|
|
|
$query = user()->watches()->getQuery();
|
|
|
|
$query = $permissions->restrictEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');
|
|
|
|
$query = $permissions->filterDeletedFromEntityRelationQuery($query, 'watches', 'watchable_id', 'watchable_type');
|
|
|
|
$watches = $query->with('watchable')->paginate(20);
|
|
|
|
|
|
|
|
$this->setPageTitle(trans('preferences.notifications'));
|
|
|
|
return view('users.account.notifications', [
|
2023-10-18 00:38:07 +08:00
|
|
|
'category' => 'notifications',
|
2023-10-17 20:11:10 +08:00
|
|
|
'preferences' => $preferences,
|
|
|
|
'watches' => $watches,
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the notification preferences for the current user.
|
|
|
|
*/
|
|
|
|
public function updateNotifications(Request $request)
|
|
|
|
{
|
2023-10-30 20:07:18 +08:00
|
|
|
$this->preventAccessInDemoMode();
|
2023-10-17 20:11:10 +08:00
|
|
|
$this->checkPermission('receive-notifications');
|
|
|
|
$data = $this->validate($request, [
|
|
|
|
'preferences' => ['required', 'array'],
|
|
|
|
'preferences.*' => ['required', 'string'],
|
|
|
|
]);
|
|
|
|
|
|
|
|
$preferences = (new UserNotificationPreferences(user()));
|
|
|
|
$preferences->updateFromSettingsArray($data['preferences']);
|
|
|
|
$this->showSuccessNotification(trans('preferences.notifications_update_success'));
|
|
|
|
|
|
|
|
return redirect('/my-account/notifications');
|
|
|
|
}
|
2023-10-18 00:38:07 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Show the view for the "Access & Security" account options.
|
|
|
|
*/
|
2023-12-06 21:49:53 +08:00
|
|
|
public function showAuth(SocialDriverManager $socialDriverManager)
|
2023-10-18 00:38:07 +08:00
|
|
|
{
|
2023-10-19 23:06:59 +08:00
|
|
|
$mfaMethods = user()->mfaValues()->get()->groupBy('method');
|
2023-10-18 00:38:07 +08:00
|
|
|
|
|
|
|
$this->setPageTitle(trans('preferences.auth'));
|
|
|
|
|
|
|
|
return view('users.account.auth', [
|
|
|
|
'category' => 'auth',
|
|
|
|
'mfaMethods' => $mfaMethods,
|
|
|
|
'authMethod' => config('auth.method'),
|
2023-12-06 21:49:53 +08:00
|
|
|
'activeSocialDrivers' => $socialDriverManager->getActive(),
|
2023-10-18 00:38:07 +08:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Handle the submission for the auth change password form.
|
|
|
|
*/
|
|
|
|
public function updatePassword(Request $request)
|
|
|
|
{
|
2023-10-30 20:07:18 +08:00
|
|
|
$this->preventAccessInDemoMode();
|
|
|
|
|
2023-10-18 00:38:07 +08:00
|
|
|
if (config('auth.method') !== 'standard') {
|
|
|
|
$this->showPermissionError();
|
|
|
|
}
|
|
|
|
|
|
|
|
$validated = $this->validate($request, [
|
|
|
|
'password' => ['required_with:password_confirm', Password::default()],
|
|
|
|
'password-confirm' => ['same:password', 'required_with:password'],
|
|
|
|
]);
|
|
|
|
|
|
|
|
$this->userRepo->update(user(), $validated, false);
|
|
|
|
|
|
|
|
$this->showSuccessNotification(trans('preferences.auth_change_password_success'));
|
|
|
|
|
|
|
|
return redirect('/my-account/auth');
|
|
|
|
}
|
2023-10-19 17:48:27 +08:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Show the user self-delete page.
|
|
|
|
*/
|
|
|
|
public function delete()
|
|
|
|
{
|
|
|
|
$this->setPageTitle(trans('preferences.delete_my_account'));
|
|
|
|
|
|
|
|
return view('users.account.delete', [
|
|
|
|
'category' => 'profile',
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove the current user from the system.
|
|
|
|
*/
|
|
|
|
public function destroy(Request $request)
|
|
|
|
{
|
|
|
|
$this->preventAccessInDemoMode();
|
|
|
|
|
|
|
|
$requestNewOwnerId = intval($request->get('new_owner_id')) ?: null;
|
|
|
|
$newOwnerId = userCan('users-manage') ? $requestNewOwnerId : null;
|
|
|
|
|
|
|
|
$this->userRepo->destroy(user(), $newOwnerId);
|
|
|
|
|
|
|
|
return redirect('/');
|
|
|
|
}
|
2023-10-17 20:11:10 +08:00
|
|
|
}
|