webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Added user-create API endpoint

Browse Source 
- Required extracting logic into repo.
- Changed some existing creation paths to standardise behaviour.
- Added test to cover new endpoint.
- Added extra test for user delete to test migration.
- Changed how permission errors are thrown to ensure the right status
  code can be reported when handled in API.
This commit is contained in:
Dan Brown
2022-02-04 00:26:19 +00:00
parent 9e1c8ec82a
commit eb653bda16
12 changed files with 261 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
app/Http/Controllers/Api/UserApiController.php
View File

@ -4,8 +4,10 @@ namespace BookStack\Http\Controllers\Api;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\UserUpdateException;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Validation\Rules\Password;
use Illuminate\Validation\Rules\Unique;
@ -20,12 +22,29 @@ class UserApiController extends ApiController
public function __construct(UserRepo $userRepo)
{
$this->userRepo = $userRepo;
// Checks for all endpoints in this controller
$this->middleware(function ($request, $next) {
$this->checkPermission('users-manage');
$this->preventAccessInDemoMode();
return $next($request);
});
}
protected function rules(int $userId = null): array
{
return [
'create' => [
'name' => ['required', 'min:2'],
'email' => [
'required', 'min:2', 'email', new Unique('users', 'email')
],
'external_auth_id' => ['string'],
'language' => ['string'],
'password' => [Password::default()],
'roles' => ['array'],
'roles.*' => ['integer'],
'send_invite' => ['boolean'],
],
'update' => [
'name' => ['min:2'],
@ -52,8 +71,6 @@ class UserApiController extends ApiController
*/
public function list()
{
$this->checkPermission('users-manage');
$users = $this->userRepo->getApiUsersBuilder();
return $this->apiListingResponse($users, [
@ -62,14 +79,30 @@ class UserApiController extends ApiController
], [Closure::fromCallable([$this, 'listFormatter'])]);
}
/**
* Create a new user in the system.
*/
public function create(Request $request)
{
$data = $this->validate($request, $this->rules()['create']);
$sendInvite = ($data['send_invite'] ?? false) === true;
$user = null;
DB::transaction(function () use ($data, $sendInvite, &$user) {
$user = $this->userRepo->create($data, $sendInvite);
});
$this->singleFormatter($user);
return response()->json($user);
}
/**
* View the details of a single user.
* Requires permission to manage users.
*/
public function read(string $id)
{
$this->checkPermission('users-manage');
$user = $this->userRepo->getById($id);
$this->singleFormatter($user);
@ -78,12 +111,10 @@ class UserApiController extends ApiController
/**
* Update an existing user in the system.
* @throws \BookStack\Exceptions\UserUpdateException
* @throws UserUpdateException
*/
public function update(Request $request, string $id)
{
$this->checkPermission('users-manage');
$data = $this->validate($request, $this->rules($id)['update']);
$user = $this->userRepo->getById($id);
$this->userRepo->update($user, $data, userCan('users-manage'));
@ -100,8 +131,6 @@ class UserApiController extends ApiController
*/
public function delete(Request $request, string $id)
{
$this->checkPermission('users-manage');
$user = $this->userRepo->getById($id);
$newOwnerId = $request->get('migrate_ownership_id', null);

12
app/Http/Controllers/Controller.php
View File

@ -2,13 +2,13 @@
namespace BookStack\Http\Controllers;
use BookStack\Exceptions\NotifyException;
use BookStack\Facades\Activity;
use BookStack\Interfaces\Loggable;
use BookStack\Model;
use BookStack\Util\WebSafeMimeSniffer;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Http\Exceptions\HttpResponseException;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Response;
use Illuminate\Routing\Controller as BaseController;
@ -53,14 +53,8 @@ abstract class Controller extends BaseController
*/
protected function showPermissionError()
{
if (request()->wantsJson()) {
$response = response()->json(['error' => trans('errors.permissionJson')], 403);
} else {
$response = redirect('/');
$this->showErrorNotification(trans('errors.permission'));
}
throw new HttpResponseException($response);
$message = request()->wantsJson() ? trans('errors.permissionJson') : trans('errors.permission');
throw new NotifyException($message, '/', 403);
}
/**

76
app/Http/Controllers/UserController.php
View File

@ -2,9 +2,7 @@
namespace BookStack\Http\Controllers;
use BookStack\Actions\ActivityType;
use BookStack\Auth\Access\SocialAuthService;
use BookStack\Auth\Access\UserInviteService;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\ImageUploadException;
@ -13,25 +11,20 @@ use BookStack\Uploads\ImageRepo;
use Exception;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
use Illuminate\Validation\Rules\Password;
use Illuminate\Validation\ValidationException;
class UserController extends Controller
{
protected $user;
protected $userRepo;
protected $inviteService;
protected $imageRepo;
/**
* UserController constructor.
*/
public function __construct(User $user, UserRepo $userRepo, UserInviteService $inviteService, ImageRepo $imageRepo)
public function __construct(UserRepo $userRepo, ImageRepo $imageRepo)
{
$this->user = $user;
$this->userRepo = $userRepo;
$this->inviteService = $inviteService;
$this->imageRepo = $imageRepo;
}
@ -68,63 +61,34 @@ class UserController extends Controller
}
/**
* Store a newly created user in storage.
* Store a new user in storage.
*
* @throws UserUpdateException
* @throws ValidationException
*/
public function store(Request $request)
{
$this->checkPermission('users-manage');
$validationRules = [
'name' => ['required'],
'email' => ['required', 'email', 'unique:users,email'],
'setting' => ['array'],
];
$authMethod = config('auth.method');
$sendInvite = ($request->get('send_invite', 'false') === 'true');
$externalAuth = $authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'oidc';
$passwordRequired = ($authMethod === 'standard' && !$sendInvite);
if ($authMethod === 'standard' && !$sendInvite) {
$validationRules['password'] = ['required', Password::default()];
$validationRules['password-confirm'] = ['required', 'same:password'];
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
$validationRules['external_auth_id'] = ['required'];
}
$this->validate($request, $validationRules);
$validationRules = [
'name' => ['required'],
'email' => ['required', 'email', 'unique:users,email'],
'language' => ['string'],
'roles' => ['array'],
'roles.*' => ['integer'],
'password' => $passwordRequired ? ['required', Password::default()] : null,
'password-confirm' => $passwordRequired ? ['required', 'same:password'] : null,
'external_auth_id' => $externalAuth ? ['required'] : null,
];
$user = $this->user->fill($request->all());
$validated = $this->validate($request, array_filter($validationRules));
if ($authMethod === 'standard') {
$user->password = bcrypt($request->get('password', Str::random(32)));
} elseif ($authMethod === 'ldap' || $authMethod === 'saml2' || $authMethod === 'openid') {
$user->external_auth_id = $request->get('external_auth_id');
}
$user->refreshSlug();
DB::transaction(function () use ($user, $sendInvite, $request) {
$user->save();
// Save user-specific settings
if ($request->filled('setting')) {
foreach ($request->get('setting') as $key => $value) {
setting()->putUser($user, $key, $value);
}
}
if ($sendInvite) {
$this->inviteService->sendInvitation($user);
}
if ($request->filled('roles')) {
$roles = $request->get('roles');
$this->userRepo->setUserRoles($user, $roles);
}
$this->userRepo->downloadAndAssignUserAvatar($user);
$this->logActivity(ActivityType::USER_CREATE, $user);
DB::transaction(function () use ($validated, $sendInvite) {
$this->userRepo->create($validated, $sendInvite);
});
return redirect('/settings/users');
@ -138,7 +102,7 @@ class UserController extends Controller
$this->checkPermissionOrCurrentUser('users-manage', $id);
/** @var User $user */
$user = $this->user->newQuery()->with(['apiTokens', 'mfaValues'])->findOrFail($id);
$user = User::query()->with(['apiTokens', 'mfaValues'])->findOrFail($id);
$authMethod = ($user->system_name) ? 'system' : config('auth.method');
@ -312,7 +276,7 @@ class UserController extends Controller
$newState = $request->get('expand', 'false');
$user = $this->user->findOrFail($id);
$user = $this->userRepo->getById($id);
setting()->putUser($user, 'section_expansion#' . $key, $newState);
return response('', 204);
@ -335,7 +299,7 @@ class UserController extends Controller
$order = 'asc';
}
$user = $this->user->findOrFail($userId);
$user = $this->userRepo->getById($userId);
$sortKey = $listName . '_sort';
$orderKey = $listName . '_sort_order';
setting()->putUser($user, $sortKey, $sort);