webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-28 17:02:04 +03:00
Code Activity

Added user-create API endpoint

Browse Source 
- Required extracting logic into repo.
- Changed some existing creation paths to standardise behaviour.
- Added test to cover new endpoint.
- Added extra test for user delete to test migration.
- Changed how permission errors are thrown to ensure the right status
  code can be reported when handled in API.
This commit is contained in:
Dan Brown
2022-02-04 00:26:19 +00:00
parent 9e1c8ec82a
commit eb653bda16
12 changed files with 261 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
app/Http/Controllers/Api/UserApiController.php
View File

@ -4,8 +4,10 @@ namespace BookStack\Http\Controllers\Api;
use BookStack\Auth\User;
use BookStack\Auth\UserRepo;
use BookStack\Exceptions\UserUpdateException;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Validation\Rules\Password;
use Illuminate\Validation\Rules\Unique;
@ -20,12 +22,29 @@ class UserApiController extends ApiController
public function __construct(UserRepo $userRepo)
{
$this->userRepo = $userRepo;
// Checks for all endpoints in this controller
$this->middleware(function ($request, $next) {
$this->checkPermission('users-manage');
$this->preventAccessInDemoMode();
return $next($request);
});
}
protected function rules(int $userId = null): array
{
return [
'create' => [
'name' => ['required', 'min:2'],
'email' => [
'required', 'min:2', 'email', new Unique('users', 'email')
],
'external_auth_id' => ['string'],
'language' => ['string'],
'password' => [Password::default()],
'roles' => ['array'],
'roles.*' => ['integer'],
'send_invite' => ['boolean'],
],
'update' => [
'name' => ['min:2'],
@ -52,8 +71,6 @@ class UserApiController extends ApiController
*/
public function list()
{
$this->checkPermission('users-manage');
$users = $this->userRepo->getApiUsersBuilder();
return $this->apiListingResponse($users, [
@ -62,14 +79,30 @@ class UserApiController extends ApiController
], [Closure::fromCallable([$this, 'listFormatter'])]);
}
/**
* Create a new user in the system.
*/
public function create(Request $request)
{
$data = $this->validate($request, $this->rules()['create']);
$sendInvite = ($data['send_invite'] ?? false) === true;
$user = null;
DB::transaction(function () use ($data, $sendInvite, &$user) {
$user = $this->userRepo->create($data, $sendInvite);
});
$this->singleFormatter($user);
return response()->json($user);
}
/**
* View the details of a single user.
* Requires permission to manage users.
*/
public function read(string $id)
{
$this->checkPermission('users-manage');
$user = $this->userRepo->getById($id);
$this->singleFormatter($user);
@ -78,12 +111,10 @@ class UserApiController extends ApiController
/**
* Update an existing user in the system.
* @throws \BookStack\Exceptions\UserUpdateException
* @throws UserUpdateException
*/
public function update(Request $request, string $id)
{
$this->checkPermission('users-manage');
$data = $this->validate($request, $this->rules($id)['update']);
$user = $this->userRepo->getById($id);
$this->userRepo->update($user, $data, userCan('users-manage'));
@ -100,8 +131,6 @@ class UserApiController extends ApiController
*/
public function delete(Request $request, string $id)
{
$this->checkPermission('users-manage');
$user = $this->userRepo->getById($id);
$newOwnerId = $request->get('migrate_ownership_id', null);