1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-09-19 16:01:34 +02:00
invoiceninja/app/Http/Controllers/UserController.php

416 lines
12 KiB
PHP
Raw Permalink Normal View History

2017-01-30 20:40:43 +01:00
<?php
2015-03-16 22:45:25 +01:00
2017-01-30 20:40:43 +01:00
namespace App\Http\Controllers;
use App\Models\User;
use App\Ninja\Mailers\ContactMailer;
use App\Ninja\Mailers\UserMailer;
use App\Ninja\Repositories\AccountRepository;
use App\Services\UserService;
2015-03-24 08:24:44 +01:00
use Auth;
2017-01-30 20:40:43 +01:00
use Password;
2015-03-24 08:24:44 +01:00
use Redirect;
2017-01-30 20:40:43 +01:00
use Request;
2015-03-27 02:09:13 +01:00
use Session;
2015-04-06 07:45:27 +02:00
use URL;
2015-04-01 21:57:02 +02:00
use Utils;
2015-04-06 07:45:27 +02:00
use Validator;
2017-01-30 20:40:43 +01:00
use View;
2015-03-16 22:45:25 +01:00
class UserController extends BaseController
{
protected $accountRepo;
protected $contactMailer;
protected $userMailer;
2015-11-05 23:37:04 +01:00
protected $userService;
2015-03-16 22:45:25 +01:00
2015-11-05 23:37:04 +01:00
public function __construct(AccountRepository $accountRepo, ContactMailer $contactMailer, UserMailer $userMailer, UserService $userService)
2015-03-16 22:45:25 +01:00
{
2016-03-02 14:36:42 +01:00
//parent::__construct();
2015-03-16 22:45:25 +01:00
$this->accountRepo = $accountRepo;
$this->contactMailer = $contactMailer;
$this->userMailer = $userMailer;
2015-11-05 23:37:04 +01:00
$this->userService = $userService;
2015-03-16 22:45:25 +01:00
}
2015-10-21 13:11:08 +02:00
public function index()
{
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
}
2015-03-16 22:45:25 +01:00
public function getDatatable()
{
2015-11-05 23:37:04 +01:00
return $this->userService->getDatatable(Auth::user()->account_id);
2015-03-16 22:45:25 +01:00
}
public function forcePDFJS()
{
$user = Auth::user();
$user->force_pdfjs = true;
$user->save();
2015-07-29 21:55:12 +02:00
Session::flash('message', trans('texts.updated_settings'));
2015-03-16 22:45:25 +01:00
return Redirect::to('/dashboard');
}
2017-08-16 10:00:12 +02:00
/**
* Display the specified resource.
*
* @param int $id
* @param mixed $publicId
*
* @return Response
*/
public function show($publicId)
{
Session::reflash();
return redirect("users/$publicId/edit");
}
2015-03-16 22:45:25 +01:00
public function edit($publicId)
{
$user = User::where('account_id', '=', Auth::user()->account_id)
2016-10-10 10:40:04 +02:00
->where('public_id', '=', $publicId)
->withTrashed()
->firstOrFail();
2015-03-16 22:45:25 +01:00
$data = [
'user' => $user,
'method' => 'PUT',
'url' => 'users/'.$publicId,
];
return View::make('users.edit', $data);
}
public function update($publicId)
{
return $this->save($publicId);
}
public function store()
{
return $this->save();
}
/**
2017-01-30 20:40:43 +01:00
* Displays the form for account creation.
2015-03-16 22:45:25 +01:00
*/
public function create()
{
2017-01-30 17:05:31 +01:00
if (! Auth::user()->registered) {
2015-03-16 22:45:25 +01:00
Session::flash('error', trans('texts.register_to_add_user'));
2017-01-30 20:40:43 +01:00
2015-10-14 16:15:39 +02:00
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
2015-11-05 23:37:04 +01:00
}
2016-07-11 19:08:43 +02:00
2017-01-30 17:05:31 +01:00
if (! Auth::user()->confirmed) {
2018-02-20 22:20:38 +01:00
Session::flash('error', trans('texts.confirmation_required', ['link' => link_to('/resend_confirmation', trans('texts.click_here'))]));
2017-01-30 20:40:43 +01:00
2015-10-14 16:15:39 +02:00
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
2015-03-16 22:45:25 +01:00
}
2016-07-11 19:08:43 +02:00
if (Utils::isNinja() && ! Auth::user()->caddAddUsers()) {
Session::flash('error', trans('texts.max_users_reached'));
2017-01-30 20:40:43 +01:00
2016-07-11 19:08:43 +02:00
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
2015-03-16 22:45:25 +01:00
}
$data = [
'user' => null,
'method' => 'POST',
'url' => 'users',
];
return View::make('users.edit', $data);
}
2015-11-05 23:37:04 +01:00
public function bulk()
2015-03-16 22:45:25 +01:00
{
2021-09-26 02:13:01 +02:00
$action = \Request::input('bulk_action');
$id = \Request::input('bulk_public_id');
2016-03-02 14:36:42 +01:00
2015-03-16 22:45:25 +01:00
$user = User::where('account_id', '=', Auth::user()->account_id)
2015-11-05 23:37:04 +01:00
->where('public_id', '=', $id)
->withTrashed()
->firstOrFail();
if ($action === 'archive') {
$user->delete();
} else {
2017-01-30 17:05:31 +01:00
if (! Auth::user()->caddAddUsers()) {
2016-07-11 19:08:43 +02:00
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT)
->with('error', trans('texts.max_users_reached'));
}
2015-11-05 23:37:04 +01:00
$user->restore();
}
2015-03-16 22:45:25 +01:00
2015-11-05 23:37:04 +01:00
Session::flash('message', trans("texts.{$action}d_user"));
2015-03-16 22:45:25 +01:00
2015-10-14 16:15:39 +02:00
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
2015-03-16 22:45:25 +01:00
}
/**
2017-01-30 20:40:43 +01:00
* Stores new account.
2017-01-30 20:54:09 +01:00
*
2017-01-30 20:49:42 +01:00
* @param mixed $userPublicId
2015-03-16 22:45:25 +01:00
*/
public function save($userPublicId = false)
{
2017-08-06 15:18:15 +02:00
if (! Auth::user()->hasFeature(FEATURE_USERS)) {
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
}
2015-03-16 22:45:25 +01:00
2017-08-06 15:18:15 +02:00
$rules = [
'first_name' => 'required',
'last_name' => 'required',
];
2015-03-16 22:45:25 +01:00
2017-08-06 15:18:15 +02:00
if ($userPublicId) {
$user = User::where('account_id', '=', Auth::user()->account_id)
->where('public_id', '=', $userPublicId)
->withTrashed()
->firstOrFail();
2017-08-06 15:18:15 +02:00
$rules['email'] = 'required|email|unique:users,email,'.$user->id.',id';
} else {
$user = false;
$rules['email'] = 'required|email|unique:users';
}
2015-03-16 22:45:25 +01:00
2021-09-26 02:13:01 +02:00
$validator = Validator::make(Request::all(), $rules);
2015-03-16 22:45:25 +01:00
2017-08-06 15:18:15 +02:00
if ($validator->fails()) {
return Redirect::to($userPublicId ? 'users/edit' : 'users/create')
->withErrors($validator)
->withInput();
}
2021-09-26 02:13:01 +02:00
if (! \App\Models\LookupUser::validateField('email', \Request::input('email'), $user)) {
2017-08-06 15:18:15 +02:00
return Redirect::to($userPublicId ? 'users/edit' : 'users/create')
->withError(trans('texts.email_taken'))
->withInput();
}
2015-03-16 22:45:25 +01:00
2017-08-06 15:18:15 +02:00
if ($userPublicId) {
2021-09-26 02:13:01 +02:00
$user->first_name = trim(\Request::input('first_name'));
$user->last_name = trim(\Request::input('last_name'));
$user->username = trim(\Request::input('email'));
$user->email = trim(\Request::input('email'));
2017-08-06 15:18:15 +02:00
if (Auth::user()->hasFeature(FEATURE_USER_PERMISSIONS)) {
2021-09-26 02:13:01 +02:00
$user->is_admin = boolval(\Request::input('is_admin'));
$user->permissions = self::formatUserPermissions(\Request::input('permissions'));
2017-08-06 15:18:15 +02:00
}
} else {
$lastUser = User::withTrashed()->where('account_id', '=', Auth::user()->account_id)
->orderBy('public_id', 'DESC')->first();
$user = new User();
$user->account_id = Auth::user()->account_id;
2021-09-26 02:13:01 +02:00
$user->first_name = trim(\Request::input('first_name'));
$user->last_name = trim(\Request::input('last_name'));
$user->username = trim(\Request::input('email'));
$user->email = trim(\Request::input('email'));
2017-08-06 15:18:15 +02:00
$user->registered = true;
$user->password = strtolower(str_random(RANDOM_KEY_LENGTH));
$user->confirmation_code = strtolower(str_random(RANDOM_KEY_LENGTH));
$user->public_id = $lastUser->public_id + 1;
if (Auth::user()->hasFeature(FEATURE_USER_PERMISSIONS)) {
2021-09-26 02:13:01 +02:00
$user->is_admin = boolval(\Request::input('is_admin'));
$user->permissions = self::formatUserPermissions(\Request::input('permissions'));
2015-03-16 22:45:25 +01:00
}
2017-08-06 15:18:15 +02:00
}
$user->save();
2015-03-16 22:45:25 +01:00
2021-09-26 02:13:01 +02:00
if (! $user->confirmed && \Request::input('action') === 'email') {
2017-08-06 15:18:15 +02:00
$this->userMailer->sendConfirmation($user, Auth::user());
$message = trans('texts.sent_invite');
} else {
$message = trans('texts.updated_user');
2015-03-16 22:45:25 +01:00
}
2016-03-02 14:36:42 +01:00
2017-08-06 15:18:15 +02:00
Session::flash('message', $message);
2016-11-29 18:47:26 +01:00
return Redirect::to('users/' . $user->public_id . '/edit');
2015-03-16 22:45:25 +01:00
}
private function formatUserPermissions(array $permissions) {
return json_encode(array_diff(array_values($permissions),[0]));
}
2015-03-16 22:45:25 +01:00
public function sendConfirmation($userPublicId)
{
$user = User::where('account_id', '=', Auth::user()->account_id)
->where('public_id', '=', $userPublicId)->firstOrFail();
$this->userMailer->sendConfirmation($user, Auth::user());
Session::flash('message', trans('texts.sent_invite'));
2015-10-14 16:15:39 +02:00
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
2015-03-16 22:45:25 +01:00
}
/**
2017-01-30 20:40:43 +01:00
* Attempt to confirm account with code.
2015-03-16 22:45:25 +01:00
*
* @param string $code
*/
2016-03-13 19:33:11 +01:00
public function confirm($code)
2015-03-16 22:45:25 +01:00
{
2015-04-05 21:15:37 +02:00
$user = User::where('confirmation_code', '=', $code)->get()->first();
2016-03-02 14:36:42 +01:00
2015-04-05 21:15:37 +02:00
if ($user) {
2016-12-27 22:56:55 +01:00
$notice_msg = trans('texts.security_confirmation');
2015-03-16 22:45:25 +01:00
2015-04-05 21:15:37 +02:00
$user->confirmed = true;
2017-05-10 09:23:50 +02:00
$user->confirmation_code = null;
2015-03-16 22:45:25 +01:00
$user->save();
if ($user->public_id) {
Auth::logout();
2017-05-10 10:15:58 +02:00
Session::flush();
2016-03-13 19:33:11 +01:00
$token = Password::getRepository()->create($user);
2017-01-30 20:40:43 +01:00
2015-05-12 11:36:32 +02:00
return Redirect::to("/password/reset/{$token}");
2016-07-11 19:08:43 +02:00
} else {
if (Auth::check()) {
if (Session::has(REQUESTED_PRO_PLAN)) {
Session::forget(REQUESTED_PRO_PLAN);
$url = '/settings/account_management?upgrade=true';
} else {
$url = '/dashboard';
}
2015-03-16 22:45:25 +01:00
} else {
$url = '/login';
2015-03-16 22:45:25 +01:00
}
2017-01-30 20:40:43 +01:00
return Redirect::to($url)->with('message', $notice_msg);
2015-03-16 22:45:25 +01:00
}
} else {
2017-05-10 09:42:33 +02:00
$error_msg = trans('texts.wrong_confirmation');
2015-03-16 22:45:25 +01:00
2015-04-05 21:15:37 +02:00
return Redirect::to('/login')->with('error', $error_msg);
2015-03-16 22:45:25 +01:00
}
}
public function changePassword()
{
// check the current password is correct
2017-01-30 20:40:43 +01:00
if (! Auth::validate([
2015-03-16 22:45:25 +01:00
'email' => Auth::user()->email,
2021-09-26 02:13:01 +02:00
'password' => \Request::input('current_password'),
2015-03-16 22:45:25 +01:00
])) {
return trans('texts.password_error_incorrect');
}
// validate the new password
2021-09-26 02:13:01 +02:00
$password = \Request::input('new_password');
$confirm = \Request::input('confirm_password');
2015-03-16 22:45:25 +01:00
if (strlen($password) < 6 || $password != $confirm) {
return trans('texts.password_error_invalid');
}
// save the new password
$user = Auth::user();
2015-04-13 17:05:34 +02:00
$user->password = bcrypt($password);
2015-03-16 22:45:25 +01:00
$user->save();
return RESULT_SUCCESS;
}
2015-06-16 21:35:35 +02:00
2015-09-01 20:40:30 +02:00
public function switchAccount($newUserId)
2015-06-16 21:35:35 +02:00
{
$oldUserId = Auth::user()->id;
$referer = Request::header('referer');
$account = $this->accountRepo->findUserAccounts($newUserId, $oldUserId);
2016-03-02 14:36:42 +01:00
2015-06-16 21:35:35 +02:00
if ($account) {
if ($account->hasUserId($newUserId) && $account->hasUserId($oldUserId)) {
Auth::loginUsingId($newUserId);
Auth::user()->account->loadLocalizationSettings();
2015-07-07 22:08:16 +02:00
// regenerate token to prevent open pages
// from saving under the wrong account
Session::put('_token', str_random(40));
2015-06-16 21:35:35 +02:00
}
}
2016-03-02 14:36:42 +01:00
// If the user is looking at an entity redirect to the dashboard
preg_match('/\/[0-9*][\/edit]*$/', $referer, $matches);
if (count($matches)) {
return Redirect::to('/dashboard');
} else {
return Redirect::to($referer);
}
2015-06-16 21:35:35 +02:00
}
public function viewAccountByKey($accountKey)
{
$user = $this->accountRepo->findUser(Auth::user(), $accountKey);
2017-01-30 17:05:31 +01:00
if (! $user) {
return redirect()->to('/');
}
Auth::loginUsingId($user->id);
Auth::user()->account->loadLocalizationSettings();
$redirectTo = request()->redirect_to ?: '/';
return redirect()->to($redirectTo);
}
2015-06-16 21:35:35 +02:00
public function unlinkAccount($userAccountId, $userId)
{
2015-07-07 22:08:16 +02:00
$this->accountRepo->unlinkUser($userAccountId, $userId);
2015-06-16 21:35:35 +02:00
$referer = Request::header('referer');
$users = $this->accountRepo->loadAccounts(Auth::user()->id);
Session::put(SESSION_USER_ACCOUNTS, $users);
Session::flash('message', trans('texts.unlinked_account'));
2017-01-30 20:40:43 +01:00
2016-12-29 21:24:11 +01:00
return Redirect::to('/manage_companies');
2015-08-03 09:15:58 +02:00
}
public function manageCompanies()
{
2015-08-03 21:08:07 +02:00
return View::make('users.account_management');
2015-06-16 21:35:35 +02:00
}
2016-08-23 22:20:03 +02:00
public function saveSidebarState()
{
2021-09-26 02:13:01 +02:00
if (Request::has('show_left')) {
Session::put(SESSION_LEFT_SIDEBAR, boolval(\Request::input('show_left')));
2016-08-23 22:20:03 +02:00
}
2021-09-26 02:13:01 +02:00
if (Request::has('show_right')) {
Session::put(SESSION_RIGHT_SIDEBAR, boolval(\Request::input('show_right')));
2016-08-23 22:20:03 +02:00
}
2016-08-31 11:58:31 +02:00
return RESULT_SUCCESS;
2016-08-23 22:20:03 +02:00
}
2018-03-12 14:37:05 +01:00
public function acceptTerms()
{
$ip = Request::getClientIp();
$referer = Request::server('HTTP_REFERER');
$message = '';
2018-05-08 20:47:41 +02:00
if (request()->accepted_terms && request()->accepted_privacy) {
2018-03-12 15:17:27 +01:00
auth()->user()->acceptLatestTerms($ip)->save();
2018-03-12 14:37:05 +01:00
$message = trans('texts.accepted_terms');
}
return redirect($referer)->withMessage($message);
}
2015-03-16 22:45:25 +01:00
}