2018-10-21 00:26:21 +02:00
|
|
|
<?php
|
2019-05-11 05:32:07 +02:00
|
|
|
/**
|
2020-09-06 11:38:10 +02:00
|
|
|
* Invoice Ninja (https://invoiceninja.com).
|
2019-05-11 05:32:07 +02:00
|
|
|
*
|
|
|
|
* @link https://github.com/invoiceninja/invoiceninja source repository
|
|
|
|
*
|
2023-01-28 23:21:40 +01:00
|
|
|
* @copyright Copyright (c) 2023. Invoice Ninja LLC (https://invoiceninja.com)
|
2019-05-11 05:32:07 +02:00
|
|
|
*
|
2021-06-16 08:58:16 +02:00
|
|
|
* @license https://www.elastic.co/licensing/elastic-license
|
2019-05-11 05:32:07 +02:00
|
|
|
*/
|
2018-10-21 00:26:21 +02:00
|
|
|
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
|
2023-04-05 03:18:10 +02:00
|
|
|
use App\Models\User;
|
|
|
|
use App\Utils\Ninja;
|
|
|
|
use App\Models\CompanyUser;
|
|
|
|
use App\Factory\UserFactory;
|
|
|
|
use App\Filters\UserFilters;
|
|
|
|
use Illuminate\Http\Response;
|
|
|
|
use App\Utils\Traits\MakesHash;
|
2020-09-16 01:56:10 +02:00
|
|
|
use App\Events\User\UserWasCreated;
|
2021-01-14 04:44:52 +01:00
|
|
|
use App\Events\User\UserWasDeleted;
|
|
|
|
use App\Events\User\UserWasUpdated;
|
2023-04-05 03:18:10 +02:00
|
|
|
use App\Jobs\User\UserEmailChanged;
|
|
|
|
use App\Repositories\UserRepository;
|
|
|
|
use App\Transformers\UserTransformer;
|
|
|
|
use App\Jobs\Company\CreateCompanyToken;
|
2021-11-06 00:28:48 +01:00
|
|
|
use App\Http\Requests\User\BulkUserRequest;
|
2019-04-27 11:20:03 +02:00
|
|
|
use App\Http\Requests\User\EditUserRequest;
|
|
|
|
use App\Http\Requests\User\ShowUserRequest;
|
|
|
|
use App\Http\Requests\User\StoreUserRequest;
|
2023-04-05 03:18:10 +02:00
|
|
|
use App\Http\Requests\User\CreateUserRequest;
|
2019-04-27 11:20:03 +02:00
|
|
|
use App\Http\Requests\User\UpdateUserRequest;
|
2023-04-05 03:18:10 +02:00
|
|
|
use App\Http\Requests\User\DestroyUserRequest;
|
|
|
|
use App\Http\Requests\User\ReconfirmUserRequest;
|
|
|
|
use App\Http\Controllers\Traits\VerifiesUserEmail;
|
|
|
|
use App\Http\Requests\User\DetachCompanyUserRequest;
|
|
|
|
use App\Http\Requests\User\DisconnectUserMailerRequest;
|
2018-10-21 00:26:21 +02:00
|
|
|
|
2019-01-27 00:22:57 +01:00
|
|
|
/**
|
2020-09-06 11:38:10 +02:00
|
|
|
* Class UserController.
|
2019-01-27 00:22:57 +01:00
|
|
|
*/
|
2019-03-28 22:34:58 +01:00
|
|
|
class UserController extends BaseController
|
2018-10-21 00:26:21 +02:00
|
|
|
{
|
2018-10-24 12:24:09 +02:00
|
|
|
use VerifiesUserEmail;
|
2019-12-30 22:59:12 +01:00
|
|
|
use MakesHash;
|
2019-04-25 13:33:03 +02:00
|
|
|
|
|
|
|
protected $entity_type = User::class;
|
|
|
|
|
|
|
|
protected $entity_transformer = UserTransformer::class;
|
|
|
|
|
2019-06-06 06:51:28 +02:00
|
|
|
protected $user_repo;
|
|
|
|
|
2019-12-30 22:59:12 +01:00
|
|
|
/**
|
2020-09-06 11:38:10 +02:00
|
|
|
* Constructor.
|
2019-06-11 07:28:24 +02:00
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param UserRepository $user_repo The user repo
|
2019-06-11 07:28:24 +02:00
|
|
|
*/
|
|
|
|
public function __construct(UserRepository $user_repo)
|
2019-03-28 22:34:58 +01:00
|
|
|
{
|
|
|
|
parent::__construct();
|
2018-10-21 00:26:21 +02:00
|
|
|
|
2019-06-06 06:51:28 +02:00
|
|
|
$this->user_repo = $user_repo;
|
2019-03-28 22:34:58 +01:00
|
|
|
}
|
2020-09-06 11:38:10 +02:00
|
|
|
|
2019-04-25 13:33:03 +02:00
|
|
|
/**
|
|
|
|
* Display a listing of the resource.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param UserFilters $filters
|
|
|
|
* @return Response
|
2019-10-07 06:34:57 +02:00
|
|
|
*
|
2019-04-25 13:33:03 +02:00
|
|
|
*/
|
2019-06-11 05:20:23 +02:00
|
|
|
public function index(UserFilters $filters)
|
2019-04-25 13:33:03 +02:00
|
|
|
{
|
|
|
|
$users = User::filter($filters);
|
2020-09-06 11:38:10 +02:00
|
|
|
|
2019-04-25 13:33:03 +02:00
|
|
|
return $this->listResponse($users);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Show the form for creating a new resource.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param CreateUserRequest $request
|
|
|
|
* @return Response
|
2019-10-07 06:34:57 +02:00
|
|
|
*
|
2019-04-25 13:33:03 +02:00
|
|
|
*/
|
2019-04-27 11:20:03 +02:00
|
|
|
public function create(CreateUserRequest $request)
|
2019-04-25 13:33:03 +02:00
|
|
|
{
|
2022-06-27 08:37:18 +02:00
|
|
|
$user = UserFactory::create(auth()->user()->account_id);
|
2019-04-27 11:20:03 +02:00
|
|
|
|
|
|
|
return $this->itemResponse($user);
|
2019-04-25 13:33:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Store a newly created resource in storage.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param StoreUserRequest $request
|
|
|
|
* @return Response
|
2019-10-07 06:34:57 +02:00
|
|
|
*
|
2019-04-25 13:33:03 +02:00
|
|
|
*/
|
2019-04-27 11:20:03 +02:00
|
|
|
public function store(StoreUserRequest $request)
|
2019-04-25 13:33:03 +02:00
|
|
|
{
|
2023-04-30 08:20:57 +02:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
|
|
|
|
$company = $logged_in_user->company();
|
2019-12-08 11:28:52 +01:00
|
|
|
|
|
|
|
$user = $this->user_repo->save($request->all(), $request->fetchUser());
|
2019-06-06 06:51:28 +02:00
|
|
|
|
2019-11-22 22:10:53 +01:00
|
|
|
$user_agent = request()->input('token_name') ?: request()->server('HTTP_USER_AGENT');
|
2019-06-06 06:51:28 +02:00
|
|
|
|
2022-09-07 06:15:27 +02:00
|
|
|
$ct = (new CreateCompanyToken($company, $user, $user_agent))->handle();
|
2019-06-12 06:22:05 +02:00
|
|
|
|
2021-05-06 23:12:07 +02:00
|
|
|
event(new UserWasCreated($user, auth()->user(), $company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
|
2020-09-16 01:56:10 +02:00
|
|
|
|
2021-05-24 02:53:04 +02:00
|
|
|
$user->setCompany($company);
|
2021-05-24 03:30:30 +02:00
|
|
|
$user->company_id = $company->id;
|
|
|
|
|
2021-05-24 02:53:04 +02:00
|
|
|
return $this->itemResponse($user);
|
2019-04-25 13:33:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Display the specified resource.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param ShowUserRequest $request
|
|
|
|
* @param User $user
|
|
|
|
* @return Response
|
2019-10-07 06:34:57 +02:00
|
|
|
*
|
2019-12-30 22:59:12 +01:00
|
|
|
*/
|
2019-06-05 11:50:37 +02:00
|
|
|
public function show(ShowUserRequest $request, User $user)
|
2019-04-25 13:33:03 +02:00
|
|
|
{
|
2019-06-05 11:50:37 +02:00
|
|
|
return $this->itemResponse($user);
|
2019-04-25 13:33:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Show the form for editing the specified resource.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param EditUserRequest $request
|
|
|
|
* @param User $user
|
|
|
|
* @return Response
|
2019-10-07 06:34:57 +02:00
|
|
|
*
|
2019-12-30 22:59:12 +01:00
|
|
|
*/
|
2019-06-05 11:50:37 +02:00
|
|
|
public function edit(EditUserRequest $request, User $user)
|
2019-04-25 13:33:03 +02:00
|
|
|
{
|
2019-06-05 11:50:37 +02:00
|
|
|
return $this->itemResponse($user);
|
2019-04-25 13:33:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the specified resource in storage.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param UpdateUserRequest $request
|
|
|
|
* @param User $user
|
|
|
|
* @return Response|mixed
|
2019-12-30 22:59:12 +01:00
|
|
|
*/
|
2019-06-05 02:43:23 +02:00
|
|
|
public function update(UpdateUserRequest $request, User $user)
|
2019-04-25 13:33:03 +02:00
|
|
|
{
|
2023-04-30 08:20:57 +02:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
|
|
|
|
$old_company_user = $user->company_users()->where('company_id', $logged_in_user->company()->id)->first();
|
2021-02-18 11:33:54 +01:00
|
|
|
$old_user = json_encode($user);
|
|
|
|
$old_user_email = $user->getOriginal('email');
|
2021-01-29 13:29:42 +01:00
|
|
|
|
2020-07-22 05:03:33 +02:00
|
|
|
$new_email = $request->input('email');
|
2021-02-18 11:33:54 +01:00
|
|
|
$new_user = $this->user_repo->save($request->all(), $user);
|
|
|
|
$new_user = $user->fresh();
|
|
|
|
|
2021-02-19 22:42:29 +01:00
|
|
|
/* When changing email address we store the former email in case we need to rollback */
|
2022-10-27 04:11:50 +02:00
|
|
|
/* 27-10-2022 we need to wipe the oauth data at this point*/
|
2021-02-19 22:42:29 +01:00
|
|
|
if ($old_user_email != $new_email) {
|
|
|
|
$user->last_confirmed_email_address = $old_user_email;
|
2021-02-25 22:06:43 +01:00
|
|
|
$user->email_verified_at = null;
|
2022-10-27 04:11:50 +02:00
|
|
|
$user->oauth_user_id = null;
|
|
|
|
$user->oauth_provider_id = null;
|
|
|
|
$user->oauth_user_refresh_token = null;
|
|
|
|
$user->oauth_user_token = null;
|
2021-02-19 22:42:29 +01:00
|
|
|
$user->save();
|
2023-07-05 00:01:09 +02:00
|
|
|
|
2023-04-30 08:20:57 +02:00
|
|
|
UserEmailChanged::dispatch($new_user, json_decode($old_user), $logged_in_user->company());
|
2021-02-19 22:42:29 +01:00
|
|
|
}
|
2022-03-16 01:12:12 +01:00
|
|
|
|
2023-04-30 08:20:57 +02:00
|
|
|
event(new UserWasUpdated($user, $logged_in_user, $logged_in_user->company(), Ninja::eventVars($logged_in_user->id)));
|
2021-01-14 04:44:52 +01:00
|
|
|
|
2019-06-06 06:51:28 +02:00
|
|
|
return $this->itemResponse($user);
|
2019-04-25 13:33:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove the specified resource from storage.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param DestroyUserRequest $request
|
|
|
|
* @param User $user
|
2023-07-26 04:59:36 +02:00
|
|
|
* @return \Illuminate\Http\JsonResponse
|
2019-10-07 06:34:57 +02:00
|
|
|
*
|
2019-04-25 13:33:03 +02:00
|
|
|
*/
|
2019-06-06 06:51:28 +02:00
|
|
|
public function destroy(DestroyUserRequest $request, User $user)
|
2019-04-25 13:33:03 +02:00
|
|
|
{
|
2023-02-16 02:36:09 +01:00
|
|
|
if ($user->isOwner()) {
|
2023-09-01 04:25:52 +02:00
|
|
|
return response()->json(['message', 'Cannot detach owner.'], 401);
|
2023-02-16 02:36:09 +01:00
|
|
|
}
|
2021-03-07 07:27:44 +01:00
|
|
|
|
2020-03-01 11:45:23 +01:00
|
|
|
/* If the user passes the company user we archive the company user */
|
2021-03-03 08:22:14 +01:00
|
|
|
$user = $this->user_repo->delete($request->all(), $user);
|
2020-09-06 11:38:10 +02:00
|
|
|
|
2023-04-30 08:20:57 +02:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
|
|
|
|
event(new UserWasDeleted($user, $logged_in_user, $logged_in_user->company(), Ninja::eventVars($logged_in_user->id)));
|
2021-01-14 04:44:52 +01:00
|
|
|
|
2020-03-01 11:45:23 +01:00
|
|
|
return $this->itemResponse($user->fresh());
|
2019-06-12 06:22:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2020-09-06 11:38:10 +02:00
|
|
|
* Perform bulk actions on the list view.
|
2019-12-30 22:59:12 +01:00
|
|
|
*
|
2023-04-30 08:20:57 +02:00
|
|
|
* @return Response
|
2019-12-30 22:59:12 +01:00
|
|
|
*
|
2019-06-12 06:22:05 +02:00
|
|
|
*/
|
2021-11-06 00:28:48 +01:00
|
|
|
public function bulk(BulkUserRequest $request)
|
2019-06-12 06:22:05 +02:00
|
|
|
{
|
2021-11-05 10:43:25 +01:00
|
|
|
/* Validate restore() here and check if restoring the user will exceed their user quote (hosted only)*/
|
2019-06-12 06:22:05 +02:00
|
|
|
$action = request()->input('action');
|
2020-09-06 11:38:10 +02:00
|
|
|
|
2019-06-12 06:22:05 +02:00
|
|
|
$ids = request()->input('ids');
|
|
|
|
|
2019-11-21 09:38:57 +01:00
|
|
|
$users = User::withTrashed()->find($this->transformKeys($ids));
|
2019-06-12 06:22:05 +02:00
|
|
|
|
2020-03-21 06:37:30 +01:00
|
|
|
/*
|
|
|
|
* In case a user maliciously sends keys which do not belong to them, we push
|
2020-03-18 10:40:15 +01:00
|
|
|
* each user through the Policy sieve and only return users that they
|
|
|
|
* have access to
|
|
|
|
*/
|
2020-09-06 11:38:10 +02:00
|
|
|
|
2020-03-18 10:40:15 +01:00
|
|
|
$return_user_collection = collect();
|
|
|
|
|
2023-06-04 08:46:59 +02:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
|
|
|
|
$users->each(function ($user, $key) use ($logged_in_user, $action, $return_user_collection) {
|
|
|
|
if ($logged_in_user->can('edit', $user)) {
|
2020-03-25 00:20:42 +01:00
|
|
|
$this->user_repo->{$action}($user);
|
2020-09-06 11:38:10 +02:00
|
|
|
|
2020-03-18 10:40:15 +01:00
|
|
|
$return_user_collection->push($user->id);
|
2019-12-30 22:59:12 +01:00
|
|
|
}
|
2019-06-12 06:22:05 +02:00
|
|
|
});
|
|
|
|
|
2020-03-18 10:40:15 +01:00
|
|
|
return $this->listResponse(User::withTrashed()->whereIn('id', $return_user_collection));
|
2019-04-25 13:33:03 +02:00
|
|
|
}
|
|
|
|
|
2019-11-28 11:35:13 +01:00
|
|
|
/**
|
|
|
|
* Detach an existing user to a company.
|
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param DetachCompanyUserRequest $request
|
|
|
|
* @param User $user
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
2019-11-28 11:35:13 +01:00
|
|
|
*/
|
|
|
|
public function detach(DetachCompanyUserRequest $request, User $user)
|
|
|
|
{
|
2023-06-04 08:46:59 +02:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
2021-03-07 07:27:44 +01:00
|
|
|
|
2019-11-28 11:35:13 +01:00
|
|
|
$company_user = CompanyUser::whereUserId($user->id)
|
2023-06-04 08:46:59 +02:00
|
|
|
->whereCompanyId($logged_in_user->companyId())
|
2021-03-25 11:55:59 +01:00
|
|
|
->withTrashed()
|
|
|
|
->first();
|
2020-09-06 11:38:10 +02:00
|
|
|
|
2023-02-16 02:36:09 +01:00
|
|
|
if ($company_user->is_owner) {
|
2021-03-26 09:07:43 +01:00
|
|
|
return response()->json(['message', 'Cannot detach owner.'], 401);
|
2023-02-16 02:36:09 +01:00
|
|
|
}
|
2021-03-26 09:07:43 +01:00
|
|
|
|
2020-02-26 05:11:17 +01:00
|
|
|
$token = $company_user->token->where('company_id', $company_user->company_id)->where('user_id', $company_user->user_id)->first();
|
|
|
|
|
2020-03-26 04:23:57 +01:00
|
|
|
if ($token) {
|
2020-03-23 18:15:56 +01:00
|
|
|
$token->delete();
|
2020-03-26 04:23:57 +01:00
|
|
|
}
|
2020-02-26 05:11:17 +01:00
|
|
|
|
2020-03-26 04:23:57 +01:00
|
|
|
if ($company_user) {
|
2020-03-23 18:15:56 +01:00
|
|
|
$company_user->delete();
|
2020-03-26 04:23:57 +01:00
|
|
|
}
|
2019-11-28 11:35:13 +01:00
|
|
|
|
2021-01-25 01:57:49 +01:00
|
|
|
return response()->json(['message' => ctrans('texts.user_detached')], 200);
|
2019-11-28 11:35:13 +01:00
|
|
|
}
|
2021-02-20 01:45:20 +01:00
|
|
|
|
|
|
|
/**
|
2021-03-10 10:15:24 +01:00
|
|
|
* Invite an existing user to a company.
|
2021-02-20 01:45:20 +01:00
|
|
|
*
|
|
|
|
* @param ReconfirmUserRequest $request
|
|
|
|
* @param User $user
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
|
|
|
*/
|
2021-03-03 23:39:24 +01:00
|
|
|
public function invite(ReconfirmUserRequest $request, User $user)
|
2021-02-20 01:45:20 +01:00
|
|
|
{
|
2023-04-30 08:20:57 +02:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
|
|
|
|
$user->service()->invite($logged_in_user->company());
|
2021-02-20 01:45:20 +01:00
|
|
|
|
|
|
|
return response()->json(['message' => ctrans('texts.confirmation_resent')], 200);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-03-10 10:15:24 +01:00
|
|
|
/**
|
|
|
|
* Invite an existing user to a company.
|
|
|
|
*
|
|
|
|
* @param ReconfirmUserRequest $request
|
|
|
|
* @param User $user
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
|
|
|
*/
|
|
|
|
public function reconfirm(ReconfirmUserRequest $request, User $user)
|
|
|
|
{
|
2023-04-30 08:20:57 +02:00
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
|
|
|
|
$user->service()->invite($logged_in_user->company());
|
2021-03-10 10:15:24 +01:00
|
|
|
|
|
|
|
return response()->json(['message' => ctrans('texts.confirmation_resent')], 200);
|
|
|
|
}
|
2023-04-05 03:18:10 +02:00
|
|
|
|
|
|
|
public function disconnectOauthMailer(DisconnectUserMailerRequest $request, User $user)
|
|
|
|
{
|
|
|
|
|
|
|
|
$user->oauth_user_token = null;
|
|
|
|
$user->oauth_user_refresh_token = null;
|
|
|
|
$user->save();
|
|
|
|
|
2023-04-29 12:39:38 +02:00
|
|
|
|
|
|
|
/** @var \App\Models\User $logged_in_user */
|
|
|
|
$logged_in_user = auth()->user();
|
|
|
|
$company = $logged_in_user->company();
|
|
|
|
|
2023-04-29 11:32:20 +02:00
|
|
|
$settings = $company->settings;
|
|
|
|
$settings->email_sending_method = "default";
|
|
|
|
$settings->gmail_sending_user_id = "0";
|
|
|
|
|
|
|
|
$company->settings = $settings;
|
|
|
|
$company->save();
|
|
|
|
|
2023-04-05 03:18:10 +02:00
|
|
|
return $this->itemResponse($user->fresh());
|
|
|
|
|
|
|
|
}
|
2023-04-12 02:38:18 +02:00
|
|
|
|
|
|
|
public function disconnectOauth(DisconnectUserMailerRequest $request, User $user)
|
|
|
|
{
|
|
|
|
$user->oauth_user_id = null;
|
|
|
|
$user->oauth_provider_id = null;
|
|
|
|
$user->oauth_user_token_expiry = null;
|
|
|
|
$user->oauth_user_token = null;
|
|
|
|
$user->oauth_user_refresh_token = null;
|
|
|
|
$user->save();
|
|
|
|
|
|
|
|
return $this->itemResponse($user->fresh());
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2018-10-21 00:26:21 +02:00
|
|
|
}
|