1
0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-14 23:22:52 +01:00
invoiceninja/app/Repositories/UserRepository.php

245 lines
7.5 KiB
PHP
Raw Normal View History

2019-06-06 06:51:28 +02:00
<?php
/**
* Invoice Ninja (https://invoiceninja.com).
2019-06-06 06:51:28 +02:00
*
* @link https://github.com/invoiceninja/invoiceninja source repository
*
2024-04-12 06:15:41 +02:00
* @copyright Copyright (c) 2024. Invoice Ninja LLC (https://invoiceninja.com)
2019-06-06 06:51:28 +02:00
*
2021-06-16 08:58:16 +02:00
* @license https://www.elastic.co/licensing/elastic-license
2019-06-06 06:51:28 +02:00
*/
namespace App\Repositories;
use App\DataMapper\CompanySettings;
2021-01-14 04:44:52 +01:00
use App\Events\User\UserWasArchived;
use App\Events\User\UserWasDeleted;
2021-01-14 04:44:52 +01:00
use App\Events\User\UserWasRestored;
2022-08-05 09:27:17 +02:00
use App\Jobs\Company\CreateCompanyToken;
use App\Models\CompanyUser;
use App\Models\User;
2020-07-08 14:02:16 +02:00
use App\Utils\Ninja;
2020-09-16 01:56:10 +02:00
use App\Utils\Traits\MakesHash;
2019-06-06 06:51:28 +02:00
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
2019-06-06 06:51:28 +02:00
/**
* UserRepository.
2019-06-06 06:51:28 +02:00
*/
class UserRepository extends BaseRepository
{
2020-09-16 01:56:10 +02:00
use MakesHash;
/**
* Saves the user and its contacts.
2019-06-06 06:51:28 +02:00
*
2020-10-28 11:10:49 +01:00
* @param array $data The data
2020-11-03 14:27:41 +01:00
* @param \App\Models\User $user The user
2019-06-06 06:51:28 +02:00
*
2020-10-28 11:10:49 +01:00
* @param bool $unset_company_user
2020-11-03 14:27:41 +01:00
* @return \App\Models\User user Object
2019-06-06 06:51:28 +02:00
*/
2023-07-10 04:55:21 +02:00
public function save(array $data, User $user, $unset_company_user = false, $is_migrating = false)
{
$details = $data;
/*
* Getting: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'company_user'
* because of User::unguard().
* Solution. Unset company_user per request.
*/
if ($unset_company_user) {
unset($details['company_user']);
}
2023-08-04 10:13:26 +02:00
$company = auth()->user()->company();
$account = $company->account;
2023-02-16 02:36:09 +01:00
if (request()->has('validated_phone')) {
$details['phone'] = request()->input('validated_phone');
2022-12-08 00:38:52 +01:00
$user->verified_phone_number = false;
}
$user->fill($details);
2020-09-16 01:56:10 +02:00
//allow users to change only their passwords - not others!
2021-01-04 13:38:00 +01:00
if (auth()->user()->id == $user->id && array_key_exists('password', $data) && isset($data['password'])) {
$user->password = Hash::make($data['password']);
}
2023-07-10 04:55:21 +02:00
if (! $user->confirmation_code && !$is_migrating) {
2021-11-06 01:46:12 +01:00
$user->confirmation_code = $this->createDbHash($company->db);
2020-11-25 15:19:52 +01:00
}
2020-09-16 01:56:10 +02:00
2024-10-19 04:43:22 +02:00
//@18-10-2024 - ensure no cross account linkage.
if(is_numeric($user->account_id) && $user->account_id != $account->id){
throw new \Illuminate\Auth\Access\AuthorizationException("Illegal operation encountered for {$user->hashed_id}",401);
}
2024-10-18 01:27:45 +02:00
$user->account_id = $account->id;//@todo we should never change the account_id if it is set at this point.
if (strlen($user->password) >= 1) {
$user->has_password = true;
}
2019-06-06 06:51:28 +02:00
$user->save();
if (isset($data['company_user'])) {
2023-08-06 09:35:19 +02:00
$cu = CompanyUser::query()->whereUserId($user->id)->whereCompanyId($company->id)->withTrashed()->first();
/*No company user exists - attach the user*/
if (! $cu) {
$data['company_user']['account_id'] = $account->id;
$data['company_user']['notifications'] = CompanySettings::notificationDefaults();
$user->companies()->attach($company->id, $data['company_user']);
} else {
if (auth()->user()->isAdmin()) {
2021-05-06 23:41:37 +02:00
$cu->fill($data['company_user']);
$cu->restore();
$cu->tokens()->restore();
$cu->save();
2022-08-05 09:27:17 +02:00
2022-08-05 09:42:54 +02:00
//05-08-2022
2023-02-16 02:36:09 +01:00
if ($cu->tokens()->count() == 0) {
2022-08-05 09:27:17 +02:00
(new CreateCompanyToken($cu->company, $cu->user, 'restored_user'))->handle();
}
} else {
2023-08-04 10:13:26 +02:00
$cu->notifications = $data['company_user']['notifications'] ?? '';
$cu->settings = $data['company_user']['settings'] ?? '';
2021-05-06 23:41:37 +02:00
$cu->save();
}
}
$user->with(['company_users' => function ($query) use ($company, $user) {
$query->whereCompanyId($company->id)
->whereUserId($user->id);
}])->first();
}
2020-03-25 00:20:42 +01:00
$user->restore();
$this->verifyCorrectCompanySizeForPermissions($user);
2021-05-24 02:53:04 +02:00
return $user->fresh();
}
public function destroy(array $data, User $user)
{
2023-12-15 04:53:00 +01:00
if ($user->hasOwnerFlag()) {
return $user;
}
if (array_key_exists('company_user', $data)) {
$this->forced_includes = 'company_users';
$company = auth()->user()->company();
2023-08-06 09:35:19 +02:00
$cu = CompanyUser::query()->whereUserId($user->id)
->whereCompanyId($company->id)
->first();
$cu->tokens()->forceDelete();
$cu->forceDelete();
}
2023-08-08 11:44:52 +02:00
event(new UserWasDeleted($user, auth()->user(), auth()->user()->company(), Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
2020-09-28 04:56:11 +02:00
$user->delete();
return $user->fresh();
}
/*
* Soft deletes the user and the company user
*/
public function delete($user)
{
$company = auth()->user()->company();
2023-08-06 09:35:19 +02:00
$cu = CompanyUser::query()->whereUserId($user->id)
->whereCompanyId($company->id)
->first();
if ($cu) {
$cu->tokens()->delete();
$cu->delete();
}
2021-05-06 23:12:07 +02:00
event(new UserWasDeleted($user, auth()->user(), $company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
2020-09-28 04:56:11 +02:00
$user->is_deleted = true;
$user->save();
$user->delete();
return $user->fresh();
}
2021-01-14 04:44:52 +01:00
public function archive($user)
{
if ($user->trashed()) {
return;
}
$user->delete();
2021-05-06 23:12:07 +02:00
event(new UserWasArchived($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
2021-01-14 04:44:52 +01:00
}
/**
2021-01-14 04:44:52 +01:00
* @param $entity
*/
public function restore($user)
{
if (! $user->trashed()) {
return;
}
if (Ninja::isHosted()) {
2023-08-06 09:35:19 +02:00
$count = User::query()->where('account_id', auth()->user()->account_id)->count();
if ($count >= auth()->user()->account->num_users) {
return;
}
}
$user->is_deleted = false;
$user->save();
2021-01-14 04:44:52 +01:00
$user->restore();
$cu = CompanyUser::withTrashed()
->where('user_id', $user->id)
->where('company_id', auth()->user()->company()->id)
->first();
$cu->restore();
2024-03-20 22:01:13 +01:00
$cu->tokens()->restore();
2024-06-14 09:09:44 +02:00
2021-05-06 23:12:07 +02:00
event(new UserWasRestored($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
2021-01-14 04:44:52 +01:00
}
/**
* If we have multiple users in the system,
* and there are some that are not admins,
* we force all companies to large to ensure
* the queries are appropriate for all users
2023-02-16 02:36:09 +01:00
*
* @param User $user
* @return void
*/
private function verifyCorrectCompanySizeForPermissions(User $user): void
{
2023-02-16 02:36:09 +01:00
if (Ninja::isSelfHost() || (Ninja::isHosted() && $user->account->isEnterpriseClient())) {
$user->account()
2023-02-16 02:36:09 +01:00
->whereHas('companies', function ($query) {
$query->where('is_large', 0);
})
->whereHas('company_users', function ($query) {
$query->where('is_admin', 0);
})
2023-02-16 02:36:09 +01:00
->cursor()->each(function ($account) {
$account->companies()->update(['is_large' => true]);
});
}
}
}