2019-06-06 06:51:28 +02:00
|
|
|
<?php
|
|
|
|
/**
|
2020-09-06 11:38:10 +02:00
|
|
|
* Invoice Ninja (https://invoiceninja.com).
|
2019-06-06 06:51:28 +02:00
|
|
|
*
|
|
|
|
* @link https://github.com/invoiceninja/invoiceninja source repository
|
|
|
|
*
|
2024-04-12 06:15:41 +02:00
|
|
|
* @copyright Copyright (c) 2024. Invoice Ninja LLC (https://invoiceninja.com)
|
2019-06-06 06:51:28 +02:00
|
|
|
*
|
2021-06-16 08:58:16 +02:00
|
|
|
* @license https://www.elastic.co/licensing/elastic-license
|
2019-06-06 06:51:28 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
namespace App\Repositories;
|
|
|
|
|
2020-03-09 10:38:15 +01:00
|
|
|
use App\DataMapper\CompanySettings;
|
2021-01-14 04:44:52 +01:00
|
|
|
use App\Events\User\UserWasArchived;
|
2020-03-24 10:15:30 +01:00
|
|
|
use App\Events\User\UserWasDeleted;
|
2021-01-14 04:44:52 +01:00
|
|
|
use App\Events\User\UserWasRestored;
|
2022-08-05 09:27:17 +02:00
|
|
|
use App\Jobs\Company\CreateCompanyToken;
|
2020-03-09 10:38:15 +01:00
|
|
|
use App\Models\CompanyUser;
|
|
|
|
use App\Models\User;
|
2020-07-08 14:02:16 +02:00
|
|
|
use App\Utils\Ninja;
|
2020-09-16 01:56:10 +02:00
|
|
|
use App\Utils\Traits\MakesHash;
|
2019-06-06 06:51:28 +02:00
|
|
|
use Illuminate\Http\Request;
|
2021-01-01 10:11:21 +01:00
|
|
|
use Illuminate\Support\Facades\Hash;
|
2019-06-06 06:51:28 +02:00
|
|
|
|
|
|
|
/**
|
2020-09-06 11:38:10 +02:00
|
|
|
* UserRepository.
|
2019-06-06 06:51:28 +02:00
|
|
|
*/
|
|
|
|
class UserRepository extends BaseRepository
|
|
|
|
{
|
2020-09-16 01:56:10 +02:00
|
|
|
use MakesHash;
|
|
|
|
|
2019-12-30 22:59:12 +01:00
|
|
|
/**
|
2020-09-06 11:38:10 +02:00
|
|
|
* Saves the user and its contacts.
|
2019-06-06 06:51:28 +02:00
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param array $data The data
|
2020-11-03 14:27:41 +01:00
|
|
|
* @param \App\Models\User $user The user
|
2019-06-06 06:51:28 +02:00
|
|
|
*
|
2020-10-28 11:10:49 +01:00
|
|
|
* @param bool $unset_company_user
|
2020-11-03 14:27:41 +01:00
|
|
|
* @return \App\Models\User user Object
|
2019-06-06 06:51:28 +02:00
|
|
|
*/
|
2023-07-10 04:55:21 +02:00
|
|
|
public function save(array $data, User $user, $unset_company_user = false, $is_migrating = false)
|
2019-12-30 22:59:12 +01:00
|
|
|
{
|
2020-04-07 22:43:44 +02:00
|
|
|
$details = $data;
|
|
|
|
|
2020-09-06 11:38:10 +02:00
|
|
|
/*
|
2020-04-07 22:43:44 +02:00
|
|
|
* Getting: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'company_user'
|
|
|
|
* because of User::unguard().
|
|
|
|
* Solution. Unset company_user per request.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if ($unset_company_user) {
|
|
|
|
unset($details['company_user']);
|
|
|
|
}
|
2023-08-04 10:13:26 +02:00
|
|
|
|
|
|
|
$company = auth()->user()->company();
|
2020-09-06 11:38:10 +02:00
|
|
|
$account = $company->account;
|
2020-04-23 00:54:10 +02:00
|
|
|
|
2023-02-16 02:36:09 +01:00
|
|
|
if (request()->has('validated_phone')) {
|
2022-11-03 07:31:46 +01:00
|
|
|
$details['phone'] = request()->input('validated_phone');
|
2022-12-08 00:38:52 +01:00
|
|
|
$user->verified_phone_number = false;
|
|
|
|
}
|
2022-11-03 07:31:46 +01:00
|
|
|
|
2020-04-07 22:43:44 +02:00
|
|
|
$user->fill($details);
|
2020-09-16 01:56:10 +02:00
|
|
|
|
2021-01-01 10:11:21 +01:00
|
|
|
//allow users to change only their passwords - not others!
|
2021-01-04 13:38:00 +01:00
|
|
|
if (auth()->user()->id == $user->id && array_key_exists('password', $data) && isset($data['password'])) {
|
2021-01-01 10:11:21 +01:00
|
|
|
$user->password = Hash::make($data['password']);
|
|
|
|
}
|
|
|
|
|
2023-07-10 04:55:21 +02:00
|
|
|
if (! $user->confirmation_code && !$is_migrating) {
|
2021-11-06 01:46:12 +01:00
|
|
|
$user->confirmation_code = $this->createDbHash($company->db);
|
2020-11-25 15:19:52 +01:00
|
|
|
}
|
2020-09-16 01:56:10 +02:00
|
|
|
|
2024-10-19 04:43:22 +02:00
|
|
|
//@18-10-2024 - ensure no cross account linkage.
|
|
|
|
if(is_numeric($user->account_id) && $user->account_id != $account->id){
|
|
|
|
throw new \Illuminate\Auth\Access\AuthorizationException("Illegal operation encountered for {$user->hashed_id}",401);
|
|
|
|
}
|
|
|
|
|
2024-10-18 01:27:45 +02:00
|
|
|
$user->account_id = $account->id;//@todo we should never change the account_id if it is set at this point.
|
2021-03-04 06:03:28 +01:00
|
|
|
|
2022-06-21 11:57:17 +02:00
|
|
|
if (strlen($user->password) >= 1) {
|
2021-03-04 06:03:28 +01:00
|
|
|
$user->has_password = true;
|
2022-06-21 11:57:17 +02:00
|
|
|
}
|
|
|
|
|
2019-06-06 06:51:28 +02:00
|
|
|
$user->save();
|
|
|
|
|
2019-12-30 22:59:12 +01:00
|
|
|
if (isset($data['company_user'])) {
|
2023-08-06 09:35:19 +02:00
|
|
|
$cu = CompanyUser::query()->whereUserId($user->id)->whereCompanyId($company->id)->withTrashed()->first();
|
2019-11-21 09:38:57 +01:00
|
|
|
|
2019-12-04 02:06:14 +01:00
|
|
|
/*No company user exists - attach the user*/
|
2020-09-06 11:38:10 +02:00
|
|
|
if (! $cu) {
|
2020-04-23 00:54:10 +02:00
|
|
|
$data['company_user']['account_id'] = $account->id;
|
2020-03-09 10:38:15 +01:00
|
|
|
$data['company_user']['notifications'] = CompanySettings::notificationDefaults();
|
2019-11-22 22:10:53 +01:00
|
|
|
$user->companies()->attach($company->id, $data['company_user']);
|
2019-12-30 22:59:12 +01:00
|
|
|
} else {
|
2022-06-21 11:57:17 +02:00
|
|
|
if (auth()->user()->isAdmin()) {
|
2021-05-06 23:41:37 +02:00
|
|
|
$cu->fill($data['company_user']);
|
|
|
|
$cu->restore();
|
|
|
|
$cu->tokens()->restore();
|
|
|
|
$cu->save();
|
2022-08-05 09:27:17 +02:00
|
|
|
|
2022-08-05 09:42:54 +02:00
|
|
|
//05-08-2022
|
2023-02-16 02:36:09 +01:00
|
|
|
if ($cu->tokens()->count() == 0) {
|
2022-08-05 09:27:17 +02:00
|
|
|
(new CreateCompanyToken($cu->company, $cu->user, 'restored_user'))->handle();
|
|
|
|
}
|
2022-06-21 11:57:17 +02:00
|
|
|
} else {
|
2023-08-04 10:13:26 +02:00
|
|
|
$cu->notifications = $data['company_user']['notifications'] ?? '';
|
|
|
|
$cu->settings = $data['company_user']['settings'] ?? '';
|
2021-05-06 23:41:37 +02:00
|
|
|
$cu->save();
|
|
|
|
}
|
2019-12-04 02:06:14 +01:00
|
|
|
}
|
2020-03-09 10:38:15 +01:00
|
|
|
|
2020-03-21 06:37:30 +01:00
|
|
|
$user->with(['company_users' => function ($query) use ($company, $user) {
|
2020-03-09 10:38:15 +01:00
|
|
|
$query->whereCompanyId($company->id)
|
|
|
|
->whereUserId($user->id);
|
|
|
|
}])->first();
|
2019-11-21 09:38:57 +01:00
|
|
|
}
|
2020-03-25 00:20:42 +01:00
|
|
|
$user->restore();
|
2019-11-21 09:38:57 +01:00
|
|
|
|
2023-01-30 09:50:27 +01:00
|
|
|
$this->verifyCorrectCompanySizeForPermissions($user);
|
|
|
|
|
2021-05-24 02:53:04 +02:00
|
|
|
return $user->fresh();
|
2019-12-30 22:59:12 +01:00
|
|
|
}
|
2020-03-02 11:22:37 +01:00
|
|
|
|
|
|
|
public function destroy(array $data, User $user)
|
|
|
|
{
|
2023-12-15 04:53:00 +01:00
|
|
|
if ($user->hasOwnerFlag()) {
|
2021-03-07 07:27:44 +01:00
|
|
|
return $user;
|
2022-06-21 11:57:17 +02:00
|
|
|
}
|
2021-03-07 07:27:44 +01:00
|
|
|
|
2020-03-21 06:37:30 +01:00
|
|
|
if (array_key_exists('company_user', $data)) {
|
2020-03-02 11:22:37 +01:00
|
|
|
$this->forced_includes = 'company_users';
|
|
|
|
|
|
|
|
$company = auth()->user()->company();
|
|
|
|
|
2023-08-06 09:35:19 +02:00
|
|
|
$cu = CompanyUser::query()->whereUserId($user->id)
|
2020-03-02 11:22:37 +01:00
|
|
|
->whereCompanyId($company->id)
|
|
|
|
->first();
|
|
|
|
|
2020-03-11 12:05:05 +01:00
|
|
|
$cu->tokens()->forceDelete();
|
|
|
|
$cu->forceDelete();
|
2020-03-02 11:22:37 +01:00
|
|
|
}
|
2020-03-11 12:05:05 +01:00
|
|
|
|
2023-08-08 11:44:52 +02:00
|
|
|
event(new UserWasDeleted($user, auth()->user(), auth()->user()->company(), Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
|
2020-03-24 10:15:30 +01:00
|
|
|
|
2020-09-28 04:56:11 +02:00
|
|
|
$user->delete();
|
|
|
|
|
2020-03-02 11:22:37 +01:00
|
|
|
return $user->fresh();
|
|
|
|
}
|
2020-03-11 12:05:05 +01:00
|
|
|
|
2020-03-24 10:15:30 +01:00
|
|
|
/*
|
|
|
|
* Soft deletes the user and the company user
|
|
|
|
*/
|
2020-03-18 10:40:15 +01:00
|
|
|
public function delete($user)
|
|
|
|
{
|
|
|
|
$company = auth()->user()->company();
|
|
|
|
|
2023-08-06 09:35:19 +02:00
|
|
|
$cu = CompanyUser::query()->whereUserId($user->id)
|
2020-03-18 10:40:15 +01:00
|
|
|
->whereCompanyId($company->id)
|
|
|
|
->first();
|
|
|
|
|
2020-03-21 06:37:30 +01:00
|
|
|
if ($cu) {
|
2020-03-18 10:40:15 +01:00
|
|
|
$cu->tokens()->delete();
|
|
|
|
$cu->delete();
|
|
|
|
}
|
|
|
|
|
2021-05-06 23:12:07 +02:00
|
|
|
event(new UserWasDeleted($user, auth()->user(), $company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
|
2020-09-28 04:56:11 +02:00
|
|
|
|
2022-06-21 11:57:17 +02:00
|
|
|
$user->is_deleted = true;
|
|
|
|
$user->save();
|
|
|
|
$user->delete();
|
2020-03-24 10:15:30 +01:00
|
|
|
|
2020-03-18 10:40:15 +01:00
|
|
|
return $user->fresh();
|
|
|
|
}
|
2021-01-14 04:44:52 +01:00
|
|
|
|
|
|
|
public function archive($user)
|
|
|
|
{
|
|
|
|
if ($user->trashed()) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$user->delete();
|
|
|
|
|
2021-05-06 23:12:07 +02:00
|
|
|
event(new UserWasArchived($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
|
2021-01-14 04:44:52 +01:00
|
|
|
}
|
|
|
|
|
2022-06-21 11:57:17 +02:00
|
|
|
/**
|
2021-01-14 04:44:52 +01:00
|
|
|
* @param $entity
|
|
|
|
*/
|
|
|
|
public function restore($user)
|
|
|
|
{
|
|
|
|
if (! $user->trashed()) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2022-01-11 09:08:08 +01:00
|
|
|
if (Ninja::isHosted()) {
|
2023-08-06 09:35:19 +02:00
|
|
|
$count = User::query()->where('account_id', auth()->user()->account_id)->count();
|
2022-06-21 11:57:17 +02:00
|
|
|
if ($count >= auth()->user()->account->num_users) {
|
2022-01-11 09:08:08 +01:00
|
|
|
return;
|
2022-06-21 11:57:17 +02:00
|
|
|
}
|
2022-01-11 09:08:08 +01:00
|
|
|
}
|
|
|
|
|
2021-03-26 09:07:43 +01:00
|
|
|
$user->is_deleted = false;
|
|
|
|
$user->save();
|
2021-01-14 04:44:52 +01:00
|
|
|
$user->restore();
|
2021-03-26 09:07:43 +01:00
|
|
|
|
|
|
|
$cu = CompanyUser::withTrashed()
|
|
|
|
->where('user_id', $user->id)
|
|
|
|
->where('company_id', auth()->user()->company()->id)
|
|
|
|
->first();
|
|
|
|
|
|
|
|
$cu->restore();
|
2024-03-20 22:01:13 +01:00
|
|
|
$cu->tokens()->restore();
|
2024-06-14 09:09:44 +02:00
|
|
|
|
2021-05-06 23:12:07 +02:00
|
|
|
event(new UserWasRestored($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
|
2021-01-14 04:44:52 +01:00
|
|
|
}
|
2023-01-30 09:50:27 +01:00
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* If we have multiple users in the system,
|
|
|
|
* and there are some that are not admins,
|
|
|
|
* we force all companies to large to ensure
|
|
|
|
* the queries are appropriate for all users
|
2023-02-16 02:36:09 +01:00
|
|
|
*
|
|
|
|
* @param User $user
|
2023-01-30 09:50:27 +01:00
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
private function verifyCorrectCompanySizeForPermissions(User $user): void
|
|
|
|
{
|
2023-02-16 02:36:09 +01:00
|
|
|
if (Ninja::isSelfHost() || (Ninja::isHosted() && $user->account->isEnterpriseClient())) {
|
2023-01-30 09:50:27 +01:00
|
|
|
$user->account()
|
2023-02-16 02:36:09 +01:00
|
|
|
->whereHas('companies', function ($query) {
|
|
|
|
$query->where('is_large', 0);
|
|
|
|
})
|
|
|
|
->whereHas('company_users', function ($query) {
|
|
|
|
$query->where('is_admin', 0);
|
2023-01-30 09:50:27 +01:00
|
|
|
})
|
2023-02-16 02:36:09 +01:00
|
|
|
->cursor()->each(function ($account) {
|
|
|
|
$account->companies()->update(['is_large' => true]);
|
2023-01-30 09:50:27 +01:00
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
2019-12-30 22:59:12 +01:00
|
|
|
}
|