user_repo = $user_repo; } /** * Display a listing of the resource. * * @param UserFilters $filters * @return Response| \Illuminate\Http\JsonResponse * */ public function index(UserFilters $filters) { $users = User::filter($filters); return $this->listResponse($users); } /** * Show the form for creating a new resource. * * @param CreateUserRequest $request * @return Response| \Illuminate\Http\JsonResponse * */ public function create(CreateUserRequest $request) { $user = UserFactory::create(auth()->user()->account_id); return $this->itemResponse($user); } /** * Store a newly created resource in storage. * * @param StoreUserRequest $request * @return Response| \Illuminate\Http\JsonResponse * */ public function store(StoreUserRequest $request) { /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); $company = $logged_in_user->company(); $user = $this->user_repo->save($request->all(), $request->fetchUser()); $user_agent = request()->input('token_name') ?: request()->server('HTTP_USER_AGENT'); $is_react = $request->hasHeader('X-React') ?? false; $ct = (new CreateCompanyToken($company, $user, $user_agent))->handle(); event(new UserWasCreated($user, auth()->user(), $company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null), $is_react)); $user->setCompany($company); $user->company_id = $company->id; return $this->itemResponse($user); } /** * Display the specified resource. * * @param ShowUserRequest $request * @param User $user * @return Response| \Illuminate\Http\JsonResponse * */ public function show(ShowUserRequest $request, User $user) { return $this->itemResponse($user); } /** * Show the form for editing the specified resource. * * @param EditUserRequest $request * @param User $user * @return Response| \Illuminate\Http\JsonResponse * */ public function edit(EditUserRequest $request, User $user) { return $this->itemResponse($user); } /** * Update the specified resource in storage. * * @param UpdateUserRequest $request * @param User $user * @return Response| \Illuminate\Http\JsonResponse|mixed */ public function update(UpdateUserRequest $request, User $user) { /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); $old_company_user = $user->company_users()->where('company_id', $logged_in_user->company()->id)->first(); $old_user = json_encode($user); $old_user_email = $user->getOriginal('email'); $new_email = $request->input('email'); $new_user = $this->user_repo->save($request->all(), $user); $new_user = $user->fresh(); /* When changing email address we store the former email in case we need to rollback */ /* 27-10-2022 we need to wipe the oauth data at this point*/ if ($old_user_email != $new_email) { $user->last_confirmed_email_address = $old_user_email; $user->email_verified_at = null; $user->oauth_user_id = null; $user->oauth_provider_id = null; $user->oauth_user_refresh_token = null; $user->oauth_user_token = null; $user->save(); UserEmailChanged::dispatch($new_user, json_decode($old_user), $logged_in_user->company(), $request->hasHeader('X-React')); } event(new UserWasUpdated($user, $logged_in_user, $logged_in_user->company(), Ninja::eventVars($logged_in_user->id))); return $this->itemResponse($user); } /** * Remove the specified resource from storage. * * @param DestroyUserRequest $request * @param User $user * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response * */ public function destroy(DestroyUserRequest $request, User $user) { if ($user->hasOwnerFlag()) { return response()->json(['message', 'Cannot detach owner.'], 401); } /* If the user passes the company user we archive the company user */ $user = $this->user_repo->delete($request->all(), $user); /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); event(new UserWasDeleted($user, $logged_in_user, $logged_in_user->company(), Ninja::eventVars($logged_in_user->id))); return $this->itemResponse($user->fresh()); } /** * Perform bulk actions on the list view. * * @return Response| \Illuminate\Http\JsonResponse * */ public function bulk(BulkUserRequest $request) { /* Validate restore() here and check if restoring the user will exceed their user quote (hosted only)*/ $action = request()->input('action'); $ids = request()->input('ids'); $users = User::withTrashed()->find($this->transformKeys($ids)); /* * In case a user maliciously sends keys which do not belong to them, we push * each user through the Policy sieve and only return users that they * have access to */ $return_user_collection = collect(); /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); $users->each(function ($user, $key) use ($logged_in_user, $action, $return_user_collection) { if ($logged_in_user->can('edit', $user)) { $this->user_repo->{$action}($user); $return_user_collection->push($user->id); } }); return $this->listResponse(User::withTrashed()->whereIn('id', $return_user_collection)); } /** * Detach an existing user to a company. * * @param DetachCompanyUserRequest $request * @param User $user * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response */ public function detach(DetachCompanyUserRequest $request, User $user) { /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); $company_user = CompanyUser::where('user_id', $user->id) ->where('company_id', $logged_in_user->companyId()) ->withTrashed() ->first(); if ($company_user->is_owner) { return response()->json(['message', 'Cannot detach owner.'], 401); } $company_user->tokens()->where('company_id', $company_user->company_id)->where('user_id', $company_user->user_id)->forceDelete(); if ($company_user) { $company_user->forceDelete(); } return response()->json(['message' => ctrans('texts.user_detached')], 200); } /** * Invite an existing user to a company. * * @param ReconfirmUserRequest $request * @param User $user * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response */ public function invite(ReconfirmUserRequest $request, User $user) { /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); $user->service()->invite($logged_in_user->company(), $request->hasHeader('X-REACT')); return response()->json(['message' => ctrans('texts.confirmation_resent')], 200); } /** * Invite an existing user to a company. * * @param ReconfirmUserRequest $request * @param User $user * @return \Illuminate\Http\JsonResponse|\Illuminate\Http\Response */ public function reconfirm(ReconfirmUserRequest $request, User $user) { /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); $user->service()->invite($logged_in_user->company(), $request->hasHeader('X-REACT')); return response()->json(['message' => ctrans('texts.confirmation_resent')], 200); } public function disconnectOauthMailer(DisconnectUserMailerRequest $request, User $user) { $user->oauth_user_token = null; $user->oauth_user_refresh_token = null; $user->save(); /** @var \App\Models\User $logged_in_user */ $logged_in_user = auth()->user(); $company = $logged_in_user->company(); $settings = $company->settings; $settings->email_sending_method = "default"; $settings->gmail_sending_user_id = "0"; $company->settings = $settings; $company->save(); return $this->itemResponse($user->fresh()); } public function disconnectOauth(DisconnectUserMailerRequest $request, User $user) { $user->oauth_user_id = null; $user->oauth_provider_id = null; $user->oauth_user_token_expiry = null; $user->oauth_user_token = null; $user->oauth_user_refresh_token = null; $user->save(); return $this->itemResponse($user->fresh()); } }