user()->company(); $account = $company->account; if (request()->has('validated_phone')) { $details['phone'] = request()->input('validated_phone'); $user->verified_phone_number = false; } $user->fill($details); //allow users to change only their passwords - not others! if (auth()->user()->id == $user->id && array_key_exists('password', $data) && isset($data['password'])) { $user->password = Hash::make($data['password']); } if (! $user->confirmation_code && !$is_migrating) { $user->confirmation_code = $this->createDbHash($company->db); } $user->account_id = $account->id; if (strlen($user->password) >= 1) { $user->has_password = true; } $user->save(); if (isset($data['company_user'])) { $cu = CompanyUser::query()->whereUserId($user->id)->whereCompanyId($company->id)->withTrashed()->first(); /*No company user exists - attach the user*/ if (! $cu) { $data['company_user']['account_id'] = $account->id; $data['company_user']['notifications'] = CompanySettings::notificationDefaults(); $user->companies()->attach($company->id, $data['company_user']); } else { if (auth()->user()->isAdmin()) { $cu->fill($data['company_user']); $cu->restore(); $cu->tokens()->restore(); $cu->save(); //05-08-2022 if ($cu->tokens()->count() == 0) { (new CreateCompanyToken($cu->company, $cu->user, 'restored_user'))->handle(); } } else { $cu->notifications = $data['company_user']['notifications'] ?? ''; $cu->settings = $data['company_user']['settings'] ?? ''; $cu->save(); } } $user->with(['company_users' => function ($query) use ($company, $user) { $query->whereCompanyId($company->id) ->whereUserId($user->id); }])->first(); } $user->restore(); $this->verifyCorrectCompanySizeForPermissions($user); return $user->fresh(); } public function destroy(array $data, User $user) { if ($user->hasOwnerFlag()) { return $user; } if (array_key_exists('company_user', $data)) { $this->forced_includes = 'company_users'; $company = auth()->user()->company(); $cu = CompanyUser::query()->whereUserId($user->id) ->whereCompanyId($company->id) ->first(); $cu->tokens()->forceDelete(); $cu->forceDelete(); } event(new UserWasDeleted($user, auth()->user(), auth()->user()->company(), Ninja::eventVars(auth()->user() ? auth()->user()->id : null))); $user->delete(); return $user->fresh(); } /* * Soft deletes the user and the company user */ public function delete($user) { $company = auth()->user()->company(); $cu = CompanyUser::query()->whereUserId($user->id) ->whereCompanyId($company->id) ->first(); if ($cu) { $cu->tokens()->delete(); $cu->delete(); } event(new UserWasDeleted($user, auth()->user(), $company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null))); $user->is_deleted = true; $user->save(); $user->delete(); return $user->fresh(); } public function archive($user) { if ($user->trashed()) { return; } $user->delete(); event(new UserWasArchived($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null))); } /** * @param $entity */ public function restore($user) { if (! $user->trashed()) { return; } if (Ninja::isHosted()) { $count = User::query()->where('account_id', auth()->user()->account_id)->count(); if ($count >= auth()->user()->account->num_users) { return; } } $user->is_deleted = false; $user->save(); $user->restore(); $cu = CompanyUser::withTrashed() ->where('user_id', $user->id) ->where('company_id', auth()->user()->company()->id) ->first(); $cu->restore(); event(new UserWasRestored($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null))); } /** * If we have multiple users in the system, * and there are some that are not admins, * we force all companies to large to ensure * the queries are appropriate for all users * * @param User $user * @return void */ private function verifyCorrectCompanySizeForPermissions(User $user): void { if (Ninja::isSelfHost() || (Ninja::isHosted() && $user->account->isEnterpriseClient())) { $user->account() ->whereHas('companies', function ($query) { $query->where('is_large', 0); }) ->whereHas('company_users', function ($query) { $query->where('is_admin', 0); }) ->cursor()->each(function ($account) { $account->companies()->update(['is_large' => true]); }); } } }