mirror of
https://github.com/invoiceninja/invoiceninja.git
synced 2024-11-10 05:02:36 +01:00
417 lines
12 KiB
PHP
417 lines
12 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
use App\Models\User;
|
|
use App\Ninja\Mailers\ContactMailer;
|
|
use App\Ninja\Mailers\UserMailer;
|
|
use App\Ninja\Repositories\AccountRepository;
|
|
use App\Services\UserService;
|
|
use Auth;
|
|
use Input;
|
|
use Password;
|
|
use Redirect;
|
|
use Request;
|
|
use Session;
|
|
use URL;
|
|
use Utils;
|
|
use Validator;
|
|
use View;
|
|
|
|
class UserController extends BaseController
|
|
{
|
|
protected $accountRepo;
|
|
protected $contactMailer;
|
|
protected $userMailer;
|
|
protected $userService;
|
|
|
|
public function __construct(AccountRepository $accountRepo, ContactMailer $contactMailer, UserMailer $userMailer, UserService $userService)
|
|
{
|
|
//parent::__construct();
|
|
|
|
$this->accountRepo = $accountRepo;
|
|
$this->contactMailer = $contactMailer;
|
|
$this->userMailer = $userMailer;
|
|
$this->userService = $userService;
|
|
}
|
|
|
|
public function index()
|
|
{
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
|
|
}
|
|
|
|
public function getDatatable()
|
|
{
|
|
return $this->userService->getDatatable(Auth::user()->account_id);
|
|
}
|
|
|
|
public function forcePDFJS()
|
|
{
|
|
$user = Auth::user();
|
|
$user->force_pdfjs = true;
|
|
$user->save();
|
|
|
|
Session::flash('message', trans('texts.updated_settings'));
|
|
|
|
return Redirect::to('/dashboard');
|
|
}
|
|
|
|
/**
|
|
* Display the specified resource.
|
|
*
|
|
* @param int $id
|
|
* @param mixed $publicId
|
|
*
|
|
* @return Response
|
|
*/
|
|
public function show($publicId)
|
|
{
|
|
Session::reflash();
|
|
|
|
return redirect("users/$publicId/edit");
|
|
}
|
|
|
|
public function edit($publicId)
|
|
{
|
|
$user = User::where('account_id', '=', Auth::user()->account_id)
|
|
->where('public_id', '=', $publicId)
|
|
->withTrashed()
|
|
->firstOrFail();
|
|
|
|
$data = [
|
|
'user' => $user,
|
|
'method' => 'PUT',
|
|
'url' => 'users/'.$publicId,
|
|
];
|
|
|
|
return View::make('users.edit', $data);
|
|
}
|
|
|
|
public function update($publicId)
|
|
{
|
|
return $this->save($publicId);
|
|
}
|
|
|
|
public function store()
|
|
{
|
|
return $this->save();
|
|
}
|
|
|
|
/**
|
|
* Displays the form for account creation.
|
|
*/
|
|
public function create()
|
|
{
|
|
if (! Auth::user()->registered) {
|
|
Session::flash('error', trans('texts.register_to_add_user'));
|
|
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
|
|
}
|
|
|
|
if (! Auth::user()->confirmed) {
|
|
Session::flash('error', trans('texts.confirmation_required', ['link' => link_to('/resend_confirmation', trans('texts.click_here'))]));
|
|
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
|
|
}
|
|
|
|
if (Utils::isNinja() && ! Auth::user()->caddAddUsers()) {
|
|
Session::flash('error', trans('texts.max_users_reached'));
|
|
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
|
|
}
|
|
|
|
$data = [
|
|
'user' => null,
|
|
'method' => 'POST',
|
|
'url' => 'users',
|
|
];
|
|
|
|
return View::make('users.edit', $data);
|
|
}
|
|
|
|
public function bulk()
|
|
{
|
|
$action = Input::get('bulk_action');
|
|
$id = Input::get('bulk_public_id');
|
|
|
|
$user = User::where('account_id', '=', Auth::user()->account_id)
|
|
->where('public_id', '=', $id)
|
|
->withTrashed()
|
|
->firstOrFail();
|
|
|
|
if ($action === 'archive') {
|
|
$user->delete();
|
|
} else {
|
|
if (! Auth::user()->caddAddUsers()) {
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT)
|
|
->with('error', trans('texts.max_users_reached'));
|
|
}
|
|
|
|
$user->restore();
|
|
}
|
|
|
|
Session::flash('message', trans("texts.{$action}d_user"));
|
|
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
|
|
}
|
|
|
|
/**
|
|
* Stores new account.
|
|
*
|
|
* @param mixed $userPublicId
|
|
*/
|
|
public function save($userPublicId = false)
|
|
{
|
|
|
|
if (! Auth::user()->hasFeature(FEATURE_USERS)) {
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
|
|
}
|
|
|
|
$rules = [
|
|
'first_name' => 'required',
|
|
'last_name' => 'required',
|
|
];
|
|
|
|
if ($userPublicId) {
|
|
$user = User::where('account_id', '=', Auth::user()->account_id)
|
|
->where('public_id', '=', $userPublicId)
|
|
->withTrashed()
|
|
->firstOrFail();
|
|
|
|
$rules['email'] = 'required|email|unique:users,email,'.$user->id.',id';
|
|
} else {
|
|
$user = false;
|
|
$rules['email'] = 'required|email|unique:users';
|
|
}
|
|
|
|
$validator = Validator::make(Input::all(), $rules);
|
|
|
|
if ($validator->fails()) {
|
|
return Redirect::to($userPublicId ? 'users/edit' : 'users/create')
|
|
->withErrors($validator)
|
|
->withInput();
|
|
}
|
|
|
|
if (! \App\Models\LookupUser::validateField('email', Input::get('email'), $user)) {
|
|
return Redirect::to($userPublicId ? 'users/edit' : 'users/create')
|
|
->withError(trans('texts.email_taken'))
|
|
->withInput();
|
|
}
|
|
|
|
if ($userPublicId) {
|
|
$user->first_name = trim(Input::get('first_name'));
|
|
$user->last_name = trim(Input::get('last_name'));
|
|
$user->username = trim(Input::get('email'));
|
|
$user->email = trim(Input::get('email'));
|
|
if (Auth::user()->hasFeature(FEATURE_USER_PERMISSIONS)) {
|
|
$user->is_admin = boolval(Input::get('is_admin'));
|
|
$user->permissions = self::formatUserPermissions(Input::get('permissions'));
|
|
}
|
|
} else {
|
|
$lastUser = User::withTrashed()->where('account_id', '=', Auth::user()->account_id)
|
|
->orderBy('public_id', 'DESC')->first();
|
|
|
|
$user = new User();
|
|
$user->account_id = Auth::user()->account_id;
|
|
$user->first_name = trim(Input::get('first_name'));
|
|
$user->last_name = trim(Input::get('last_name'));
|
|
$user->username = trim(Input::get('email'));
|
|
$user->email = trim(Input::get('email'));
|
|
$user->registered = true;
|
|
$user->password = strtolower(str_random(RANDOM_KEY_LENGTH));
|
|
$user->confirmation_code = strtolower(str_random(RANDOM_KEY_LENGTH));
|
|
$user->public_id = $lastUser->public_id + 1;
|
|
if (Auth::user()->hasFeature(FEATURE_USER_PERMISSIONS)) {
|
|
$user->is_admin = boolval(Input::get('is_admin'));
|
|
$user->permissions = self::formatUserPermissions(Input::get('permissions'));
|
|
}
|
|
}
|
|
|
|
$user->save();
|
|
|
|
if (! $user->confirmed && Input::get('action') === 'email') {
|
|
$this->userMailer->sendConfirmation($user, Auth::user());
|
|
$message = trans('texts.sent_invite');
|
|
} else {
|
|
$message = trans('texts.updated_user');
|
|
}
|
|
|
|
Session::flash('message', $message);
|
|
|
|
return Redirect::to('users/' . $user->public_id . '/edit');
|
|
}
|
|
|
|
private function formatUserPermissions(array $permissions) {
|
|
|
|
return json_encode(array_diff(array_values($permissions),[0]));
|
|
|
|
}
|
|
|
|
public function sendConfirmation($userPublicId)
|
|
{
|
|
$user = User::where('account_id', '=', Auth::user()->account_id)
|
|
->where('public_id', '=', $userPublicId)->firstOrFail();
|
|
|
|
$this->userMailer->sendConfirmation($user, Auth::user());
|
|
Session::flash('message', trans('texts.sent_invite'));
|
|
|
|
return Redirect::to('settings/' . ACCOUNT_USER_MANAGEMENT);
|
|
}
|
|
|
|
/**
|
|
* Attempt to confirm account with code.
|
|
*
|
|
* @param string $code
|
|
*/
|
|
public function confirm($code)
|
|
{
|
|
$user = User::where('confirmation_code', '=', $code)->get()->first();
|
|
|
|
if ($user) {
|
|
$notice_msg = trans('texts.security_confirmation');
|
|
|
|
$user->confirmed = true;
|
|
$user->confirmation_code = null;
|
|
$user->save();
|
|
|
|
if ($user->public_id) {
|
|
Auth::logout();
|
|
Session::flush();
|
|
$token = Password::getRepository()->create($user);
|
|
|
|
return Redirect::to("/password/reset/{$token}");
|
|
} else {
|
|
if (Auth::check()) {
|
|
if (Session::has(REQUESTED_PRO_PLAN)) {
|
|
Session::forget(REQUESTED_PRO_PLAN);
|
|
$url = '/settings/account_management?upgrade=true';
|
|
} else {
|
|
$url = '/dashboard';
|
|
}
|
|
} else {
|
|
$url = '/login';
|
|
}
|
|
|
|
return Redirect::to($url)->with('message', $notice_msg);
|
|
}
|
|
} else {
|
|
$error_msg = trans('texts.wrong_confirmation');
|
|
|
|
return Redirect::to('/login')->with('error', $error_msg);
|
|
}
|
|
}
|
|
|
|
public function changePassword()
|
|
{
|
|
// check the current password is correct
|
|
if (! Auth::validate([
|
|
'email' => Auth::user()->email,
|
|
'password' => Input::get('current_password'),
|
|
])) {
|
|
return trans('texts.password_error_incorrect');
|
|
}
|
|
|
|
// validate the new password
|
|
$password = Input::get('new_password');
|
|
$confirm = Input::get('confirm_password');
|
|
|
|
if (strlen($password) < 6 || $password != $confirm) {
|
|
return trans('texts.password_error_invalid');
|
|
}
|
|
|
|
// save the new password
|
|
$user = Auth::user();
|
|
$user->password = bcrypt($password);
|
|
$user->save();
|
|
|
|
return RESULT_SUCCESS;
|
|
}
|
|
|
|
public function switchAccount($newUserId)
|
|
{
|
|
$oldUserId = Auth::user()->id;
|
|
$referer = Request::header('referer');
|
|
$account = $this->accountRepo->findUserAccounts($newUserId, $oldUserId);
|
|
|
|
if ($account) {
|
|
if ($account->hasUserId($newUserId) && $account->hasUserId($oldUserId)) {
|
|
Auth::loginUsingId($newUserId);
|
|
Auth::user()->account->loadLocalizationSettings();
|
|
|
|
// regenerate token to prevent open pages
|
|
// from saving under the wrong account
|
|
Session::put('_token', str_random(40));
|
|
}
|
|
}
|
|
|
|
// If the user is looking at an entity redirect to the dashboard
|
|
preg_match('/\/[0-9*][\/edit]*$/', $referer, $matches);
|
|
if (count($matches)) {
|
|
return Redirect::to('/dashboard');
|
|
} else {
|
|
return Redirect::to($referer);
|
|
}
|
|
}
|
|
|
|
public function viewAccountByKey($accountKey)
|
|
{
|
|
$user = $this->accountRepo->findUser(Auth::user(), $accountKey);
|
|
|
|
if (! $user) {
|
|
return redirect()->to('/');
|
|
}
|
|
|
|
Auth::loginUsingId($user->id);
|
|
Auth::user()->account->loadLocalizationSettings();
|
|
|
|
$redirectTo = request()->redirect_to ?: '/';
|
|
|
|
return redirect()->to($redirectTo);
|
|
}
|
|
|
|
public function unlinkAccount($userAccountId, $userId)
|
|
{
|
|
$this->accountRepo->unlinkUser($userAccountId, $userId);
|
|
$referer = Request::header('referer');
|
|
|
|
$users = $this->accountRepo->loadAccounts(Auth::user()->id);
|
|
Session::put(SESSION_USER_ACCOUNTS, $users);
|
|
|
|
Session::flash('message', trans('texts.unlinked_account'));
|
|
|
|
return Redirect::to('/manage_companies');
|
|
}
|
|
|
|
public function manageCompanies()
|
|
{
|
|
return View::make('users.account_management');
|
|
}
|
|
|
|
public function saveSidebarState()
|
|
{
|
|
if (Input::has('show_left')) {
|
|
Session::put(SESSION_LEFT_SIDEBAR, boolval(Input::get('show_left')));
|
|
}
|
|
|
|
if (Input::has('show_right')) {
|
|
Session::put(SESSION_RIGHT_SIDEBAR, boolval(Input::get('show_right')));
|
|
}
|
|
|
|
return RESULT_SUCCESS;
|
|
}
|
|
|
|
public function acceptTerms()
|
|
{
|
|
$ip = Request::getClientIp();
|
|
$referer = Request::server('HTTP_REFERER');
|
|
$message = '';
|
|
|
|
if (request()->accepted_terms && request()->accepted_privacy) {
|
|
auth()->user()->acceptLatestTerms($ip)->save();
|
|
$message = trans('texts.accepted_terms');
|
|
}
|
|
|
|
return redirect($referer)->withMessage($message);
|
|
}
|
|
}
|