3 namespace BookStack\Users\Controllers;
5 use BookStack\Http\ApiController;
6 use BookStack\Permissions\Permission;
7 use BookStack\Permissions\PermissionsRepo;
8 use BookStack\Users\Models\Role;
9 use Illuminate\Http\Request;
10 use Illuminate\Support\Facades\DB;
12 class RoleApiController extends ApiController
14 protected array $fieldsToExpose = [
15 'display_name', 'description', 'mfa_enforced', 'external_auth_id', 'created_at', 'updated_at',
18 protected array $rules = [
20 'display_name' => ['required', 'string', 'min:3', 'max:180'],
21 'description' => ['string', 'max:180'],
22 'mfa_enforced' => ['boolean'],
23 'external_auth_id' => ['string', 'max:180'],
24 'permissions' => ['array'],
25 'permissions.*' => ['string'],
28 'display_name' => ['string', 'min:3', 'max:180'],
29 'description' => ['string', 'max:180'],
30 'mfa_enforced' => ['boolean'],
31 'external_auth_id' => ['string', 'max:180'],
32 'permissions' => ['array'],
33 'permissions.*' => ['string'],
37 public function __construct(
38 protected PermissionsRepo $permissionsRepo
40 // Checks for all endpoints in this controller
41 $this->middleware(function ($request, $next) {
42 $this->checkPermission(Permission::UserRolesManage);
44 return $next($request);
49 * Get a listing of roles in the system.
50 * Requires permission to manage roles.
52 public function list()
54 $roles = Role::query()->select(['*'])
55 ->withCount(['users', 'permissions']);
57 return $this->apiListingResponse($roles, [
58 ...$this->fieldsToExpose,
65 * Create a new role in the system.
66 * Permissions should be provided as an array of permission name strings.
67 * Requires permission to manage roles.
69 public function create(Request $request)
71 $data = $this->validate($request, $this->rules()['create']);
74 DB::transaction(function () use ($data, &$role) {
75 $role = $this->permissionsRepo->saveNewRole($data);
78 $this->singleFormatter($role);
80 return response()->json($role);
84 * View the details of a single role.
85 * Provides the permissions and a high-level list of the users assigned.
86 * Requires permission to manage roles.
88 public function read(string $id)
90 $role = $this->permissionsRepo->getRoleById($id);
91 $this->singleFormatter($role);
93 return response()->json($role);
97 * Update an existing role in the system.
98 * Permissions should be provided as an array of permission name strings.
99 * An empty "permissions" array would clear granted permissions.
100 * In many cases, where permissions are changed, you'll want to fetch the existing
101 * permissions and then modify before providing in your update request.
102 * Requires permission to manage roles.
104 public function update(Request $request, string $id)
106 $data = $this->validate($request, $this->rules()['update']);
107 $role = $this->permissionsRepo->updateRole($id, $data);
109 $this->singleFormatter($role);
111 return response()->json($role);
115 * Delete a role from the system.
116 * Requires permission to manage roles.
118 public function delete(string $id)
120 $this->permissionsRepo->deleteRole(intval($id));
122 return response('', 204);
126 * Format the given role model for a single-result display.
128 protected function singleFormatter(Role $role): void
130 $role->load('users:id,name,slug');
131 $role->unsetRelation('permissions');
132 $role->setAttribute('permissions', $role->permissions()->orderBy('name', 'asc')->pluck('name'));
133 $role->makeVisible(['users', 'permissions']);
projects / bookstack / blob