BookStack Code Mirror - bookstack/blob - app/Users/Controllers/RoleController.php

   1 <?php
   2
   3 namespace BookStack\Users\Controllers;
   4
   5 use BookStack\Exceptions\PermissionsException;
   6 use BookStack\Http\Controller;
   7 use BookStack\Permissions\Permission;
   8 use BookStack\Permissions\PermissionsRepo;
   9 use BookStack\Users\Models\Role;
  10 use BookStack\Users\Queries\RolesAllPaginatedAndSorted;
  11 use BookStack\Util\SimpleListOptions;
  12 use Exception;
  13 use Illuminate\Http\Request;
  14
  15 class RoleController extends Controller
  16 {
  17     public function __construct(
  18         protected PermissionsRepo $permissionsRepo
  19     ) {
  20     }
  21
  22     /**
  23      * Show a listing of the roles in the system.
  24      */
  25     public function index(Request $request)
  26     {
  27         $this->checkPermission(Permission::UserRolesManage);
  28
  29         $listOptions = SimpleListOptions::fromRequest($request, 'roles')->withSortOptions([
  30             'display_name' => trans('common.sort_name'),
  31             'users_count' => trans('settings.roles_assigned_users'),
  32             'permissions_count' => trans('settings.roles_permissions_provided'),
  33             'created_at' => trans('common.sort_created_at'),
  34             'updated_at' => trans('common.sort_updated_at'),
  35         ]);
  36
  37         $roles = (new RolesAllPaginatedAndSorted())->run(20, $listOptions);
  38         $roles->appends($listOptions->getPaginationAppends());
  39
  40         $this->setPageTitle(trans('settings.roles'));
  41
  42         return view('settings.roles.index', [
  43             'roles'       => $roles,
  44             'listOptions' => $listOptions,
  45         ]);
  46     }
  47
  48     /**
  49      * Show the form to create a new role.
  50      */
  51     public function create(Request $request)
  52     {
  53         $this->checkPermission(Permission::UserRolesManage);
  54
  55         /** @var ?Role $role */
  56         $role = null;
  57         if ($request->has('copy_from')) {
  58             $role = Role::query()->find($request->get('copy_from'));
  59         }
  60
  61         if ($role) {
  62             $role->display_name .= ' (' . trans('common.copy') . ')';
  63         }
  64
  65         $this->setPageTitle(trans('settings.role_create'));
  66
  67         return view('settings.roles.create', ['role' => $role]);
  68     }
  69
  70     /**
  71      * Store a new role in the system.
  72      */
  73     public function store(Request $request)
  74     {
  75         $this->checkPermission(Permission::UserRolesManage);
  76         $data = $this->validate($request, [
  77             'display_name' => ['required', 'min:3', 'max:180'],
  78             'description'  => ['max:180'],
  79             'external_auth_id' => ['string', 'max:180'],
  80             'permissions'  => ['array'],
  81             'mfa_enforced' => ['string'],
  82         ]);
  83
  84         $data['permissions'] = array_keys($data['permissions'] ?? []);
  85         $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
  86         $this->permissionsRepo->saveNewRole($data);
  87
  88         return redirect('/settings/roles');
  89     }
  90
  91     /**
  92      * Show the form for editing a user role.
  93      */
  94     public function edit(string $id)
  95     {
  96         $this->checkPermission(Permission::UserRolesManage);
  97         $role = $this->permissionsRepo->getRoleById($id);
  98
  99         $this->setPageTitle(trans('settings.role_edit'));
 100
 101         return view('settings.roles.edit', ['role' => $role]);
 102     }
 103
 104     /**
 105      * Updates a user role.
 106      */
 107     public function update(Request $request, string $id)
 108     {
 109         $this->checkPermission(Permission::UserRolesManage);
 110         $data = $this->validate($request, [
 111             'display_name' => ['required', 'min:3', 'max:180'],
 112             'description'  => ['max:180'],
 113             'external_auth_id' => ['string', 'max:180'],
 114             'permissions'  => ['array'],
 115             'mfa_enforced' => ['string'],
 116         ]);
 117
 118         $data['permissions'] = array_keys($data['permissions'] ?? []);
 119         $data['mfa_enforced'] = ($data['mfa_enforced'] ?? 'false') === 'true';
 120         $this->permissionsRepo->updateRole($id, $data);
 121
 122         return redirect('/settings/roles');
 123     }
 124
 125     /**
 126      * Show the view to delete a role.
 127      * Offers the chance to migrate users.
 128      */
 129     public function showDelete(string $id)
 130     {
 131         $this->checkPermission(Permission::UserRolesManage);
 132         $role = $this->permissionsRepo->getRoleById($id);
 133         $roles = $this->permissionsRepo->getAllRolesExcept($role);
 134         $blankRole = $role->newInstance(['display_name' => trans('settings.role_delete_no_migration')]);
 135         $roles->prepend($blankRole);
 136
 137         $this->setPageTitle(trans('settings.role_delete'));
 138
 139         return view('settings.roles.delete', ['role' => $role, 'roles' => $roles]);
 140     }
 141
 142     /**
 143      * Delete a role from the system,
 144      * Migrate from a previous role if set.
 145      *
 146      * @throws Exception
 147      */
 148     public function delete(Request $request, string $id)
 149     {
 150         $this->checkPermission(Permission::UserRolesManage);
 151
 152         try {
 153             $migrateRoleId = intval($request->get('migrate_role_id') ?: "0");
 154             $this->permissionsRepo->deleteRole($id, $migrateRoleId);
 155         } catch (PermissionsException $e) {
 156             $this->showErrorNotification($e->getMessage());
 157
 158             return redirect("/settings/roles/delete/{$id}");
 159         }
 160
 161         return redirect('/settings/roles');
 162     }
 163 }