blue-twilight/app/Http/Controllers/Admin/UserController.php

<?php

namespace App\Http\Controllers\Admin;

use App\Facade\Theme;
use App\Facade\UserConfig;
use App\Group;
use App\User;

use App\Http\Requests;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\View;

class UserController extends Controller
{
    public function __construct()
    {
        $this->middleware('auth');
        View::share('is_admin', true);
    }

    public function delete(Request $request, $id)
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        $user = User::where('id', intval($id))->first();
        if (is_null($user))
        {
            App::abort(404);
        }

        if ($user->id == Auth::user()->id)
        {
            $request->session()->flash('warning', trans('admin.cannot_delete_own_user_account'));
            return redirect(route('users.index'));
        }

        return Theme::render('admin.delete_user', ['user' => $user]);
    }

    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request)
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        $users = User::orderBy('name')
            ->paginate(UserConfig::get('items_per_page'));

        return Theme::render('admin.list_users', [
            'error' => $request->session()->get('error'),
            'success' => $request->session()->get('success'),
            'users' => $users,
            'warning' => $request->session()->get('warning')
        ]);
    }

    /**
     * Show the form for creating a new resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function create()
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        return Theme::render('admin.create_user');
    }

    /**
     * Store a newly created resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(Requests\StoreUserRequest $request)
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        $user = new User();
        $user->fill($request->only(['name', 'email', 'password']));
        $user->password = bcrypt($user->password);
        $user->is_activated = true;
        $user->is_admin = (strtolower($request->get('is_admin')) == 'on');
        $user->save();

        return redirect(route('users.index'));
    }

    /**
     * Display the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show($id)
    {
        //
    }

    /**
     * Show the form for editing the specified resource.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function edit(Request $request, $id)
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        $user = User::where('id', intval($id))->first();
        if (is_null($user))
        {
            App::abort(404);
        }

        $groups = Group::orderBy('name')->get();
        $usersGroups = [];
        foreach ($user->groups()->get() as $group)
        {
            $usersGroups[] = $group->id;
        }

        if (!$request->session()->has('_old_input'))
        {
            $request->session()->flash('_old_input', $user->toArray());
        }

        return Theme::render('admin.edit_user', ['user' => $user, 'groups' => $groups, 'users_groups' => $usersGroups]);
    }

    /**
     * Update the specified resource in storage.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(Requests\StoreUserRequest $request, $id)
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        $user = User::where('id', intval($id))->first();
        if (is_null($user))
        {
            App::abort(404);
        }

        $user->fill($request->only(['name', 'email']));

        // Change user's password only if supplied
        if (strlen($request->get('password')) > 0)
        {
            $user->password = bcrypt($request->get('password'));
        }

        // Prevent the current administrator from removing their admin rights
        if (
            $user->is_admin &&
            $user->id == Auth::user()->id &&
            strtolower($request->get('is_admin')) != 'on'
        ) {
            $request->session()->flash('warning', trans('admin.cannot_remove_own_admin'));
        }
        else
        {
            $user->is_admin = (strtolower($request->get('is_admin')) == 'on');
        }

        // Manually activate account if requested
        if (strtolower($request->get('is_activated')) == 'on')
        {
            $user->is_activated = true;
            $user->activation_token = null;
        }

        // Sync the group memberships
        $data = $request->all();
        $syncData = [];

        if (isset($data['user_group_id']))
        {
            foreach ($data['user_group_id'] as $groupID)
            {
                $syncData[$groupID] = ['created_at' => new \DateTime(), 'updated_at' => new \DateTime()];
            }

            $user->groups()->sync($syncData);
        }
        else
        {
            $user->groups()->detach();
        }

        $user->save();

        return redirect(route('users.index'));
    }

    /**
     * Remove the specified resource from storage.
     *
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy(Request $request, $id)
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        /** @var User $user */
        $user = User::where('id', intval($id))->first();
        if (is_null($user))
        {
            App::abort(404);
        }

        if ($user->id == Auth::user()->id)
        {
            $request->session()->flash('warning', trans('admin.cannot_delete_own_user_account'));
            return redirect(route('users.index'));
        }

        try
        {
            $user->delete();
            $request->session()->flash('success', trans('admin.user_deletion_successful', [
                'name' => $user->name
            ]));
        }
        catch (\Exception $ex)
        {
            $request->session()->flash('error', trans('admin.user_deletion_failed', [
                'error_message' => $ex->getMessage(),
                'name' => $user->name
            ]));
        }

        return redirect(route('users.index'));
    }

    /**
     * Returns a list of users in JSON format - either all users or users matching the "q" query string parameter
     *
     * @param  string  $q Search term
     * @return \Illuminate\Http\Response
     */
    public function searchJson(Request $request)
    {
        $this->authorizeAccessToAdminPanel('admin:manage-users');

        $limit = intval($request->get('n'));
        if ($limit == 0)
        {
            $limit = 100;
        }

        $q = $request->get('q');
        if (strlen($q) == 0)
        {
            return User::limit($limit)->get()->toJson();
        }

        return User::where('name', 'like', '%' . $q . '%')
            ->limit($limit)
            ->orderBy('name')
            ->get()
            ->toJson();
    }
}
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`<?php`

			`namespace App\Http\Controllers\Admin;`

			`use App\Facade\Theme;`
			`use App\Facade\UserConfig;`
#3: Users can now be assigned to groups 2017-02-14 11:03:58 +00:00			`use App\Group;`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`use App\User;`

			`use App\Http\Requests;`
			`use App\Http\Controllers\Controller;`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`use Illuminate\Http\Request;`
			`use Illuminate\Support\Facades\App;`
			`use Illuminate\Support\Facades\Auth;`
Added copyright/powered by notices to the footers of all pages. Added a config option to turn it off on the public-facing gallery pages 2016-10-05 16:31:37 +01:00			`use Illuminate\Support\Facades\View;`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00
			`class UserController extends Controller`
			`{`
Added copyright/powered by notices to the footers of all pages. Added a config option to turn it off on the public-facing gallery pages 2016-10-05 16:31:37 +01:00			`public function __construct()`
			`{`
			`$this->middleware('auth');`
			`View::share('is_admin', true);`
			`}`

#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`public function delete(Request $request, $id)`
			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00
			`$user = User::where('id', intval($id))->first();`
			`if (is_null($user))`
			`{`
			`App::abort(404);`
			`}`

			`if ($user->id == Auth::user()->id)`
			`{`
			`$request->session()->flash('warning', trans('admin.cannot_delete_own_user_account'));`
#1, #2: Added intro titles/messages to the main settings pages. Updated the look of the "Actions" widget to match the "Manage" widget. Changed the URL of the users pages to plural. 2017-02-13 10:36:53 +00:00			`return redirect(route('users.index'));`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`}`

			`return Theme::render('admin.delete_user', ['user' => $user]);`
			`}`

User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`/**`
			`* Display a listing of the resource.`
			`*`
			`* @return \Illuminate\Http\Response`
			`*/`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`public function index(Request $request)`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00
			`$users = User::orderBy('name')`
			`->paginate(UserConfig::get('items_per_page'));`

			`return Theme::render('admin.list_users', [`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`'error' => $request->session()->get('error'),`
			`'success' => $request->session()->get('success'),`
			`'users' => $users,`
			`'warning' => $request->session()->get('warning')`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`]);`
			`}`

			`/**`
			`* Show the form for creating a new resource.`
			`*`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function create()`
			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00
			`return Theme::render('admin.create_user');`
			`}`

			`/**`
			`* Store a newly created resource in storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function store(Requests\StoreUserRequest $request)`
			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00
			`$user = new User();`
			`$user->fill($request->only(['name', 'email', 'password']));`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`$user->password = bcrypt($user->password);`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`$user->is_activated = true;`
			`$user->is_admin = (strtolower($request->get('is_admin')) == 'on');`
			`$user->save();`

#1: A few more fixes to the user routes 2017-02-13 11:57:53 +00:00			`return redirect(route('users.index'));`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`}`

			`/**`
			`* Display the specified resource.`
			`*`
			`* @param int $id`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function show($id)`
			`{`
			`//`
			`}`

			`/**`
			`* Show the form for editing the specified resource.`
			`*`
			`* @param int $id`
			`* @return \Illuminate\Http\Response`
			`*/`
#9: Users management section now works with Bootstrap v4 2017-03-26 21:29:10 +01:00			`public function edit(Request $request, $id)`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00
			`$user = User::where('id', intval($id))->first();`
			`if (is_null($user))`
			`{`
			`App::abort(404);`
			`}`

#3: Users can now be assigned to groups 2017-02-14 11:03:58 +00:00			`$groups = Group::orderBy('name')->get();`
			`$usersGroups = [];`
			`foreach ($user->groups()->get() as $group)`
			`{`
			`$usersGroups[] = $group->id;`
			`}`

#9: Users management section now works with Bootstrap v4 2017-03-26 21:29:10 +01:00			`if (!$request->session()->has('_old_input'))`
			`{`
			`$request->session()->flash('_old_input', $user->toArray());`
			`}`

#3: Users can now be assigned to groups 2017-02-14 11:03:58 +00:00			`return Theme::render('admin.edit_user', ['user' => $user, 'groups' => $groups, 'users_groups' => $usersGroups]);`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`}`

			`/**`
			`* Update the specified resource in storage.`
			`*`
			`* @param \Illuminate\Http\Request $request`
			`* @param int $id`
			`* @return \Illuminate\Http\Response`
			`*/`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`public function update(Requests\StoreUserRequest $request, $id)`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00
			`$user = User::where('id', intval($id))->first();`
			`if (is_null($user))`
			`{`
			`App::abort(404);`
			`}`

			`$user->fill($request->only(['name', 'email']));`

			`// Change user's password only if supplied`
			`if (strlen($request->get('password')) > 0)`
			`{`
			`$user->password = bcrypt($request->get('password'));`
			`}`

			`// Prevent the current administrator from removing their admin rights`
			`if (`
			`$user->is_admin &&`
			`$user->id == Auth::user()->id &&`
			`strtolower($request->get('is_admin')) != 'on'`
			`) {`
			`$request->session()->flash('warning', trans('admin.cannot_remove_own_admin'));`
			`}`
			`else`
			`{`
			`$user->is_admin = (strtolower($request->get('is_admin')) == 'on');`
			`}`

			`// Manually activate account if requested`
			`if (strtolower($request->get('is_activated')) == 'on')`
			`{`
			`$user->is_activated = true;`
			`$user->activation_token = null;`
			`}`

#3: Users can now be assigned to groups 2017-02-14 11:03:58 +00:00			`// Sync the group memberships`
			`$data = $request->all();`
			`$syncData = [];`

			`if (isset($data['user_group_id']))`
			`{`
			`foreach ($data['user_group_id'] as $groupID)`
			`{`
			`$syncData[$groupID] = ['created_at' => new \DateTime(), 'updated_at' => new \DateTime()];`
			`}`

			`$user->groups()->sync($syncData);`
			`}`
			`else`
			`{`
			`$user->groups()->detach();`
			`}`

#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`$user->save();`

#1: A few more fixes to the user routes 2017-02-13 11:57:53 +00:00			`return redirect(route('users.index'));`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`}`

			`/**`
			`* Remove the specified resource from storage.`
			`*`
			`* @param int $id`
			`* @return \Illuminate\Http\Response`
			`*/`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`public function destroy(Request $request, $id)`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00
			`/** @var User $user */`
			`$user = User::where('id', intval($id))->first();`
			`if (is_null($user))`
			`{`
			`App::abort(404);`
			`}`

			`if ($user->id == Auth::user()->id)`
			`{`
			`$request->session()->flash('warning', trans('admin.cannot_delete_own_user_account'));`
#1: A few more fixes to the user routes 2017-02-13 11:57:53 +00:00			`return redirect(route('users.index'));`
#1: User accounts can now be deleted. The current user account cannot be deleted, or have the admin privileges removed. Accounts can now be activated manually. New user accounts passwords are encrypted correctly before being saved. 2016-10-03 14:11:24 +01:00			`}`

			`try`
			`{`
			`$user->delete();`
			`$request->session()->flash('success', trans('admin.user_deletion_successful', [`
			`'name' => $user->name`
			`]));`
			`}`
			`catch (\Exception $ex)`
			`{`
			`$request->session()->flash('error', trans('admin.user_deletion_failed', [`
			`'error_message' => $ex->getMessage(),`
			`'name' => $user->name`
			`]));`
			`}`

#1: A few more fixes to the user routes 2017-02-13 11:57:53 +00:00			`return redirect(route('users.index'));`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`}`
#3: User permissions can now be specified for an album. Added a new config to the User class that allows users to login and manage albums without needing full admin access 2017-03-21 21:48:55 +00:00
			`/**`
			`* Returns a list of users in JSON format - either all users or users matching the "q" query string parameter`
			`*`
			`* @param string $q Search term`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function searchJson(Request $request)`
			`{`
#3: Implemented admin security for groups, users and storage locations 2017-04-15 09:58:33 +01:00			`$this->authorizeAccessToAdminPanel('admin:manage-users');`
#3: User permissions can now be specified for an album. Added a new config to the User class that allows users to login and manage albums without needing full admin access 2017-03-21 21:48:55 +00:00
			`$limit = intval($request->get('n'));`
			`if ($limit == 0)`
			`{`
			`$limit = 100;`
			`}`

			`$q = $request->get('q');`
			`if (strlen($q) == 0)`
			`{`
			`return User::limit($limit)->get()->toJson();`
			`}`

			`return User::where('name', 'like', '%' . $q . '%')`
			`->limit($limit)`
			`->orderBy('name')`
			`->get()`
			`->toJson();`
			`}`
User accounts can now be created using the new user management screen. Added cURL as a required PHP extension 2016-10-01 15:24:22 +01:00			`}`