middleware('auth'); View::share('is_admin', true); } public function delete(Request $request, $id) { $this->authorizeAccessToAdminPanel(); $user = User::where('id', intval($id))->first(); if (is_null($user)) { App::abort(404); } if ($user->id == Auth::user()->id) { $request->session()->flash('warning', trans('admin.cannot_delete_own_user_account')); return redirect(route('users.index')); } return Theme::render('admin.delete_user', ['user' => $user]); } /** * Display a listing of the resource. * * @return \Illuminate\Http\Response */ public function index(Request $request) { $this->authorizeAccessToAdminPanel(); $users = User::orderBy('name') ->paginate(UserConfig::get('items_per_page')); return Theme::render('admin.list_users', [ 'error' => $request->session()->get('error'), 'success' => $request->session()->get('success'), 'users' => $users, 'warning' => $request->session()->get('warning') ]); } /** * Show the form for creating a new resource. * * @return \Illuminate\Http\Response */ public function create() { $this->authorizeAccessToAdminPanel(); return Theme::render('admin.create_user'); } /** * Store a newly created resource in storage. * * @param \Illuminate\Http\Request $request * @return \Illuminate\Http\Response */ public function store(Requests\StoreUserRequest $request) { $this->authorizeAccessToAdminPanel(); $user = new User(); $user->fill($request->only(['name', 'email', 'password'])); $user->password = bcrypt($user->password); $user->is_activated = true; $user->is_admin = (strtolower($request->get('is_admin')) == 'on'); $user->can_create_albums = (strtolower($request->get('can_create_albums')) == 'on'); $user->save(); return redirect(route('users.index')); } /** * Display the specified resource. * * @param int $id * @return \Illuminate\Http\Response */ public function show($id) { // } /** * Show the form for editing the specified resource. * * @param int $id * @return \Illuminate\Http\Response */ public function edit(Request $request, $id) { $this->authorizeAccessToAdminPanel(); $user = User::where('id', intval($id))->first(); if (is_null($user)) { App::abort(404); } $groups = Group::orderBy('name')->get(); $usersGroups = []; foreach ($user->groups()->get() as $group) { $usersGroups[] = $group->id; } if (!$request->session()->has('_old_input')) { $request->session()->flash('_old_input', $user->toArray()); } return Theme::render('admin.edit_user', ['user' => $user, 'groups' => $groups, 'users_groups' => $usersGroups]); } /** * Update the specified resource in storage. * * @param \Illuminate\Http\Request $request * @param int $id * @return \Illuminate\Http\Response */ public function update(Requests\StoreUserRequest $request, $id) { $this->authorizeAccessToAdminPanel(); $user = User::where('id', intval($id))->first(); if (is_null($user)) { App::abort(404); } $user->fill($request->only(['name', 'email'])); // Change user's password only if supplied if (strlen($request->get('password')) > 0) { $user->password = bcrypt($request->get('password')); } // Prevent the current administrator from removing their admin rights if ( $user->is_admin && $user->id == Auth::user()->id && strtolower($request->get('is_admin')) != 'on' ) { $request->session()->flash('warning', trans('admin.cannot_remove_own_admin')); } else { $user->is_admin = (strtolower($request->get('is_admin')) == 'on'); } $user->can_create_albums = (strtolower($request->get('can_create_albums')) == 'on'); // Manually activate account if requested if (strtolower($request->get('is_activated')) == 'on') { $user->is_activated = true; $user->activation_token = null; } // Sync the group memberships $data = $request->all(); $syncData = []; if (isset($data['user_group_id'])) { foreach ($data['user_group_id'] as $groupID) { $syncData[$groupID] = ['created_at' => new \DateTime(), 'updated_at' => new \DateTime()]; } $user->groups()->sync($syncData); } else { $user->groups()->detach(); } $user->save(); return redirect(route('users.index')); } /** * Remove the specified resource from storage. * * @param int $id * @return \Illuminate\Http\Response */ public function destroy(Request $request, $id) { $this->authorizeAccessToAdminPanel(); /** @var User $user */ $user = User::where('id', intval($id))->first(); if (is_null($user)) { App::abort(404); } if ($user->id == Auth::user()->id) { $request->session()->flash('warning', trans('admin.cannot_delete_own_user_account')); return redirect(route('users.index')); } try { $user->delete(); $request->session()->flash('success', trans('admin.user_deletion_successful', [ 'name' => $user->name ])); } catch (\Exception $ex) { $request->session()->flash('error', trans('admin.user_deletion_failed', [ 'error_message' => $ex->getMessage(), 'name' => $user->name ])); } return redirect(route('users.index')); } /** * Returns a list of users in JSON format - either all users or users matching the "q" query string parameter * * @param string $q Search term * @return \Illuminate\Http\Response */ public function searchJson(Request $request) { $this->authorizeAccessToAdminPanel(); $limit = intval($request->get('n')); if ($limit == 0) { $limit = 100; } $q = $request->get('q'); if (strlen($q) == 0) { return User::limit($limit)->get()->toJson(); } return User::where('name', 'like', '%' . $q . '%') ->limit($limit) ->orderBy('name') ->get() ->toJson(); } }