snipe-it/app/Http/Controllers/Api/UsersController.php

<?php

namespace App\Http\Controllers\Api;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Http\Transformers\UsersTransformer;
use App\Models\Company;
use App\Models\User;
use App\Helpers\Helper;
use App\Http\Requests\SaveUserRequest;
use App\Models\Asset;
use App\Http\Transformers\AssetsTransformer;

class UsersController extends Controller
{
    /**
     * Display a listing of the resource.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request)
    {
        $this->authorize('view', User::class);

        $users = User::select([
            'users.id',
            'users.employee_num',
            'users.two_factor_enrolled',
            'users.jobtitle',
            'users.email',
            'users.phone',
            'users.username',
            'users.location_id',
            'users.manager_id',
            'users.first_name',
            'users.last_name',
            'users.created_at',
            'users.notes',
            'users.company_id',
            'users.last_login',
            'users.deleted_at',
            'users.department_id',
            'users.activated',
            'users.avatar',

        ])->with('manager', 'groups', 'userloc', 'company', 'department','throttle','assets','licenses','accessories','consumables')
            ->withCount('assets','licenses','accessories','consumables');
        $users = Company::scopeCompanyables($users);


        if ($request->has('search')) {
            $users = $users->TextSearch($request->input('search'));
        }


        if (($request->has('deleted')) && ($request->input('deleted')=='true')) {
            $users = $users->GetDeleted();
        }

        if ($request->has('company_id')) {
            $users = $users->where('company_id', '=', $request->input('company_id'));
        }

        if ($request->has('location_id')) {
            $users = $users->where('location_id', '=', $request->input('location_id'));
        }
        
        if ($request->has('group_id')) {
            $users = $users->ByGroup($request->get('group_id'));
        }

        if ($request->has('department_id')) {
            $users = $users->where('department_id','=',$request->input('department_id'));
        }

        $order = $request->input('order') === 'asc' ? 'asc' : 'desc';
        $offset = request('offset', 0);
        $limit = request('limit', 50);

        switch ($request->input('sort')) {
            case 'manager':
                $users = $users->OrderManager($order);
                break;
            case 'location':
                $users = $users->OrderLocation($order);
                break;
            case 'department':
                $users = $users->OrderDepartment($order);
                break;
            default:
                $allowed_columns =
                    [
                        'last_name','first_name','email','jobtitle','username','employee_num',
                        'assets','accessories', 'consumables','licenses','groups','activated','created_at',
                        'two_factor_enrolled','two_factor_optin','last_login', 'assets_count', 'licenses_count',
                        'consumables_count', 'accessories_count', 'phone'
                    ];

                $sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';
                $users = $users->orderBy($sort, $order);
                break;
        }
        $total = $users->count();
        $users = $users->skip($offset)->take($limit)->get();
        return (new UsersTransformer)->transformUsers($users, $total);
    }


    /**
     * Store a newly created resource in storage.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function store(SaveUserRequest $request)
    {
        $this->authorize('view', User::class);
        $user = new User;
        $user->fill($request->all());
        $user->password = bcrypt($request->input('password'));

        if ($user->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.create')));
        }
        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
    }

    /**
     * Display the specified resource.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function show($id)
    {
        $this->authorize('view', User::class);
        $user = User::findOrFail($id);
        return (new UsersTransformer)->transformUser($user);
    }


    /**
     * Update the specified resource in storage.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
     * @param  \Illuminate\Http\Request  $request
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function update(SaveUserRequest $request, $id)
    {
        $this->authorize('edit', User::class);
        $user = User::findOrFail($id);
        $user->fill($request->all());

        if ($request->has('password')) {
            $user->password = bcrypt($request->input('password'));
        }


        if ($user->save()) {
            return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));
        }

        return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));
    }

    /**
     * Remove the specified resource from storage.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v4.0]
     * @param  int  $id
     * @return \Illuminate\Http\Response
     */
    public function destroy($id)
    {
        $this->authorize('delete', User::class);
        $user = User::findOrFail($id);
        $this->authorize('delete', $user);


        if ($user->assets()->count() > 0) {
            return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete_has_assets')));
        }

        if ($user->delete()) {
            return response()->json(Helper::formatStandardApiResponse('success', null,  trans('admin/users/message.success.delete')));
        }
        return response()->json(Helper::formatStandardApiResponse('error', null,  trans('admin/users/message.error.delete')));
    }

    /**
     * Return JSON containing a list of assets assigned to a user.
     *
     * @author [A. Gianotto] [<snipe@snipe.net>]
     * @since [v3.0]
     * @param $userId
     * @return string JSON
     */
    public function assets($id)
    {
        $this->authorize('view', User::class);
        $assets = Asset::where('assigned_to', '=', $id)->with('model')->get();
        return (new AssetsTransformer)->transformAssets($assets, $assets->count());
        // return response()->json($assets);
    }
}
Starter API controllers 2017-01-12 19:40:20 -08:00			`<?php`

			`namespace App\Http\Controllers\Api;`

			`use Illuminate\Http\Request;`
			`use App\Http\Controllers\Controller;`
Use transformers for API response This is experimental 2017-01-12 23:42:39 -08:00			`use App\Http\Transformers\UsersTransformer;`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`use App\Models\Company;`
Use transformers for API response This is experimental 2017-01-12 23:42:39 -08:00			`use App\Models\User;`
Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00			`use App\Helpers\Helper;`
ADDED: Password rules for complexity, min length, rejecting common passwords 2017-08-22 20:32:39 -07:00			`use App\Http\Requests\SaveUserRequest;`
Also related to #3888 2017-08-26 15:21:38 -07:00			`use App\Models\Asset;`
Use the transformers, Luke 2017-10-24 19:18:20 -07:00			`use App\Http\Transformers\AssetsTransformer;`
Starter API controllers 2017-01-12 19:40:20 -08:00
			`class UsersController extends Controller`
			`{`
			`/**`
			`* Display a listing of the resource.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v4.0]`
			`*`
			`* @return \Illuminate\Http\Response`
			`*/`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`public function index(Request $request)`
Starter API controllers 2017-01-12 19:40:20 -08:00			`{`
Use transformers for API response This is experimental 2017-01-12 23:42:39 -08:00			`$this->authorize('view', User::class);`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00
			`$users = User::select([`
			`'users.id',`
			`'users.employee_num',`
			`'users.two_factor_enrolled',`
			`'users.jobtitle',`
			`'users.email',`
Fixes #4291 - adds phone to user listing 2017-10-23 14:21:51 -07:00			`'users.phone',`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`'users.username',`
			`'users.location_id',`
			`'users.manager_id',`
			`'users.first_name',`
			`'users.last_name',`
			`'users.created_at',`
			`'users.notes',`
			`'users.company_id',`
Added last login to user menu 2017-03-03 18:28:13 -08:00			`'users.last_login',`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`'users.deleted_at',`
Include depts in returned list, sort by dept 2017-05-23 02:46:55 -07:00			`'users.department_id',`
Added user avatars to listing 2017-10-24 09:51:07 -07:00			`'users.activated',`
			`'users.avatar',`

Include depts in returned list, sort by dept 2017-05-23 02:46:55 -07:00			`])->with('manager', 'groups', 'userloc', 'company', 'department','throttle','assets','licenses','accessories','consumables')`
Switched to presented for ugly BS table column headers 2017-02-03 22:20:11 -08:00			`->withCount('assets','licenses','accessories','consumables');`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`$users = Company::scopeCompanyables($users);`


			`if ($request->has('search')) {`
			`$users = $users->TextSearch($request->input('search'));`
			`}`

Fixed deleted users/restore users view 2017-09-06 17:11:43 -07:00
			`if (($request->has('deleted')) && ($request->input('deleted')=='true')) {`
			`$users = $users->GetDeleted();`
			`}`

Added more company_id filtering, more transformers 2017-02-08 08:48:41 -08:00			`if ($request->has('company_id')) {`
[WIP] Improvements to unit tests. (#3574) * Improvemenets to unit tests. * Break up modelfactory into multiple files, populate many states. * Begin testing validation at the unit test level, test relationships. * Add tests for Asset::availableForCheckout. * Model factories now generate all needed relationships on demand, which allows us to unit test with a empty database. * To faciliate the empty database, we move to using sqlite in memory as the unit testing database. * Fix bug with logs of checkouts to non users. * Fix location finding for assets. Also Fix location show page to show users associated with location. Still need some work to show assets. * More test and generator improvements * More unit test fixes. PermissionsTest is borked still. * More Updates * Rewrite permissionstest. Check that we have access on the model level rather than via web requests. Also test delete permissions. * Fix seeders. * Make the default asset model factory generate assets that are rtd for testing. * Save progress. * Rebase tests, fix department unit test, update database for functional tests. * Update functional and api tests to use new modelfactory signatures. 2017-06-12 17:39:03 -07:00			`$users = $users->where('company_id', '=', $request->input('company_id'));`
			`}`

			`if ($request->has('location_id')) {`
			`$users = $users->where('location_id', '=', $request->input('location_id'));`
Added more company_id filtering, more transformers 2017-02-08 08:48:41 -08:00			`}`
Fixes #906 - groups view 2017-10-17 21:43:57 -07:00
			`if ($request->has('group_id')) {`
Fixes #4294 - pass correct group ID for group user listings 2017-10-24 04:39:47 -07:00			`$users = $users->ByGroup($request->get('group_id'));`
Fixes #906 - groups view 2017-10-17 21:43:57 -07:00			`}`
Added more company_id filtering, more transformers 2017-02-08 08:48:41 -08:00
Filter by dept for user display 2017-05-23 01:09:03 -07:00			`if ($request->has('department_id')) {`
			`$users = $users->where('department_id','=',$request->input('department_id'));`
			`}`

Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`$order = $request->input('order') === 'asc' ? 'asc' : 'desc';`
			`$offset = request('offset', 0);`
			`$limit = request('limit', 50);`

			`switch ($request->input('sort')) {`
			`case 'manager':`
			`$users = $users->OrderManager($order);`
			`break;`
			`case 'location':`
			`$users = $users->OrderLocation($order);`
			`break;`
Include depts in returned list, sort by dept 2017-05-23 02:46:55 -07:00			`case 'department':`
			`$users = $users->OrderDepartment($order);`
			`break;`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`default:`
			`$allowed_columns =`
			`[`
			`'last_name','first_name','email','jobtitle','username','employee_num',`
			`'assets','accessories', 'consumables','licenses','groups','activated','created_at',`
Allow sorting on asset counts, disable delete button if the user has items checked out to them 2017-10-19 17:15:21 -07:00			`'two_factor_enrolled','two_factor_optin','last_login', 'assets_count', 'licenses_count',`
Fixes #4291 - adds phone to user listing 2017-10-23 14:21:51 -07:00			`'consumables_count', 'accessories_count', 'phone'`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`];`

			`$sort = in_array($request->get('sort'), $allowed_columns) ? $request->get('sort') : 'first_name';`
			`$users = $users->orderBy($sort, $order);`
			`break;`
			`}`
Changed variable name for consistency 2017-05-23 14:30:07 -07:00			`$total = $users->count();`
Additional API routes and controllers for models, suppliers, users, locations and status labels 2017-01-13 04:50:20 -08:00			`$users = $users->skip($offset)->take($limit)->get();`
Changed variable name for consistency 2017-05-23 14:30:07 -07:00			`return (new UsersTransformer)->transformUsers($users, $total);`
Starter API controllers 2017-01-12 19:40:20 -08:00			`}`


			`/**`
			`* Store a newly created resource in storage.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v4.0]`
			`* @param \Illuminate\Http\Request $request`
			`* @return \Illuminate\Http\Response`
			`*/`
ADDED: Password rules for complexity, min length, rejecting common passwords 2017-08-22 20:32:39 -07:00			`public function store(SaveUserRequest $request)`
Starter API controllers 2017-01-12 19:40:20 -08:00			`{`
Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00			`$this->authorize('view', User::class);`
			`$user = new User;`
			`$user->fill($request->all());`
Only bcrypt passwords on user save if the password value is passed 2017-08-08 14:41:58 -07:00			`$user->password = bcrypt($request->input('password'));`
Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00
			`if ($user->save()) {`
Fixed success message on saving new user 2017-10-24 19:17:30 -07:00			`return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.create')));`
Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00			`}`
			`return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));`
Starter API controllers 2017-01-12 19:40:20 -08:00			`}`

			`/**`
			`* Display the specified resource.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @param int $id`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function show($id)`
			`{`
Use transformers for API response This is experimental 2017-01-12 23:42:39 -08:00			`$this->authorize('view', User::class);`
			`$user = User::findOrFail($id);`
			`return (new UsersTransformer)->transformUser($user);`
Starter API controllers 2017-01-12 19:40:20 -08:00			`}`


			`/**`
			`* Update the specified resource in storage.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v4.0]`
			`* @param \Illuminate\Http\Request $request`
			`* @param int $id`
			`* @return \Illuminate\Http\Response`
			`*/`
ADDED: Password rules for complexity, min length, rejecting common passwords 2017-08-22 20:32:39 -07:00			`public function update(SaveUserRequest $request, $id)`
Starter API controllers 2017-01-12 19:40:20 -08:00			`{`
Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00			`$this->authorize('edit', User::class);`
			`$user = User::findOrFail($id);`
			`$user->fill($request->all());`

Only bcrypt passwords on user save if the password value is passed 2017-08-08 14:41:58 -07:00			`if ($request->has('password')) {`
			`$user->password = bcrypt($request->input('password'));`
			`}`


Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00			`if ($user->save()) {`
			`return response()->json(Helper::formatStandardApiResponse('success', (new UsersTransformer)->transformUser($user), trans('admin/users/message.success.update')));`
			`}`

			`return response()->json(Helper::formatStandardApiResponse('error', null, $user->getErrors()));`
Starter API controllers 2017-01-12 19:40:20 -08:00			`}`

			`/**`
			`* Remove the specified resource from storage.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v4.0]`
			`* @param int $id`
			`* @return \Illuminate\Http\Response`
			`*/`
			`public function destroy($id)`
			`{`
Fixes #3805 - add/update/delete methods for User API 2017-08-03 19:50:18 -07:00			`$this->authorize('delete', User::class);`
			`$user = User::findOrFail($id);`
			`$this->authorize('delete', $user);`


			`if ($user->assets()->count() > 0) {`
			`return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete_has_assets')));`
			`}`

			`if ($user->delete()) {`
			`return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/users/message.success.delete')));`
			`}`
			`return response()->json(Helper::formatStandardApiResponse('error', null, trans('admin/users/message.error.delete')));`
Starter API controllers 2017-01-12 19:40:20 -08:00			`}`
Also related to #3888 2017-08-26 15:21:38 -07:00
			`/**`
			`* Return JSON containing a list of assets assigned to a user.`
			`*`
			`* @author [A. Gianotto] [<snipe@snipe.net>]`
			`* @since [v3.0]`
			`* @param $userId`
			`* @return string JSON`
			`*/`
			`public function assets($id)`
			`{`
			`$this->authorize('view', User::class);`
			`$assets = Asset::where('assigned_to', '=', $id)->with('model')->get();`
Use the transformers, Luke 2017-10-24 19:18:20 -07:00			`return (new AssetsTransformer)->transformAssets($assets, $assets->count());`
			`// return response()->json($assets);`
Also related to #3888 2017-08-26 15:21:38 -07:00			`}`
Starter API controllers 2017-01-12 19:40:20 -08:00			`}`