2016-03-25 01:18:05 -07:00
|
|
|
<?php
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2018-07-24 19:35:26 -07:00
|
|
|
namespace App\Http\Controllers\Users;
|
2016-03-25 01:18:05 -07:00
|
|
|
|
|
|
|
|
use App\Helpers\Helper;
|
2018-07-24 19:35:26 -07:00
|
|
|
use App\Http\Controllers\Controller;
|
2024-06-05 05:28:44 -07:00
|
|
|
use App\Http\Requests\DeleteUserRequest;
|
2020-03-05 18:00:24 -08:00
|
|
|
use App\Http\Requests\ImageUploadRequest;
|
2021-06-10 13:15:52 -07:00
|
|
|
use App\Http\Requests\SaveUserRequest;
|
2023-11-22 10:02:47 -08:00
|
|
|
use App\Models\Actionlog;
|
2016-03-25 01:18:05 -07:00
|
|
|
use App\Models\Asset;
|
|
|
|
|
use App\Models\Company;
|
2018-07-16 17:44:03 -07:00
|
|
|
use App\Models\Group;
|
2019-12-06 10:57:48 -08:00
|
|
|
use App\Models\Setting;
|
2016-03-25 01:18:05 -07:00
|
|
|
use App\Models\User;
|
2018-07-16 17:44:03 -07:00
|
|
|
use App\Notifications\WelcomeNotification;
|
2024-05-29 04:38:15 -07:00
|
|
|
use Illuminate\Support\Facades\Auth;
|
2018-07-16 17:44:03 -07:00
|
|
|
use Illuminate\Database\Eloquent\ModelNotFoundException;
|
2021-06-10 13:15:52 -07:00
|
|
|
use Illuminate\Http\Request;
|
2021-05-26 15:32:23 -07:00
|
|
|
use Illuminate\Support\Facades\Password;
|
2016-03-25 01:18:05 -07:00
|
|
|
use Redirect;
|
|
|
|
|
use Str;
|
2018-07-16 17:44:03 -07:00
|
|
|
use Symfony\Component\HttpFoundation\StreamedResponse;
|
2022-06-29 11:15:15 -07:00
|
|
|
use App\Notifications\CurrentInventory;
|
2016-06-02 00:41:10 -07:00
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
/**
|
2016-04-07 13:21:09 -07:00
|
|
|
* This controller handles all actions related to Users for
|
|
|
|
|
* the Snipe-IT Asset Management application.
|
|
|
|
|
*
|
|
|
|
|
* @version v1.0
|
2016-03-25 01:18:05 -07:00
|
|
|
*/
|
|
|
|
|
class UsersController extends Controller
|
|
|
|
|
{
|
|
|
|
|
/**
|
2018-07-24 19:35:26 -07:00
|
|
|
* Returns a view that invokes the ajax tables which actually contains
|
|
|
|
|
* the content for the users listing, which is generated in getDatatable().
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @see UsersController::getDatatable() method that generates the JSON response
|
|
|
|
|
* @since [v1.0]
|
|
|
|
|
* @return \Illuminate\Contracts\View\View
|
|
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2016-12-15 20:52:39 -08:00
|
|
|
public function index()
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2016-12-19 11:04:28 -08:00
|
|
|
$this->authorize('index', User::class);
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2017-06-09 16:44:03 -07:00
|
|
|
return view('users/index');
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2018-07-24 19:35:26 -07:00
|
|
|
* Returns a view that displays the user creation form.
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
|
|
|
|
* @return \Illuminate\Contracts\View\View
|
|
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2019-12-10 19:32:50 -08:00
|
|
|
public function create(Request $request)
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2016-12-19 11:04:28 -08:00
|
|
|
$this->authorize('create', User::class);
|
2016-05-12 15:26:48 -07:00
|
|
|
$groups = Group::pluck('name', 'id');
|
|
|
|
|
|
2018-07-24 19:35:26 -07:00
|
|
|
$userGroups = collect();
|
|
|
|
|
|
2020-03-05 18:00:24 -08:00
|
|
|
if ($request->old('groups')) {
|
|
|
|
|
$userGroups = Group::whereIn('id', $request->old('groups'))->pluck('name', 'id');
|
2016-04-28 21:59:43 -07:00
|
|
|
}
|
2016-06-15 11:51:10 -07:00
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
$permissions = config('permissions');
|
2021-06-10 13:15:52 -07:00
|
|
|
$userPermissions = Helper::selectedPermissionsArray($permissions, $request->old('permissions', []));
|
2016-10-12 12:06:28 -07:00
|
|
|
$permissions = $this->filterDisplayable($permissions);
|
2016-03-25 01:18:05 -07:00
|
|
|
|
2018-08-14 18:17:37 -07:00
|
|
|
$user = new User;
|
|
|
|
|
|
2017-06-09 16:44:03 -07:00
|
|
|
return view('users/edit', compact('groups', 'userGroups', 'permissions', 'userPermissions'))
|
2018-08-14 18:17:37 -07:00
|
|
|
->with('user', $user);
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2018-07-24 19:35:26 -07:00
|
|
|
* Validate and store the new user data, or return an error.
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
|
|
|
|
* @param SaveUserRequest $request
|
|
|
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2016-12-15 20:52:39 -08:00
|
|
|
public function store(SaveUserRequest $request)
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2016-12-19 11:04:28 -08:00
|
|
|
$this->authorize('create', User::class);
|
2016-03-25 19:26:22 -07:00
|
|
|
$user = new User;
|
2016-06-27 19:47:21 -07:00
|
|
|
//Username, email, and password need to be handled specially because the need to respect config values on an edit.
|
2022-03-04 06:18:52 -08:00
|
|
|
$user->email = trim($request->input('email'));
|
|
|
|
|
$user->username = trim($request->input('username'));
|
2018-07-24 22:51:31 -07:00
|
|
|
if ($request->filled('password')) {
|
2016-06-06 14:15:50 -07:00
|
|
|
$user->password = bcrypt($request->input('password'));
|
|
|
|
|
}
|
2016-12-19 22:00:50 -08:00
|
|
|
$user->first_name = $request->input('first_name');
|
|
|
|
|
$user->last_name = $request->input('last_name');
|
|
|
|
|
$user->locale = $request->input('locale');
|
|
|
|
|
$user->employee_num = $request->input('employee_num');
|
2018-07-24 13:28:59 -07:00
|
|
|
$user->activated = $request->input('activated', 0);
|
2016-12-19 22:00:50 -08:00
|
|
|
$user->jobtitle = $request->input('jobtitle');
|
|
|
|
|
$user->phone = $request->input('phone');
|
2016-12-26 15:17:46 -08:00
|
|
|
$user->location_id = $request->input('location_id', null);
|
2017-05-23 02:47:49 -07:00
|
|
|
$user->department_id = $request->input('department_id', null);
|
2016-12-26 15:17:46 -08:00
|
|
|
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
|
|
|
|
$user->manager_id = $request->input('manager_id', null);
|
2016-12-19 22:00:50 -08:00
|
|
|
$user->notes = $request->input('notes');
|
2017-10-30 18:57:00 -07:00
|
|
|
$user->address = $request->input('address', null);
|
|
|
|
|
$user->city = $request->input('city', null);
|
|
|
|
|
$user->state = $request->input('state', null);
|
|
|
|
|
$user->country = $request->input('country', null);
|
|
|
|
|
$user->zip = $request->input('zip', null);
|
2022-03-04 05:35:26 -08:00
|
|
|
$user->remote = $request->input('remote', 0);
|
2022-06-17 06:09:39 -07:00
|
|
|
$user->website = $request->input('website', null);
|
2022-06-23 17:19:08 -07:00
|
|
|
$user->created_by = Auth::user()->id;
|
2022-10-05 16:58:26 -07:00
|
|
|
$user->start_date = $request->input('start_date', null);
|
|
|
|
|
$user->end_date = $request->input('end_date', null);
|
2023-04-16 15:25:52 -07:00
|
|
|
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
2016-10-31 19:08:24 -07:00
|
|
|
|
|
|
|
|
// Strip out the superuser permission if the user isn't a superadmin
|
|
|
|
|
$permissions_array = $request->input('permission');
|
|
|
|
|
|
2021-06-10 13:15:52 -07:00
|
|
|
if (! Auth::user()->isSuperUser()) {
|
2016-10-31 19:08:24 -07:00
|
|
|
unset($permissions_array['superuser']);
|
|
|
|
|
}
|
2021-06-10 13:15:52 -07:00
|
|
|
$user->permissions = json_encode($permissions_array);
|
2020-08-24 18:32:40 -07:00
|
|
|
|
|
|
|
|
// we have to invoke the
|
2023-01-23 21:37:35 -08:00
|
|
|
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
|
2020-03-05 18:00:24 -08:00
|
|
|
|
2016-06-15 11:51:10 -07:00
|
|
|
if ($user->save()) {
|
2018-07-24 22:51:31 -07:00
|
|
|
if ($request->filled('groups')) {
|
2016-06-15 11:51:10 -07:00
|
|
|
$user->groups()->sync($request->input('groups'));
|
|
|
|
|
} else {
|
2021-06-10 13:15:52 -07:00
|
|
|
$user->groups()->sync([]);
|
2016-06-15 11:51:10 -07:00
|
|
|
}
|
2016-07-28 05:49:41 -07:00
|
|
|
|
2018-07-24 22:51:31 -07:00
|
|
|
if (($request->input('email_user') == 1) && ($request->filled('email'))) {
|
2018-08-28 12:37:58 -07:00
|
|
|
// Send the credentials through email
|
2021-06-10 13:15:52 -07:00
|
|
|
$data = [];
|
2016-06-06 14:15:50 -07:00
|
|
|
$data['email'] = e($request->input('email'));
|
|
|
|
|
$data['username'] = e($request->input('username'));
|
|
|
|
|
$data['first_name'] = e($request->input('first_name'));
|
2018-03-03 14:37:42 -08:00
|
|
|
$data['last_name'] = e($request->input('last_name'));
|
2016-06-06 14:15:50 -07:00
|
|
|
$data['password'] = e($request->input('password'));
|
2016-03-25 01:18:05 -07:00
|
|
|
|
2018-03-03 12:44:41 -08:00
|
|
|
$user->notify(new WelcomeNotification($data));
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2024-05-29 04:53:51 -07:00
|
|
|
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.create'));
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2016-06-22 12:27:41 -07:00
|
|
|
return redirect()->back()->withInput()->withErrors($user->getErrors());
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
2018-07-16 17:44:03 -07:00
|
|
|
private function filterDisplayable($permissions)
|
|
|
|
|
{
|
|
|
|
|
$output = null;
|
|
|
|
|
foreach ($permissions as $key => $permission) {
|
2018-08-28 12:37:58 -07:00
|
|
|
$output[$key] = array_filter($permission, function ($p) {
|
|
|
|
|
return $p['display'] === true;
|
|
|
|
|
});
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2018-07-16 17:44:03 -07:00
|
|
|
return $output;
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-12-19 22:00:50 -08:00
|
|
|
* Returns a view that displays the edit user form
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
|
|
|
|
* @param $permissions
|
|
|
|
|
* @return View
|
|
|
|
|
* @internal param int $id
|
2018-07-24 19:35:26 -07:00
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2017-05-23 02:47:49 -07:00
|
|
|
public function edit($id)
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2024-04-10 04:34:32 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
$this->authorize('update', User::class);
|
|
|
|
|
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
|
|
|
|
|
$user = Company::scopeCompanyables($user)->find($id);
|
|
|
|
|
|
|
|
|
|
if ($user) {
|
|
|
|
|
|
2016-04-28 21:59:43 -07:00
|
|
|
$permissions = config('permissions');
|
|
|
|
|
$groups = Group::pluck('name', 'id');
|
2016-03-25 01:18:05 -07:00
|
|
|
|
2016-04-28 21:59:43 -07:00
|
|
|
$userGroups = $user->groups()->pluck('name', 'id');
|
|
|
|
|
$user->permissions = $user->decodePermissions();
|
|
|
|
|
$userPermissions = Helper::selectedPermissionsArray($permissions, $user->permissions);
|
2016-10-12 12:06:28 -07:00
|
|
|
$permissions = $this->filterDisplayable($permissions);
|
2016-03-25 01:18:05 -07:00
|
|
|
|
2017-10-28 11:17:52 -07:00
|
|
|
return view('users/edit', compact('user', 'groups', 'userGroups', 'permissions', 'userPermissions'))->with('item', $user);
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
2022-03-04 05:35:26 -08:00
|
|
|
return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2016-12-19 22:00:50 -08:00
|
|
|
* Validate and save edited user data from edit form.
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
2018-07-24 19:35:26 -07:00
|
|
|
* @param SaveUserRequest $request
|
2016-12-19 22:00:50 -08:00
|
|
|
* @param int $id
|
|
|
|
|
* @return \Illuminate\Http\RedirectResponse
|
2018-07-24 19:35:26 -07:00
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2020-05-23 11:58:44 -07:00
|
|
|
public function update(SaveUserRequest $request, $id = null)
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2024-04-11 06:40:00 -07:00
|
|
|
$this->authorize('update', User::class);
|
2019-02-04 19:13:55 -08:00
|
|
|
|
|
|
|
|
// This is a janky hack to prevent people from changing admin demo user data on the public demo.
|
|
|
|
|
// The $ids 1 and 2 are special since they are seeded as superadmins in the demo seeder.
|
|
|
|
|
// Thanks, jerks. You are why we can't have nice things. - snipe
|
|
|
|
|
|
|
|
|
|
if ((($id == 1) || ($id == 2)) && (config('app.lock_passwords'))) {
|
2024-04-11 06:40:00 -07:00
|
|
|
return redirect()->route('users.index')->with('error', trans('general.permission_denied_superuser_demo'));
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
// We need to reverse the UI specific logic for our
|
|
|
|
|
// permissions here before we update the user.
|
|
|
|
|
$permissions = $request->input('permissions', []);
|
|
|
|
|
app('request')->request->set('permissions', $permissions);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
|
|
|
|
|
$user = Company::scopeCompanyables($user)->find($id);
|
|
|
|
|
|
|
|
|
|
// User is valid - continue...
|
|
|
|
|
if ($user) {
|
|
|
|
|
$this->authorize('update', $user);
|
|
|
|
|
|
|
|
|
|
// Figure out of this user was an admin before this edit
|
|
|
|
|
$orig_permissions_array = $user->decodePermissions();
|
|
|
|
|
$orig_superuser = '0';
|
|
|
|
|
if (is_array($orig_permissions_array)) {
|
|
|
|
|
if (array_key_exists('superuser', $orig_permissions_array)) {
|
|
|
|
|
$orig_superuser = $orig_permissions_array['superuser'];
|
|
|
|
|
}
|
2020-05-23 11:58:44 -07:00
|
|
|
}
|
2016-10-31 18:57:35 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
// Only save groups if the user is a superuser
|
|
|
|
|
if (Auth::user()->isSuperUser()) {
|
|
|
|
|
$user->groups()->sync($request->input('groups'));
|
|
|
|
|
}
|
2016-10-31 18:57:35 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
// Update the user fields
|
2022-03-04 06:18:52 -08:00
|
|
|
$user->username = trim($request->input('username'));
|
2024-04-11 06:40:00 -07:00
|
|
|
$user->email = trim($request->input('email'));
|
|
|
|
|
$user->first_name = $request->input('first_name');
|
|
|
|
|
$user->last_name = $request->input('last_name');
|
|
|
|
|
$user->two_factor_optin = $request->input('two_factor_optin') ?: 0;
|
|
|
|
|
$user->locale = $request->input('locale');
|
|
|
|
|
$user->employee_num = $request->input('employee_num');
|
|
|
|
|
$user->activated = $request->input('activated', 0);
|
|
|
|
|
$user->jobtitle = $request->input('jobtitle', null);
|
|
|
|
|
$user->phone = $request->input('phone');
|
|
|
|
|
$user->location_id = $request->input('location_id', null);
|
|
|
|
|
$user->company_id = Company::getIdForUser($request->input('company_id', null));
|
|
|
|
|
$user->manager_id = $request->input('manager_id', null);
|
|
|
|
|
$user->notes = $request->input('notes');
|
|
|
|
|
$user->department_id = $request->input('department_id', null);
|
|
|
|
|
$user->address = $request->input('address', null);
|
|
|
|
|
$user->city = $request->input('city', null);
|
|
|
|
|
$user->state = $request->input('state', null);
|
|
|
|
|
$user->country = $request->input('country', null);
|
|
|
|
|
// if a user is editing themselves we should always keep activated true
|
|
|
|
|
$user->activated = $request->input('activated', $request->user()->is($user) ? 1 : 0);
|
|
|
|
|
$user->zip = $request->input('zip', null);
|
|
|
|
|
$user->remote = $request->input('remote', 0);
|
|
|
|
|
$user->vip = $request->input('vip', 0);
|
|
|
|
|
$user->website = $request->input('website', null);
|
|
|
|
|
$user->start_date = $request->input('start_date', null);
|
|
|
|
|
$user->end_date = $request->input('end_date', null);
|
|
|
|
|
$user->autoassign_licenses = $request->input('autoassign_licenses', 0);
|
|
|
|
|
|
|
|
|
|
// Update the location of any assets checked out to this user
|
|
|
|
|
Asset::where('assigned_type', User::class)
|
|
|
|
|
->where('assigned_to', $user->id)
|
|
|
|
|
->update(['location_id' => $request->input('location_id', null)]);
|
|
|
|
|
|
|
|
|
|
// Do we want to update the user password?
|
|
|
|
|
if ($request->filled('password')) {
|
|
|
|
|
$user->password = bcrypt($request->input('password'));
|
|
|
|
|
}
|
2017-10-30 18:57:00 -07:00
|
|
|
|
|
|
|
|
|
2017-10-30 19:33:52 -07:00
|
|
|
// Update the location of any assets checked out to this user
|
|
|
|
|
Asset::where('assigned_type', User::class)
|
2018-07-24 19:35:26 -07:00
|
|
|
->where('assigned_to', $user->id)
|
2024-03-21 15:15:40 -07:00
|
|
|
->update(['location_id' => $user->location_id]);
|
2017-08-22 20:32:39 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
$permissions_array = $request->input('permission');
|
2016-06-27 19:47:21 -07:00
|
|
|
|
2016-10-31 19:07:55 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
// Strip out the superuser permission if the user isn't a superadmin
|
|
|
|
|
if (! Auth::user()->isSuperUser()) {
|
|
|
|
|
unset($permissions_array['superuser']);
|
|
|
|
|
$permissions_array['superuser'] = $orig_superuser;
|
|
|
|
|
}
|
2016-06-27 19:47:21 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
$user->permissions = json_encode($permissions_array);
|
2016-06-27 19:47:21 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
// Handle uploaded avatar
|
|
|
|
|
app(ImageUploadRequest::class)->handleImages($user, 600, 'avatar', 'avatars', 'avatar');
|
2016-06-27 19:47:21 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
if ($user->save()) {
|
|
|
|
|
// Redirect to the user page
|
|
|
|
|
return redirect()->route('users.index')
|
|
|
|
|
->with('success', trans('admin/users/message.success.update'));
|
|
|
|
|
}
|
2016-06-27 19:47:21 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
return redirect()->back()->withInput()->withErrors($user->getErrors());
|
2020-08-26 02:30:23 -07:00
|
|
|
|
2020-03-05 18:00:24 -08:00
|
|
|
|
2016-06-27 21:11:59 -07:00
|
|
|
}
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
|
2016-06-27 19:47:21 -07:00
|
|
|
}
|
|
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
/**
|
2018-07-24 19:35:26 -07:00
|
|
|
* Delete a user
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
|
|
|
|
* @param int $id
|
|
|
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2024-06-05 05:28:44 -07:00
|
|
|
public function destroy(DeleteUserRequest $request, $id = null)
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
|
|
|
|
|
2024-04-11 06:52:03 -07:00
|
|
|
$this->authorize('delete', User::class);
|
2024-06-05 05:28:44 -07:00
|
|
|
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc');
|
2024-04-11 06:52:03 -07:00
|
|
|
$user = Company::scopeCompanyables($user)->find($id);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($user) {
|
2016-03-25 01:18:05 -07:00
|
|
|
// Delete the user
|
|
|
|
|
$user->delete();
|
2018-07-24 19:35:26 -07:00
|
|
|
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.delete'));
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
2024-04-11 06:52:03 -07:00
|
|
|
|
|
|
|
|
return redirect()->route('users.index')
|
|
|
|
|
->with('error', trans('admin/users/message.user_not_found', compact('id')));
|
|
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
2017-03-10 20:07:44 -08:00
|
|
|
/**
|
2018-07-24 19:35:26 -07:00
|
|
|
* Restore a deleted user
|
2017-03-10 20:07:44 -08:00
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
2018-07-24 19:35:26 -07:00
|
|
|
* @param int $id
|
2017-03-10 20:07:44 -08:00
|
|
|
* @return \Illuminate\Http\RedirectResponse
|
2018-07-24 19:35:26 -07:00
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2016-03-25 01:18:05 -07:00
|
|
|
public function getRestore($id = null)
|
|
|
|
|
{
|
2023-11-22 10:02:47 -08:00
|
|
|
if ($user = User::withTrashed()->find($id)) {
|
|
|
|
|
$this->authorize('delete', $user);
|
|
|
|
|
|
|
|
|
|
if ($user->deleted_at == '') {
|
|
|
|
|
return redirect()->back()->with('error', trans('general.not_deleted', ['item_type' => trans('general.user')]));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($user->restore()) {
|
|
|
|
|
$logaction = new Actionlog();
|
|
|
|
|
$logaction->item_type = User::class;
|
|
|
|
|
$logaction->item_id = $user->id;
|
|
|
|
|
$logaction->created_at = date('Y-m-d H:i:s');
|
|
|
|
|
$logaction->user_id = Auth::user()->id;
|
2023-11-22 12:08:41 -08:00
|
|
|
$logaction->logaction('restore');
|
2023-11-22 10:02:47 -08:00
|
|
|
|
|
|
|
|
// Redirect them to the deleted page if there are more, otherwise the section index
|
|
|
|
|
$deleted_users = User::onlyTrashed()->count();
|
|
|
|
|
if ($deleted_users > 0) {
|
|
|
|
|
return redirect()->back()->with('success', trans('admin/users/message.success.restored'));
|
|
|
|
|
}
|
|
|
|
|
return redirect()->route('users.index')->with('success', trans('admin/users/message.success.restored'));
|
|
|
|
|
|
|
|
|
|
}
|
2016-04-21 21:01:45 -07:00
|
|
|
|
2023-11-22 10:02:47 -08:00
|
|
|
// Check validation to make sure we're not restoring a user with the same username as an existing user
|
|
|
|
|
return redirect()->back()->with('error', trans('general.could_not_restore', ['item_type' => trans('general.user'), 'error' => $user->getErrors()->first()]));
|
2016-06-22 12:27:41 -07:00
|
|
|
}
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2023-11-22 10:02:47 -08:00
|
|
|
return redirect()->route('users.index')->with('error', trans('admin/users/message.does_not_exist'));
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2018-07-24 19:35:26 -07:00
|
|
|
* Return a view with user detail
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
|
|
|
|
* @param int $userId
|
|
|
|
|
* @return \Illuminate\Contracts\View\View
|
|
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2016-12-15 20:52:39 -08:00
|
|
|
public function show($userId = null)
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2024-04-17 02:57:49 -07:00
|
|
|
// Make sure the user can view users at all
|
2024-04-11 06:40:00 -07:00
|
|
|
$this->authorize('view', User::class);
|
2016-03-25 01:18:05 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
$user = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
|
|
|
|
|
$user = Company::scopeCompanyables($user)->find($userId);
|
2016-03-25 01:18:05 -07:00
|
|
|
|
2024-04-17 02:57:49 -07:00
|
|
|
// Make sure they can view this particular user
|
2018-07-24 19:35:26 -07:00
|
|
|
$this->authorize('view', $user);
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
if ($user) {
|
|
|
|
|
$userlog = $user->userlog->load('item');
|
|
|
|
|
return view('users/view', compact('user', 'userlog'))->with('settings', Setting::getSettings());
|
2016-12-19 11:04:28 -08:00
|
|
|
}
|
2016-03-25 01:18:05 -07:00
|
|
|
|
2024-04-11 06:52:03 -07:00
|
|
|
return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', ['id' => $userId]));
|
2016-03-25 01:18:05 -07:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2018-07-24 19:35:26 -07:00
|
|
|
* Return a view containing a pre-populated new user form,
|
|
|
|
|
* populated with some fields from an existing user.
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v1.0]
|
|
|
|
|
* @param int $id
|
|
|
|
|
* @return \Illuminate\Contracts\View\View
|
|
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-12-19 22:00:50 -08:00
|
|
|
*/
|
2019-12-11 11:09:54 -08:00
|
|
|
public function getClone(Request $request, $id = null)
|
2016-03-25 01:18:05 -07:00
|
|
|
{
|
2016-12-19 11:04:28 -08:00
|
|
|
$this->authorize('create', User::class);
|
2024-04-11 06:52:03 -07:00
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
// We need to reverse the UI specific logic for our
|
|
|
|
|
// permissions here before we update the user.
|
2021-06-10 13:15:52 -07:00
|
|
|
$permissions = $request->input('permissions', []);
|
2016-03-25 01:18:05 -07:00
|
|
|
app('request')->request->set('permissions', $permissions);
|
|
|
|
|
|
2024-04-11 06:52:03 -07:00
|
|
|
|
|
|
|
|
$user_to_clone = User::with('assets', 'assets.model', 'consumables', 'accessories', 'licenses', 'userloc')->withTrashed();
|
|
|
|
|
$user_to_clone = Company::scopeCompanyables($user_to_clone)->find($id);
|
|
|
|
|
|
2024-04-17 02:57:49 -07:00
|
|
|
// Make sure they can view this particular user
|
|
|
|
|
$this->authorize('view', $user_to_clone);
|
|
|
|
|
|
|
|
|
|
|
2024-04-11 06:52:03 -07:00
|
|
|
if ($user_to_clone) {
|
|
|
|
|
|
|
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
$user = clone $user_to_clone;
|
2024-04-11 06:52:03 -07:00
|
|
|
|
|
|
|
|
// Blank out some fields
|
2016-03-25 01:18:05 -07:00
|
|
|
$user->first_name = '';
|
|
|
|
|
$user->last_name = '';
|
|
|
|
|
$user->email = substr($user->email, ($pos = strpos($user->email, '@')) !== false ? $pos : 0);
|
|
|
|
|
$user->id = null;
|
|
|
|
|
|
2024-04-11 06:52:03 -07:00
|
|
|
// Get this user's groups
|
2017-07-07 18:45:49 -07:00
|
|
|
$userGroups = $user_to_clone->groups()->pluck('name', 'id');
|
2024-04-11 06:52:03 -07:00
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
// Get all the available permissions
|
|
|
|
|
$permissions = config('permissions');
|
2016-07-10 18:43:10 -07:00
|
|
|
$clonedPermissions = $user_to_clone->decodePermissions();
|
|
|
|
|
|
2018-07-24 19:35:26 -07:00
|
|
|
$userPermissions = Helper::selectedPermissionsArray($permissions, $clonedPermissions);
|
2016-03-25 01:18:05 -07:00
|
|
|
|
|
|
|
|
// Show the page
|
2017-06-09 16:44:03 -07:00
|
|
|
return view('users/edit', compact('permissions', 'userPermissions'))
|
2024-04-11 06:52:03 -07:00
|
|
|
->with('user', $user)
|
|
|
|
|
->with('groups', Group::pluck('name', 'id'))
|
|
|
|
|
->with('userGroups', $userGroups)
|
|
|
|
|
->with('clone_user', $user_to_clone);
|
2016-07-13 05:50:24 -07:00
|
|
|
}
|
2024-04-11 06:52:03 -07:00
|
|
|
|
|
|
|
|
return redirect()->route('users.index')->with('error', trans('admin/users/message.user_not_found', compact('id')));
|
|
|
|
|
|
2016-03-25 01:18:05 -07:00
|
|
|
}
|
|
|
|
|
|
2016-10-25 02:41:34 -07:00
|
|
|
/**
|
|
|
|
|
* Exports users to CSV
|
|
|
|
|
*
|
|
|
|
|
* @author [A. Gianotto] [<snipe@snipe.net>]
|
|
|
|
|
* @since [v3.5]
|
2016-12-19 22:00:50 -08:00
|
|
|
* @return StreamedResponse
|
2018-07-24 19:35:26 -07:00
|
|
|
* @throws \Illuminate\Auth\Access\AuthorizationException
|
2016-10-25 02:41:34 -07:00
|
|
|
*/
|
|
|
|
|
public function getExportUserCsv()
|
|
|
|
|
{
|
2016-12-19 11:04:28 -08:00
|
|
|
$this->authorize('view', User::class);
|
2016-10-25 02:41:34 -07:00
|
|
|
\Debugbar::disable();
|
|
|
|
|
|
2016-12-29 14:02:18 -08:00
|
|
|
$response = new StreamedResponse(function () {
|
2016-10-25 02:41:34 -07:00
|
|
|
// Open output stream
|
|
|
|
|
$handle = fopen('php://output', 'w');
|
|
|
|
|
|
2024-04-11 06:40:00 -07:00
|
|
|
$users = User::with(
|
|
|
|
|
'assets',
|
|
|
|
|
'accessories',
|
|
|
|
|
'consumables',
|
|
|
|
|
'department',
|
|
|
|
|
'licenses',
|
|
|
|
|
'manager',
|
|
|
|
|
'groups',
|
|
|
|
|
'userloc',
|
|
|
|
|
'company'
|
|
|
|
|
)->orderBy('created_at', 'DESC');
|
|
|
|
|
|
|
|
|
|
// FMCS scoping
|
|
|
|
|
Company::scopeCompanyables($users)
|
2018-08-28 12:37:58 -07:00
|
|
|
->chunk(500, function ($users) use ($handle) {
|
2021-06-10 13:15:52 -07:00
|
|
|
$headers = [
|
2018-08-28 12:37:58 -07:00
|
|
|
// strtolower to prevent Excel from trying to open it as a SYLK file
|
|
|
|
|
strtolower(trans('general.id')),
|
|
|
|
|
trans('admin/companies/table.title'),
|
|
|
|
|
trans('admin/users/table.title'),
|
2022-01-06 03:35:37 -08:00
|
|
|
trans('general.employee_number'),
|
2018-08-28 12:37:58 -07:00
|
|
|
trans('admin/users/table.name'),
|
|
|
|
|
trans('admin/users/table.username'),
|
|
|
|
|
trans('admin/users/table.email'),
|
|
|
|
|
trans('admin/users/table.manager'),
|
|
|
|
|
trans('admin/users/table.location'),
|
|
|
|
|
trans('general.department'),
|
|
|
|
|
trans('general.assets'),
|
|
|
|
|
trans('general.licenses'),
|
|
|
|
|
trans('general.accessories'),
|
|
|
|
|
trans('general.consumables'),
|
2024-04-10 04:34:32 -07:00
|
|
|
trans('general.groups'),
|
2024-05-30 05:59:00 -07:00
|
|
|
trans('general.permissions'),
|
2018-08-28 12:37:58 -07:00
|
|
|
trans('general.notes'),
|
|
|
|
|
trans('admin/users/table.activated'),
|
2021-06-10 13:15:52 -07:00
|
|
|
trans('general.created_at'),
|
2016-10-25 02:41:34 -07:00
|
|
|
];
|
|
|
|
|
|
2018-08-28 12:37:58 -07:00
|
|
|
fputcsv($handle, $headers);
|
|
|
|
|
|
|
|
|
|
foreach ($users as $user) {
|
|
|
|
|
$user_groups = '';
|
|
|
|
|
|
|
|
|
|
foreach ($user->groups as $user_group) {
|
|
|
|
|
$user_groups .= $user_group->name.', ';
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-23 12:31:37 -07:00
|
|
|
|
2024-04-17 16:16:25 -07:00
|
|
|
$permissionstring = "";
|
2024-05-30 05:59:00 -07:00
|
|
|
|
|
|
|
|
if($user->isSuperUser()) {
|
2024-04-22 16:16:14 -07:00
|
|
|
$permissionstring = trans('general.superuser');
|
2024-04-17 16:16:25 -07:00
|
|
|
}
|
2024-05-30 05:59:00 -07:00
|
|
|
elseif($user->hasAccess('admin')) {
|
2024-04-22 16:16:14 -07:00
|
|
|
$permissionstring = trans('general.admin');
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$permissionstring = trans('general.user');
|
2024-04-17 16:16:25 -07:00
|
|
|
}
|
2024-02-20 15:25:41 -08:00
|
|
|
|
2018-08-28 12:37:58 -07:00
|
|
|
// Add a new row with data
|
|
|
|
|
$values = [
|
|
|
|
|
$user->id,
|
|
|
|
|
($user->company) ? $user->company->name : '',
|
|
|
|
|
$user->jobtitle,
|
|
|
|
|
$user->employee_num,
|
|
|
|
|
$user->present()->fullName(),
|
|
|
|
|
$user->username,
|
|
|
|
|
$user->email,
|
|
|
|
|
($user->manager) ? $user->manager->present()->fullName() : '',
|
|
|
|
|
($user->userloc) ? $user->userloc->name : '',
|
|
|
|
|
($user->department) ? $user->department->name : '',
|
|
|
|
|
$user->assets->count(),
|
|
|
|
|
$user->licenses->count(),
|
|
|
|
|
$user->accessories->count(),
|
|
|
|
|
$user->consumables->count(),
|
|
|
|
|
$user_groups,
|
2024-04-17 16:16:25 -07:00
|
|
|
$permissionstring,
|
2018-08-28 12:37:58 -07:00
|
|
|
$user->notes,
|
2021-06-10 13:15:52 -07:00
|
|
|
($user->activated == '1') ? trans('general.yes') : trans('general.no'),
|
2018-08-28 12:37:58 -07:00
|
|
|
$user->created_at,
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
fputcsv($handle, $values);
|
|
|
|
|
}
|
|
|
|
|
});
|
2016-10-25 02:41:34 -07:00
|
|
|
|
|
|
|
|
// Close the output stream
|
|
|
|
|
fclose($handle);
|
|
|
|
|
}, 200, [
|
2018-08-28 12:37:58 -07:00
|
|
|
'Content-Type' => 'text/csv; charset=UTF-8',
|
2016-10-25 02:41:34 -07:00
|
|
|
'Content-Disposition' => 'attachment; filename="users-'.date('Y-m-d-his').'.csv"',
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
return $response;
|
|
|
|
|
}
|
2016-10-29 05:50:55 -07:00
|
|
|
|
2017-12-05 01:55:24 -08:00
|
|
|
/**
|
2022-10-04 15:45:25 -07:00
|
|
|
* Print inventory
|
2017-12-05 01:55:24 -08:00
|
|
|
*
|
|
|
|
|
* @author Aladin Alaily
|
|
|
|
|
* @since [v1.8]
|
|
|
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
|
|
|
*/
|
2017-12-06 11:17:42 -08:00
|
|
|
public function printInventory($id)
|
2017-12-05 01:55:24 -08:00
|
|
|
{
|
2018-10-19 16:46:46 -07:00
|
|
|
$this->authorize('view', User::class);
|
2024-04-10 04:34:32 -07:00
|
|
|
$show_user = Company::scopeCompanyables(User::where('id', $id)->withTrashed()->first());
|
2024-04-17 02:57:49 -07:00
|
|
|
|
|
|
|
|
// Make sure they can view this particular user
|
|
|
|
|
$this->authorize('view', $show_user);
|
|
|
|
|
|
2017-12-05 12:34:16 -08:00
|
|
|
$assets = Asset::where('assigned_to', $id)->where('assigned_type', User::class)->with('model', 'model.category')->get();
|
2017-12-06 11:17:42 -08:00
|
|
|
$accessories = $show_user->accessories()->get();
|
|
|
|
|
$consumables = $show_user->consumables()->get();
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2018-07-24 19:35:26 -07:00
|
|
|
return view('users/print')->with('assets', $assets)
|
|
|
|
|
->with('licenses', $show_user->licenses()->get())
|
|
|
|
|
->with('accessories', $accessories)
|
|
|
|
|
->with('consumables', $consumables)
|
2019-12-06 10:57:48 -08:00
|
|
|
->with('show_user', $show_user)
|
|
|
|
|
->with('settings', Setting::getSettings());
|
2017-12-05 01:55:24 -08:00
|
|
|
}
|
2022-06-29 13:01:29 -07:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Emails user a list of assigned assets
|
|
|
|
|
*
|
|
|
|
|
* @author [G. Martinez] [<godmartinz@gmail.com>]
|
|
|
|
|
* @since [v6.0.5]
|
|
|
|
|
* @param \App\Http\Controllers\Users\UsersController $id
|
|
|
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
|
|
|
*/
|
2022-06-29 11:15:15 -07:00
|
|
|
public function emailAssetList($id)
|
|
|
|
|
{
|
|
|
|
|
$this->authorize('view', User::class);
|
|
|
|
|
|
2024-04-17 02:57:49 -07:00
|
|
|
$user = Company::scopeCompanyables(User::find($id));
|
|
|
|
|
|
|
|
|
|
// Make sure they can view this particular user
|
|
|
|
|
$this->authorize('view', $user);
|
|
|
|
|
|
|
|
|
|
if ($user) {
|
|
|
|
|
|
|
|
|
|
if (empty($user->email)) {
|
|
|
|
|
return redirect()->back()->with('error', trans('admin/users/message.user_has_no_email'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$user->notify((new CurrentInventory($user)));
|
|
|
|
|
return redirect()->back()->with('success', trans('admin/users/general.user_notified'));
|
2022-07-11 18:02:10 -07:00
|
|
|
}
|
2022-06-29 11:15:15 -07:00
|
|
|
|
2024-04-17 02:57:49 -07:00
|
|
|
return redirect()->back()->with('error', trans('admin/users/message.user_not_found', ['id' => $id]));
|
|
|
|
|
|
2022-06-29 11:15:15 -07:00
|
|
|
}
|
2021-05-26 15:32:23 -07:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Send individual password reset email
|
|
|
|
|
*
|
|
|
|
|
* @author A. Gianotto
|
|
|
|
|
* @since [v5.0.15]
|
|
|
|
|
* @return \Illuminate\Http\RedirectResponse
|
|
|
|
|
*/
|
2021-06-10 13:15:52 -07:00
|
|
|
public function sendPasswordReset($id)
|
|
|
|
|
{
|
2024-04-10 04:34:32 -07:00
|
|
|
if (($user = Company::scopeCompanyables(User::find($id))) && ($user->activated == '1') && ($user->email != '') && ($user->ldap_import == '0')) {
|
2022-03-04 06:18:52 -08:00
|
|
|
$credentials = ['email' => trim($user->email)];
|
2021-05-26 15:32:23 -07:00
|
|
|
|
|
|
|
|
try {
|
2022-05-16 12:07:18 -07:00
|
|
|
|
|
|
|
|
Password::sendResetLink($credentials);
|
2021-06-10 13:15:52 -07:00
|
|
|
return redirect()->back()->with('success', trans('admin/users/message.password_reset_sent', ['email' => $user->email]));
|
2024-04-17 02:57:49 -07:00
|
|
|
|
2021-05-26 15:32:23 -07:00
|
|
|
} catch (\Exception $e) {
|
2024-04-17 02:57:49 -07:00
|
|
|
return redirect()->back()->with('error', trans('general.error_sending_email'));
|
2021-05-26 15:32:23 -07:00
|
|
|
}
|
|
|
|
|
}
|
2021-06-10 13:15:52 -07:00
|
|
|
|
2024-04-17 02:57:49 -07:00
|
|
|
return redirect()->back()->with('error', trans('general.pwd_reset_not_sent'));
|
2021-05-26 15:32:23 -07:00
|
|
|
}
|
2023-04-20 21:59:55 -07:00
|
|
|
}
|
