Page MenuHomePhorge
Differential D1942 Diff 5398 src/app/Http/Controllers/API/V4/UsersController.php

Changeset View

Standalone View

View Options

src/app/Http/Controllers/API/V4/UsersController.php

Show All 11 Lines
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Str; use Illuminate\Support\Str;
class UsersController extends Controller class UsersController extends Controller
{ {
// List of user settings keys available for modification in UI /** @const array List of user setting keys available for modification in UI */
public const USER_SETTINGS = [ public const USER_SETTINGS = [
'billing_address', 'billing_address',
'country', 'country',
'currency', 'currency',
'external_email', 'external_email',
'first_name', 'first_name',
'last_name', 'last_name',
'organization', 'organization',
'phone', 'phone',
]; ];
/** /**
* On user create it is filled with a user object to force-delete
* before the creation of a new user record is possible.
*
* @var \App\User|null
*/
protected $deleteBeforeCreate;
/**
* Delete a user. * Delete a user.
* *
* @param int $id User identifier * @param int $id User identifier
* *
* @return \Illuminate\Http\JsonResponse The response * @return \Illuminate\Http\JsonResponse The response
*/ */
public function destroy($id) public function destroy($id)
{ {
▲ Show 20 LinesShow All 224 Lines▼ Show 20 Lines// 'cost' => $ent->cost,
{ {
$current_user = $this->guard()->user(); $current_user = $this->guard()->user();
$owner = $current_user->wallet()->owner; $owner = $current_user->wallet()->owner;
if ($owner->id != $current_user->id) { if ($owner->id != $current_user->id) {
return $this->errorResponse(403); return $this->errorResponse(403);
} }
$this->deleteBeforeCreate = null;
if ($error_response = $this->validateUserRequest($request, null, $settings)) { if ($error_response = $this->validateUserRequest($request, null, $settings)) {
return $error_response; return $error_response;
} }
if (empty($request->package) || !($package = \App\Package::find($request->package))) { if (empty($request->package) || !($package = \App\Package::find($request->package))) {
$errors = ['package' => \trans('validation.packagerequired')]; $errors = ['package' => \trans('validation.packagerequired')];
return response()->json(['status' => 'error', 'errors' => $errors], 422); return response()->json(['status' => 'error', 'errors' => $errors], 422);
} }
if ($package->isDomain()) { if ($package->isDomain()) {
$errors = ['package' => \trans('validation.packageinvalid')]; $errors = ['package' => \trans('validation.packageinvalid')];
return response()->json(['status' => 'error', 'errors' => $errors], 422); return response()->json(['status' => 'error', 'errors' => $errors], 422);
} }
DB::beginTransaction(); DB::beginTransaction();
if ($this->deleteBeforeCreate) {
$this->deleteBeforeCreate->forceDelete();
}
// Create user record // Create user record
$user = User::create([ $user = User::create([
'email' => $request->email, 'email' => $request->email,
'password' => $request->password, 'password' => $request->password,
]); ]);
$owner->assignPackage($package, $user); $owner->assignPackage($package, $user);
▲ Show 20 LinesShow All 252 Lines▼ Show 20 Lines protected function validateUserRequest(Request $request, $user, &$settings = [])
$controller = $user ? $user->wallet()->owner : $this->guard()->user(); $controller = $user ? $user->wallet()->owner : $this->guard()->user();
// For new user validate email address // For new user validate email address
if (empty($user)) { if (empty($user)) {
$email = $request->email; $email = $request->email;
if (empty($email)) { if (empty($email)) {
$errors['email'] = \trans('validation.required', ['attribute' => 'email']); $errors['email'] = \trans('validation.required', ['attribute' => 'email']);
} elseif ($error = self::validateEmail($email, $controller)) { } elseif ($error = self::validateEmail($email, $controller, $this->deleteBeforeCreate)) {
$errors['email'] = $error; $errors['email'] = $error;
} }
} }
// Validate aliases input // Validate aliases input
if (isset($request->aliases)) { if (isset($request->aliases)) {
$aliases = []; $aliases = [];
$existing_aliases = $user ? $user->aliases()->get()->pluck('alias')->toArray() : []; $existing_aliases = $user ? $user->aliases()->get()->pluck('alias')->toArray() : [];
▲ Show 20 LinesShow All 86 Lines▼ Show 20 Lines public static function execProcessStep(User $user, string $step): ?bool
} }
return false; return false;
} }
/** /**
* Email address validation for use as a user mailbox (login). * Email address validation for use as a user mailbox (login).
* *
* @param string $email Email address * @param string $email Email address
* @param \App\User $user The account owner * @param \App\User $user The account owner
* @param ?\App\User $deleted Filled with an instance of a deleted user with
* the specified email address, if exists
* *
* @return ?string Error message on validation error * @return ?string Error message on validation error
*/ */
public static function validateEmail(string $email, \App\User $user): ?string public static function validateEmail(string $email, \App\User $user, &$deleted = null): ?string
{ {
$deleted = null;
if (strpos($email, '@') === false) { if (strpos($email, '@') === false) {
return \trans('validation.entryinvalid', ['attribute' => 'email']); return \trans('validation.entryinvalid', ['attribute' => 'email']);
} }
list($login, $domain) = explode('@', Str::lower($email)); list($login, $domain) = explode('@', Str::lower($email));
if (strlen($login) === 0 || strlen($domain) === 0) { if (strlen($login) === 0 || strlen($domain) === 0) {
return \trans('validation.entryinvalid', ['attribute' => 'email']); return \trans('validation.entryinvalid', ['attribute' => 'email']);
Show All 19 Lines public static function validateEmail(string $email, \App\User $user, &$deleted = null): ?string
// Check if it is one of domains available to the user // Check if it is one of domains available to the user
$domains = \collect($user->domains())->pluck('namespace')->all(); $domains = \collect($user->domains())->pluck('namespace')->all();
if (!in_array($domain->namespace, $domains)) { if (!in_array($domain->namespace, $domains)) {
return \trans('validation.entryexists', ['attribute' => 'domain']); return \trans('validation.entryexists', ['attribute' => 'domain']);
} }
// Check if a user with specified address already exists // Check if a user with specified address already exists
if (User::emailExists($email)) { if ($existing_user = User::emailExists($email, true)) {
// TODO: Allow force-delete if this is a deleted user in the same custom domain // If this is a deleted user in the same custom domain
// we'll force delete him before
if (!$domain->isPublic() && $existing_user->trashed()) {
$deleted = $existing_user;
} else {
return \trans('validation.entryexists', ['attribute' => 'email']); return \trans('validation.entryexists', ['attribute' => 'email']);
} }
}
// Check if an alias with specified address already exists. // Check if an alias with specified address already exists.
if (User::aliasExists($email)) { if (User::aliasExists($email)) {
return \trans('validation.entryexists', ['attribute' => 'email']); return \trans('validation.entryexists', ['attribute' => 'email']);
} }
return null; return null;
} }
▲ Show 20 LinesShow All 65 LinesShow Last 20 Lines