/** * @param UploadAvatar $command * @return \Flarum\Core\Users\User * @throws \Flarum\Core\Exceptions\PermissionDeniedException */ public function handle(UploadAvatar $command) { $actor = $command->actor; $user = $this->users->findOrFail($command->userId); // Make sure the current user is allowed to edit the user profile. // This will let admins and the user themselves pass through, and // throw an exception otherwise. if ($actor->id !== $user->id) { $user->assertCan($actor, 'edit'); } $tmpFile = tempnam(sys_get_temp_dir(), 'avatar'); $command->file->moveTo($tmpFile); $manager = new ImageManager(); $manager->make($tmpFile)->fit(100, 100)->save(); event(new AvatarWillBeSaved($user, $actor, $tmpFile)); $mount = new MountManager(['source' => new Filesystem(new Local(pathinfo($tmpFile, PATHINFO_DIRNAME))), 'target' => $this->uploadDir]); if ($user->avatar_path && $mount->has($file = "target://{$user->avatar_path}")) { $mount->delete($file); } $uploadName = Str::lower(Str::quickRandom()) . '.jpg'; $user->changeAvatarPath($uploadName); $mount->move("source://" . pathinfo($tmpFile, PATHINFO_BASENAME), "target://{$uploadName}"); $user->save(); $this->dispatchEventsFor($user); return $user; }
/** * Get a single user, ready to be serialized and assigned to the JsonApi * response. * * @param JsonApiRequest $request * @param Document $document * @return \Flarum\Core\Users\User */ protected function data(JsonApiRequest $request, Document $document) { $id = $request->get('id'); if (!is_numeric($id)) { $id = $this->users->getIdForUsername($id); } return $this->users->findOrFail($id, $request->actor); }
/** * @param EditUser $command * @return User * @throws \Flarum\Core\Exceptions\PermissionDeniedException */ public function handle(EditUser $command) { $actor = $command->actor; $data = $command->data; $user = $this->users->findOrFail($command->userId, $actor); $isSelf = $actor->id === $user->id; $attributes = array_get($data, 'attributes', []); $relationships = array_get($data, 'relationships', []); if (isset($attributes['username'])) { $user->assertCan($actor, 'edit'); $user->rename($attributes['username']); } if (isset($attributes['email'])) { if ($isSelf) { $user->requestEmailChange($attributes['email']); } else { $user->assertCan($actor, 'edit'); $user->changeEmail($attributes['email']); } } if (isset($attributes['password'])) { $user->assertCan($actor, 'edit'); $user->changePassword($attributes['password']); } if (isset($attributes['bio'])) { if (!$isSelf) { $user->assertCan($actor, 'edit'); } $user->changeBio($attributes['bio']); } if (!empty($attributes['readTime'])) { $this->assert($isSelf); $user->markAllAsRead(); } if (!empty($attributes['preferences'])) { $this->assert($isSelf); foreach ($attributes['preferences'] as $k => $v) { $user->setPreference($k, $v); } } if (isset($relationships['groups']['data']) && is_array($relationships['groups']['data'])) { $user->assertCan($actor, 'edit'); $newGroupIds = []; foreach ($relationships['groups']['data'] as $group) { if ($id = array_get($group, 'id')) { $newGroupIds[] = $id; } } $user->raise(new UserGroupsWereChanged($user, $user->groups()->get()->all())); User::saved(function ($user) use($newGroupIds) { $user->groups()->sync($newGroupIds); }); } event(new UserWillBeSaved($user, $actor, $data)); $user->save(); $this->dispatchEventsFor($user); return $user; }
/** * @param DeleteUser $command * @return User * @throws \Flarum\Core\Exceptions\PermissionDeniedException */ public function handle(DeleteUser $command) { $actor = $command->actor; $user = $this->users->findOrFail($command->userId, $actor); $user->assertCan($actor, 'delete'); event(new UserWillBeDeleted($user, $actor, $command->data)); $user->delete(); $this->dispatchEventsFor($user); return $user; }
/** * @param Request $request * @param array $routeParams * @return JsonResponse|EmptyResponse */ public function handle(Request $request, array $routeParams = []) { $params = array_only($request->getAttributes(), ['identification', 'password']); $data = $this->apiClient->send(app('flarum.actor'), 'Flarum\\Api\\Actions\\TokenAction', $params)->getBody(); // TODO: The client needs to pass through exceptions(?) or the whole // response so we can look at the response code. For now if there isn't // any useful data we just assume it's a 401. if (isset($data->userId)) { // Extend the token's expiry to 2 weeks so that we can set a // remember cookie AccessToken::where('id', $data->token)->update(['expires_at' => new DateTime('+2 weeks')]); event(new UserLoggedIn($this->users->findOrFail($data->userId), $data->token)); return $this->withRememberCookie(new JsonResponse($data), $data->token); } else { return new EmptyResponse(401); } }
/** * @param DeleteAvatar $command * @return \Flarum\Core\Users\User */ public function handle(DeleteAvatar $command) { $actor = $command->actor; $user = $this->users->findOrFail($command->userId); // Make sure the current user is allowed to edit the user profile. // This will let admins and the user themselves pass through, and // throw an exception otherwise. if ($actor->id !== $user->id) { $user->assertCan($actor, 'edit'); } $avatarPath = $user->avatar_path; $user->changeAvatarPath(null); event(new AvatarWillBeDeleted($user, $actor)); if ($this->uploadDir->has($avatarPath)) { $this->uploadDir->delete($avatarPath); } $user->save(); $this->dispatchEventsFor($user); return $user; }