BookStack/app/Http/Controllers/AttachmentController.php

223 lines
7.4 KiB
PHP
Raw Normal View History

<?php namespace BookStack\Http\Controllers;
use BookStack\Exceptions\FileUploadException;
2016-11-12 09:12:26 -05:00
use BookStack\Attachment;
use BookStack\Exceptions\NotFoundException;
2017-01-01 11:05:44 -05:00
use BookStack\Repos\EntityRepo;
2016-11-12 09:12:26 -05:00
use BookStack\Services\AttachmentService;
use Illuminate\Http\Request;
2016-11-12 09:12:26 -05:00
class AttachmentController extends Controller
{
2016-11-12 09:12:26 -05:00
protected $attachmentService;
protected $attachment;
2017-01-01 11:05:44 -05:00
protected $entityRepo;
/**
2016-11-12 09:12:26 -05:00
* AttachmentController constructor.
* @param AttachmentService $attachmentService
* @param Attachment $attachment
* @param EntityRepo $entityRepo
*/
public function __construct(AttachmentService $attachmentService, Attachment $attachment, EntityRepo $entityRepo)
{
2016-11-12 09:12:26 -05:00
$this->attachmentService = $attachmentService;
$this->attachment = $attachment;
2017-01-01 11:05:44 -05:00
$this->entityRepo = $entityRepo;
2016-11-12 09:12:26 -05:00
parent::__construct();
}
/**
2016-11-12 09:12:26 -05:00
* Endpoint at which attachments are uploaded to.
* @param Request $request
2016-11-12 09:12:26 -05:00
* @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response
*/
public function upload(Request $request)
{
$this->validate($request, [
'uploaded_to' => 'required|integer|exists:pages,id',
'file' => 'required|file'
]);
$pageId = $request->get('uploaded_to');
2017-01-01 11:05:44 -05:00
$page = $this->entityRepo->getById('page', $pageId, true);
2016-11-12 09:12:26 -05:00
$this->checkPermission('attachment-create-all');
$this->checkOwnablePermission('page-update', $page);
$uploadedFile = $request->file('file');
try {
2016-11-12 09:12:26 -05:00
$attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
} catch (FileUploadException $e) {
return response($e->getMessage(), 500);
}
2016-11-12 09:12:26 -05:00
return response()->json($attachment);
}
/**
2016-11-12 09:12:26 -05:00
* Update an uploaded attachment.
* @param int $attachmentId
* @param Request $request
* @return mixed
*/
2016-11-12 09:12:26 -05:00
public function uploadUpdate($attachmentId, Request $request)
{
$this->validate($request, [
'uploaded_to' => 'required|integer|exists:pages,id',
'file' => 'required|file'
]);
$pageId = $request->get('uploaded_to');
2017-01-01 11:05:44 -05:00
$page = $this->entityRepo->getById('page', $pageId, true);
2016-11-12 09:12:26 -05:00
$attachment = $this->attachment->findOrFail($attachmentId);
$this->checkOwnablePermission('page-update', $page);
2016-11-12 09:12:26 -05:00
$this->checkOwnablePermission('attachment-create', $attachment);
2016-11-12 09:12:26 -05:00
if (intval($pageId) !== intval($attachment->uploaded_to)) {
2016-12-04 11:51:39 -05:00
return $this->jsonError(trans('errors.attachment_page_mismatch'));
}
$uploadedFile = $request->file('file');
try {
2016-11-12 09:12:26 -05:00
$attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
} catch (FileUploadException $e) {
return response($e->getMessage(), 500);
}
2016-11-12 09:12:26 -05:00
return response()->json($attachment);
}
/**
* Update the details of an existing file.
2016-11-12 09:12:26 -05:00
* @param $attachmentId
* @param Request $request
2016-11-12 09:12:26 -05:00
* @return Attachment|mixed
*/
2016-11-12 09:12:26 -05:00
public function update($attachmentId, Request $request)
{
$this->validate($request, [
'uploaded_to' => 'required|integer|exists:pages,id',
'name' => 'required|string|min:1|max:255',
'link' => 'url|min:1|max:255'
]);
$pageId = $request->get('uploaded_to');
2017-01-01 11:05:44 -05:00
$page = $this->entityRepo->getById('page', $pageId, true);
2016-11-12 09:12:26 -05:00
$attachment = $this->attachment->findOrFail($attachmentId);
$this->checkOwnablePermission('page-update', $page);
2016-11-12 09:12:26 -05:00
$this->checkOwnablePermission('attachment-create', $attachment);
2016-11-12 09:12:26 -05:00
if (intval($pageId) !== intval($attachment->uploaded_to)) {
2016-12-04 11:51:39 -05:00
return $this->jsonError(trans('errors.attachment_page_mismatch'));
}
2016-11-12 09:12:26 -05:00
$attachment = $this->attachmentService->updateFile($attachment, $request->all());
return response()->json($attachment);
}
/**
2016-11-12 09:12:26 -05:00
* Attach a link to a page.
* @param Request $request
* @return mixed
*/
public function attachLink(Request $request)
{
$this->validate($request, [
'uploaded_to' => 'required|integer|exists:pages,id',
'name' => 'required|string|min:1|max:255',
'link' => 'required|url|min:1|max:255'
]);
$pageId = $request->get('uploaded_to');
2017-01-01 11:05:44 -05:00
$page = $this->entityRepo->getById('page', $pageId, true);
2016-11-12 09:12:26 -05:00
$this->checkPermission('attachment-create-all');
$this->checkOwnablePermission('page-update', $page);
2016-11-12 09:12:26 -05:00
$attachmentName = $request->get('name');
$link = $request->get('link');
2016-11-12 09:12:26 -05:00
$attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
2016-11-12 09:12:26 -05:00
return response()->json($attachment);
}
/**
2016-11-12 09:12:26 -05:00
* Get the attachments for a specific page.
* @param $pageId
* @return mixed
*/
public function listForPage($pageId)
{
2017-01-01 11:05:44 -05:00
$page = $this->entityRepo->getById('page', $pageId, true);
$this->checkOwnablePermission('page-view', $page);
2016-11-12 09:21:54 -05:00
return response()->json($page->attachments);
}
/**
2016-11-12 09:12:26 -05:00
* Update the attachment sorting.
* @param $pageId
* @param Request $request
* @return mixed
*/
public function sortForPage($pageId, Request $request)
{
$this->validate($request, [
'files' => 'required|array',
'files.*.id' => 'required|integer',
]);
2017-01-01 11:05:44 -05:00
$page = $this->entityRepo->getById('page', $pageId);
$this->checkOwnablePermission('page-update', $page);
2016-11-12 09:12:26 -05:00
$attachments = $request->get('files');
$this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
2016-12-04 11:51:39 -05:00
return response()->json(['message' => trans('entities.attachments_order_updated')]);
}
/**
2016-11-12 09:12:26 -05:00
* Get an attachment from storage.
* @param $attachmentId
* @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Symfony\Component\HttpFoundation\Response
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
2016-11-12 09:12:26 -05:00
public function get($attachmentId)
{
2016-11-12 09:12:26 -05:00
$attachment = $this->attachment->findOrFail($attachmentId);
2017-01-01 11:05:44 -05:00
$page = $this->entityRepo->getById('page', $attachment->uploaded_to);
if ($page === null) {
throw new NotFoundException(trans('errors.attachment_not_found'));
}
$this->checkOwnablePermission('page-view', $page);
2016-11-12 09:12:26 -05:00
if ($attachment->external) {
return redirect($attachment->path);
}
2016-11-12 09:12:26 -05:00
$attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
return response($attachmentContents, 200, [
'Content-Type' => 'application/octet-stream',
2016-11-12 09:12:26 -05:00
'Content-Disposition' => 'attachment; filename="'. $attachment->getFileName() .'"'
]);
}
/**
2016-11-12 09:12:26 -05:00
* Delete a specific attachment in the system.
* @param $attachmentId
* @return mixed
* @throws \Exception
*/
2016-11-12 09:12:26 -05:00
public function delete($attachmentId)
{
2016-11-12 09:12:26 -05:00
$attachment = $this->attachment->findOrFail($attachmentId);
$this->checkOwnablePermission('attachment-delete', $attachment);
$this->attachmentService->deleteFile($attachment);
2016-12-04 11:51:39 -05:00
return response()->json(['message' => trans('entities.attachments_deleted')]);
}
}