BookStack/app/Http/Controllers/AttachmentController.php

<?php namespace BookStack\Http\Controllers;

use BookStack\Exceptions\FileUploadException;
use BookStack\Attachment;
use BookStack\Repos\PageRepo;
use BookStack\Services\AttachmentService;
use Illuminate\Http\Request;

class AttachmentController extends Controller
{
    protected $attachmentService;
    protected $attachment;
    protected $pageRepo;

    /**
     * AttachmentController constructor.
     * @param AttachmentService $attachmentService
     * @param Attachment $attachment
     * @param PageRepo $pageRepo
     */
    public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo)
    {
        $this->attachmentService = $attachmentService;
        $this->attachment = $attachment;
        $this->pageRepo = $pageRepo;
        parent::__construct();
    }


    /**
     * Endpoint at which attachments are uploaded to.
     * @param Request $request
     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response
     */
    public function upload(Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'file' => 'required|file'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->pageRepo->getById($pageId, true);

        $this->checkPermission('attachment-create-all');
        $this->checkOwnablePermission('page-update', $page);

        $uploadedFile = $request->file('file');

        try {
            $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
        } catch (FileUploadException $e) {
            return response($e->getMessage(), 500);
        }

        return response()->json($attachment);
    }

    /**
     * Update an uploaded attachment.
     * @param int $attachmentId
     * @param Request $request
     * @return mixed
     */
    public function uploadUpdate($attachmentId, Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'file' => 'required|file'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->pageRepo->getById($pageId, true);
        $attachment = $this->attachment->findOrFail($attachmentId);

        $this->checkOwnablePermission('page-update', $page);
        $this->checkOwnablePermission('attachment-create', $attachment);
        
        if (intval($pageId) !== intval($attachment->uploaded_to)) {
            return $this->jsonError('Page mismatch during attached file update');
        }

        $uploadedFile = $request->file('file');

        try {
            $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
        } catch (FileUploadException $e) {
            return response($e->getMessage(), 500);
        }

        return response()->json($attachment);
    }

    /**
     * Update the details of an existing file.
     * @param $attachmentId
     * @param Request $request
     * @return Attachment|mixed
     */
    public function update($attachmentId, Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'name' => 'required|string|min:1|max:255',
            'link' =>  'url|min:1|max:255'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->pageRepo->getById($pageId, true);
        $attachment = $this->attachment->findOrFail($attachmentId);

        $this->checkOwnablePermission('page-update', $page);
        $this->checkOwnablePermission('attachment-create', $attachment);

        if (intval($pageId) !== intval($attachment->uploaded_to)) {
            return $this->jsonError('Page mismatch during attachment update');
        }

        $attachment = $this->attachmentService->updateFile($attachment, $request->all());
        return $attachment;
    }

    /**
     * Attach a link to a page.
     * @param Request $request
     * @return mixed
     */
    public function attachLink(Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'name' => 'required|string|min:1|max:255',
            'link' =>  'required|url|min:1|max:255'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->pageRepo->getById($pageId, true);

        $this->checkPermission('attachment-create-all');
        $this->checkOwnablePermission('page-update', $page);

        $attachmentName = $request->get('name');
        $link = $request->get('link');
        $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);

        return response()->json($attachment);
    }

    /**
     * Get the attachments for a specific page.
     * @param $pageId
     * @return mixed
     */
    public function listForPage($pageId)
    {
        $page = $this->pageRepo->getById($pageId, true);
        $this->checkOwnablePermission('page-view', $page);
        return response()->json($page->attachments);
    }

    /**
     * Update the attachment sorting.
     * @param $pageId
     * @param Request $request
     * @return mixed
     */
    public function sortForPage($pageId, Request $request)
    {
        $this->validate($request, [
            'files' => 'required|array',
            'files.*.id' => 'required|integer',
        ]);
        $page = $this->pageRepo->getById($pageId);
        $this->checkOwnablePermission('page-update', $page);

        $attachments = $request->get('files');
        $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
        return response()->json(['message' => 'Attachment order updated']);
    }

    /**
     * Get an attachment from storage.
     * @param $attachmentId
     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Symfony\Component\HttpFoundation\Response
     */
    public function get($attachmentId)
    {
        $attachment = $this->attachment->findOrFail($attachmentId);
        $page = $this->pageRepo->getById($attachment->uploaded_to);
        $this->checkOwnablePermission('page-view', $page);

        if ($attachment->external) {
            return redirect($attachment->path);
        }

        $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
        return response($attachmentContents, 200, [
            'Content-Type' => 'application/octet-stream',
            'Content-Disposition' => 'attachment; filename="'. $attachment->getFileName() .'"'
        ]);
    }

    /**
     * Delete a specific attachment in the system.
     * @param $attachmentId
     * @return mixed
     */
    public function delete($attachmentId)
    {
        $attachment = $this->attachment->findOrFail($attachmentId);
        $this->checkOwnablePermission('attachment-delete', $attachment);
        $this->attachmentService->deleteFile($attachment);
        return response()->json(['message' => 'Attachment deleted']);
    }
}
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`<?php namespace BookStack\Http\Controllers;`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00
			`use BookStack\Exceptions\FileUploadException;`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`use BookStack\Attachment;`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`use BookStack\Repos\PageRepo;`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`use BookStack\Services\AttachmentService;`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`use Illuminate\Http\Request;`

Renamed files to attachments 2016-11-12 14:12:26 +00:00			`class AttachmentController extends Controller`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`{`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`protected $attachmentService;`
			`protected $attachment;`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`protected $pageRepo;`

			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* AttachmentController constructor.`
			`* @param AttachmentService $attachmentService`
			`* @param Attachment $attachment`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`* @param PageRepo $pageRepo`
			`*/`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo)`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`{`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$this->attachmentService = $attachmentService;`
			`$this->attachment = $attachment;`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`$this->pageRepo = $pageRepo;`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`parent::__construct();`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`}`


			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* Endpoint at which attachments are uploaded to.`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`* @param Request $request`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* @return \Illuminate\Contracts\Routing\ResponseFactory\|\Illuminate\Http\JsonResponse\|\Symfony\Component\HttpFoundation\Response`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`*/`
			`public function upload(Request $request)`
			`{`
			`$this->validate($request, [`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
			`'file' => 'required\|file'`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`]);`

			`$pageId = $request->get('uploaded_to');`
Fixed attachments on draft pages 2016-11-12 14:21:54 +00:00			`$page = $this->pageRepo->getById($pageId, true);`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$this->checkPermission('attachment-create-all');`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`$this->checkOwnablePermission('page-update', $page);`

			`$uploadedFile = $request->file('file');`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00
			`try {`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`} catch (FileUploadException $e) {`
			`return response($e->getMessage(), 500);`
			`}`

Renamed files to attachments 2016-11-12 14:12:26 +00:00			`return response()->json($attachment);`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`}`

Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* Update an uploaded attachment.`
			`* @param int $attachmentId`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`* @param Request $request`
			`* @return mixed`
			`*/`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`public function uploadUpdate($attachmentId, Request $request)`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`{`
			`$this->validate($request, [`
			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
			`'file' => 'required\|file'`
			`]);`

			`$pageId = $request->get('uploaded_to');`
Fixed attachments on draft pages 2016-11-12 14:21:54 +00:00			`$page = $this->pageRepo->getById($pageId, true);`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00
			`$this->checkOwnablePermission('page-update', $page);`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$this->checkOwnablePermission('attachment-create', $attachment);`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`if (intval($pageId) !== intval($attachment->uploaded_to)) {`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`return $this->jsonError('Page mismatch during attached file update');`
			`}`

			`$uploadedFile = $request->file('file');`

			`try {`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`} catch (FileUploadException $e) {`
			`return response($e->getMessage(), 500);`
			`}`

Renamed files to attachments 2016-11-12 14:12:26 +00:00			`return response()->json($attachment);`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`}`

			`/**`
			`* Update the details of an existing file.`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* @param $attachmentId`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`* @param Request $request`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* @return Attachment\|mixed`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`*/`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`public function update($attachmentId, Request $request)`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`{`
			`$this->validate($request, [`
			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
Page Attachments - Improved UI, Now initially complete Closes #62 2016-10-23 16:55:48 +00:00			`'name' => 'required\|string\|min:1\|max:255',`
			`'link' => 'url\|min:1\|max:255'`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`]);`

			`$pageId = $request->get('uploaded_to');`
Fixed attachments on draft pages 2016-11-12 14:21:54 +00:00			`$page = $this->pageRepo->getById($pageId, true);`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00
			`$this->checkOwnablePermission('page-update', $page);`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$this->checkOwnablePermission('attachment-create', $attachment);`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`if (intval($pageId) !== intval($attachment->uploaded_to)) {`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`return $this->jsonError('Page mismatch during attachment update');`
			`}`

Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachmentService->updateFile($attachment, $request->all());`
			`return $attachment;`
Added basic attachment editing functionality 2016-10-11 19:39:11 +00:00			`}`

Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* Attach a link to a page.`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`* @param Request $request`
			`* @return mixed`
			`*/`
			`public function attachLink(Request $request)`
			`{`
			`$this->validate($request, [`
			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
Page Attachments - Improved UI, Now initially complete Closes #62 2016-10-23 16:55:48 +00:00			`'name' => 'required\|string\|min:1\|max:255',`
			`'link' => 'required\|url\|min:1\|max:255'`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`]);`

			`$pageId = $request->get('uploaded_to');`
Fixed attachments on draft pages 2016-11-12 14:21:54 +00:00			`$page = $this->pageRepo->getById($pageId, true);`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$this->checkPermission('attachment-create-all');`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`$this->checkOwnablePermission('page-update', $page);`

Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachmentName = $request->get('name');`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`$link = $request->get('link');`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`return response()->json($attachment);`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`}`

Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* Get the attachments for a specific page.`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`* @param $pageId`
			`* @return mixed`
			`*/`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`public function listForPage($pageId)`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`{`
Fixed attachments on draft pages 2016-11-12 14:21:54 +00:00			`$page = $this->pageRepo->getById($pageId, true);`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`$this->checkOwnablePermission('page-view', $page);`
Fixed attachments on draft pages 2016-11-12 14:21:54 +00:00			`return response()->json($page->attachments);`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`}`

			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* Update the attachment sorting.`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`* @param $pageId`
			`* @param Request $request`
			`* @return mixed`
			`*/`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`public function sortForPage($pageId, Request $request)`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`{`
			`$this->validate($request, [`
			`'files' => 'required\|array',`
			`'files.*.id' => 'required\|integer',`
			`]);`
			`$page = $this->pageRepo->getById($pageId);`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`$this->checkOwnablePermission('page-update', $page);`

Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachments = $request->get('files');`
			`$this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`return response()->json(['message' => 'Attachment order updated']);`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`}`

Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* Get an attachment from storage.`
			`* @param $attachmentId`
			`* @return \Illuminate\Contracts\Routing\ResponseFactory\|\Illuminate\Http\RedirectResponse\|\Illuminate\Routing\Redirector\|\Symfony\Component\HttpFoundation\Response`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`*/`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`public function get($attachmentId)`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`{`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
			`$page = $this->pageRepo->getById($attachment->uploaded_to);`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`$this->checkOwnablePermission('page-view', $page);`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`if ($attachment->external) {`
			`return redirect($attachment->path);`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`}`

Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);`
			`return response($attachmentContents, 200, [`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`'Content-Type' => 'application/octet-stream',`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`'Content-Disposition' => 'attachment; filename="'. $attachment->getFileName() .'"'`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`]);`
			`}`

			`/**`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`* Delete a specific attachment in the system.`
			`* @param $attachmentId`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`* @return mixed`
			`*/`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`public function delete($attachmentId)`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`{`
Renamed files to attachments 2016-11-12 14:12:26 +00:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
			`$this->checkOwnablePermission('attachment-delete', $attachment);`
			`$this->attachmentService->deleteFile($attachment);`
Added attachment creation from link/name 2016-10-10 20:13:18 +00:00			`return response()->json(['message' => 'Attachment deleted']);`
Added view, deletion and permissions for files 2016-10-10 19:30:27 +00:00			`}`
Started work on attachments Created base models and started user-facing controls. 2016-10-09 17:58:22 +00:00			`}`