2020-11-22 09:56:19 -05:00
|
|
|
<?php
|
|
|
|
|
2023-05-17 12:56:55 -04:00
|
|
|
namespace BookStack\Entities\Controllers;
|
2020-11-22 09:56:19 -05:00
|
|
|
|
|
|
|
use BookStack\Entities\Models\Book;
|
|
|
|
use BookStack\Entities\Models\Chapter;
|
|
|
|
use BookStack\Entities\Models\Page;
|
|
|
|
use BookStack\Entities\Repos\PageRepo;
|
|
|
|
use BookStack\Exceptions\PermissionsException;
|
2023-05-18 15:53:39 -04:00
|
|
|
use BookStack\Http\ApiController;
|
2020-11-22 09:56:19 -05:00
|
|
|
use Exception;
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
|
|
|
|
class PageApiController extends ApiController
|
|
|
|
{
|
|
|
|
protected $rules = [
|
|
|
|
'create' => [
|
2021-11-04 20:26:55 -04:00
|
|
|
'book_id' => ['required_without:chapter_id', 'integer'],
|
|
|
|
'chapter_id' => ['required_without:book_id', 'integer'],
|
|
|
|
'name' => ['required', 'string', 'max:255'],
|
|
|
|
'html' => ['required_without:markdown', 'string'],
|
|
|
|
'markdown' => ['required_without:html', 'string'],
|
|
|
|
'tags' => ['array'],
|
2020-11-22 09:56:19 -05:00
|
|
|
],
|
|
|
|
'update' => [
|
2022-04-04 12:24:05 -04:00
|
|
|
'book_id' => ['integer'],
|
|
|
|
'chapter_id' => ['integer'],
|
2021-11-04 20:26:55 -04:00
|
|
|
'name' => ['string', 'min:1', 'max:255'],
|
|
|
|
'html' => ['string'],
|
|
|
|
'markdown' => ['string'],
|
|
|
|
'tags' => ['array'],
|
2020-11-22 09:56:19 -05:00
|
|
|
],
|
|
|
|
];
|
|
|
|
|
2023-06-20 12:07:46 -04:00
|
|
|
public function __construct(
|
|
|
|
protected PageRepo $pageRepo
|
|
|
|
) {
|
2020-11-22 09:56:19 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get a listing of pages visible to the user.
|
|
|
|
*/
|
|
|
|
public function list()
|
|
|
|
{
|
|
|
|
$pages = Page::visible();
|
2021-06-26 11:23:15 -04:00
|
|
|
|
2020-11-22 09:56:19 -05:00
|
|
|
return $this->apiListingResponse($pages, [
|
|
|
|
'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority',
|
|
|
|
'draft', 'template',
|
2021-01-03 17:29:58 -05:00
|
|
|
'created_at', 'updated_at',
|
|
|
|
'created_by', 'updated_by', 'owned_by',
|
2020-11-22 09:56:19 -05:00
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new page in the system.
|
2020-11-28 10:21:54 -05:00
|
|
|
*
|
|
|
|
* The ID of a parent book or chapter is required to indicate
|
|
|
|
* where this page should be located.
|
|
|
|
*
|
|
|
|
* Any HTML content provided should be kept to a single-block depth of plain HTML
|
|
|
|
* elements to remain compatible with the BookStack front-end and editors.
|
2021-06-02 16:34:34 -04:00
|
|
|
* Any images included via base64 data URIs will be extracted and saved as gallery
|
|
|
|
* images against the page during upload.
|
2020-11-22 09:56:19 -05:00
|
|
|
*/
|
|
|
|
public function create(Request $request)
|
|
|
|
{
|
|
|
|
$this->validate($request, $this->rules['create']);
|
|
|
|
|
|
|
|
if ($request->has('chapter_id')) {
|
|
|
|
$parent = Chapter::visible()->findOrFail($request->get('chapter_id'));
|
|
|
|
} else {
|
|
|
|
$parent = Book::visible()->findOrFail($request->get('book_id'));
|
|
|
|
}
|
|
|
|
$this->checkOwnablePermission('page-create', $parent);
|
|
|
|
|
|
|
|
$draft = $this->pageRepo->getNewDraftPage($parent);
|
|
|
|
$this->pageRepo->publishDraft($draft, $request->only(array_keys($this->rules['create'])));
|
|
|
|
|
2020-11-28 10:21:54 -05:00
|
|
|
return response()->json($draft->forJsonDisplay());
|
2020-11-22 09:56:19 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* View the details of a single page.
|
2020-11-28 10:21:54 -05:00
|
|
|
* Pages will always have HTML content. They may have markdown content
|
|
|
|
* if the markdown editor was used to last update the page.
|
2022-08-11 05:49:45 -04:00
|
|
|
*
|
2023-06-20 12:15:32 -04:00
|
|
|
* The 'html' property is the fully rendered & escaped HTML content that BookStack
|
|
|
|
* would show on page view, with page includes handled.
|
|
|
|
* The 'raw_html' property is the direct database stored HTML content, which would be
|
|
|
|
* what BookStack shows on page edit.
|
|
|
|
*
|
2022-08-11 05:49:45 -04:00
|
|
|
* See the "Content Security" section of these docs for security considerations when using
|
|
|
|
* the page content returned from this endpoint.
|
2020-11-22 09:56:19 -05:00
|
|
|
*/
|
|
|
|
public function read(string $id)
|
|
|
|
{
|
2020-11-28 10:21:54 -05:00
|
|
|
$page = $this->pageRepo->getById($id, []);
|
2021-06-26 11:23:15 -04:00
|
|
|
|
2020-11-28 10:21:54 -05:00
|
|
|
return response()->json($page->forJsonDisplay());
|
2020-11-22 09:56:19 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the details of a single page.
|
2020-11-28 10:21:54 -05:00
|
|
|
*
|
|
|
|
* See the 'create' action for details on the provided HTML/Markdown.
|
|
|
|
* Providing a 'book_id' or 'chapter_id' property will essentially move
|
|
|
|
* the page into that parent element if you have permissions to do so.
|
2020-11-22 09:56:19 -05:00
|
|
|
*/
|
|
|
|
public function update(Request $request, string $id)
|
|
|
|
{
|
2022-04-04 12:24:05 -04:00
|
|
|
$requestData = $this->validate($request, $this->rules['update']);
|
|
|
|
|
2020-11-22 09:56:19 -05:00
|
|
|
$page = $this->pageRepo->getById($id, []);
|
|
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
|
|
|
|
|
|
$parent = null;
|
|
|
|
if ($request->has('chapter_id')) {
|
|
|
|
$parent = Chapter::visible()->findOrFail($request->get('chapter_id'));
|
2021-06-26 11:23:15 -04:00
|
|
|
} elseif ($request->has('book_id')) {
|
2020-11-22 09:56:19 -05:00
|
|
|
$parent = Book::visible()->findOrFail($request->get('book_id'));
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($parent && !$parent->matches($page->getParent())) {
|
|
|
|
$this->checkOwnablePermission('page-delete', $page);
|
2021-06-26 11:23:15 -04:00
|
|
|
|
2020-11-22 09:56:19 -05:00
|
|
|
try {
|
|
|
|
$this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);
|
|
|
|
} catch (Exception $exception) {
|
|
|
|
if ($exception instanceof PermissionsException) {
|
|
|
|
$this->showPermissionError();
|
|
|
|
}
|
|
|
|
|
|
|
|
return $this->jsonError(trans('errors.selected_book_chapter_not_found'));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-04 12:24:05 -04:00
|
|
|
$updatedPage = $this->pageRepo->update($page, $requestData);
|
2021-06-26 11:23:15 -04:00
|
|
|
|
2020-11-28 10:21:54 -05:00
|
|
|
return response()->json($updatedPage->forJsonDisplay());
|
2020-11-22 09:56:19 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
2020-11-28 10:21:54 -05:00
|
|
|
* Delete a page.
|
|
|
|
* This will typically send the page to the recycle bin.
|
2020-11-22 09:56:19 -05:00
|
|
|
*/
|
|
|
|
public function delete(string $id)
|
|
|
|
{
|
|
|
|
$page = $this->pageRepo->getById($id, []);
|
|
|
|
$this->checkOwnablePermission('page-delete', $page);
|
|
|
|
|
|
|
|
$this->pageRepo->destroy($page);
|
2021-06-26 11:23:15 -04:00
|
|
|
|
2020-11-22 09:56:19 -05:00
|
|
|
return response('', 204);
|
|
|
|
}
|
|
|
|
}
|