Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-09-14 05:22:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
ce0b75294f
BookStack/app/Http/Controllers/Api/RecycleBinApiController.php

91 lines
3.0 KiB
PHP
Raw Normal View History

Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
<?php
namespace BookStack\Http\Controllers\Api;
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
use BookStack\Entities\Models\Book;
use BookStack\Entities\Models\BookChild;
use BookStack\Entities\Models\Chapter;
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
use BookStack\Entities\Models\Deletion;
use BookStack\Entities\Repos\DeletionRepo;
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
use Closure;
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
use Illuminate\Database\Eloquent\Builder;
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
class RecycleBinApiController extends ApiController
{
public function __construct()
{
$this->middleware(function ($request, $next) {
$this->checkPermission('settings-manage');
$this->checkPermission('restrictions-manage-all');
return $next($request);
});
}
do some cleanup and add doc
2022-04-24 08:16:45 +00:00
/**
* Get a top-level listing of the items in the recycle bin.
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
* The "deletable" property will reflect the main item deleted.
* For books and chapters, counts of child pages/chapters will
* be loaded within this "deletable" data.
* For chapters & pages, the parent item will be loaded within this "deletable" data.
* Requires permission to manage both system settings and permissions.
do some cleanup and add doc
2022-04-24 08:16:45 +00:00
*/
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
public function list()
{
do some cleanup and add doc
2022-04-24 08:16:45 +00:00
return $this->apiListingResponse(Deletion::query()->with('deletable'), [
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
'id',
'deleted_by',
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
'created_at',
'updated_at',
'deletable_type',
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
'deletable_id',
], [Closure::fromCallable([$this, 'listFormatter'])]);
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
}
do some cleanup and add doc
2022-04-24 08:16:45 +00:00
/**
* Restore a single deletion from the recycle bin.
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
* Requires permission to manage both system settings and permissions.
do some cleanup and add doc
2022-04-24 08:16:45 +00:00
*/
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
public function restore(DeletionRepo $deletionRepo, string $deletionId)
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
{
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
$restoreCount = $deletionRepo->restore(intval($deletionId));
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
return response()->json(['restore_count' => $restoreCount]);
}
do some cleanup and add doc
2022-04-24 08:16:45 +00:00
/**
* Remove a single deletion from the recycle bin.
* Use this endpoint carefully as it will entirely remove the underlying deleted items from the system.
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
* Requires permission to manage both system settings and permissions.
do some cleanup and add doc
2022-04-24 08:16:45 +00:00
*/
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
public function destroy(DeletionRepo $deletionRepo, string $deletionId)
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
{
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
$deleteCount = $deletionRepo->destroy(intval($deletionId));
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
Start recycle bin API endpoints: list, restore, delete
2022-04-06 20:57:18 +00:00
return response()->json(['delete_count' => $deleteCount]);
}
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
/**
* Load some related details for the deletion listing.
*/
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
protected function listFormatter(Deletion $deletion)
{
$deletable = $deletion->deletable;
Applied latest StyleCI changes
2022-04-25 17:42:31 +00:00
$withTrashedQuery = fn (Builder $query) => $query->withTrashed();
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
if ($deletable instanceof BookChild) {
$parent = $deletable->getParent();
$parent->setAttribute('type', $parent->getType());
$deletable->setRelation('parent', $parent);
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
}
Reviewed recycle bin API PR and made changes Made the following changes, many of these are just to align with existing conventions. - Updated urls to be hypenated, instead of underscored, to match other system endpoints. - Updated URL parameter to be `deletionId` instead of `id`, and removed the ID-based comment on controller methods, so the required ID model is clear from the URL alone, since its not clear from the URL endpoint alone like existing endpoints. This follows the pattern used in the "web" routes. - Added extra detail on some controller method comments, and copied permission comment to each method. - Removed existing field visibility mechanisms to use simpler model-based visibility since we didn't need anything too special here (After some of my other changes). - Allowed the "deletable" model to be shown in response to provide a little more detail on the main deleted item. - Updated parent/child-count loading to be on the "deletable" model instead of additional properties which results in simpler controller logic and enforces the idea these are relations on the deletable, not the deletion itself. It also removes additional exposure of model namespacing. - Updated (int) casts to intval, just since that's our most common conversion method in the codebase. - Testing: Removed `actingAsAuthorizedUser` and used the admin user instead to prevent extra auth steps on each test. - Testing: Cut logic/data-checks from tests if already covered by other tests. - Testing: Added simple assertions for delete/restore response data. - Examples: Updated list example to reflect changes. Review of PR #3377 To be followed up with changes to polymorphic relations to hide namespacing.
2022-04-25 16:54:59 +00:00
if ($deletable instanceof Book || $deletable instanceof Chapter) {
$countsToLoad = ['pages' => $withTrashedQuery];
if ($deletable instanceof Book) {
$countsToLoad['chapters'] = $withTrashedQuery;
}
$deletable->loadCount($countsToLoad);
Complete list endpoint and add some tests
2022-04-20 20:58:16 +00:00
}
}
}
Reference in New Issue Copy Permalink