Started Image API build

2024-06-28 23:52:18 +00:00 · 2023-03-14 12:19:19 +00:00 · 2023-03-14 12:19:19 +00:00 · d9eec6d82c
commit d9eec6d82c
parent 6357056d7b
6 changed files with 155 additions and 15 deletions
--- a/app/Http/Controllers/Api/ContentPermissionApiController.php
+++ b/app/Http/Controllers/Api/ContentPermissionApiController.php
@ -7,7 +7,7 @@ use BookStack\Entities\Models\Entity;
 use BookStack\Entities\Tools\PermissionsUpdater;
 use Illuminate\Http\Request;

-class ContentPermissionsController extends ApiController
+class ContentPermissionApiController extends ApiController
 {
    public function __construct(
        protected PermissionsUpdater $permissionsUpdater,
--- a/app/Http/Controllers/Api/ImageGalleryApiController.php
+++ b/app/Http/Controllers/Api/ImageGalleryApiController.php
@ -0,0 +1,127 @@
+<?php
+
+namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Uploads\Image;
+use BookStack\Uploads\ImageRepo;
+use Illuminate\Http\Request;
+
+class ImageGalleryApiController extends ApiController
+{
+    protected array $fieldsToExpose = [
+        'id', 'name', 'url', 'path', 'type', 'uploaded_to', 'created_by', 'updated_by',  'created_at', 'updated_at',
+    ];
+
+    public function __construct(
+        protected ImageRepo $imageRepo
+    ) {
+    }
+
+    protected function rules(): array
+    {
+        return [
+            'create' => [
+                'type'  => ['required', 'string', 'in:gallery,drawio'],
+                'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
+                'image' => ['required', 'file', ...$this->getImageValidationRules()],
+                'name'  => ['string', 'max:180'],
+            ],
+            'update' => [
+                'name'  => ['string', 'max:180'],
+            ]
+        ];
+    }
+
+    /**
+     * Get a listing of gallery images and drawings in the system.
+     * Requires visibility of the content they're originally uploaded to.
+     */
+    public function list()
+    {
+        $images = Image::query()->scopes(['visible'])
+            ->select($this->fieldsToExpose)
+            ->whereIn('type', ['gallery', 'drawio']);
+
+        return $this->apiListingResponse($images, [
+            ...$this->fieldsToExpose
+        ]);
+    }
+
+    /**
+     * Create a new image in the system.
+     */
+    public function create(Request $request)
+    {
+        $data = $this->validate($request, $this->rules()['create']);
+
+        $image = $this->imageRepo->saveNew($data['image'], $data['type'], $data['uploaded_to']);
+
+        return response()->json($this->formatForSingleResponse($image));
+    }
+
+    /**
+     * View the details of a single image.
+     */
+    public function read(string $id)
+    {
+        $image = $this->imageRepo->getById($id);
+        $this->checkOwnablePermission('page-view', $image->getPage());
+
+        return response()->json($this->formatForSingleResponse($image));
+    }
+
+    /**
+     * Update an existing image in the system.
+     */
+    public function update(Request $request, string $id)
+    {
+        $data = $this->validate($request, $this->rules()['update']);
+        $image = $this->imageRepo->getById($id);
+        $this->checkOwnablePermission('page-view', $image->getPage());
+        $this->checkOwnablePermission('image-update', $image);
+
+        $this->imageRepo->updateImageDetails($image, $data);
+
+        return response()->json($this->formatForSingleResponse($image));
+    }
+
+    /**
+     * Delete an image from the system.
+     */
+    public function delete(string $id)
+    {
+        $image = $this->imageRepo->getById($id);
+        $this->checkOwnablePermission('page-view', $image->getPage());
+        $this->checkOwnablePermission('image-delete', $image);
+        $this->imageRepo->destroyImage($image);
+
+        return response('', 204);
+    }
+
+    /**
+     * Format the given image model for single-result display.
+     */
+    protected function formatForSingleResponse(Image $image): array
+    {
+        $this->imageRepo->loadThumbs($image);
+        $data = $image->getAttributes();
+        $data['created_by'] = $image->createdBy;
+        $data['updated_by'] = $image->updatedBy;
+        $data['content'] = [];
+
+        $escapedUrl = htmlentities($image->url);
+        $escapedName = htmlentities($image->name);
+        if ($image->type === 'drawio') {
+            $data['content']['html'] = "<div drawio-diagram=\"{$image->id}\"><img src=\"{$escapedUrl}\"></div>";
+            $data['content']['markdown'] = $data['content']['html'];
+        } else {
+            $escapedDisplayThumb = htmlentities($image->thumbs['display']);
+            $data['content']['html'] = "<a href=\"{$escapedUrl}\" target=\"_blank\"><img src=\"{$escapedDisplayThumb}\" alt=\"{$escapedName}\"></a>";
+            $mdEscapedName = str_replace(']', '', str_replace('[', '', $image->name));
+            $mdEscapedThumb = str_replace(']', '', str_replace('[', '', $image->thumbs['display']));
+            $data['content']['markdown'] = "![{$mdEscapedName}]({$mdEscapedThumb})";
+        }
+
+        return $data;
+    }
+}
--- a/app/Http/Controllers/Api/RoleApiController.php
+++ b/app/Http/Controllers/Api/RoleApiController.php
@ -88,10 +88,10 @@ class RoleApiController extends ApiController
     */
    public function read(string $id)
    {
-        $user = $this->permissionsRepo->getRoleById($id);
-        $this->singleFormatter($user);
+        $role = $this->permissionsRepo->getRoleById($id);
+        $this->singleFormatter($role);

-        return response()->json($user);
+        return response()->json($role);
    }

    /**
--- a/app/Http/Controllers/Images/GalleryImageController.php
+++ b/app/Http/Controllers/Images/GalleryImageController.php
@ -10,14 +10,9 @@ use Illuminate\Validation\ValidationException;

 class GalleryImageController extends Controller
 {
-    protected $imageRepo;
-
-    /**
-     * GalleryImageController constructor.
-     */
-    public function __construct(ImageRepo $imageRepo)
-    {
-        $this->imageRepo = $imageRepo;
+    public function __construct(
+        protected ImageRepo $imageRepo
+    ) {
    }

    /**
--- a/app/Uploads/Image.php
+++ b/app/Uploads/Image.php
@ -3,9 +3,11 @@
 namespace BookStack\Uploads;

 use BookStack\Auth\Permissions\JointPermission;
+use BookStack\Auth\Permissions\PermissionApplicator;
 use BookStack\Entities\Models\Page;
 use BookStack\Model;
 use BookStack\Traits\HasCreatorAndUpdater;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\HasMany;

@ -33,6 +35,15 @@ class Image extends Model
            ->where('joint_permissions.entity_type', '=', 'page');
    }

+    /**
+     * Scope the query to just the images visible to the user based upon the
+     * user visibility of the uploaded_to page.
+     */
+    public function scopeVisible(Builder $query): Builder
+    {
+        return app()->make(PermissionApplicator::class)->restrictPageRelationQuery($query, 'images', 'uploaded_to');
+    }
+
    /**
     * Get a thumbnail for this image.
     *
--- a/routes/api.php
+++ b/routes/api.php
@ -13,7 +13,8 @@ use BookStack\Http\Controllers\Api\BookExportApiController;
 use BookStack\Http\Controllers\Api\BookshelfApiController;
 use BookStack\Http\Controllers\Api\ChapterApiController;
 use BookStack\Http\Controllers\Api\ChapterExportApiController;
-use BookStack\Http\Controllers\Api\ContentPermissionsController;
+use BookStack\Http\Controllers\Api\ContentPermissionApiController;
+use BookStack\Http\Controllers\Api\ImageGalleryApiController;
 use BookStack\Http\Controllers\Api\PageApiController;
 use BookStack\Http\Controllers\Api\PageExportApiController;
 use BookStack\Http\Controllers\Api\RecycleBinApiController;
@ -63,6 +64,12 @@ Route::get('pages/{id}/export/pdf', [PageExportApiController::class, 'exportPdf'
 Route::get('pages/{id}/export/plaintext', [PageExportApiController::class, 'exportPlainText']);
 Route::get('pages/{id}/export/markdown', [PageExportApiController::class, 'exportMarkdown']);

+Route::get('image-gallery', [ImageGalleryApiController::class, 'list']);
+Route::post('image-gallery', [ImageGalleryApiController::class, 'create']);
+Route::get('image-gallery/{id}', [ImageGalleryApiController::class, 'read']);
+Route::put('image-gallery/{id}', [ImageGalleryApiController::class, 'update']);
+Route::delete('image-gallery/{id}', [ImageGalleryApiController::class, 'delete']);
+
 Route::get('search', [SearchApiController::class, 'all']);

 Route::get('shelves', [BookshelfApiController::class, 'list']);
@ -87,5 +94,5 @@ Route::get('recycle-bin', [RecycleBinApiController::class, 'list']);
 Route::put('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'restore']);
 Route::delete('recycle-bin/{deletionId}', [RecycleBinApiController::class, 'destroy']);

-Route::get('content-permissions/{contentType}/{contentId}', [ContentPermissionsController::class, 'read']);
-Route::put('content-permissions/{contentType}/{contentId}', [ContentPermissionsController::class, 'update']);
+Route::get('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'read']);
+Route::put('content-permissions/{contentType}/{contentId}', [ContentPermissionApiController::class, 'update']);