validate($request, [ 'uploaded_to' => ['required', 'integer', 'exists:pages,id'], 'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()), ]); $pageId = $request->get('uploaded_to'); $page = $this->pageQueries->findVisibleByIdOrFail($pageId); $this->checkPermission('attachment-create-all'); $this->checkOwnablePermission('page-update', $page); $uploadedFile = $request->file('file'); try { $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId); } catch (FileUploadException $e) { return response($e->getMessage(), 500); } return response()->json($attachment); } /** * Update an uploaded attachment. * * @throws ValidationException */ public function uploadUpdate(Request $request, $attachmentId) { $this->validate($request, [ 'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()), ]); /** @var Attachment $attachment */ $attachment = Attachment::query()->findOrFail($attachmentId); $this->checkOwnablePermission('view', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('attachment-create', $attachment); $uploadedFile = $request->file('file'); try { $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment); } catch (FileUploadException $e) { return response($e->getMessage(), 500); } return response()->json($attachment); } /** * Get the update form for an attachment. */ public function getUpdateForm(string $attachmentId) { /** @var Attachment $attachment */ $attachment = Attachment::query()->findOrFail($attachmentId); $this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('attachment-create', $attachment); return view('attachments.manager-edit-form', [ 'attachment' => $attachment, ]); } /** * Update the details of an existing file. */ public function update(Request $request, string $attachmentId) { /** @var Attachment $attachment */ $attachment = Attachment::query()->findOrFail($attachmentId); try { $this->validate($request, [ 'attachment_edit_name' => ['required', 'string', 'min:1', 'max:255'], 'attachment_edit_url' => ['string', 'min:1', 'max:2000', 'safe_url'], ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [ 'attachment' => $attachment, 'errors' => new MessageBag($exception->errors()), ]), 422); } $this->checkOwnablePermission('page-view', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('attachment-update', $attachment); $attachment = $this->attachmentService->updateFile($attachment, [ 'name' => $request->get('attachment_edit_name'), 'link' => $request->get('attachment_edit_url'), ]); return view('attachments.manager-edit-form', [ 'attachment' => $attachment, ]); } /** * Attach a link to a page. * * @throws NotFoundException */ public function attachLink(Request $request) { $pageId = $request->get('attachment_link_uploaded_to'); try { $this->validate($request, [ 'attachment_link_uploaded_to' => ['required', 'integer', 'exists:pages,id'], 'attachment_link_name' => ['required', 'string', 'min:1', 'max:255'], 'attachment_link_url' => ['required', 'string', 'min:1', 'max:2000', 'safe_url'], ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [ 'pageId' => $pageId, 'errors' => new MessageBag($exception->errors()), ]), 422); } $page = $this->pageQueries->findVisibleByIdOrFail($pageId); $this->checkPermission('attachment-create-all'); $this->checkOwnablePermission('page-update', $page); $attachmentName = $request->get('attachment_link_name'); $link = $request->get('attachment_link_url'); $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId)); return view('attachments.manager-link-form', [ 'pageId' => $pageId, ]); } /** * Get the attachments for a specific page. * * @throws NotFoundException */ public function listForPage(int $pageId) { $page = $this->pageQueries->findVisibleByIdOrFail($pageId); $this->checkOwnablePermission('page-view', $page); return view('attachments.manager-list', [ 'attachments' => $page->attachments->all(), ]); } /** * Update the attachment sorting. * * @throws ValidationException * @throws NotFoundException */ public function sortForPage(Request $request, int $pageId) { $this->validate($request, [ 'order' => ['required', 'array'], ]); $page = $this->pageQueries->findVisibleByIdOrFail($pageId); $this->checkOwnablePermission('page-update', $page); $attachmentOrder = $request->get('order'); $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId); return response()->json(['message' => trans('entities.attachments_order_updated')]); } /** * Get an attachment from storage. * * @throws FileNotFoundException * @throws NotFoundException */ public function get(Request $request, string $attachmentId) { /** @var Attachment $attachment */ $attachment = Attachment::query()->findOrFail($attachmentId); try { $page = $this->pageQueries->findVisibleByIdOrFail($attachment->uploaded_to); } catch (NotFoundException $exception) { throw new NotFoundException(trans('errors.attachment_not_found')); } $this->checkOwnablePermission('page-view', $page); if ($attachment->external) { return redirect($attachment->path); } $fileName = $attachment->getFileName(); $attachmentStream = $this->attachmentService->streamAttachmentFromStorage($attachment); $attachmentSize = $this->attachmentService->getAttachmentFileSize($attachment); if ($request->get('open') === 'true') { return $this->download()->streamedInline($attachmentStream, $fileName, $attachmentSize); } return $this->download()->streamedDirectly($attachmentStream, $fileName, $attachmentSize); } /** * Delete a specific attachment in the system. * * @throws Exception */ public function delete(string $attachmentId) { /** @var Attachment $attachment */ $attachment = Attachment::query()->findOrFail($attachmentId); $this->checkOwnablePermission('attachment-delete', $attachment); $this->attachmentService->deleteFile($attachment); return response()->json(['message' => trans('entities.attachments_deleted')]); } }