BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Api/AttachmentApiController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Api;
   4
   5 use BookStack\Entities\Models\Page;
   6 use BookStack\Exceptions\FileUploadException;
   7 use BookStack\Uploads\Attachment;
   8 use BookStack\Uploads\AttachmentService;
   9 use Exception;
  10 use Illuminate\Contracts\Filesystem\FileNotFoundException;
  11 use Illuminate\Http\Request;
  12 use Illuminate\Validation\ValidationException;
  13
  14 class AttachmentApiController extends ApiController
  15 {
  16     protected $attachmentService;
  17
  18     protected $rules = [
  19         'create' => [
  20             'name' => 'required|min:1|max:255|string',
  21             'uploaded_to' => 'required|integer|exists:pages,id',
  22             'file' => 'required_without:link|file',
  23             'link' => 'required_without:file|min:1|max:255|safe_url'
  24         ],
  25         'update' => [
  26             'name' => 'min:1|max:255|string',
  27             'uploaded_to' => 'integer|exists:pages,id',
  28             'file' => 'link|file',
  29             'link' => 'file|min:1|max:255|safe_url'
  30         ],
  31     ];
  32
  33     public function __construct(AttachmentService $attachmentService)
  34     {
  35         $this->attachmentService = $attachmentService;
  36     }
  37
  38     /**
  39      * Get a listing of attachments visible to the user.
  40      * The external property indicates whether the attachment is simple a link.
  41      * A false value for the external property would indicate a file upload.
  42      */
  43     public function list()
  44     {
  45         return $this->apiListingResponse(Attachment::visible(), [
  46             'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
  47         ]);
  48     }
  49
  50     /**
  51      * Create a new attachment in the system.
  52      * An uploaded_to value must be provided containing an ID of the page
  53      * that this upload will be related to.
  54      *
  55      * @throws ValidationException
  56      * @throws FileUploadException
  57      */
  58     public function create(Request $request)
  59     {
  60         $this->checkPermission('attachment-create-all');
  61         $requestData = $this->validate($request, $this->rules['create']);
  62
  63         $pageId = $request->get('uploaded_to');
  64         $page = Page::visible()->findOrFail($pageId);
  65         $this->checkOwnablePermission('page-update', $page);
  66
  67         if ($request->hasFile('file')) {
  68             $uploadedFile = $request->file('file');
  69             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
  70         } else {
  71             $attachment = $this->attachmentService->saveNewFromLink(
  72                 $requestData['name'], $requestData['link'], $page->id
  73             );
  74         }
  75
  76         $this->attachmentService->updateFile($attachment, $requestData);
  77         return response()->json($attachment);
  78     }
  79
  80     /**
  81      * Get the details & content of a single attachment of the given ID.
  82      * The attachment link or file content is provided via a 'content' property.
  83      * For files the content will be base64 encoded.
  84      *
  85      * @throws FileNotFoundException
  86      */
  87     public function read(string $id)
  88     {
  89         /** @var Attachment $attachment */
  90         $attachment = Attachment::visible()->findOrFail($id);
  91
  92         $attachment->setAttribute('links', [
  93             'html'     => $attachment->htmlLink(),
  94             'markdown' => $attachment->markdownLink(),
  95         ]);
  96
  97         if (!$attachment->external) {
  98             $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
  99             $attachment->setAttribute('content', base64_encode($attachmentContents));
 100         } else {
 101             $attachment->setAttribute('content', $attachment->path);
 102         }
 103
 104         return response()->json($attachment);
 105     }
 106
 107     /**
 108      * Update the details of a single attachment.
 109      *
 110      * @throws ValidationException
 111      * @throws FileUploadException
 112      */
 113     public function update(Request $request, string $id)
 114     {
 115         $requestData = $this->validate($request, $this->rules['update']);
 116         /** @var Attachment $attachment */
 117         $attachment = Attachment::visible()->findOrFail($id);
 118
 119         $page = $attachment->page;
 120         if ($requestData['uploaded_to'] ?? false) {
 121             $pageId = $request->get('uploaded_to');
 122             $page = Page::visible()->findOrFail($pageId);
 123             $attachment->uploaded_to = $requestData['uploaded_to'];
 124         }
 125
 126         $this->checkOwnablePermission('page-view', $page);
 127         $this->checkOwnablePermission('page-update', $page);
 128         $this->checkOwnablePermission('attachment-update', $attachment);
 129
 130         if ($request->hasFile('file')) {
 131             $uploadedFile = $request->file('file');
 132             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $page->id);
 133         }
 134
 135         $this->attachmentService->updateFile($attachment, $requestData);
 136         return response()->json($attachment);
 137     }
 138
 139     /**
 140      * Delete an attachment of the given ID.
 141      *
 142      * @throws Exception
 143      */
 144     public function delete(string $id)
 145     {
 146         /** @var Attachment $attachment */
 147         $attachment = Attachment::visible()->findOrFail($id);
 148         $this->checkOwnablePermission('attachment-delete', $attachment);
 149
 150         $this->attachmentService->deleteFile($attachment);
 151
 152         return response('', 204);
 153     }
 154
 155 }