BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Controller.php

namespace BookStack\Http\Controllers;

-use BookStack\Ownable;

+use BookStack\Exceptions\NotifyException;

+use BookStack\Facades\Activity;

+use BookStack\Interfaces\Loggable;

+use BookStack\Model;

+use BookStack\Util\WebSafeMimeSniffer;

use Illuminate\Foundation\Bus\DispatchesJobs;

-use Illuminate\Http\Exceptions\HttpResponseException;

-use Illuminate\Http\Request;

-use Illuminate\Routing\Controller as BaseController;

use Illuminate\Foundation\Validation\ValidatesRequests;

-use BookStack\User;

+use Illuminate\Http\JsonResponse;

+use Illuminate\Http\Response;

+use Illuminate\Routing\Controller as BaseController;

+use Symfony\Component\HttpFoundation\StreamedResponse;

abstract class Controller extends BaseController

{

abstract class Controller extends BaseController

{

- use DispatchesJobs, ValidatesRequests;

-

- /**

- * @var User static

- */

- protected $currentUser;

- /**

- * @var bool

- */

- protected $signedIn;

+ use DispatchesJobs;

+ use ValidatesRequests;

/**

- * Controller constructor.

+ * Check if the current user is signed in.

*/

- public function __construct()

+ protected function isSignedIn(): bool

{

- $this->middleware(function ($request, $next) {

-

- // Get a user instance for the current user

- $user = user();

-

- // Share variables with controllers

- $this->currentUser = $user;

- $this->signedIn = auth()->check();

-

- // Share variables with views

- view()->share('signedIn', $this->signedIn);

- view()->share('currentUser', $user);

-

- return $next($request);

- });

+ return auth()->check();

}

/**

* Stops the application and shows a permission error if

* the application is in demo mode.

*/

}

/**

* Stops the application and shows a permission error if

* the application is in demo mode.

*/

- protected function preventAccessForDemoUsers()

+ protected function preventAccessInDemoMode()

{

if (config('app.env') === 'demo') {

$this->showPermissionError();

{

if (config('app.env') === 'demo') {

$this->showPermissionError();

/**

* Adds the page title into the view.

/**

* Adds the page title into the view.

- * @param $title

*/

- public function setPageTitle($title)

+ public function setPageTitle(string $title)

{

view()->share('pageTitle', $title);

}

{

view()->share('pageTitle', $title);

}

/**

* On a permission error redirect to home and display.

* the error as a notification.

/**

* On a permission error redirect to home and display.

* the error as a notification.

+ *

+ * @return never

*/

protected function showPermissionError()

{

*/

protected function showPermissionError()

{

- if (request()->wantsJson()) {

- $response = response()->json(['error' => trans('errors.permissionJson')], 403);

- } else {

- $response = redirect('/');

- session()->flash('error', trans('errors.permission'));

- }

+ $message = request()->wantsJson() ? trans('errors.permissionJson') : trans('errors.permission');

- throw new HttpResponseException($response);

+ throw new NotifyException($message, '/', 403);

}

/**

}

/**

- * Checks for a permission.

- * @param string $permissionName

- * @return bool|\Illuminate\Http\RedirectResponse

+ * Checks that the current user has the given permission otherwise throw an exception.

*/

- protected function checkPermission($permissionName)

+ protected function checkPermission(string $permission): void

{

- if (!user() || !user()->can($permissionName)) {

+ if (!user() || !user()->can($permission)) {

$this->showPermissionError();

}

$this->showPermissionError();

}

- return true;

}

/**

}

/**

- * Check the current user's permissions against an ownable item.

- * @param $permission

- * @param Ownable $ownable

- * @return bool

+ * Check the current user's permissions against an ownable item otherwise throw an exception.

*/

- protected function checkOwnablePermission($permission, Ownable $ownable)

+ protected function checkOwnablePermission(string $permission, Model $ownable): void

{

- if (userCan($permission, $ownable)) {

- return true;

+ if (!userCan($permission, $ownable)) {

+ $this->showPermissionError();

}

- return $this->showPermissionError();

}

/**

}

/**

- * Check if a user has a permission or bypass if the callback is true.

- * @param $permissionName

- * @param $callback

- * @return bool

+ * Check if a user has a permission or bypass the permission

+ * check if the given callback resolves true.

*/

- protected function checkPermissionOr($permissionName, $callback)

+ protected function checkPermissionOr(string $permission, callable $callback): void

{

- $callbackResult = $callback();

- if ($callbackResult === false) {

- $this->checkPermission($permissionName);

+ if ($callback() !== true) {

+ $this->checkPermission($permission);

}

- return true;

+ }

+

+ /**

+ * Check if the current user has a permission or bypass if the provided user

+ * id matches the current user.

+ */

+ protected function checkPermissionOrCurrentUser(string $permission, int $userId): void

+ {

+ $this->checkPermissionOr($permission, function () use ($userId) {

+ return $userId === user()->id;

+ });

}

/**

* Send back a json error message.

}

/**

* Send back a json error message.

- * @param string $messageText

- * @param int $statusCode

- * @return mixed

*/

- protected function jsonError($messageText = "", $statusCode = 500)

+ protected function jsonError(string $messageText = '', int $statusCode = 500): JsonResponse

{

- return response()->json(['message' => $messageText], $statusCode);

+ return response()->json(['message' => $messageText, 'status' => 'error'], $statusCode);

}

/**

}

/**

- * Create the response for when a request fails validation.

- * @param \Illuminate\Http\Request $request

- * @param array $errors

- * @return \Symfony\Component\HttpFoundation\Response

+ * Create a response that forces a download in the browser.

*/

- protected function buildFailedValidationResponse(Request $request, array $errors)

+ protected function downloadResponse(string $content, string $fileName): Response

{

- if ($request->expectsJson()) {

- return response()->json(['validation' => $errors], 422);

- }

+ return response()->make($content, 200, [

+ 'Content-Type' => 'application/octet-stream',

+ 'Content-Disposition' => 'attachment; filename="' . str_replace('"', '', $fileName) . '"',

+ 'X-Content-Type-Options' => 'nosniff',

+ ]);

+ }

- return redirect()->to($this->getRedirectUrl())

- ->withInput($request->input())

- ->withErrors($errors, $this->errorBag());

+ /**

+ * Create a response that forces a download, from a given stream of content.

+ */

+ protected function streamedDownloadResponse($stream, string $fileName): StreamedResponse

+ {

+ return response()->stream(function() use ($stream) {

+ // End & flush the output buffer otherwise we still seem to use memory.

+ // Ignore in testing since output buffers are used to gather a response.

+ if (!app()->runningUnitTests()) {

+ ob_end_clean();

+ }

+

+ fpassthru($stream);

+ fclose($stream);

+ }, 200, [

+ 'Content-Type' => 'application/octet-stream',

+ 'Content-Disposition' => 'attachment; filename="' . str_replace('"', '', $fileName) . '"',

+ 'X-Content-Type-Options' => 'nosniff',

+ ]);

}

/**

}

/**

- * Create a response that forces a download in the browser.

- * @param string $content

- * @param string $fileName

- * @return \Illuminate\Http\Response

+ * Create a file download response that provides the file with a content-type

+ * correct for the file, in a way so the browser can show the content in browser.

*/

- protected function downloadResponse(string $content, string $fileName)

+ protected function inlineDownloadResponse(string $content, string $fileName): Response

{

+ $mime = (new WebSafeMimeSniffer())->sniff($content);

+

return response()->make($content, 200, [

- 'Content-Type' => 'application/octet-stream',

- 'Content-Disposition' => 'attachment; filename="' . $fileName . '"'

+ 'Content-Type' => $mime,

+ 'Content-Disposition' => 'inline; filename="' . str_replace('"', '', $fileName) . '"',

+ 'X-Content-Type-Options' => 'nosniff',

]);

}

]);

}

+

+ /**

+ * Create a file download response that provides the file with a content-type

+ * correct for the file, in a way so the browser can show the content in browser,

+ * for a given content stream.

+ */

+ protected function streamedInlineDownloadResponse($stream, string $fileName): StreamedResponse

+ {

+ $sniffContent = fread($stream, 1000);

+ $mime = (new WebSafeMimeSniffer())->sniff($sniffContent);

+

+ return response()->stream(function() use ($sniffContent, $stream) {

+ echo $sniffContent;

+ fpassthru($stream);

+ fclose($stream);

+ }, 200, [

+ 'Content-Type' => $mime,

+ 'Content-Disposition' => 'inline; filename="' . str_replace('"', '', $fileName) . '"',

+ 'X-Content-Type-Options' => 'nosniff',

+ ]);

+ }

+

+ /**

+ * Show a positive, successful notification to the user on next view load.

+ */

+ protected function showSuccessNotification(string $message): void

+ {

+ session()->flash('success', $message);

+ }

+

+ /**

+ * Show a warning notification to the user on next view load.

+ */

+ protected function showWarningNotification(string $message): void

+ {

+ session()->flash('warning', $message);

+ }

+

+ /**

+ * Show an error notification to the user on next view load.

+ */

+ protected function showErrorNotification(string $message): void

+ {

+ session()->flash('error', $message);

+ }

+

+ /**

+ * Log an activity in the system.

+ *

+ * @param string|Loggable $detail

+ */

+ protected function logActivity(string $type, $detail = ''): void

+ {

+ Activity::add($type, $detail);

+ }

+

+ /**

+ * Get the validation rules for image files.

+ */

+ protected function getImageValidationRules(): array

+ {

+ return ['image_extension', 'mimes:jpeg,png,gif,webp', 'max:' . (config('app.upload_limit') * 1000)];

+ }

}