BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/FileController.php

index e09fb98c6f140b8ff224c5ca46d938bbc906ea0f..668e9ec6c04c6a19eb96c8ac8c179aac6340f191 100644 (file)

--- a/app/Http/Controllers/FileController.php

+++ b/app/Http/Controllers/FileController.php

@@ -34,9 +34,9 @@ class FileController extends Controller

public function upload(Request $request)

{

public function upload(Request $request)

{

- // TODO - ensure uploads are deleted on page delete.

$this->validate($request, [

- 'uploaded_to' => 'required|integer|exists:pages,id'

+ 'uploaded_to' => 'required|integer|exists:pages,id',

+ 'file' => 'required|file'

]);

$pageId = $request->get('uploaded_to');

]);

$pageId = $request->get('uploaded_to');

@@ -56,6 +56,96 @@ class FileController extends Controller

return response()->json($file);

}

return response()->json($file);

}

+ /**

+ * Update an uploaded file.

+ * @param int $fileId

+ * @param Request $request

+ * @return mixed

+ */

+ public function uploadUpdate($fileId, Request $request)

+ {

+ $this->validate($request, [

+ 'uploaded_to' => 'required|integer|exists:pages,id',

+ 'file' => 'required|file'

+ ]);

+ $pageId = $request->get('uploaded_to');

+ $page = $this->pageRepo->getById($pageId);

+ $file = $this->file->findOrFail($fileId);

+ $this->checkOwnablePermission('page-update', $page);

+ $this->checkOwnablePermission('file-create', $file);

+ if (intval($pageId) !== intval($file->uploaded_to)) {

+ return $this->jsonError('Page mismatch during attached file update');

+ }

+ $uploadedFile = $request->file('file');

+ try {

+ $file = $this->fileService->saveUpdatedUpload($uploadedFile, $file);

+ } catch (FileUploadException $e) {

+ return response($e->getMessage(), 500);

+ }

+ return response()->json($file);

+ }

+ /**

+ * Update the details of an existing file.

+ * @param $fileId

+ * @param Request $request

+ * @return File|mixed

+ */

+ public function update($fileId, Request $request)

+ {

+ $this->validate($request, [

+ 'uploaded_to' => 'required|integer|exists:pages,id',

+ 'name' => 'required|string|min:1|max:255',

+ 'link' => 'url|min:1|max:255'

+ ]);

+ $pageId = $request->get('uploaded_to');

+ $page = $this->pageRepo->getById($pageId);

+ $file = $this->file->findOrFail($fileId);

+ $this->checkOwnablePermission('page-update', $page);

+ $this->checkOwnablePermission('file-create', $file);

+ if (intval($pageId) !== intval($file->uploaded_to)) {

+ return $this->jsonError('Page mismatch during attachment update');

+ }

+ $file = $this->fileService->updateFile($file, $request->all());

+ return $file;

+ }

+ /**

+ * Attach a link to a page as a file.

+ * @param Request $request

+ * @return mixed

+ */

+ public function attachLink(Request $request)

+ {

+ $this->validate($request, [

+ 'uploaded_to' => 'required|integer|exists:pages,id',

+ 'name' => 'required|string|min:1|max:255',

+ 'link' => 'required|url|min:1|max:255'

+ ]);

+ $pageId = $request->get('uploaded_to');

+ $page = $this->pageRepo->getById($pageId);

+ $this->checkPermission('file-create-all');

+ $this->checkOwnablePermission('page-update', $page);

+ $fileName = $request->get('name');

+ $link = $request->get('link');

+ $file = $this->fileService->saveNewFromLink($fileName, $link, $pageId);

+ return response()->json($file);

+ }

/**

* Get the files for a specific page.

* @param $pageId

/**

* Get the files for a specific page.

* @param $pageId

@@ -85,7 +175,7 @@ class FileController extends Controller

$files = $request->get('files');

$this->fileService->updateFileOrderWithinPage($files, $pageId);

$files = $request->get('files');

$this->fileService->updateFileOrderWithinPage($files, $pageId);

- return response()->json(['message' => 'File order updated']);

+ return response()->json(['message' => 'Attachment order updated']);

}

/**

}

/**

@@ -98,10 +188,14 @@ class FileController extends Controller

$page = $this->pageRepo->getById($file->uploaded_to);

$this->checkOwnablePermission('page-view', $page);

$page = $this->pageRepo->getById($file->uploaded_to);

$this->checkOwnablePermission('page-view', $page);

+ if ($file->external) {

+ return redirect($file->path);

+ }

$fileContents = $this->fileService->getFile($file);

return response($fileContents, 200, [

'Content-Type' => 'application/octet-stream',

$fileContents = $this->fileService->getFile($file);

return response($fileContents, 200, [

'Content-Type' => 'application/octet-stream',

- 'Content-Disposition' => 'attachment; filename="'. $file->name .'"'

+ 'Content-Disposition' => 'attachment; filename="'. $file->getFileName() .'"'

]);

}

]);

}

@@ -113,8 +207,8 @@ class FileController extends Controller

public function delete($fileId)

{

$file = $this->file->findOrFail($fileId);

public function delete($fileId)

{

$file = $this->file->findOrFail($fileId);

- $this->checkOwnablePermission($file, 'file-delete');

+ $this->checkOwnablePermission('file-delete', $file);

$this->fileService->deleteFile($file);

- return response()->json(['message' => 'File deleted']);

+ return response()->json(['message' => 'Attachment deleted']);

}