X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/141eecb858cce126452baeb16905e25b6ceb13c6..refs/pull/5676/head:/app/Entities/Controllers/PageApiController.php diff --git a/app/Entities/Controllers/PageApiController.php b/app/Entities/Controllers/PageApiController.php index 28dd36f97..40598e209 100644 --- a/app/Entities/Controllers/PageApiController.php +++ b/app/Entities/Controllers/PageApiController.php @@ -2,9 +2,8 @@ namespace BookStack\Entities\Controllers; -use BookStack\Entities\Models\Book; -use BookStack\Entities\Models\Chapter; -use BookStack\Entities\Models\Page; +use BookStack\Entities\Queries\EntityQueries; +use BookStack\Entities\Queries\PageQueries; use BookStack\Entities\Repos\PageRepo; use BookStack\Exceptions\PermissionsException; use BookStack\Http\ApiController; @@ -13,8 +12,6 @@ use Illuminate\Http\Request; class PageApiController extends ApiController { - protected PageRepo $pageRepo; - protected $rules = [ 'create' => [ 'book_id' => ['required_without:chapter_id', 'integer'], @@ -23,6 +20,7 @@ class PageApiController extends ApiController 'html' => ['required_without:markdown', 'string'], 'markdown' => ['required_without:html', 'string'], 'tags' => ['array'], + 'priority' => ['integer'], ], 'update' => [ 'book_id' => ['integer'], @@ -31,12 +29,15 @@ class PageApiController extends ApiController 'html' => ['string'], 'markdown' => ['string'], 'tags' => ['array'], + 'priority' => ['integer'], ], ]; - public function __construct(PageRepo $pageRepo) - { - $this->pageRepo = $pageRepo; + public function __construct( + protected PageRepo $pageRepo, + protected PageQueries $queries, + protected EntityQueries $entityQueries, + ) { } /** @@ -44,7 +45,8 @@ class PageApiController extends ApiController */ public function list() { - $pages = Page::visible(); + $pages = $this->queries->visibleForList() + ->addSelect(['created_by', 'updated_by', 'revision_count', 'editor']); return $this->apiListingResponse($pages, [ 'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority', @@ -70,9 +72,9 @@ class PageApiController extends ApiController $this->validate($request, $this->rules['create']); if ($request->has('chapter_id')) { - $parent = Chapter::visible()->findOrFail($request->get('chapter_id')); + $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id'))); } else { - $parent = Book::visible()->findOrFail($request->get('book_id')); + $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id'))); } $this->checkOwnablePermission('page-create', $parent); @@ -84,16 +86,20 @@ class PageApiController extends ApiController /** * View the details of a single page. - * * Pages will always have HTML content. They may have markdown content * if the markdown editor was used to last update the page. * + * The 'html' property is the fully rendered & escaped HTML content that BookStack + * would show on page view, with page includes handled. + * The 'raw_html' property is the direct database stored HTML content, which would be + * what BookStack shows on page edit. + * * See the "Content Security" section of these docs for security considerations when using * the page content returned from this endpoint. */ public function read(string $id) { - $page = $this->pageRepo->getById($id, []); + $page = $this->queries->findVisibleByIdOrFail($id); return response()->json($page->forJsonDisplay()); } @@ -109,14 +115,14 @@ class PageApiController extends ApiController { $requestData = $this->validate($request, $this->rules['update']); - $page = $this->pageRepo->getById($id, []); + $page = $this->queries->findVisibleByIdOrFail($id); $this->checkOwnablePermission('page-update', $page); $parent = null; if ($request->has('chapter_id')) { - $parent = Chapter::visible()->findOrFail($request->get('chapter_id')); + $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id'))); } elseif ($request->has('book_id')) { - $parent = Book::visible()->findOrFail($request->get('book_id')); + $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id'))); } if ($parent && !$parent->matches($page->getParent())) { @@ -144,7 +150,7 @@ class PageApiController extends ApiController */ public function delete(string $id) { - $page = $this->pageRepo->getById($id, []); + $page = $this->queries->findVisibleByIdOrFail($id); $this->checkOwnablePermission('page-delete', $page); $this->pageRepo->destroy($page);