X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/1c8102bb897bc479abfcc3432353907d90654b1e..refs/pull/3693/head:/app/Http/Controllers/Api/PageApiController.php

diff --git a/app/Http/Controllers/Api/PageApiController.php b/app/Http/Controllers/Api/PageApiController.php
index 2fc4e3b36..de729b469 100644
--- a/app/Http/Controllers/Api/PageApiController.php
+++ b/app/Http/Controllers/Api/PageApiController.php
@@ -12,24 +12,24 @@ use Illuminate\Http\Request;
 
 class PageApiController extends ApiController
 {
-    protected $pageRepo;
+    protected PageRepo $pageRepo;
 
     protected $rules = [
         'create' => [
-            'book_id' => 'required_unless:chapter_id|integer',
-            'chapter_id' => 'required_unless:book_id|integer',
-            'name' => 'required|string|max:255',
-            'html' => 'required_without:markdown|string',
-            'markdown' => 'required_without:html|string',
-            'tags' => 'array',
+            'book_id'    => ['required_without:chapter_id', 'integer'],
+            'chapter_id' => ['required_without:book_id', 'integer'],
+            'name'       => ['required', 'string', 'max:255'],
+            'html'       => ['required_without:markdown', 'string'],
+            'markdown'   => ['required_without:html', 'string'],
+            'tags'       => ['array'],
         ],
         'update' => [
-            'book_id' => 'required|integer',
-            'chapter_id' => 'required|integer',
-            'name' => 'string|min:1|max:255',
-            'html' => 'string',
-            'markdown' => 'string',
-            'tags' => 'array',
+            'book_id'    => ['integer'],
+            'chapter_id' => ['integer'],
+            'name'       => ['string', 'min:1', 'max:255'],
+            'html'       => ['string'],
+            'markdown'   => ['string'],
+            'tags'       => ['array'],
         ],
     ];
 
@@ -44,15 +44,25 @@ class PageApiController extends ApiController
     public function list()
     {
         $pages = Page::visible();
+
         return $this->apiListingResponse($pages, [
             'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority',
             'draft', 'template',
-            'created_at', 'updated_at', 'created_by', 'updated_by',
+            'created_at', 'updated_at',
+            'created_by', 'updated_by', 'owned_by',
         ]);
     }
 
     /**
      * Create a new page in the system.
+     *
+     * The ID of a parent book or chapter is required to indicate
+     * where this page should be located.
+     *
+     * Any HTML content provided should be kept to a single-block depth of plain HTML
+     * elements to remain compatible with the BookStack front-end and editors.
+     * Any images included via base64 data URIs will be extracted and saved as gallery
+     * images against the page during upload.
      */
     public function create(Request $request)
     {
@@ -68,35 +78,49 @@ class PageApiController extends ApiController
         $draft = $this->pageRepo->getNewDraftPage($parent);
         $this->pageRepo->publishDraft($draft, $request->only(array_keys($this->rules['create'])));
 
-        return response()->json($draft->load(['tags']));
+        return response()->json($draft->forJsonDisplay());
     }
 
     /**
      * View the details of a single page.
+     *
+     * Pages will always have HTML content. They may have markdown content
+     * if the markdown editor was used to last update the page.
+     *
+     * See the "Content Security" section of these docs for security considerations when using
+     * the page content returned from this endpoint.
      */
     public function read(string $id)
     {
-        $page = $this->pageRepo->getById($id, ['tags', 'createdBy', 'updatedBy']);
-        return response()->json($page);
+        $page = $this->pageRepo->getById($id, []);
+
+        return response()->json($page->forJsonDisplay());
     }
 
     /**
      * Update the details of a single page.
+     *
+     * See the 'create' action for details on the provided HTML/Markdown.
+     * Providing a 'book_id' or 'chapter_id' property will essentially move
+     * the page into that parent element if you have permissions to do so.
      */
     public function update(Request $request, string $id)
     {
+        $requestData = $this->validate($request, $this->rules['update']);
+
         $page = $this->pageRepo->getById($id, []);
         $this->checkOwnablePermission('page-update', $page);
 
         $parent = null;
         if ($request->has('chapter_id')) {
             $parent = Chapter::visible()->findOrFail($request->get('chapter_id'));
-        } else if ($request->has('book_id')) {
+        } elseif ($request->has('book_id')) {
             $parent = Book::visible()->findOrFail($request->get('book_id'));
         }
 
         if ($parent && !$parent->matches($page->getParent())) {
             $this->checkOwnablePermission('page-delete', $page);
+
             try {
                 $this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);
             } catch (Exception $exception) {
@@ -108,12 +132,14 @@ class PageApiController extends ApiController
             }
         }
 
-        $updatedPage = $this->pageRepo->update($page, $request->all());
-        return response()->json($updatedPage->load(['tags']));
+        $updatedPage = $this->pageRepo->update($page, $requestData);
+
+        return response()->json($updatedPage->forJsonDisplay());
     }
 
     /**
-     * Delete a page from the system.
+     * Delete a page.
+     * This will typically send the page to the recycle bin.
      */
     public function delete(string $id)
     {
@@ -121,6 +147,7 @@ class PageApiController extends ApiController
         $this->checkOwnablePermission('page-delete', $page);
 
         $this->pageRepo->destroy($page);
+
         return response('', 204);
     }
 }