X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/673c74ddfc59677b55d0d7438038342f8d138569..refs/pull/232/head:/app/Http/Controllers/FileController.php diff --git a/app/Http/Controllers/FileController.php b/app/Http/Controllers/FileController.php index b97112c1c..668e9ec6c 100644 --- a/app/Http/Controllers/FileController.php +++ b/app/Http/Controllers/FileController.php @@ -1,10 +1,7 @@ -validate($request, [ - 'uploaded_to' => 'required|integer|exists:pages,id' + 'uploaded_to' => 'required|integer|exists:pages,id', + 'file' => 'required|file' ]); - $uploadedFile = $request->file('file'); $pageId = $request->get('uploaded_to'); + $page = $this->pageRepo->getById($pageId); + + $this->checkPermission('file-create-all'); + $this->checkOwnablePermission('page-update', $page); + + $uploadedFile = $request->file('file'); try { $file = $this->fileService->saveNewUpload($uploadedFile, $pageId); @@ -57,15 +56,105 @@ class FileController extends Controller return response()->json($file); } + /** + * Update an uploaded file. + * @param int $fileId + * @param Request $request + * @return mixed + */ + public function uploadUpdate($fileId, Request $request) + { + $this->validate($request, [ + 'uploaded_to' => 'required|integer|exists:pages,id', + 'file' => 'required|file' + ]); + + $pageId = $request->get('uploaded_to'); + $page = $this->pageRepo->getById($pageId); + $file = $this->file->findOrFail($fileId); + + $this->checkOwnablePermission('page-update', $page); + $this->checkOwnablePermission('file-create', $file); + + if (intval($pageId) !== intval($file->uploaded_to)) { + return $this->jsonError('Page mismatch during attached file update'); + } + + $uploadedFile = $request->file('file'); + + try { + $file = $this->fileService->saveUpdatedUpload($uploadedFile, $file); + } catch (FileUploadException $e) { + return response($e->getMessage(), 500); + } + + return response()->json($file); + } + + /** + * Update the details of an existing file. + * @param $fileId + * @param Request $request + * @return File|mixed + */ + public function update($fileId, Request $request) + { + $this->validate($request, [ + 'uploaded_to' => 'required|integer|exists:pages,id', + 'name' => 'required|string|min:1|max:255', + 'link' => 'url|min:1|max:255' + ]); + + $pageId = $request->get('uploaded_to'); + $page = $this->pageRepo->getById($pageId); + $file = $this->file->findOrFail($fileId); + + $this->checkOwnablePermission('page-update', $page); + $this->checkOwnablePermission('file-create', $file); + + if (intval($pageId) !== intval($file->uploaded_to)) { + return $this->jsonError('Page mismatch during attachment update'); + } + + $file = $this->fileService->updateFile($file, $request->all()); + return $file; + } + + /** + * Attach a link to a page as a file. + * @param Request $request + * @return mixed + */ + public function attachLink(Request $request) + { + $this->validate($request, [ + 'uploaded_to' => 'required|integer|exists:pages,id', + 'name' => 'required|string|min:1|max:255', + 'link' => 'required|url|min:1|max:255' + ]); + + $pageId = $request->get('uploaded_to'); + $page = $this->pageRepo->getById($pageId); + + $this->checkPermission('file-create-all'); + $this->checkOwnablePermission('page-update', $page); + + $fileName = $request->get('name'); + $link = $request->get('link'); + $file = $this->fileService->saveNewFromLink($fileName, $link, $pageId); + + return response()->json($file); + } + /** * Get the files for a specific page. * @param $pageId * @return mixed */ - public function getFilesForPage($pageId) + public function listForPage($pageId) { - // TODO - check view permission on page? $page = $this->pageRepo->getById($pageId); + $this->checkOwnablePermission('page-view', $page); return response()->json($page->files); } @@ -75,17 +164,51 @@ class FileController extends Controller * @param Request $request * @return mixed */ - public function sortFilesForPage($pageId, Request $request) + public function sortForPage($pageId, Request $request) { $this->validate($request, [ 'files' => 'required|array', 'files.*.id' => 'required|integer', ]); $page = $this->pageRepo->getById($pageId); + $this->checkOwnablePermission('page-update', $page); + $files = $request->get('files'); $this->fileService->updateFileOrderWithinPage($files, $pageId); - return response()->json(['message' => 'File order updated']); + return response()->json(['message' => 'Attachment order updated']); } + /** + * Get a file from storage. + * @param $fileId + */ + public function get($fileId) + { + $file = $this->file->findOrFail($fileId); + $page = $this->pageRepo->getById($file->uploaded_to); + $this->checkOwnablePermission('page-view', $page); + + if ($file->external) { + return redirect($file->path); + } + $fileContents = $this->fileService->getFile($file); + return response($fileContents, 200, [ + 'Content-Type' => 'application/octet-stream', + 'Content-Disposition' => 'attachment; filename="'. $file->getFileName() .'"' + ]); + } + + /** + * Delete a specific file in the system. + * @param $fileId + * @return mixed + */ + public function delete($fileId) + { + $file = $this->file->findOrFail($fileId); + $this->checkOwnablePermission('file-delete', $file); + $this->fileService->deleteFile($file); + return response()->json(['message' => 'Attachment deleted']); + } }