X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/89509b487af222ae9c9bc6c58c04b0790cc29b09..refs/pull/232/head:/app/Http/Controllers/FileController.php

diff --git a/app/Http/Controllers/FileController.php b/app/Http/Controllers/FileController.php
index 9486298b2..668e9ec6c 100644
--- a/app/Http/Controllers/FileController.php
+++ b/app/Http/Controllers/FileController.php
@@ -34,7 +34,6 @@ class FileController extends Controller
      */
     public function upload(Request $request)
     {
-        // TODO - ensure uploads are deleted on page delete.
         $this->validate($request, [
             'uploaded_to' => 'required|integer|exists:pages,id',
             'file' => 'required|file'
@@ -57,6 +56,70 @@ class FileController extends Controller
         return response()->json($file);
     }
 
+    /**
+     * Update an uploaded file.
+     * @param int $fileId
+     * @param Request $request
+     * @return mixed
+     */
+    public function uploadUpdate($fileId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'file' => 'required|file'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId);
+        $file = $this->file->findOrFail($fileId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('file-create', $file);
+        
+        if (intval($pageId) !== intval($file->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attached file update');
+        }
+
+        $uploadedFile = $request->file('file');
+
+        try {
+            $file = $this->fileService->saveUpdatedUpload($uploadedFile, $file);
+        } catch (FileUploadException $e) {
+            return response($e->getMessage(), 500);
+        }
+
+        return response()->json($file);
+    }
+
+    /**
+     * Update the details of an existing file.
+     * @param $fileId
+     * @param Request $request
+     * @return File|mixed
+     */
+    public function update($fileId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'url|min:1|max:255'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId);
+        $file = $this->file->findOrFail($fileId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('file-create', $file);
+
+        if (intval($pageId) !== intval($file->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attachment update');
+        }
+
+        $file = $this->fileService->updateFile($file, $request->all());
+        return $file;
+    }
+
     /**
      * Attach a link to a page as a file.
      * @param Request $request
@@ -66,8 +129,8 @@ class FileController extends Controller
     {
         $this->validate($request, [
             'uploaded_to' => 'required|integer|exists:pages,id',
-            'name' => 'string',
-            'link' =>  'url'
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'required|url|min:1|max:255'
         ]);
 
         $pageId = $request->get('uploaded_to');
@@ -132,7 +195,7 @@ class FileController extends Controller
         $fileContents = $this->fileService->getFile($file);
         return response($fileContents, 200, [
             'Content-Type' => 'application/octet-stream',
-            'Content-Disposition' => 'attachment; filename="'. $file->name .'"'
+            'Content-Disposition' => 'attachment; filename="'. $file->getFileName() .'"'
         ]);
     }