X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/ac0b29fb6d05d6e943419b91fdbc09a59e20c89f..refs/pull/232/head:/app/Http/Controllers/FileController.php

diff --git a/app/Http/Controllers/FileController.php b/app/Http/Controllers/FileController.php
index e09fb98c6..668e9ec6c 100644
--- a/app/Http/Controllers/FileController.php
+++ b/app/Http/Controllers/FileController.php
@@ -34,9 +34,9 @@ class FileController extends Controller
      */
     public function upload(Request $request)
     {
-        // TODO - ensure uploads are deleted on page delete.
         $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id'
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'file' => 'required|file'
         ]);
 
         $pageId = $request->get('uploaded_to');
@@ -56,6 +56,96 @@ class FileController extends Controller
         return response()->json($file);
     }
 
+    /**
+     * Update an uploaded file.
+     * @param int $fileId
+     * @param Request $request
+     * @return mixed
+     */
+    public function uploadUpdate($fileId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'file' => 'required|file'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId);
+        $file = $this->file->findOrFail($fileId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('file-create', $file);
+        
+        if (intval($pageId) !== intval($file->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attached file update');
+        }
+
+        $uploadedFile = $request->file('file');
+
+        try {
+            $file = $this->fileService->saveUpdatedUpload($uploadedFile, $file);
+        } catch (FileUploadException $e) {
+            return response($e->getMessage(), 500);
+        }
+
+        return response()->json($file);
+    }
+
+    /**
+     * Update the details of an existing file.
+     * @param $fileId
+     * @param Request $request
+     * @return File|mixed
+     */
+    public function update($fileId, Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'url|min:1|max:255'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId);
+        $file = $this->file->findOrFail($fileId);
+
+        $this->checkOwnablePermission('page-update', $page);
+        $this->checkOwnablePermission('file-create', $file);
+
+        if (intval($pageId) !== intval($file->uploaded_to)) {
+            return $this->jsonError('Page mismatch during attachment update');
+        }
+
+        $file = $this->fileService->updateFile($file, $request->all());
+        return $file;
+    }
+
+    /**
+     * Attach a link to a page as a file.
+     * @param Request $request
+     * @return mixed
+     */
+    public function attachLink(Request $request)
+    {
+        $this->validate($request, [
+            'uploaded_to' => 'required|integer|exists:pages,id',
+            'name' => 'required|string|min:1|max:255',
+            'link' =>  'required|url|min:1|max:255'
+        ]);
+
+        $pageId = $request->get('uploaded_to');
+        $page = $this->pageRepo->getById($pageId);
+
+        $this->checkPermission('file-create-all');
+        $this->checkOwnablePermission('page-update', $page);
+
+        $fileName = $request->get('name');
+        $link = $request->get('link');
+        $file = $this->fileService->saveNewFromLink($fileName, $link, $pageId);
+
+        return response()->json($file);
+    }
+
     /**
      * Get the files for a specific page.
      * @param $pageId
@@ -85,7 +175,7 @@ class FileController extends Controller
 
         $files = $request->get('files');
         $this->fileService->updateFileOrderWithinPage($files, $pageId);
-        return response()->json(['message' => 'File order updated']);
+        return response()->json(['message' => 'Attachment order updated']);
     }
 
     /**
@@ -98,10 +188,14 @@ class FileController extends Controller
         $page = $this->pageRepo->getById($file->uploaded_to);
         $this->checkOwnablePermission('page-view', $page);
 
+        if ($file->external) {
+            return redirect($file->path);
+        }
+
         $fileContents = $this->fileService->getFile($file);
         return response($fileContents, 200, [
             'Content-Type' => 'application/octet-stream',
-            'Content-Disposition' => 'attachment; filename="'. $file->name .'"'
+            'Content-Disposition' => 'attachment; filename="'. $file->getFileName() .'"'
         ]);
     }
 
@@ -113,8 +207,8 @@ class FileController extends Controller
     public function delete($fileId)
     {
         $file = $this->file->findOrFail($fileId);
-        $this->checkOwnablePermission($file, 'file-delete');
+        $this->checkOwnablePermission('file-delete', $file);
         $this->fileService->deleteFile($file);
-        return response()->json(['message' => 'File deleted']);
+        return response()->json(['message' => 'Attachment deleted']);
     }
 }