BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Api/AttachmentApiController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers\Api;
   4
   5 use BookStack\Entities\Models\Page;
   6 use BookStack\Exceptions\FileUploadException;
   7 use BookStack\Uploads\Attachment;
   8 use BookStack\Uploads\AttachmentService;
   9 use Exception;
  10 use Illuminate\Contracts\Filesystem\FileNotFoundException;
  11 use Illuminate\Http\Request;
  12 use Illuminate\Validation\ValidationException;
  13
  14 class AttachmentApiController extends ApiController
  15 {
  16     protected $attachmentService;
  17
  18     protected $rules = [
  19         'create' => [
  20             'name' => 'required|min:1|max:255|string',
  21             'uploaded_to' => 'required|integer|exists:pages,id',
  22             'file' => 'required_without:link|file',
  23             'link' => 'required_without:file|min:1|max:255|safe_url'
  24         ],
  25         'update' => [
  26             'name' => 'min:1|max:255|string',
  27             'uploaded_to' => 'integer|exists:pages,id',
  28             'file' => 'file',
  29             'link' => 'min:1|max:255|safe_url'
  30         ],
  31     ];
  32
  33     public function __construct(AttachmentService $attachmentService)
  34     {
  35         $this->attachmentService = $attachmentService;
  36     }
  37
  38     /**
  39      * Get a listing of attachments visible to the user.
  40      * The external property indicates whether the attachment is simple a link.
  41      * A false value for the external property would indicate a file upload.
  42      */
  43     public function list()
  44     {
  45         return $this->apiListingResponse(Attachment::visible(), [
  46             'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
  47         ]);
  48     }
  49
  50     /**
  51      * Create a new attachment in the system.
  52      * An uploaded_to value must be provided containing an ID of the page
  53      * that this upload will be related to.
  54      *
  55      * @throws ValidationException
  56      * @throws FileUploadException
  57      */
  58     public function create(Request $request)
  59     {
  60         $this->checkPermission('attachment-create-all');
  61         $requestData = $this->validate($request, $this->rules['create']);
  62
  63         $pageId = $request->get('uploaded_to');
  64         $page = Page::visible()->findOrFail($pageId);
  65         $this->checkOwnablePermission('page-update', $page);
  66
  67         if ($request->hasFile('file')) {
  68             $uploadedFile = $request->file('file');
  69             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
  70         } else {
  71             $attachment = $this->attachmentService->saveNewFromLink(
  72                 $requestData['name'], $requestData['link'], $page->id
  73             );
  74         }
  75
  76         $this->attachmentService->updateFile($attachment, $requestData);
  77         return response()->json($attachment);
  78     }
  79
  80     /**
  81      * Get the details & content of a single attachment of the given ID.
  82      * The attachment link or file content is provided via a 'content' property.
  83      * For files the content will be base64 encoded.
  84      *
  85      * @throws FileNotFoundException
  86      */
  87     public function read(string $id)
  88     {
  89         /** @var Attachment $attachment */
  90         $attachment = Attachment::visible()
  91             ->with(['createdBy', 'updatedBy'])
  92             ->findOrFail($id);
  93
  94         $attachment->setAttribute('links', [
  95             'html'     => $attachment->htmlLink(),
  96             'markdown' => $attachment->markdownLink(),
  97         ]);
  98
  99         if (!$attachment->external) {
 100             $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
 101             $attachment->setAttribute('content', base64_encode($attachmentContents));
 102         } else {
 103             $attachment->setAttribute('content', $attachment->path);
 104         }
 105
 106         return response()->json($attachment);
 107     }
 108
 109     /**
 110      * Update the details of a single attachment.
 111      *
 112      * @throws ValidationException
 113      * @throws FileUploadException
 114      */
 115     public function update(Request $request, string $id)
 116     {
 117         $requestData = $this->validate($request, $this->rules['update']);
 118         /** @var Attachment $attachment */
 119         $attachment = Attachment::visible()->findOrFail($id);
 120
 121         $page = $attachment->page;
 122         if ($requestData['uploaded_to'] ?? false) {
 123             $pageId = $request->get('uploaded_to');
 124             $page = Page::visible()->findOrFail($pageId);
 125             $attachment->uploaded_to = $requestData['uploaded_to'];
 126         }
 127
 128         $this->checkOwnablePermission('page-view', $page);
 129         $this->checkOwnablePermission('page-update', $page);
 130         $this->checkOwnablePermission('attachment-update', $attachment);
 131
 132         if ($request->hasFile('file')) {
 133             $uploadedFile = $request->file('file');
 134             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
 135         }
 136
 137         $this->attachmentService->updateFile($attachment, $requestData);
 138         return response()->json($attachment);
 139     }
 140
 141     /**
 142      * Delete an attachment of the given ID.
 143      *
 144      * @throws Exception
 145      */
 146     public function delete(string $id)
 147     {
 148         /** @var Attachment $attachment */
 149         $attachment = Attachment::visible()->findOrFail($id);
 150         $this->checkOwnablePermission('attachment-delete', $attachment);
 151
 152         $this->attachmentService->deleteFile($attachment);
 153
 154         return response('', 204);
 155     }
 156
 157 }