1 <?php namespace BookStack\Http\Controllers;
3 use BookStack\Entities\Repos\PageRepo;
4 use BookStack\Exceptions\FileUploadException;
5 use BookStack\Exceptions\NotFoundException;
6 use BookStack\Uploads\Attachment;
7 use BookStack\Uploads\AttachmentService;
9 use Illuminate\Contracts\Filesystem\FileNotFoundException;
10 use Illuminate\Http\Request;
11 use Illuminate\Support\MessageBag;
12 use Illuminate\Validation\ValidationException;
14 class AttachmentController extends Controller
16 protected $attachmentService;
17 protected $attachment;
21 * AttachmentController constructor.
23 public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo)
25 $this->attachmentService = $attachmentService;
26 $this->attachment = $attachment;
27 $this->pageRepo = $pageRepo;
28 parent::__construct();
33 * Endpoint at which attachments are uploaded to.
34 * @throws ValidationException
35 * @throws NotFoundException
37 public function upload(Request $request)
39 $this->validate($request, [
40 'uploaded_to' => 'required|integer|exists:pages,id',
41 'file' => 'required|file'
44 $pageId = $request->get('uploaded_to');
45 $page = $this->pageRepo->getById($pageId);
47 $this->checkPermission('attachment-create-all');
48 $this->checkOwnablePermission('page-update', $page);
50 $uploadedFile = $request->file('file');
53 $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
54 } catch (FileUploadException $e) {
55 return response($e->getMessage(), 500);
58 return response()->json($attachment);
62 * Update an uploaded attachment.
63 * @throws ValidationException
65 public function uploadUpdate(Request $request, $attachmentId)
67 $this->validate($request, [
68 'file' => 'required|file'
71 $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
72 $this->checkOwnablePermission('view', $attachment->page);
73 $this->checkOwnablePermission('page-update', $attachment->page);
74 $this->checkOwnablePermission('attachment-create', $attachment);
76 $uploadedFile = $request->file('file');
79 $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
80 } catch (FileUploadException $e) {
81 return response($e->getMessage(), 500);
84 return response()->json($attachment);
88 * Get the update form for an attachment.
89 * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
91 public function getUpdateForm(string $attachmentId)
93 $attachment = $this->attachment->findOrFail($attachmentId);
95 $this->checkOwnablePermission('page-update', $attachment->page);
96 $this->checkOwnablePermission('attachment-create', $attachment);
98 return view('attachments.manager-edit-form', [
99 'attachment' => $attachment,
104 * Update the details of an existing file.
106 public function update(Request $request, string $attachmentId)
108 $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
111 $this->validate($request, [
112 'attachment_edit_name' => 'required|string|min:1|max:255',
113 'attachment_edit_url' => 'string|min:1|max:255|safe_url'
115 } catch (ValidationException $exception) {
116 return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
117 'attachment' => $attachment,
118 'errors' => new MessageBag($exception->errors()),
122 $this->checkOwnablePermission('view', $attachment->page);
123 $this->checkOwnablePermission('page-update', $attachment->page);
124 $this->checkOwnablePermission('attachment-create', $attachment);
126 $attachment = $this->attachmentService->updateFile($attachment, [
127 'name' => $request->get('attachment_edit_name'),
128 'link' => $request->get('attachment_edit_url'),
131 return view('attachments.manager-edit-form', [
132 'attachment' => $attachment,
137 * Attach a link to a page.
138 * @throws NotFoundException
140 public function attachLink(Request $request)
142 $pageId = $request->get('attachment_link_uploaded_to');
145 $this->validate($request, [
146 'attachment_link_uploaded_to' => 'required|integer|exists:pages,id',
147 'attachment_link_name' => 'required|string|min:1|max:255',
148 'attachment_link_url' => 'required|string|min:1|max:255|safe_url'
150 } catch (ValidationException $exception) {
151 return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
153 'errors' => new MessageBag($exception->errors()),
157 $page = $this->pageRepo->getById($pageId);
159 $this->checkPermission('attachment-create-all');
160 $this->checkOwnablePermission('page-update', $page);
162 $attachmentName = $request->get('attachment_link_name');
163 $link = $request->get('attachment_link_url');
164 $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId));
166 return view('attachments.manager-link-form', [
172 * Get the attachments for a specific page.
174 public function listForPage(int $pageId)
176 $page = $this->pageRepo->getById($pageId);
177 $this->checkOwnablePermission('page-view', $page);
178 return view('attachments.manager-list', [
179 'attachments' => $page->attachments->all(),
184 * Update the attachment sorting.
185 * @throws ValidationException
186 * @throws NotFoundException
188 public function sortForPage(Request $request, int $pageId)
190 $this->validate($request, [
191 'order' => 'required|array',
193 $page = $this->pageRepo->getById($pageId);
194 $this->checkOwnablePermission('page-update', $page);
196 $attachmentOrder = $request->get('order');
197 $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
198 return response()->json(['message' => trans('entities.attachments_order_updated')]);
202 * Get an attachment from storage.
203 * @throws FileNotFoundException
204 * @throws NotFoundException
206 public function get(string $attachmentId)
208 $attachment = $this->attachment->findOrFail($attachmentId);
210 $page = $this->pageRepo->getById($attachment->uploaded_to);
211 } catch (NotFoundException $exception) {
212 throw new NotFoundException(trans('errors.attachment_not_found'));
215 $this->checkOwnablePermission('page-view', $page);
217 if ($attachment->external) {
218 return redirect($attachment->path);
221 $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
222 return $this->downloadResponse($attachmentContents, $attachment->getFileName());
226 * Delete a specific attachment in the system.
229 public function delete(string $attachmentId)
231 $attachment = $this->attachment->findOrFail($attachmentId);
232 $this->checkOwnablePermission('attachment-delete', $attachment);
233 $this->attachmentService->deleteFile($attachment);
234 return response()->json(['message' => trans('entities.attachments_deleted')]);