BookStack Code Mirror - bookstack/blob - app/Http/Controllers/AttachmentController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Entities\Repos\EntityRepo;
   4 use BookStack\Exceptions\FileUploadException;
   5 use BookStack\Exceptions\NotFoundException;
   6 use BookStack\Uploads\Attachment;
   7 use BookStack\Uploads\AttachmentService;
   8 use Illuminate\Http\Request;
   9
  10 class AttachmentController extends Controller
  11 {
  12     protected $attachmentService;
  13     protected $attachment;
  14     protected $entityRepo;
  15
  16     /**
  17      * AttachmentController constructor.
  18      * @param \BookStack\Uploads\AttachmentService $attachmentService
  19      * @param Attachment $attachment
  20      * @param EntityRepo $entityRepo
  21      */
  22     public function __construct(AttachmentService $attachmentService, Attachment $attachment, EntityRepo $entityRepo)
  23     {
  24         $this->attachmentService = $attachmentService;
  25         $this->attachment = $attachment;
  26         $this->entityRepo = $entityRepo;
  27         parent::__construct();
  28     }
  29
  30
  31     /**
  32      * Endpoint at which attachments are uploaded to.
  33      * @param Request $request
  34      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response
  35      */
  36     public function upload(Request $request)
  37     {
  38         $this->validate($request, [
  39             'uploaded_to' => 'required|integer|exists:pages,id',
  40             'file' => 'required|file'
  41         ]);
  42
  43         $pageId = $request->get('uploaded_to');
  44         $page = $this->entityRepo->getById('page', $pageId, true);
  45
  46         $this->checkPermission('attachment-create-all');
  47         $this->checkOwnablePermission('page-update', $page);
  48
  49         $uploadedFile = $request->file('file');
  50
  51         try {
  52             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
  53         } catch (FileUploadException $e) {
  54             return response($e->getMessage(), 500);
  55         }
  56
  57         return response()->json($attachment);
  58     }
  59
  60     /**
  61      * Update an uploaded attachment.
  62      * @param int $attachmentId
  63      * @param Request $request
  64      * @return mixed
  65      */
  66     public function uploadUpdate($attachmentId, Request $request)
  67     {
  68         $this->validate($request, [
  69             'uploaded_to' => 'required|integer|exists:pages,id',
  70             'file' => 'required|file'
  71         ]);
  72
  73         $pageId = $request->get('uploaded_to');
  74         $page = $this->entityRepo->getById('page', $pageId, true);
  75         $attachment = $this->attachment->findOrFail($attachmentId);
  76
  77         $this->checkOwnablePermission('page-update', $page);
  78         $this->checkOwnablePermission('attachment-create', $attachment);
  79
  80         if (intval($pageId) !== intval($attachment->uploaded_to)) {
  81             return $this->jsonError(trans('errors.attachment_page_mismatch'));
  82         }
  83
  84         $uploadedFile = $request->file('file');
  85
  86         try {
  87             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
  88         } catch (FileUploadException $e) {
  89             return response($e->getMessage(), 500);
  90         }
  91
  92         return response()->json($attachment);
  93     }
  94
  95     /**
  96      * Update the details of an existing file.
  97      * @param $attachmentId
  98      * @param Request $request
  99      * @return Attachment|mixed
 100      */
 101     public function update($attachmentId, Request $request)
 102     {
 103         $this->validate($request, [
 104             'uploaded_to' => 'required|integer|exists:pages,id',
 105             'name' => 'required|string|min:1|max:255',
 106             'link' =>  'string|min:1|max:255'
 107         ]);
 108
 109         $pageId = $request->get('uploaded_to');
 110         $page = $this->entityRepo->getById('page', $pageId, true);
 111         $attachment = $this->attachment->findOrFail($attachmentId);
 112
 113         $this->checkOwnablePermission('page-update', $page);
 114         $this->checkOwnablePermission('attachment-create', $attachment);
 115
 116         if (intval($pageId) !== intval($attachment->uploaded_to)) {
 117             return $this->jsonError(trans('errors.attachment_page_mismatch'));
 118         }
 119
 120         $attachment = $this->attachmentService->updateFile($attachment, $request->all());
 121         return response()->json($attachment);
 122     }
 123
 124     /**
 125      * Attach a link to a page.
 126      * @param Request $request
 127      * @return mixed
 128      */
 129     public function attachLink(Request $request)
 130     {
 131         $this->validate($request, [
 132             'uploaded_to' => 'required|integer|exists:pages,id',
 133             'name' => 'required|string|min:1|max:255',
 134             'link' =>  'required|string|min:1|max:255'
 135         ]);
 136
 137         $pageId = $request->get('uploaded_to');
 138         $page = $this->entityRepo->getById('page', $pageId, true);
 139
 140         $this->checkPermission('attachment-create-all');
 141         $this->checkOwnablePermission('page-update', $page);
 142
 143         $attachmentName = $request->get('name');
 144         $link = $request->get('link');
 145         $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
 146
 147         return response()->json($attachment);
 148     }
 149
 150     /**
 151      * Get the attachments for a specific page.
 152      * @param $pageId
 153      * @return mixed
 154      */
 155     public function listForPage($pageId)
 156     {
 157         $page = $this->entityRepo->getById('page', $pageId, true);
 158         $this->checkOwnablePermission('page-view', $page);
 159         return response()->json($page->attachments);
 160     }
 161
 162     /**
 163      * Update the attachment sorting.
 164      * @param $pageId
 165      * @param Request $request
 166      * @return mixed
 167      */
 168     public function sortForPage($pageId, Request $request)
 169     {
 170         $this->validate($request, [
 171             'files' => 'required|array',
 172             'files.*.id' => 'required|integer',
 173         ]);
 174         $page = $this->entityRepo->getById('page', $pageId);
 175         $this->checkOwnablePermission('page-update', $page);
 176
 177         $attachments = $request->get('files');
 178         $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
 179         return response()->json(['message' => trans('entities.attachments_order_updated')]);
 180     }
 181
 182     /**
 183      * Get an attachment from storage.
 184      * @param $attachmentId
 185      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Symfony\Component\HttpFoundation\Response
 186      * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
 187      * @throws NotFoundException
 188      */
 189     public function get($attachmentId)
 190     {
 191         $attachment = $this->attachment->findOrFail($attachmentId);
 192         $page = $this->entityRepo->getById('page', $attachment->uploaded_to);
 193         if ($page === null) {
 194             throw new NotFoundException(trans('errors.attachment_not_found'));
 195         }
 196
 197         $this->checkOwnablePermission('page-view', $page);
 198
 199         if ($attachment->external) {
 200             return redirect($attachment->path);
 201         }
 202
 203         $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
 204         return $this->downloadResponse($attachmentContents, $attachment->getFileName());
 205     }
 206
 207     /**
 208      * Delete a specific attachment in the system.
 209      * @param $attachmentId
 210      * @return mixed
 211      * @throws \Exception
 212      */
 213     public function delete($attachmentId)
 214     {
 215         $attachment = $this->attachment->findOrFail($attachmentId);
 216         $this->checkOwnablePermission('attachment-delete', $attachment);
 217         $this->attachmentService->deleteFile($attachment);
 218         return response()->json(['message' => trans('entities.attachments_deleted')]);
 219     }
 220 }