BookStack Code Mirror - bookstack/blob - app/Http/Controllers/AttachmentController.php

   1 <?php
   2
   3 namespace BookStack\Http\Controllers;
   4
   5 use BookStack\Entities\Repos\PageRepo;
   6 use BookStack\Exceptions\FileUploadException;
   7 use BookStack\Exceptions\NotFoundException;
   8 use BookStack\Uploads\Attachment;
   9 use BookStack\Uploads\AttachmentService;
  10 use Exception;
  11 use Illuminate\Contracts\Filesystem\FileNotFoundException;
  12 use Illuminate\Http\Request;
  13 use Illuminate\Support\MessageBag;
  14 use Illuminate\Validation\ValidationException;
  15
  16 class AttachmentController extends Controller
  17 {
  18     protected AttachmentService $attachmentService;
  19     protected PageRepo $pageRepo;
  20
  21     /**
  22      * AttachmentController constructor.
  23      */
  24     public function __construct(AttachmentService $attachmentService, PageRepo $pageRepo)
  25     {
  26         $this->attachmentService = $attachmentService;
  27         $this->pageRepo = $pageRepo;
  28     }
  29
  30     /**
  31      * Endpoint at which attachments are uploaded to.
  32      *
  33      * @throws ValidationException
  34      * @throws NotFoundException
  35      */
  36     public function upload(Request $request)
  37     {
  38         $this->validate($request, [
  39             'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
  40             'file'        => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
  41         ]);
  42
  43         $pageId = $request->get('uploaded_to');
  44         $page = $this->pageRepo->getById($pageId);
  45
  46         $this->checkPermission('attachment-create-all');
  47         $this->checkOwnablePermission('page-update', $page);
  48
  49         $uploadedFile = $request->file('file');
  50
  51         try {
  52             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
  53         } catch (FileUploadException $e) {
  54             return response($e->getMessage(), 500);
  55         }
  56
  57         return response()->json($attachment);
  58     }
  59
  60     /**
  61      * Update an uploaded attachment.
  62      *
  63      * @throws ValidationException
  64      */
  65     public function uploadUpdate(Request $request, $attachmentId)
  66     {
  67         $this->validate($request, [
  68             'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
  69         ]);
  70
  71         /** @var Attachment $attachment */
  72         $attachment = Attachment::query()->findOrFail($attachmentId);
  73         $this->checkOwnablePermission('view', $attachment->page);
  74         $this->checkOwnablePermission('page-update', $attachment->page);
  75         $this->checkOwnablePermission('attachment-create', $attachment);
  76
  77         $uploadedFile = $request->file('file');
  78
  79         try {
  80             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
  81         } catch (FileUploadException $e) {
  82             return response($e->getMessage(), 500);
  83         }
  84
  85         return response()->json($attachment);
  86     }
  87
  88     /**
  89      * Get the update form for an attachment.
  90      */
  91     public function getUpdateForm(string $attachmentId)
  92     {
  93         /** @var Attachment $attachment */
  94         $attachment = Attachment::query()->findOrFail($attachmentId);
  95
  96         $this->checkOwnablePermission('page-update', $attachment->page);
  97         $this->checkOwnablePermission('attachment-create', $attachment);
  98
  99         return view('attachments.manager-edit-form', [
 100             'attachment' => $attachment,
 101         ]);
 102     }
 103
 104     /**
 105      * Update the details of an existing file.
 106      */
 107     public function update(Request $request, string $attachmentId)
 108     {
 109         /** @var Attachment $attachment */
 110         $attachment = Attachment::query()->findOrFail($attachmentId);
 111
 112         try {
 113             $this->validate($request, [
 114                 'attachment_edit_name' => ['required', 'string', 'min:1', 'max:255'],
 115                 'attachment_edit_url'  => ['string', 'min:1', 'max:255', 'safe_url'],
 116             ]);
 117         } catch (ValidationException $exception) {
 118             return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
 119                 'attachment' => $attachment,
 120                 'errors'     => new MessageBag($exception->errors()),
 121             ]), 422);
 122         }
 123
 124         $this->checkOwnablePermission('page-view', $attachment->page);
 125         $this->checkOwnablePermission('page-update', $attachment->page);
 126         $this->checkOwnablePermission('attachment-update', $attachment);
 127
 128         $attachment = $this->attachmentService->updateFile($attachment, [
 129             'name' => $request->get('attachment_edit_name'),
 130             'link' => $request->get('attachment_edit_url'),
 131         ]);
 132
 133         return view('attachments.manager-edit-form', [
 134             'attachment' => $attachment,
 135         ]);
 136     }
 137
 138     /**
 139      * Attach a link to a page.
 140      *
 141      * @throws NotFoundException
 142      */
 143     public function attachLink(Request $request)
 144     {
 145         $pageId = $request->get('attachment_link_uploaded_to');
 146
 147         try {
 148             $this->validate($request, [
 149                 'attachment_link_uploaded_to' => ['required', 'integer', 'exists:pages,id'],
 150                 'attachment_link_name'        => ['required', 'string', 'min:1', 'max:255'],
 151                 'attachment_link_url'         => ['required', 'string', 'min:1', 'max:255', 'safe_url'],
 152             ]);
 153         } catch (ValidationException $exception) {
 154             return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
 155                 'pageId' => $pageId,
 156                 'errors' => new MessageBag($exception->errors()),
 157             ]), 422);
 158         }
 159
 160         $page = $this->pageRepo->getById($pageId);
 161
 162         $this->checkPermission('attachment-create-all');
 163         $this->checkOwnablePermission('page-update', $page);
 164
 165         $attachmentName = $request->get('attachment_link_name');
 166         $link = $request->get('attachment_link_url');
 167         $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId));
 168
 169         return view('attachments.manager-link-form', [
 170             'pageId' => $pageId,
 171         ]);
 172     }
 173
 174     /**
 175      * Get the attachments for a specific page.
 176      *
 177      * @throws NotFoundException
 178      */
 179     public function listForPage(int $pageId)
 180     {
 181         $page = $this->pageRepo->getById($pageId);
 182         $this->checkOwnablePermission('page-view', $page);
 183
 184         return view('attachments.manager-list', [
 185             'attachments' => $page->attachments->all(),
 186         ]);
 187     }
 188
 189     /**
 190      * Update the attachment sorting.
 191      *
 192      * @throws ValidationException
 193      * @throws NotFoundException
 194      */
 195     public function sortForPage(Request $request, int $pageId)
 196     {
 197         $this->validate($request, [
 198             'order' => ['required', 'array'],
 199         ]);
 200         $page = $this->pageRepo->getById($pageId);
 201         $this->checkOwnablePermission('page-update', $page);
 202
 203         $attachmentOrder = $request->get('order');
 204         $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
 205
 206         return response()->json(['message' => trans('entities.attachments_order_updated')]);
 207     }
 208
 209     /**
 210      * Get an attachment from storage.
 211      *
 212      * @throws FileNotFoundException
 213      * @throws NotFoundException
 214      */
 215     public function get(Request $request, string $attachmentId)
 216     {
 217         /** @var Attachment $attachment */
 218         $attachment = Attachment::query()->findOrFail($attachmentId);
 219
 220         try {
 221             $page = $this->pageRepo->getById($attachment->uploaded_to);
 222         } catch (NotFoundException $exception) {
 223             throw new NotFoundException(trans('errors.attachment_not_found'));
 224         }
 225
 226         $this->checkOwnablePermission('page-view', $page);
 227
 228         if ($attachment->external) {
 229             return redirect($attachment->path);
 230         }
 231
 232         $fileName = $attachment->getFileName();
 233         $attachmentStream = $this->attachmentService->streamAttachmentFromStorage($attachment);
 234
 235         if ($request->get('open') === 'true') {
 236             return $this->download()->streamedInline($attachmentStream, $fileName);
 237         }
 238
 239         return $this->download()->streamedDirectly($attachmentStream, $fileName);
 240     }
 241
 242     /**
 243      * Delete a specific attachment in the system.
 244      *
 245      * @throws Exception
 246      */
 247     public function delete(string $attachmentId)
 248     {
 249         /** @var Attachment $attachment */
 250         $attachment = Attachment::query()->findOrFail($attachmentId);
 251         $this->checkOwnablePermission('attachment-delete', $attachment);
 252         $this->attachmentService->deleteFile($attachment);
 253
 254         return response()->json(['message' => trans('entities.attachments_deleted')]);
 255     }
 256 }