BookStack Code Mirror - bookstack/blob - app/Http/Controllers/FileController.php

   1 <?php namespace BookStack\Http\Controllers;
   2
   3 use BookStack\Exceptions\FileUploadException;
   4 use BookStack\File;
   5 use BookStack\Repos\PageRepo;
   6 use BookStack\Services\FileService;
   7 use Illuminate\Http\Request;
   8
   9 use BookStack\Http\Requests;
  10
  11 class FileController extends Controller
  12 {
  13     protected $fileService;
  14     protected $file;
  15     protected $pageRepo;
  16
  17     /**
  18      * FileController constructor.
  19      * @param FileService $fileService
  20      * @param File $file
  21      * @param PageRepo $pageRepo
  22      */
  23     public function __construct(FileService $fileService, File $file, PageRepo $pageRepo)
  24     {
  25         $this->fileService = $fileService;
  26         $this->file = $file;
  27         $this->pageRepo = $pageRepo;
  28     }
  29
  30
  31     /**
  32      * Endpoint at which files are uploaded to.
  33      * @param Request $request
  34      */
  35     public function upload(Request $request)
  36     {
  37         $this->validate($request, [
  38             'uploaded_to' => 'required|integer|exists:pages,id',
  39             'file' => 'required|file'
  40         ]);
  41
  42         $pageId = $request->get('uploaded_to');
  43         $page = $this->pageRepo->getById($pageId);
  44
  45         $this->checkPermission('file-create-all');
  46         $this->checkOwnablePermission('page-update', $page);
  47
  48         $uploadedFile = $request->file('file');
  49
  50         try {
  51             $file = $this->fileService->saveNewUpload($uploadedFile, $pageId);
  52         } catch (FileUploadException $e) {
  53             return response($e->getMessage(), 500);
  54         }
  55
  56         return response()->json($file);
  57     }
  58
  59     /**
  60      * Update an uploaded file.
  61      * @param int $fileId
  62      * @param Request $request
  63      * @return mixed
  64      */
  65     public function uploadUpdate($fileId, Request $request)
  66     {
  67         $this->validate($request, [
  68             'uploaded_to' => 'required|integer|exists:pages,id',
  69             'file' => 'required|file'
  70         ]);
  71
  72         $pageId = $request->get('uploaded_to');
  73         $page = $this->pageRepo->getById($pageId);
  74         $file = $this->file->findOrFail($fileId);
  75
  76         $this->checkOwnablePermission('page-update', $page);
  77         $this->checkOwnablePermission('file-create', $file);
  78
  79         if (intval($pageId) !== intval($file->uploaded_to)) {
  80             return $this->jsonError('Page mismatch during attached file update');
  81         }
  82
  83         $uploadedFile = $request->file('file');
  84
  85         try {
  86             $file = $this->fileService->saveUpdatedUpload($uploadedFile, $file);
  87         } catch (FileUploadException $e) {
  88             return response($e->getMessage(), 500);
  89         }
  90
  91         return response()->json($file);
  92     }
  93
  94     /**
  95      * Update the details of an existing file.
  96      * @param $fileId
  97      * @param Request $request
  98      * @return File|mixed
  99      */
 100     public function update($fileId, Request $request)
 101     {
 102         $this->validate($request, [
 103             'uploaded_to' => 'required|integer|exists:pages,id',
 104             'name' => 'required|string|min:1|max:255',
 105             'link' =>  'url|min:1|max:255'
 106         ]);
 107
 108         $pageId = $request->get('uploaded_to');
 109         $page = $this->pageRepo->getById($pageId);
 110         $file = $this->file->findOrFail($fileId);
 111
 112         $this->checkOwnablePermission('page-update', $page);
 113         $this->checkOwnablePermission('file-create', $file);
 114
 115         if (intval($pageId) !== intval($file->uploaded_to)) {
 116             return $this->jsonError('Page mismatch during attachment update');
 117         }
 118
 119         $file = $this->fileService->updateFile($file, $request->all());
 120         return $file;
 121     }
 122
 123     /**
 124      * Attach a link to a page as a file.
 125      * @param Request $request
 126      * @return mixed
 127      */
 128     public function attachLink(Request $request)
 129     {
 130         $this->validate($request, [
 131             'uploaded_to' => 'required|integer|exists:pages,id',
 132             'name' => 'required|string|min:1|max:255',
 133             'link' =>  'required|url|min:1|max:255'
 134         ]);
 135
 136         $pageId = $request->get('uploaded_to');
 137         $page = $this->pageRepo->getById($pageId);
 138
 139         $this->checkPermission('file-create-all');
 140         $this->checkOwnablePermission('page-update', $page);
 141
 142         $fileName = $request->get('name');
 143         $link = $request->get('link');
 144         $file = $this->fileService->saveNewFromLink($fileName, $link, $pageId);
 145
 146         return response()->json($file);
 147     }
 148
 149     /**
 150      * Get the files for a specific page.
 151      * @param $pageId
 152      * @return mixed
 153      */
 154     public function listForPage($pageId)
 155     {
 156         $page = $this->pageRepo->getById($pageId);
 157         $this->checkOwnablePermission('page-view', $page);
 158         return response()->json($page->files);
 159     }
 160
 161     /**
 162      * Update the file sorting.
 163      * @param $pageId
 164      * @param Request $request
 165      * @return mixed
 166      */
 167     public function sortForPage($pageId, Request $request)
 168     {
 169         $this->validate($request, [
 170             'files' => 'required|array',
 171             'files.*.id' => 'required|integer',
 172         ]);
 173         $page = $this->pageRepo->getById($pageId);
 174         $this->checkOwnablePermission('page-update', $page);
 175
 176         $files = $request->get('files');
 177         $this->fileService->updateFileOrderWithinPage($files, $pageId);
 178         return response()->json(['message' => 'Attachment order updated']);
 179     }
 180
 181     /**
 182      * Get a file from storage.
 183      * @param $fileId
 184      */
 185     public function get($fileId)
 186     {
 187         $file = $this->file->findOrFail($fileId);
 188         $page = $this->pageRepo->getById($file->uploaded_to);
 189         $this->checkOwnablePermission('page-view', $page);
 190
 191         if ($file->external) {
 192             return redirect($file->path);
 193         }
 194
 195         $fileContents = $this->fileService->getFile($file);
 196         return response($fileContents, 200, [
 197             'Content-Type' => 'application/octet-stream',
 198             'Content-Disposition' => 'attachment; filename="'. $file->getFileName() .'"'
 199         ]);
 200     }
 201
 202     /**
 203      * Delete a specific file in the system.
 204      * @param $fileId
 205      * @return mixed
 206      */
 207     public function delete($fileId)
 208     {
 209         $file = $this->file->findOrFail($fileId);
 210         $this->checkOwnablePermission('file-delete', $file);
 211         $this->fileService->deleteFile($file);
 212         return response()->json(['message' => 'Attachment deleted']);
 213     }
 214 }