]> BookStack Code Mirror - bookstack/blob - app/Http/Controllers/AttachmentController.php
Fixed issue causing text overlap in sort select box
[bookstack] / app / Http / Controllers / AttachmentController.php
1 <?php namespace BookStack\Http\Controllers;
2
3 use BookStack\Entities\Repos\EntityRepo;
4 use BookStack\Exceptions\FileUploadException;
5 use BookStack\Exceptions\NotFoundException;
6 use BookStack\Uploads\Attachment;
7 use BookStack\Uploads\AttachmentService;
8 use Illuminate\Http\Request;
9
10 class AttachmentController extends Controller
11 {
12     protected $attachmentService;
13     protected $attachment;
14     protected $entityRepo;
15
16     /**
17      * AttachmentController constructor.
18      * @param \BookStack\Uploads\AttachmentService $attachmentService
19      * @param Attachment $attachment
20      * @param EntityRepo $entityRepo
21      */
22     public function __construct(AttachmentService $attachmentService, Attachment $attachment, EntityRepo $entityRepo)
23     {
24         $this->attachmentService = $attachmentService;
25         $this->attachment = $attachment;
26         $this->entityRepo = $entityRepo;
27         parent::__construct();
28     }
29
30
31     /**
32      * Endpoint at which attachments are uploaded to.
33      * @param Request $request
34      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response
35      */
36     public function upload(Request $request)
37     {
38         $this->validate($request, [
39             'uploaded_to' => 'required|integer|exists:pages,id',
40             'file' => 'required|file'
41         ]);
42
43         $pageId = $request->get('uploaded_to');
44         $page = $this->entityRepo->getById('page', $pageId, true);
45
46         $this->checkPermission('attachment-create-all');
47         $this->checkOwnablePermission('page-update', $page);
48
49         $uploadedFile = $request->file('file');
50
51         try {
52             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
53         } catch (FileUploadException $e) {
54             return response($e->getMessage(), 500);
55         }
56
57         return response()->json($attachment);
58     }
59
60     /**
61      * Update an uploaded attachment.
62      * @param int $attachmentId
63      * @param Request $request
64      * @return mixed
65      */
66     public function uploadUpdate($attachmentId, Request $request)
67     {
68         $this->validate($request, [
69             'uploaded_to' => 'required|integer|exists:pages,id',
70             'file' => 'required|file'
71         ]);
72
73         $pageId = $request->get('uploaded_to');
74         $page = $this->entityRepo->getById('page', $pageId, true);
75         $attachment = $this->attachment->findOrFail($attachmentId);
76
77         $this->checkOwnablePermission('page-update', $page);
78         $this->checkOwnablePermission('attachment-create', $attachment);
79         
80         if (intval($pageId) !== intval($attachment->uploaded_to)) {
81             return $this->jsonError(trans('errors.attachment_page_mismatch'));
82         }
83
84         $uploadedFile = $request->file('file');
85
86         try {
87             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
88         } catch (FileUploadException $e) {
89             return response($e->getMessage(), 500);
90         }
91
92         return response()->json($attachment);
93     }
94
95     /**
96      * Update the details of an existing file.
97      * @param $attachmentId
98      * @param Request $request
99      * @return Attachment|mixed
100      */
101     public function update($attachmentId, Request $request)
102     {
103         $this->validate($request, [
104             'uploaded_to' => 'required|integer|exists:pages,id',
105             'name' => 'required|string|min:1|max:255',
106             'link' =>  'string|min:1|max:255'
107         ]);
108
109         $pageId = $request->get('uploaded_to');
110         $page = $this->entityRepo->getById('page', $pageId, true);
111         $attachment = $this->attachment->findOrFail($attachmentId);
112
113         $this->checkOwnablePermission('page-update', $page);
114         $this->checkOwnablePermission('attachment-create', $attachment);
115
116         if (intval($pageId) !== intval($attachment->uploaded_to)) {
117             return $this->jsonError(trans('errors.attachment_page_mismatch'));
118         }
119
120         $attachment = $this->attachmentService->updateFile($attachment, $request->all());
121         return response()->json($attachment);
122     }
123
124     /**
125      * Attach a link to a page.
126      * @param Request $request
127      * @return mixed
128      */
129     public function attachLink(Request $request)
130     {
131         $this->validate($request, [
132             'uploaded_to' => 'required|integer|exists:pages,id',
133             'name' => 'required|string|min:1|max:255',
134             'link' =>  'required|string|min:1|max:255'
135         ]);
136
137         $pageId = $request->get('uploaded_to');
138         $page = $this->entityRepo->getById('page', $pageId, true);
139
140         $this->checkPermission('attachment-create-all');
141         $this->checkOwnablePermission('page-update', $page);
142
143         $attachmentName = $request->get('name');
144         $link = $request->get('link');
145         $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
146
147         return response()->json($attachment);
148     }
149
150     /**
151      * Get the attachments for a specific page.
152      * @param $pageId
153      * @return mixed
154      */
155     public function listForPage($pageId)
156     {
157         $page = $this->entityRepo->getById('page', $pageId, true);
158         $this->checkOwnablePermission('page-view', $page);
159         return response()->json($page->attachments);
160     }
161
162     /**
163      * Update the attachment sorting.
164      * @param $pageId
165      * @param Request $request
166      * @return mixed
167      */
168     public function sortForPage($pageId, Request $request)
169     {
170         $this->validate($request, [
171             'files' => 'required|array',
172             'files.*.id' => 'required|integer',
173         ]);
174         $page = $this->entityRepo->getById('page', $pageId);
175         $this->checkOwnablePermission('page-update', $page);
176
177         $attachments = $request->get('files');
178         $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
179         return response()->json(['message' => trans('entities.attachments_order_updated')]);
180     }
181
182     /**
183      * Get an attachment from storage.
184      * @param $attachmentId
185      * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Symfony\Component\HttpFoundation\Response
186      * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
187      * @throws NotFoundException
188      */
189     public function get($attachmentId)
190     {
191         $attachment = $this->attachment->findOrFail($attachmentId);
192         $page = $this->entityRepo->getById('page', $attachment->uploaded_to);
193         if ($page === null) {
194             throw new NotFoundException(trans('errors.attachment_not_found'));
195         }
196
197         $this->checkOwnablePermission('page-view', $page);
198
199         if ($attachment->external) {
200             return redirect($attachment->path);
201         }
202
203         $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
204         return $this->downloadResponse($attachmentContents, $attachment->getFileName());
205     }
206
207     /**
208      * Delete a specific attachment in the system.
209      * @param $attachmentId
210      * @return mixed
211      * @throws \Exception
212      */
213     public function delete($attachmentId)
214     {
215         $attachment = $this->attachment->findOrFail($attachmentId);
216         $this->checkOwnablePermission('attachment-delete', $attachment);
217         $this->attachmentService->deleteFile($attachment);
218         return response()->json(['message' => trans('entities.attachments_deleted')]);
219     }
220 }