namespace BookStack\Entities\Controllers;
-use BookStack\Entities\Models\Book;
-use BookStack\Entities\Models\Chapter;
-use BookStack\Entities\Models\Page;
+use BookStack\Entities\Queries\EntityQueries;
+use BookStack\Entities\Queries\PageQueries;
use BookStack\Entities\Repos\PageRepo;
use BookStack\Exceptions\PermissionsException;
use BookStack\Http\ApiController;
class PageApiController extends ApiController
{
- protected PageRepo $pageRepo;
-
protected $rules = [
'create' => [
'book_id' => ['required_without:chapter_id', 'integer'],
],
];
- public function __construct(PageRepo $pageRepo)
- {
- $this->pageRepo = $pageRepo;
+ public function __construct(
+ protected PageRepo $pageRepo,
+ protected PageQueries $queries,
+ protected EntityQueries $entityQueries,
+ ) {
}
/**
*/
public function list()
{
- $pages = Page::visible();
+ $pages = $this->queries->visibleForList()
+ ->addSelect(['created_by', 'updated_by', 'revision_count', 'editor']);
return $this->apiListingResponse($pages, [
'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority',
$this->validate($request, $this->rules['create']);
if ($request->has('chapter_id')) {
- $parent = Chapter::visible()->findOrFail($request->get('chapter_id'));
+ $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));
} else {
- $parent = Book::visible()->findOrFail($request->get('book_id'));
+ $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
}
$this->checkOwnablePermission('page-create', $parent);
/**
* View the details of a single page.
- *
* Pages will always have HTML content. They may have markdown content
* if the markdown editor was used to last update the page.
*
+ * The 'html' property is the fully rendered & escaped HTML content that BookStack
+ * would show on page view, with page includes handled.
+ * The 'raw_html' property is the direct database stored HTML content, which would be
+ * what BookStack shows on page edit.
+ *
* See the "Content Security" section of these docs for security considerations when using
* the page content returned from this endpoint.
*/
public function read(string $id)
{
- $page = $this->pageRepo->getById($id, []);
+ $page = $this->queries->findVisibleByIdOrFail($id);
return response()->json($page->forJsonDisplay());
}
{
$requestData = $this->validate($request, $this->rules['update']);
- $page = $this->pageRepo->getById($id, []);
+ $page = $this->queries->findVisibleByIdOrFail($id);
$this->checkOwnablePermission('page-update', $page);
$parent = null;
if ($request->has('chapter_id')) {
- $parent = Chapter::visible()->findOrFail($request->get('chapter_id'));
+ $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));
} elseif ($request->has('book_id')) {
- $parent = Book::visible()->findOrFail($request->get('book_id'));
+ $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
}
if ($parent && !$parent->matches($page->getParent())) {
*/
public function delete(string $id)
{
- $page = $this->pageRepo->getById($id, []);
+ $page = $this->queries->findVisibleByIdOrFail($id);
$this->checkOwnablePermission('page-delete', $page);
$this->pageRepo->destroy($page);
projects / bookstack / blobdiff