BookStack Code Mirror - bookstack/blobdiff - app/Http/Controllers/Api/PageApiController.php

index a6db0583380e610626cef1794e8e5d8a2e501ea1..de729b469b3e7f12f7ee5d7e762d17566366995c 100644 (file)

--- a/app/Http/Controllers/Api/PageApiController.php

+++ b/app/Http/Controllers/Api/PageApiController.php

@@ -12,24 +12,24 @@ use Illuminate\Http\Request;

class PageApiController extends ApiController

{

- protected $pageRepo;

+ protected PageRepo $pageRepo;

protected $rules = [

'create' => [

- 'book_id' => 'required_without:chapter_id|integer',

- 'chapter_id' => 'required_without:book_id|integer',

- 'name' => 'required|string|max:255',

- 'html' => 'required_without:markdown|string',

- 'markdown' => 'required_without:html|string',

- 'tags' => 'array',

+ 'book_id' => ['required_without:chapter_id', 'integer'],

+ 'chapter_id' => ['required_without:book_id', 'integer'],

+ 'name' => ['required', 'string', 'max:255'],

+ 'html' => ['required_without:markdown', 'string'],

+ 'markdown' => ['required_without:html', 'string'],

+ 'tags' => ['array'],

'update' => [

- 'book_id' => 'required|integer',

- 'chapter_id' => 'required|integer',

- 'name' => 'string|min:1|max:255',

- 'html' => 'string',

- 'markdown' => 'string',

- 'tags' => 'array',

+ 'book_id' => ['integer'],

+ 'chapter_id' => ['integer'],

+ 'name' => ['string', 'min:1', 'max:255'],

+ 'html' => ['string'],

+ 'markdown' => ['string'],

+ 'tags' => ['array'],

];

@@ -44,6 +44,7 @@ class PageApiController extends ApiController

public function list()

{

$pages = Page::visible();

return $this->apiListingResponse($pages, [

'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority',

'draft', 'template',

@@ -60,6 +61,8 @@ class PageApiController extends ApiController

* Any HTML content provided should be kept to a single-block depth of plain HTML

* elements to remain compatible with the BookStack front-end and editors.

+ * Any images included via base64 data URIs will be extracted and saved as gallery

+ * images against the page during upload.

public function create(Request $request)

{

@@ -83,10 +86,14 @@ class PageApiController extends ApiController

* Pages will always have HTML content. They may have markdown content

* if the markdown editor was used to last update the page.

+ *

+ * See the "Content Security" section of these docs for security considerations when using

+ * the page content returned from this endpoint.

public function read(string $id)

{

$page = $this->pageRepo->getById($id, []);

return response()->json($page->forJsonDisplay());

}

@@ -99,18 +106,21 @@ class PageApiController extends ApiController

public function update(Request $request, string $id)

{

+ $requestData = $this->validate($request, $this->rules['update']);

$page = $this->pageRepo->getById($id, []);

$this->checkOwnablePermission('page-update', $page);

$parent = null;

if ($request->has('chapter_id')) {

$parent = Chapter::visible()->findOrFail($request->get('chapter_id'));

- } else if ($request->has('book_id')) {

+ } elseif ($request->has('book_id')) {

$parent = Book::visible()->findOrFail($request->get('book_id'));

}

if ($parent && !$parent->matches($page->getParent())) {

$this->checkOwnablePermission('page-delete', $page);

try {

$this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);

} catch (Exception $exception) {

@@ -122,7 +132,8 @@ class PageApiController extends ApiController

}

- $updatedPage = $this->pageRepo->update($page, $request->all());

+ $updatedPage = $this->pageRepo->update($page, $requestData);

return response()->json($updatedPage->forJsonDisplay());

}

@@ -136,6 +147,7 @@ class PageApiController extends ApiController

$this->checkOwnablePermission('page-delete', $page);

$this->pageRepo->destroy($page);

return response('', 204);

}