Added basic system tests for markdown editor, Added extra test helpers

[bookstack] / app / Http / Controllers / ImageController.php

diff --git a/app/Http/Controllers/ImageController.php b/app/Http/Controllers/ImageController.php
index 3fff28d3ba493cd31ef4acc06ac32f91ab78ae11..f9d65c48b706aa8698fbdf17d4cce6c245605c0b 100644 (file)
--- a/app/Http/Controllers/ImageController.php
+++ b/app/Http/Controllers/ImageController.php
@@ -20,8 +20,8 @@ class ImageController extends Controller
 
     /**
      * ImageController constructor.
-     * @param Image     $image
-     * @param File      $file
+     * @param Image $image
+     * @param File $file
      * @param ImageRepo $imageRepo
      */
     public function __construct(Image $image, File $file, ImageRepo $imageRepo)
@@ -32,9 +32,9 @@ class ImageController extends Controller
         parent::__construct();
     }
 
-
     /**
      * Get all images for a specific type, Paginated
+     * @param string $type
      * @param int $page
      * @return \Illuminate\Http\JsonResponse
      */
@@ -55,16 +55,15 @@ class ImageController extends Controller
         return response()->json($imgData);
     }
 
-
     /**
      * Handles image uploads for use on pages.
-     * @param string  $type
+     * @param string $type
      * @param Request $request
      * @return \Illuminate\Http\JsonResponse
      */
     public function uploadByType($type, Request $request)
     {
-        $this->checkPermission('image-create');
+        $this->checkPermission('image-create-all');
         $this->validate($request, [
             'file' => 'image|mimes:jpeg,gif,png'
         ]);
@@ -72,7 +71,8 @@ class ImageController extends Controller
         $imageUpload = $request->file('file');
 
         try {
-            $image = $this->imageRepo->saveNew($imageUpload, $type);
+            $uploadedTo = $request->has('uploaded_to') ? $request->get('uploaded_to') : 0;
+            $image = $this->imageRepo->saveNew($imageUpload, $type, $uploadedTo);
         } catch (ImageUploadException $e) {
             return response($e->getMessage(), 500);
         }
@@ -90,7 +90,7 @@ class ImageController extends Controller
      */
     public function getThumbnail($id, $width, $height, $crop)
     {
-        $this->checkPermission('image-create');
+        $this->checkPermission('image-create-all');
         $image = $this->imageRepo->getById($id);
         $thumbnailUrl = $this->imageRepo->getThumbnail($image, $width, $height, $crop == 'false');
         return response()->json(['url' => $thumbnailUrl]);
@@ -98,33 +98,32 @@ class ImageController extends Controller
 
     /**
      * Update image details
-     * @param         $imageId
+     * @param integer $imageId
      * @param Request $request
      * @return \Illuminate\Http\JsonResponse
      */
     public function update($imageId, Request $request)
     {
-        $this->checkPermission('image-update');
         $this->validate($request, [
             'name' => 'required|min:2|string'
         ]);
         $image = $this->imageRepo->getById($imageId);
+        $this->checkOwnablePermission('image-update', $image);
         $image = $this->imageRepo->updateImageDetails($image, $request->all());
         return response()->json($image);
     }
 
-
     /**
      * Deletes an image and all thumbnail/image files
      * @param PageRepo $pageRepo
-     * @param Request  $request
-     * @param int      $id
+     * @param Request $request
+     * @param int $id
      * @return \Illuminate\Http\JsonResponse
      */
     public function destroy(PageRepo $pageRepo, Request $request, $id)
     {
-        $this->checkPermission('image-delete');
         $image = $this->imageRepo->getById($id);
+        $this->checkOwnablePermission('image-delete', $image);
 
         // Check if this image is used on any pages
         $isForced = ($request->has('force') && ($request->get('force') === 'true') || $request->get('force') === true);