-<?php namespace BookStack\Http\Controllers;
+<?php
+
+namespace BookStack\Http\Controllers;
use BookStack\Entities\Repos\PageRepo;
use BookStack\Exceptions\FileUploadException;
class AttachmentController extends Controller
{
- protected $attachmentService;
- protected $attachment;
- protected $pageRepo;
-
- /**
- * AttachmentController constructor.
- */
- public function __construct(AttachmentService $attachmentService, Attachment $attachment, PageRepo $pageRepo)
- {
- $this->attachmentService = $attachmentService;
- $this->attachment = $attachment;
- $this->pageRepo = $pageRepo;
- parent::__construct();
+ public function __construct(
+ protected AttachmentService $attachmentService,
+ protected PageRepo $pageRepo
+ ) {
}
-
/**
* Endpoint at which attachments are uploaded to.
+ *
* @throws ValidationException
* @throws NotFoundException
*/
public function upload(Request $request)
{
$this->validate($request, [
- 'uploaded_to' => 'required|integer|exists:pages,id',
- 'file' => 'required|file'
+ 'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
+ 'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
]);
$pageId = $request->get('uploaded_to');
/**
* Update an uploaded attachment.
+ *
* @throws ValidationException
*/
public function uploadUpdate(Request $request, $attachmentId)
{
$this->validate($request, [
- 'file' => 'required|file'
+ 'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
]);
- $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
+ /** @var Attachment $attachment */
+ $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('view', $attachment->page);
$this->checkOwnablePermission('page-update', $attachment->page);
$this->checkOwnablePermission('attachment-create', $attachment);
/**
* Get the update form for an attachment.
- * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
*/
public function getUpdateForm(string $attachmentId)
{
- $attachment = $this->attachment->findOrFail($attachmentId);
+ /** @var Attachment $attachment */
+ $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('page-update', $attachment->page);
$this->checkOwnablePermission('attachment-create', $attachment);
*/
public function update(Request $request, string $attachmentId)
{
- $attachment = $this->attachment->newQuery()->findOrFail($attachmentId);
+ /** @var Attachment $attachment */
+ $attachment = Attachment::query()->findOrFail($attachmentId);
try {
$this->validate($request, [
- 'attachment_edit_name' => 'required|string|min:1|max:255',
- 'attachment_edit_url' => 'string|min:1|max:255'
+ 'attachment_edit_name' => ['required', 'string', 'min:1', 'max:255'],
+ 'attachment_edit_url' => ['string', 'min:1', 'max:2000', 'safe_url'],
]);
} catch (ValidationException $exception) {
return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
'attachment' => $attachment,
- 'errors' => new MessageBag($exception->errors()),
+ 'errors' => new MessageBag($exception->errors()),
]), 422);
}
- $this->checkOwnablePermission('view', $attachment->page);
+ $this->checkOwnablePermission('page-view', $attachment->page);
$this->checkOwnablePermission('page-update', $attachment->page);
- $this->checkOwnablePermission('attachment-create', $attachment);
+ $this->checkOwnablePermission('attachment-update', $attachment);
$attachment = $this->attachmentService->updateFile($attachment, [
'name' => $request->get('attachment_edit_name'),
/**
* Attach a link to a page.
+ *
* @throws NotFoundException
*/
public function attachLink(Request $request)
try {
$this->validate($request, [
- 'attachment_link_uploaded_to' => 'required|integer|exists:pages,id',
- 'attachment_link_name' => 'required|string|min:1|max:255',
- 'attachment_link_url' => 'required|string|min:1|max:255'
+ 'attachment_link_uploaded_to' => ['required', 'integer', 'exists:pages,id'],
+ 'attachment_link_name' => ['required', 'string', 'min:1', 'max:255'],
+ 'attachment_link_url' => ['required', 'string', 'min:1', 'max:2000', 'safe_url'],
]);
} catch (ValidationException $exception) {
return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
$attachmentName = $request->get('attachment_link_name');
$link = $request->get('attachment_link_url');
- $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);
+ $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId));
return view('attachments.manager-link-form', [
'pageId' => $pageId,
/**
* Get the attachments for a specific page.
+ *
+ * @throws NotFoundException
*/
public function listForPage(int $pageId)
{
$page = $this->pageRepo->getById($pageId);
$this->checkOwnablePermission('page-view', $page);
+
return view('attachments.manager-list', [
'attachments' => $page->attachments->all(),
]);
/**
* Update the attachment sorting.
+ *
* @throws ValidationException
* @throws NotFoundException
*/
public function sortForPage(Request $request, int $pageId)
{
$this->validate($request, [
- 'order' => 'required|array',
+ 'order' => ['required', 'array'],
]);
$page = $this->pageRepo->getById($pageId);
$this->checkOwnablePermission('page-update', $page);
$attachmentOrder = $request->get('order');
$this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
+
return response()->json(['message' => trans('entities.attachments_order_updated')]);
}
/**
* Get an attachment from storage.
+ *
* @throws FileNotFoundException
* @throws NotFoundException
*/
- public function get(string $attachmentId)
+ public function get(Request $request, string $attachmentId)
{
- $attachment = $this->attachment->findOrFail($attachmentId);
+ /** @var Attachment $attachment */
+ $attachment = Attachment::query()->findOrFail($attachmentId);
+
try {
$page = $this->pageRepo->getById($attachment->uploaded_to);
} catch (NotFoundException $exception) {
return redirect($attachment->path);
}
- $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
- return $this->downloadResponse($attachmentContents, $attachment->getFileName());
+ $fileName = $attachment->getFileName();
+ $attachmentStream = $this->attachmentService->streamAttachmentFromStorage($attachment);
+
+ if ($request->get('open') === 'true') {
+ return $this->download()->streamedInline($attachmentStream, $fileName);
+ }
+
+ return $this->download()->streamedDirectly($attachmentStream, $fileName);
}
/**
* Delete a specific attachment in the system.
+ *
* @throws Exception
*/
public function delete(string $attachmentId)
{
- $attachment = $this->attachment->findOrFail($attachmentId);
+ /** @var Attachment $attachment */
+ $attachment = Attachment::query()->findOrFail($attachmentId);
$this->checkOwnablePermission('attachment-delete', $attachment);
$this->attachmentService->deleteFile($attachment);
+
return response()->json(['message' => trans('entities.attachments_deleted')]);
}
}
projects / bookstack / blobdiff