X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/05316c90baac1a1d0d9719d976eb4f19511dc023..refs/pull/2023/head:/app/Http/Controllers/Controller.php diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index c5255c0ba..2e8e8ed2e 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -4,54 +4,40 @@ namespace BookStack\Http\Controllers; use BookStack\Ownable; use Illuminate\Foundation\Bus\DispatchesJobs; -use Illuminate\Http\Exception\HttpResponseException; +use Illuminate\Foundation\Validation\ValidatesRequests; +use Illuminate\Http\Exceptions\HttpResponseException; use Illuminate\Http\Request; use Illuminate\Routing\Controller as BaseController; -use Illuminate\Foundation\Validation\ValidatesRequests; -use BookStack\User; abstract class Controller extends BaseController { use DispatchesJobs, ValidatesRequests; - /** - * @var User static - */ - protected $currentUser; - /** - * @var bool - */ - protected $signedIn; - /** * Controller constructor. */ public function __construct() { - $this->middleware(function ($request, $next) { - - // Get a user instance for the current user - $user = user(); - - // Share variables with controllers - $this->currentUser = $user; - $this->signedIn = auth()->check(); - - // Share variables with views - view()->share('signedIn', $this->signedIn); - view()->share('currentUser', $user); + // + } - return $next($request); - }); + /** + * Check if the current user is signed in. + */ + protected function isSignedIn(): bool + { + return auth()->check(); } /** * Stops the application and shows a permission error if * the application is in demo mode. */ - protected function preventAccessForDemoUsers() + protected function preventAccessInDemoMode() { - if (config('app.env') === 'demo') $this->showPermissionError(); + if (config('app.env') === 'demo') { + $this->showPermissionError(); + } } /** @@ -73,7 +59,7 @@ abstract class Controller extends BaseController $response = response()->json(['error' => trans('errors.permissionJson')], 403); } else { $response = redirect('/'); - session()->flash('error', trans('errors.permission')); + $this->showErrorNotification(trans('errors.permission')); } throw new HttpResponseException($response); @@ -100,7 +86,9 @@ abstract class Controller extends BaseController */ protected function checkOwnablePermission($permission, Ownable $ownable) { - if (userCan($permission, $ownable)) return true; + if (userCan($permission, $ownable)) { + return true; + } return $this->showPermissionError(); } @@ -113,19 +101,24 @@ abstract class Controller extends BaseController protected function checkPermissionOr($permissionName, $callback) { $callbackResult = $callback(); - if ($callbackResult === false) $this->checkPermission($permissionName); + if ($callbackResult === false) { + $this->checkPermission($permissionName); + } return true; } /** - * Send a json respons with a message attached as a header. - * @param $data - * @param string $successMessage - * @return $this + * Check if the current user has a permission or bypass if the provided user + * id matches the current user. + * @param string $permissionName + * @param int $userId + * @return bool */ - protected function jsonSuccess($data, $successMessage = "") + protected function checkPermissionOrCurrentUser(string $permissionName, int $userId) { - return response()->json($data)->header('message-success', $successMessage); + return $this->checkPermissionOr($permissionName, function () use ($userId) { + return $userId === user()->id; + }); } /** @@ -136,12 +129,11 @@ abstract class Controller extends BaseController */ protected function jsonError($messageText = "", $statusCode = 500) { - return response()->json(['message' => $messageText], $statusCode); + return response()->json(['message' => $messageText, 'status' => 'error'], $statusCode); } /** * Create the response for when a request fails validation. - * * @param \Illuminate\Http\Request $request * @param array $errors * @return \Symfony\Component\HttpFoundation\Response @@ -157,4 +149,52 @@ abstract class Controller extends BaseController ->withErrors($errors, $this->errorBag()); } + /** + * Create a response that forces a download in the browser. + * @param string $content + * @param string $fileName + * @return \Illuminate\Http\Response + */ + protected function downloadResponse(string $content, string $fileName) + { + return response()->make($content, 200, [ + 'Content-Type' => 'application/octet-stream', + 'Content-Disposition' => 'attachment; filename="' . $fileName . '"' + ]); + } + + /** + * Show a positive, successful notification to the user on next view load. + * @param string $message + */ + protected function showSuccessNotification(string $message) + { + session()->flash('success', $message); + } + + /** + * Show a warning notification to the user on next view load. + * @param string $message + */ + protected function showWarningNotification(string $message) + { + session()->flash('warning', $message); + } + + /** + * Show an error notification to the user on next view load. + * @param string $message + */ + protected function showErrorNotification(string $message) + { + session()->flash('error', $message); + } + + /** + * Get the validation rules for image files. + */ + protected function getImageValidationRules(): string + { + return 'image_extension|no_double_extension|mimes:jpeg,png,gif,webp'; + } }