X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/58fa7679bccafd00f9a50bcd4a87e96876331b03..refs/pull/3760/head:/app/Http/Controllers/AttachmentController.php

diff --git a/app/Http/Controllers/AttachmentController.php b/app/Http/Controllers/AttachmentController.php
index be20cda93..03e362f4a 100644
--- a/app/Http/Controllers/AttachmentController.php
+++ b/app/Http/Controllers/AttachmentController.php
@@ -1,4 +1,6 @@
-<?php namespace BookStack\Http\Controllers;
+<?php
+
+namespace BookStack\Http\Controllers;
 
 use BookStack\Entities\Repos\PageRepo;
 use BookStack\Exceptions\FileUploadException;
@@ -13,8 +15,8 @@ use Illuminate\Validation\ValidationException;
 
 class AttachmentController extends Controller
 {
-    protected $attachmentService;
-    protected $pageRepo;
+    protected AttachmentService $attachmentService;
+    protected PageRepo $pageRepo;
 
     /**
      * AttachmentController constructor.
@@ -25,17 +27,17 @@ class AttachmentController extends Controller
         $this->pageRepo = $pageRepo;
     }
 
-
     /**
      * Endpoint at which attachments are uploaded to.
+     *
      * @throws ValidationException
      * @throws NotFoundException
      */
     public function upload(Request $request)
     {
         $this->validate($request, [
-            'uploaded_to' => 'required|integer|exists:pages,id',
-            'file' => 'required|file'
+            'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
+            'file'        => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
         ]);
 
         $pageId = $request->get('uploaded_to');
@@ -57,14 +59,16 @@ class AttachmentController extends Controller
 
     /**
      * Update an uploaded attachment.
+     *
      * @throws ValidationException
      */
     public function uploadUpdate(Request $request, $attachmentId)
     {
         $this->validate($request, [
-            'file' => 'required|file'
+            'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
         ]);
 
+        /** @var Attachment $attachment */
         $attachment = Attachment::query()->findOrFail($attachmentId);
         $this->checkOwnablePermission('view', $attachment->page);
         $this->checkOwnablePermission('page-update', $attachment->page);
@@ -83,10 +87,10 @@ class AttachmentController extends Controller
 
     /**
      * Get the update form for an attachment.
-     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View
      */
     public function getUpdateForm(string $attachmentId)
     {
+        /** @var Attachment $attachment */
         $attachment = Attachment::query()->findOrFail($attachmentId);
 
         $this->checkOwnablePermission('page-update', $attachment->page);
@@ -104,21 +108,22 @@ class AttachmentController extends Controller
     {
         /** @var Attachment $attachment */
         $attachment = Attachment::query()->findOrFail($attachmentId);
+
         try {
             $this->validate($request, [
-                'attachment_edit_name' => 'required|string|min:1|max:255',
-                'attachment_edit_url' =>  'string|min:1|max:255|safe_url'
+                'attachment_edit_name' => ['required', 'string', 'min:1', 'max:255'],
+                'attachment_edit_url'  => ['string', 'min:1', 'max:255', 'safe_url'],
             ]);
         } catch (ValidationException $exception) {
             return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
                 'attachment' => $attachment,
-                'errors' => new MessageBag($exception->errors()),
+                'errors'     => new MessageBag($exception->errors()),
             ]), 422);
         }
 
-        $this->checkOwnablePermission('view', $attachment->page);
+        $this->checkOwnablePermission('page-view', $attachment->page);
         $this->checkOwnablePermission('page-update', $attachment->page);
-        $this->checkOwnablePermission('attachment-create', $attachment);
+        $this->checkOwnablePermission('attachment-update', $attachment);
 
         $attachment = $this->attachmentService->updateFile($attachment, [
             'name' => $request->get('attachment_edit_name'),
@@ -132,6 +137,7 @@ class AttachmentController extends Controller
 
     /**
      * Attach a link to a page.
+     *
      * @throws NotFoundException
      */
     public function attachLink(Request $request)
@@ -140,9 +146,9 @@ class AttachmentController extends Controller
 
         try {
             $this->validate($request, [
-                'attachment_link_uploaded_to' => 'required|integer|exists:pages,id',
-                'attachment_link_name' => 'required|string|min:1|max:255',
-                'attachment_link_url' =>  'required|string|min:1|max:255|safe_url'
+                'attachment_link_uploaded_to' => ['required', 'integer', 'exists:pages,id'],
+                'attachment_link_name'        => ['required', 'string', 'min:1', 'max:255'],
+                'attachment_link_url'         => ['required', 'string', 'min:1', 'max:255', 'safe_url'],
             ]);
         } catch (ValidationException $exception) {
             return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
@@ -167,11 +173,14 @@ class AttachmentController extends Controller
 
     /**
      * Get the attachments for a specific page.
+     *
+     * @throws NotFoundException
      */
     public function listForPage(int $pageId)
     {
         $page = $this->pageRepo->getById($pageId);
         $this->checkOwnablePermission('page-view', $page);
+
         return view('attachments.manager-list', [
             'attachments' => $page->attachments->all(),
         ]);
@@ -179,24 +188,27 @@ class AttachmentController extends Controller
 
     /**
      * Update the attachment sorting.
+     *
      * @throws ValidationException
      * @throws NotFoundException
      */
     public function sortForPage(Request $request, int $pageId)
     {
         $this->validate($request, [
-            'order' => 'required|array',
+            'order' => ['required', 'array'],
         ]);
         $page = $this->pageRepo->getById($pageId);
         $this->checkOwnablePermission('page-update', $page);
 
         $attachmentOrder = $request->get('order');
         $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
+
         return response()->json(['message' => trans('entities.attachments_order_updated')]);
     }
 
     /**
      * Get an attachment from storage.
+     *
      * @throws FileNotFoundException
      * @throws NotFoundException
      */
@@ -204,6 +216,7 @@ class AttachmentController extends Controller
     {
         /** @var Attachment $attachment */
         $attachment = Attachment::query()->findOrFail($attachmentId);
+
         try {
             $page = $this->pageRepo->getById($attachment->uploaded_to);
         } catch (NotFoundException $exception) {
@@ -217,16 +230,18 @@ class AttachmentController extends Controller
         }
 
         $fileName = $attachment->getFileName();
-        $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
+        $attachmentStream = $this->attachmentService->streamAttachmentFromStorage($attachment);
 
         if ($request->get('open') === 'true') {
-            return $this->inlineDownloadResponse($attachmentContents, $fileName);
+            return $this->download()->streamedInline($attachmentStream, $fileName);
         }
-        return $this->downloadResponse($attachmentContents, $fileName);
+
+        return $this->download()->streamedDirectly($attachmentStream, $fileName);
     }
 
     /**
      * Delete a specific attachment in the system.
+     *
      * @throws Exception
      */
     public function delete(string $attachmentId)
@@ -235,6 +250,7 @@ class AttachmentController extends Controller
         $attachment = Attachment::query()->findOrFail($attachmentId);
         $this->checkOwnablePermission('attachment-delete', $attachment);
         $this->attachmentService->deleteFile($attachment);
+
         return response()->json(['message' => trans('entities.attachments_deleted')]);
     }
 }