X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/3918/head:/app/Http/Controllers/Api/PageApiController.php diff --git a/app/Http/Controllers/Api/PageApiController.php b/app/Http/Controllers/Api/PageApiController.php index a6db05833..de729b469 100644 --- a/app/Http/Controllers/Api/PageApiController.php +++ b/app/Http/Controllers/Api/PageApiController.php @@ -12,24 +12,24 @@ use Illuminate\Http\Request; class PageApiController extends ApiController { - protected $pageRepo; + protected PageRepo $pageRepo; protected $rules = [ 'create' => [ - 'book_id' => 'required_without:chapter_id|integer', - 'chapter_id' => 'required_without:book_id|integer', - 'name' => 'required|string|max:255', - 'html' => 'required_without:markdown|string', - 'markdown' => 'required_without:html|string', - 'tags' => 'array', + 'book_id' => ['required_without:chapter_id', 'integer'], + 'chapter_id' => ['required_without:book_id', 'integer'], + 'name' => ['required', 'string', 'max:255'], + 'html' => ['required_without:markdown', 'string'], + 'markdown' => ['required_without:html', 'string'], + 'tags' => ['array'], ], 'update' => [ - 'book_id' => 'required|integer', - 'chapter_id' => 'required|integer', - 'name' => 'string|min:1|max:255', - 'html' => 'string', - 'markdown' => 'string', - 'tags' => 'array', + 'book_id' => ['integer'], + 'chapter_id' => ['integer'], + 'name' => ['string', 'min:1', 'max:255'], + 'html' => ['string'], + 'markdown' => ['string'], + 'tags' => ['array'], ], ]; @@ -44,6 +44,7 @@ class PageApiController extends ApiController public function list() { $pages = Page::visible(); + return $this->apiListingResponse($pages, [ 'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority', 'draft', 'template', @@ -60,6 +61,8 @@ class PageApiController extends ApiController * * Any HTML content provided should be kept to a single-block depth of plain HTML * elements to remain compatible with the BookStack front-end and editors. + * Any images included via base64 data URIs will be extracted and saved as gallery + * images against the page during upload. */ public function create(Request $request) { @@ -83,10 +86,14 @@ class PageApiController extends ApiController * * Pages will always have HTML content. They may have markdown content * if the markdown editor was used to last update the page. + * + * See the "Content Security" section of these docs for security considerations when using + * the page content returned from this endpoint. */ public function read(string $id) { $page = $this->pageRepo->getById($id, []); + return response()->json($page->forJsonDisplay()); } @@ -99,18 +106,21 @@ class PageApiController extends ApiController */ public function update(Request $request, string $id) { + $requestData = $this->validate($request, $this->rules['update']); + $page = $this->pageRepo->getById($id, []); $this->checkOwnablePermission('page-update', $page); $parent = null; if ($request->has('chapter_id')) { $parent = Chapter::visible()->findOrFail($request->get('chapter_id')); - } else if ($request->has('book_id')) { + } elseif ($request->has('book_id')) { $parent = Book::visible()->findOrFail($request->get('book_id')); } if ($parent && !$parent->matches($page->getParent())) { $this->checkOwnablePermission('page-delete', $page); + try { $this->pageRepo->move($page, $parent->getType() . ':' . $parent->id); } catch (Exception $exception) { @@ -122,7 +132,8 @@ class PageApiController extends ApiController } } - $updatedPage = $this->pageRepo->update($page, $request->all()); + $updatedPage = $this->pageRepo->update($page, $requestData); + return response()->json($updatedPage->forJsonDisplay()); } @@ -136,6 +147,7 @@ class PageApiController extends ApiController $this->checkOwnablePermission('page-delete', $page); $this->pageRepo->destroy($page); + return response('', 204); } }