X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/4252/head:/app/Http/Controllers/AttachmentController.php diff --git a/app/Http/Controllers/AttachmentController.php b/app/Http/Controllers/AttachmentController.php index 04e89ac5d..b6ce261d4 100644 --- a/app/Http/Controllers/AttachmentController.php +++ b/app/Http/Controllers/AttachmentController.php @@ -1,4 +1,6 @@ -attachmentService = $attachmentService; - $this->attachment = $attachment; - $this->pageRepo = $pageRepo; + public function __construct( + protected AttachmentService $attachmentService, + protected PageRepo $pageRepo + ) { } - /** * Endpoint at which attachments are uploaded to. + * * @throws ValidationException * @throws NotFoundException */ public function upload(Request $request) { $this->validate($request, [ - 'uploaded_to' => 'required|integer|exists:pages,id', - 'file' => 'required|file' + 'uploaded_to' => ['required', 'integer', 'exists:pages,id'], + 'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()), ]); $pageId = $request->get('uploaded_to'); @@ -59,15 +53,17 @@ class AttachmentController extends Controller /** * Update an uploaded attachment. + * * @throws ValidationException */ public function uploadUpdate(Request $request, $attachmentId) { $this->validate($request, [ - 'file' => 'required|file' + 'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()), ]); - $attachment = $this->attachment->newQuery()->findOrFail($attachmentId); + /** @var Attachment $attachment */ + $attachment = Attachment::query()->findOrFail($attachmentId); $this->checkOwnablePermission('view', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('attachment-create', $attachment); @@ -85,11 +81,11 @@ class AttachmentController extends Controller /** * Get the update form for an attachment. - * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\View\View */ public function getUpdateForm(string $attachmentId) { - $attachment = $this->attachment->findOrFail($attachmentId); + /** @var Attachment $attachment */ + $attachment = Attachment::query()->findOrFail($attachmentId); $this->checkOwnablePermission('page-update', $attachment->page); $this->checkOwnablePermission('attachment-create', $attachment); @@ -104,23 +100,24 @@ class AttachmentController extends Controller */ public function update(Request $request, string $attachmentId) { - $attachment = $this->attachment->newQuery()->findOrFail($attachmentId); + /** @var Attachment $attachment */ + $attachment = Attachment::query()->findOrFail($attachmentId); try { $this->validate($request, [ - 'attachment_edit_name' => 'required|string|min:1|max:255', - 'attachment_edit_url' => 'string|min:1|max:255|safe_url' + 'attachment_edit_name' => ['required', 'string', 'min:1', 'max:255'], + 'attachment_edit_url' => ['string', 'min:1', 'max:2000', 'safe_url'], ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [ 'attachment' => $attachment, - 'errors' => new MessageBag($exception->errors()), + 'errors' => new MessageBag($exception->errors()), ]), 422); } - $this->checkOwnablePermission('view', $attachment->page); + $this->checkOwnablePermission('page-view', $attachment->page); $this->checkOwnablePermission('page-update', $attachment->page); - $this->checkOwnablePermission('attachment-create', $attachment); + $this->checkOwnablePermission('attachment-update', $attachment); $attachment = $this->attachmentService->updateFile($attachment, [ 'name' => $request->get('attachment_edit_name'), @@ -134,6 +131,7 @@ class AttachmentController extends Controller /** * Attach a link to a page. + * * @throws NotFoundException */ public function attachLink(Request $request) @@ -142,9 +140,9 @@ class AttachmentController extends Controller try { $this->validate($request, [ - 'attachment_link_uploaded_to' => 'required|integer|exists:pages,id', - 'attachment_link_name' => 'required|string|min:1|max:255', - 'attachment_link_url' => 'required|string|min:1|max:255|safe_url' + 'attachment_link_uploaded_to' => ['required', 'integer', 'exists:pages,id'], + 'attachment_link_name' => ['required', 'string', 'min:1', 'max:255'], + 'attachment_link_url' => ['required', 'string', 'min:1', 'max:2000', 'safe_url'], ]); } catch (ValidationException $exception) { return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [ @@ -160,7 +158,7 @@ class AttachmentController extends Controller $attachmentName = $request->get('attachment_link_name'); $link = $request->get('attachment_link_url'); - $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId)); + $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId)); return view('attachments.manager-link-form', [ 'pageId' => $pageId, @@ -169,11 +167,14 @@ class AttachmentController extends Controller /** * Get the attachments for a specific page. + * + * @throws NotFoundException */ public function listForPage(int $pageId) { $page = $this->pageRepo->getById($pageId); $this->checkOwnablePermission('page-view', $page); + return view('attachments.manager-list', [ 'attachments' => $page->attachments->all(), ]); @@ -181,30 +182,35 @@ class AttachmentController extends Controller /** * Update the attachment sorting. + * * @throws ValidationException * @throws NotFoundException */ public function sortForPage(Request $request, int $pageId) { $this->validate($request, [ - 'order' => 'required|array', + 'order' => ['required', 'array'], ]); $page = $this->pageRepo->getById($pageId); $this->checkOwnablePermission('page-update', $page); $attachmentOrder = $request->get('order'); $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId); + return response()->json(['message' => trans('entities.attachments_order_updated')]); } /** * Get an attachment from storage. + * * @throws FileNotFoundException * @throws NotFoundException */ - public function get(string $attachmentId) + public function get(Request $request, string $attachmentId) { - $attachment = $this->attachment->findOrFail($attachmentId); + /** @var Attachment $attachment */ + $attachment = Attachment::query()->findOrFail($attachmentId); + try { $page = $this->pageRepo->getById($attachment->uploaded_to); } catch (NotFoundException $exception) { @@ -217,19 +223,28 @@ class AttachmentController extends Controller return redirect($attachment->path); } - $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment); - return $this->downloadResponse($attachmentContents, $attachment->getFileName()); + $fileName = $attachment->getFileName(); + $attachmentStream = $this->attachmentService->streamAttachmentFromStorage($attachment); + + if ($request->get('open') === 'true') { + return $this->download()->streamedInline($attachmentStream, $fileName); + } + + return $this->download()->streamedDirectly($attachmentStream, $fileName); } /** * Delete a specific attachment in the system. + * * @throws Exception */ public function delete(string $attachmentId) { - $attachment = $this->attachment->findOrFail($attachmentId); + /** @var Attachment $attachment */ + $attachment = Attachment::query()->findOrFail($attachmentId); $this->checkOwnablePermission('attachment-delete', $attachment); $this->attachmentService->deleteFile($attachment); + return response()->json(['message' => trans('entities.attachments_deleted')]); } }