X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/c32d70abc4f3cca4a8b3533d45b09d2a830d6a57..refs/pull/2784/head:/app/Http/Controllers/Controller.php diff --git a/app/Http/Controllers/Controller.php b/app/Http/Controllers/Controller.php index 5dc79eb02..034dfa524 100644 --- a/app/Http/Controllers/Controller.php +++ b/app/Http/Controllers/Controller.php @@ -2,78 +2,163 @@ namespace BookStack\Http\Controllers; -use HttpRequestException; +use BookStack\Facades\Activity; +use BookStack\Interfaces\Loggable; +use BookStack\HasCreatorAndUpdater; +use BookStack\Model; use Illuminate\Foundation\Bus\DispatchesJobs; -use Illuminate\Http\Exception\HttpResponseException; -use Illuminate\Routing\Controller as BaseController; use Illuminate\Foundation\Validation\ValidatesRequests; -use Illuminate\Support\Facades\Auth; -use Illuminate\Support\Facades\Session; -use BookStack\User; +use Illuminate\Http\Exceptions\HttpResponseException; +use Illuminate\Http\JsonResponse; +use Illuminate\Http\Response; +use Illuminate\Routing\Controller as BaseController; abstract class Controller extends BaseController { use DispatchesJobs, ValidatesRequests; /** - * @var User static + * Check if the current user is signed in. */ - protected $currentUser; + protected function isSignedIn(): bool + { + return auth()->check(); + } + /** - * @var bool + * Stops the application and shows a permission error if + * the application is in demo mode. */ - protected $signedIn; + protected function preventAccessInDemoMode() + { + if (config('app.env') === 'demo') { + $this->showPermissionError(); + } + } + + /** + * Adds the page title into the view. + */ + public function setPageTitle(string $title) + { + view()->share('pageTitle', $title); + } /** - * Controller constructor. + * On a permission error redirect to home and display. + * the error as a notification. */ - public function __construct() + protected function showPermissionError() { - // Get a user instance for the current user - $user = auth()->user(); - if (!$user) $user = User::getDefault(); + if (request()->wantsJson()) { + $response = response()->json(['error' => trans('errors.permissionJson')], 403); + } else { + $response = redirect('/'); + $this->showErrorNotification(trans('errors.permission')); + } - // Share variables with views - view()->share('signedIn', auth()->check()); - view()->share('currentUser', $user); + throw new HttpResponseException($response); + } - // Share variables with controllers - $this->currentUser = $user; - $this->signedIn = auth()->check(); + /** + * Checks that the current user has the given permission otherwise throw an exception. + */ + protected function checkPermission(string $permission): void + { + if (!user() || !user()->can($permission)) { + $this->showPermissionError(); + } } /** - * Adds the page title into the view. - * @param $title + * Check the current user's permissions against an ownable item otherwise throw an exception. */ - public function setPageTitle($title) + protected function checkOwnablePermission(string $permission, Model $ownable): void { - view()->share('pageTitle', $title); + if (!userCan($permission, $ownable)) { + $this->showPermissionError(); + } } /** - * Checks for a permission. - * - * @param $permissionName - * @return bool|\Illuminate\Http\RedirectResponse + * Check if a user has a permission or bypass the permission + * check if the given callback resolves true. */ - protected function checkPermission($permissionName) + protected function checkPermissionOr(string $permission, callable $callback): void { - if (!$this->currentUser || !$this->currentUser->can($permissionName)) { - Session::flash('error', trans('errors.permission')); - throw new HttpResponseException( - redirect('/') - ); + if ($callback() !== true) { + $this->checkPermission($permission); } + } - return true; + /** + * Check if the current user has a permission or bypass if the provided user + * id matches the current user. + */ + protected function checkPermissionOrCurrentUser(string $permission, int $userId): void + { + $this->checkPermissionOr($permission, function () use ($userId) { + return $userId === user()->id; + }); } - protected function checkPermissionOr($permissionName, $callback) + /** + * Send back a json error message. + */ + protected function jsonError(string $messageText = "", int $statusCode = 500): JsonResponse { - $callbackResult = $callback(); - if ($callbackResult === false) $this->checkPermission($permissionName); - return true; + return response()->json(['message' => $messageText, 'status' => 'error'], $statusCode); } + /** + * Create a response that forces a download in the browser. + */ + protected function downloadResponse(string $content, string $fileName): Response + { + return response()->make($content, 200, [ + 'Content-Type' => 'application/octet-stream', + 'Content-Disposition' => 'attachment; filename="' . $fileName . '"' + ]); + } + + /** + * Show a positive, successful notification to the user on next view load. + */ + protected function showSuccessNotification(string $message): void + { + session()->flash('success', $message); + } + + /** + * Show a warning notification to the user on next view load. + */ + protected function showWarningNotification(string $message): void + { + session()->flash('warning', $message); + } + + /** + * Show an error notification to the user on next view load. + */ + protected function showErrorNotification(string $message): void + { + session()->flash('error', $message); + } + + /** + * Log an activity in the system. + * @param string|Loggable + */ + protected function logActivity(string $type, $detail = ''): void + { + Activity::add($type, $detail); + } + + /** + * Get the validation rules for image files. + */ + protected function getImageValidationRules(): string + { + return 'image_extension|mimes:jpeg,png,gif,webp'; + } }