2016-10-10 21:30:27 +02:00
|
|
|
<?php namespace BookStack\Http\Controllers;
|
2016-10-09 19:58:22 +02:00
|
|
|
|
|
|
|
use BookStack\Exceptions\FileUploadException;
|
|
|
|
use BookStack\File;
|
|
|
|
use BookStack\Repos\PageRepo;
|
|
|
|
use BookStack\Services\FileService;
|
|
|
|
use Illuminate\Http\Request;
|
|
|
|
|
|
|
|
use BookStack\Http\Requests;
|
|
|
|
|
|
|
|
class FileController extends Controller
|
|
|
|
{
|
|
|
|
protected $fileService;
|
|
|
|
protected $file;
|
|
|
|
protected $pageRepo;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* FileController constructor.
|
|
|
|
* @param FileService $fileService
|
|
|
|
* @param File $file
|
|
|
|
* @param PageRepo $pageRepo
|
|
|
|
*/
|
|
|
|
public function __construct(FileService $fileService, File $file, PageRepo $pageRepo)
|
|
|
|
{
|
|
|
|
$this->fileService = $fileService;
|
|
|
|
$this->file = $file;
|
|
|
|
$this->pageRepo = $pageRepo;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Endpoint at which files are uploaded to.
|
|
|
|
* @param Request $request
|
|
|
|
*/
|
|
|
|
public function upload(Request $request)
|
|
|
|
{
|
|
|
|
// TODO - ensure uploads are deleted on page delete.
|
|
|
|
$this->validate($request, [
|
2016-10-10 22:13:18 +02:00
|
|
|
'uploaded_to' => 'required|integer|exists:pages,id',
|
|
|
|
'file' => 'required|file'
|
2016-10-09 19:58:22 +02:00
|
|
|
]);
|
|
|
|
|
|
|
|
$pageId = $request->get('uploaded_to');
|
2016-10-10 21:30:27 +02:00
|
|
|
$page = $this->pageRepo->getById($pageId);
|
|
|
|
|
|
|
|
$this->checkPermission('file-create-all');
|
|
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
|
|
|
|
|
|
$uploadedFile = $request->file('file');
|
2016-10-09 19:58:22 +02:00
|
|
|
|
|
|
|
try {
|
|
|
|
$file = $this->fileService->saveNewUpload($uploadedFile, $pageId);
|
|
|
|
} catch (FileUploadException $e) {
|
|
|
|
return response($e->getMessage(), 500);
|
|
|
|
}
|
|
|
|
|
|
|
|
return response()->json($file);
|
|
|
|
}
|
|
|
|
|
2016-10-11 21:39:11 +02:00
|
|
|
/**
|
|
|
|
* Update an uploaded file.
|
|
|
|
* @param int $fileId
|
|
|
|
* @param Request $request
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function uploadUpdate($fileId, Request $request)
|
|
|
|
{
|
|
|
|
$this->validate($request, [
|
|
|
|
'uploaded_to' => 'required|integer|exists:pages,id',
|
|
|
|
'file' => 'required|file'
|
|
|
|
]);
|
|
|
|
|
|
|
|
$pageId = $request->get('uploaded_to');
|
|
|
|
$page = $this->pageRepo->getById($pageId);
|
|
|
|
$file = $this->file->findOrFail($fileId);
|
|
|
|
|
|
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
|
|
$this->checkOwnablePermission('file-create', $file);
|
|
|
|
|
|
|
|
if (intval($pageId) !== intval($file->uploaded_to)) {
|
|
|
|
return $this->jsonError('Page mismatch during attached file update');
|
|
|
|
}
|
|
|
|
|
|
|
|
$uploadedFile = $request->file('file');
|
|
|
|
|
|
|
|
try {
|
|
|
|
$file = $this->fileService->saveUpdatedUpload($uploadedFile, $file);
|
|
|
|
} catch (FileUploadException $e) {
|
|
|
|
return response($e->getMessage(), 500);
|
|
|
|
}
|
|
|
|
|
|
|
|
return response()->json($file);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the details of an existing file.
|
|
|
|
* @param $fileId
|
|
|
|
* @param Request $request
|
|
|
|
* @return File|mixed
|
|
|
|
*/
|
|
|
|
public function update($fileId, Request $request)
|
|
|
|
{
|
|
|
|
$this->validate($request, [
|
|
|
|
'uploaded_to' => 'required|integer|exists:pages,id',
|
|
|
|
'name' => 'string|max:255',
|
|
|
|
'link' => 'url'
|
|
|
|
]);
|
|
|
|
|
|
|
|
$pageId = $request->get('uploaded_to');
|
|
|
|
$page = $this->pageRepo->getById($pageId);
|
|
|
|
$file = $this->file->findOrFail($fileId);
|
|
|
|
|
|
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
|
|
$this->checkOwnablePermission('file-create', $file);
|
|
|
|
|
|
|
|
if (intval($pageId) !== intval($file->uploaded_to)) {
|
|
|
|
return $this->jsonError('Page mismatch during attachment update');
|
|
|
|
}
|
|
|
|
|
|
|
|
$file = $this->fileService->updateFile($file, $request->all());
|
|
|
|
return $file;
|
|
|
|
}
|
|
|
|
|
2016-10-10 22:13:18 +02:00
|
|
|
/**
|
|
|
|
* Attach a link to a page as a file.
|
|
|
|
* @param Request $request
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function attachLink(Request $request)
|
|
|
|
{
|
|
|
|
$this->validate($request, [
|
|
|
|
'uploaded_to' => 'required|integer|exists:pages,id',
|
2016-10-11 21:39:11 +02:00
|
|
|
'name' => 'string|max:255',
|
|
|
|
'link' => 'url|max:255'
|
2016-10-10 22:13:18 +02:00
|
|
|
]);
|
|
|
|
|
|
|
|
$pageId = $request->get('uploaded_to');
|
|
|
|
$page = $this->pageRepo->getById($pageId);
|
|
|
|
|
|
|
|
$this->checkPermission('file-create-all');
|
|
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
|
|
|
|
|
|
$fileName = $request->get('name');
|
|
|
|
$link = $request->get('link');
|
|
|
|
$file = $this->fileService->saveNewFromLink($fileName, $link, $pageId);
|
|
|
|
|
|
|
|
return response()->json($file);
|
|
|
|
}
|
|
|
|
|
2016-10-09 19:58:22 +02:00
|
|
|
/**
|
|
|
|
* Get the files for a specific page.
|
|
|
|
* @param $pageId
|
|
|
|
* @return mixed
|
|
|
|
*/
|
2016-10-10 21:30:27 +02:00
|
|
|
public function listForPage($pageId)
|
2016-10-09 19:58:22 +02:00
|
|
|
{
|
|
|
|
$page = $this->pageRepo->getById($pageId);
|
2016-10-10 21:30:27 +02:00
|
|
|
$this->checkOwnablePermission('page-view', $page);
|
2016-10-09 19:58:22 +02:00
|
|
|
return response()->json($page->files);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the file sorting.
|
|
|
|
* @param $pageId
|
|
|
|
* @param Request $request
|
|
|
|
* @return mixed
|
|
|
|
*/
|
2016-10-10 21:30:27 +02:00
|
|
|
public function sortForPage($pageId, Request $request)
|
2016-10-09 19:58:22 +02:00
|
|
|
{
|
|
|
|
$this->validate($request, [
|
|
|
|
'files' => 'required|array',
|
|
|
|
'files.*.id' => 'required|integer',
|
|
|
|
]);
|
|
|
|
$page = $this->pageRepo->getById($pageId);
|
2016-10-10 21:30:27 +02:00
|
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
|
|
|
2016-10-09 19:58:22 +02:00
|
|
|
$files = $request->get('files');
|
|
|
|
$this->fileService->updateFileOrderWithinPage($files, $pageId);
|
2016-10-10 22:13:18 +02:00
|
|
|
return response()->json(['message' => 'Attachment order updated']);
|
2016-10-09 19:58:22 +02:00
|
|
|
}
|
|
|
|
|
2016-10-10 21:30:27 +02:00
|
|
|
/**
|
|
|
|
* Get a file from storage.
|
|
|
|
* @param $fileId
|
|
|
|
*/
|
|
|
|
public function get($fileId)
|
|
|
|
{
|
|
|
|
$file = $this->file->findOrFail($fileId);
|
|
|
|
$page = $this->pageRepo->getById($file->uploaded_to);
|
|
|
|
$this->checkOwnablePermission('page-view', $page);
|
2016-10-09 19:58:22 +02:00
|
|
|
|
2016-10-10 22:13:18 +02:00
|
|
|
if ($file->external) {
|
|
|
|
return redirect($file->path);
|
|
|
|
}
|
|
|
|
|
2016-10-10 21:30:27 +02:00
|
|
|
$fileContents = $this->fileService->getFile($file);
|
|
|
|
return response($fileContents, 200, [
|
|
|
|
'Content-Type' => 'application/octet-stream',
|
|
|
|
'Content-Disposition' => 'attachment; filename="'. $file->name .'"'
|
|
|
|
]);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Delete a specific file in the system.
|
|
|
|
* @param $fileId
|
|
|
|
* @return mixed
|
|
|
|
*/
|
|
|
|
public function delete($fileId)
|
|
|
|
{
|
|
|
|
$file = $this->file->findOrFail($fileId);
|
2016-10-10 22:13:18 +02:00
|
|
|
$this->checkOwnablePermission('file-delete', $file);
|
2016-10-10 21:30:27 +02:00
|
|
|
$this->fileService->deleteFile($file);
|
2016-10-10 22:13:18 +02:00
|
|
|
return response()->json(['message' => 'Attachment deleted']);
|
2016-10-10 21:30:27 +02:00
|
|
|
}
|
2016-10-09 19:58:22 +02:00
|
|
|
}
|