85154fff69
Replaces the old suggestion of setting JS head 'window.uploadLimit' variable. This new env option will be used by back-end validation and front-end libs/logic too. Limits already likely exist within prod environments at a PHP and webserver level but this allows an app-level limit and centralises the option on the BookStack side into the .env Closes #3033
168 lines
5.8 KiB
PHP
168 lines
5.8 KiB
PHP
<?php
|
|
|
|
namespace BookStack\Http\Controllers\Api;
|
|
|
|
use BookStack\Entities\Models\Page;
|
|
use BookStack\Exceptions\FileUploadException;
|
|
use BookStack\Uploads\Attachment;
|
|
use BookStack\Uploads\AttachmentService;
|
|
use Exception;
|
|
use Illuminate\Contracts\Filesystem\FileNotFoundException;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Validation\ValidationException;
|
|
|
|
class AttachmentApiController extends ApiController
|
|
{
|
|
protected $attachmentService;
|
|
|
|
public function __construct(AttachmentService $attachmentService)
|
|
{
|
|
$this->attachmentService = $attachmentService;
|
|
}
|
|
|
|
/**
|
|
* Get a listing of attachments visible to the user.
|
|
* The external property indicates whether the attachment is simple a link.
|
|
* A false value for the external property would indicate a file upload.
|
|
*/
|
|
public function list()
|
|
{
|
|
return $this->apiListingResponse(Attachment::visible(), [
|
|
'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Create a new attachment in the system.
|
|
* An uploaded_to value must be provided containing an ID of the page
|
|
* that this upload will be related to.
|
|
*
|
|
* If you're uploading a file the POST data should be provided via
|
|
* a multipart/form-data type request instead of JSON.
|
|
*
|
|
* @throws ValidationException
|
|
* @throws FileUploadException
|
|
*/
|
|
public function create(Request $request)
|
|
{
|
|
$this->checkPermission('attachment-create-all');
|
|
$requestData = $this->validate($request, $this->rules()['create']);
|
|
|
|
$pageId = $request->get('uploaded_to');
|
|
$page = Page::visible()->findOrFail($pageId);
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
|
|
if ($request->hasFile('file')) {
|
|
$uploadedFile = $request->file('file');
|
|
$attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
|
|
} else {
|
|
$attachment = $this->attachmentService->saveNewFromLink(
|
|
$requestData['name'],
|
|
$requestData['link'],
|
|
$page->id
|
|
);
|
|
}
|
|
|
|
$this->attachmentService->updateFile($attachment, $requestData);
|
|
|
|
return response()->json($attachment);
|
|
}
|
|
|
|
/**
|
|
* Get the details & content of a single attachment of the given ID.
|
|
* The attachment link or file content is provided via a 'content' property.
|
|
* For files the content will be base64 encoded.
|
|
*
|
|
* @throws FileNotFoundException
|
|
*/
|
|
public function read(string $id)
|
|
{
|
|
/** @var Attachment $attachment */
|
|
$attachment = Attachment::visible()
|
|
->with(['createdBy', 'updatedBy'])
|
|
->findOrFail($id);
|
|
|
|
$attachment->setAttribute('links', [
|
|
'html' => $attachment->htmlLink(),
|
|
'markdown' => $attachment->markdownLink(),
|
|
]);
|
|
|
|
if (!$attachment->external) {
|
|
$attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
|
|
$attachment->setAttribute('content', base64_encode($attachmentContents));
|
|
} else {
|
|
$attachment->setAttribute('content', $attachment->path);
|
|
}
|
|
|
|
return response()->json($attachment);
|
|
}
|
|
|
|
/**
|
|
* Update the details of a single attachment.
|
|
* As per the create endpoint, if a file is being provided as the attachment content
|
|
* the request should be formatted as a multipart/form-data request instead of JSON.
|
|
*
|
|
* @throws ValidationException
|
|
* @throws FileUploadException
|
|
*/
|
|
public function update(Request $request, string $id)
|
|
{
|
|
$requestData = $this->validate($request, $this->rules()['update']);
|
|
/** @var Attachment $attachment */
|
|
$attachment = Attachment::visible()->findOrFail($id);
|
|
|
|
$page = $attachment->page;
|
|
if ($requestData['uploaded_to'] ?? false) {
|
|
$pageId = $request->get('uploaded_to');
|
|
$page = Page::visible()->findOrFail($pageId);
|
|
$attachment->uploaded_to = $requestData['uploaded_to'];
|
|
}
|
|
|
|
$this->checkOwnablePermission('page-view', $page);
|
|
$this->checkOwnablePermission('page-update', $page);
|
|
$this->checkOwnablePermission('attachment-update', $attachment);
|
|
|
|
if ($request->hasFile('file')) {
|
|
$uploadedFile = $request->file('file');
|
|
$attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
|
|
}
|
|
|
|
$this->attachmentService->updateFile($attachment, $requestData);
|
|
|
|
return response()->json($attachment);
|
|
}
|
|
|
|
/**
|
|
* Delete an attachment of the given ID.
|
|
*
|
|
* @throws Exception
|
|
*/
|
|
public function delete(string $id)
|
|
{
|
|
/** @var Attachment $attachment */
|
|
$attachment = Attachment::visible()->findOrFail($id);
|
|
$this->checkOwnablePermission('attachment-delete', $attachment);
|
|
|
|
$this->attachmentService->deleteFile($attachment);
|
|
|
|
return response('', 204);
|
|
}
|
|
|
|
protected function rules(): array
|
|
{
|
|
return [
|
|
'create' => [
|
|
'name' => ['required', 'min:1', 'max:255', 'string'],
|
|
'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
|
|
'file' => array_merge(['required_without:link'], $this->attachmentService->getFileValidationRules()),
|
|
'link' => ['required_without:file', 'min:1', 'max:255', 'safe_url'],
|
|
],
|
|
'update' => [
|
|
'name' => ['min:1', 'max:255', 'string'],
|
|
'uploaded_to' => ['integer', 'exists:pages,id'],
|
|
'file' => $this->attachmentService->getFileValidationRules(),
|
|
'link' => ['min:1', 'max:255', 'safe_url'],
|
|
],
|
|
];
|
|
}
|
|
}
|