BookStack/app/Http/Controllers/Api/AttachmentApiController.php

169 lines
5.8 KiB
PHP
Raw Normal View History

<?php
namespace BookStack\Http\Controllers\Api;
use BookStack\Entities\Models\Page;
use BookStack\Exceptions\FileUploadException;
use BookStack\Uploads\Attachment;
use BookStack\Uploads\AttachmentService;
use Exception;
use Illuminate\Contracts\Filesystem\FileNotFoundException;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
class AttachmentApiController extends ApiController
{
protected $attachmentService;
public function __construct(AttachmentService $attachmentService)
{
$this->attachmentService = $attachmentService;
}
/**
* Get a listing of attachments visible to the user.
* The external property indicates whether the attachment is simple a link.
* A false value for the external property would indicate a file upload.
*/
public function list()
{
return $this->apiListingResponse(Attachment::visible(), [
'id', 'name', 'extension', 'uploaded_to', 'external', 'order', 'created_at', 'updated_at', 'created_by', 'updated_by',
]);
}
/**
* Create a new attachment in the system.
* An uploaded_to value must be provided containing an ID of the page
* that this upload will be related to.
*
* If you're uploading a file the POST data should be provided via
* a multipart/form-data type request instead of JSON.
*
* @throws ValidationException
* @throws FileUploadException
*/
public function create(Request $request)
{
$this->checkPermission('attachment-create-all');
$requestData = $this->validate($request, $this->rules()['create']);
$pageId = $request->get('uploaded_to');
$page = Page::visible()->findOrFail($pageId);
$this->checkOwnablePermission('page-update', $page);
if ($request->hasFile('file')) {
$uploadedFile = $request->file('file');
$attachment = $this->attachmentService->saveNewUpload($uploadedFile, $page->id);
} else {
$attachment = $this->attachmentService->saveNewFromLink(
2021-10-20 17:49:45 +08:00
$requestData['name'],
$requestData['link'],
$page->id
);
}
$this->attachmentService->updateFile($attachment, $requestData);
2021-10-20 17:49:45 +08:00
return response()->json($attachment);
}
/**
* Get the details & content of a single attachment of the given ID.
* The attachment link or file content is provided via a 'content' property.
* For files the content will be base64 encoded.
*
* @throws FileNotFoundException
*/
public function read(string $id)
{
/** @var Attachment $attachment */
$attachment = Attachment::visible()
->with(['createdBy', 'updatedBy'])
->findOrFail($id);
$attachment->setAttribute('links', [
'html' => $attachment->htmlLink(),
'markdown' => $attachment->markdownLink(),
]);
if (!$attachment->external) {
$attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
$attachment->setAttribute('content', base64_encode($attachmentContents));
} else {
$attachment->setAttribute('content', $attachment->path);
}
return response()->json($attachment);
}
/**
* Update the details of a single attachment.
* As per the create endpoint, if a file is being provided as the attachment content
* the request should be formatted as a multipart/form-data request instead of JSON.
*
* @throws ValidationException
* @throws FileUploadException
*/
public function update(Request $request, string $id)
{
$requestData = $this->validate($request, $this->rules()['update']);
/** @var Attachment $attachment */
$attachment = Attachment::visible()->findOrFail($id);
$page = $attachment->page;
if ($requestData['uploaded_to'] ?? false) {
$pageId = $request->get('uploaded_to');
$page = Page::visible()->findOrFail($pageId);
$attachment->uploaded_to = $requestData['uploaded_to'];
}
$this->checkOwnablePermission('page-view', $page);
$this->checkOwnablePermission('page-update', $page);
$this->checkOwnablePermission('attachment-update', $attachment);
if ($request->hasFile('file')) {
$uploadedFile = $request->file('file');
$attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
}
$this->attachmentService->updateFile($attachment, $requestData);
2021-10-20 17:49:45 +08:00
return response()->json($attachment);
}
/**
* Delete an attachment of the given ID.
*
* @throws Exception
*/
public function delete(string $id)
{
/** @var Attachment $attachment */
$attachment = Attachment::visible()->findOrFail($id);
$this->checkOwnablePermission('attachment-delete', $attachment);
$this->attachmentService->deleteFile($attachment);
return response('', 204);
}
protected function rules(): array
{
return [
'create' => [
'name' => ['required', 'min:1', 'max:255', 'string'],
'uploaded_to' => ['required', 'integer', 'exists:pages,id'],
'file' => array_merge(['required_without:link'], $this->attachmentService->getFileValidationRules()),
'link' => ['required_without:file', 'min:1', 'max:255', 'safe_url'],
],
'update' => [
'name' => ['min:1', 'max:255', 'string'],
'uploaded_to' => ['integer', 'exists:pages,id'],
'file' => $this->attachmentService->getFileValidationRules(),
'link' => ['min:1', 'max:255', 'safe_url'],
],
];
}
}