book = $book; $this->chapter = $chapter; $this->page = $page; $this->pageRevision = $pageRevision; $this->entities = [ 'page' => $this->page, 'chapter' => $this->chapter, 'book' => $this->book ]; $this->viewService = $viewService; $this->permissionService = $permissionService; $this->tagRepo = $tagRepo; $this->searchService = $searchService; } /** * Get an entity instance via type. * @param $type * @return Entity */ protected function getEntity($type) { return $this->entities[strtolower($type)]; } /** * Base query for searching entities via permission system * @param string $type * @param bool $allowDrafts * @return \Illuminate\Database\Query\Builder */ protected function entityQuery($type, $allowDrafts = false, $permission = 'view') { $q = $this->permissionService->enforceEntityRestrictions($type, $this->getEntity($type), $permission); if (strtolower($type) === 'page' && !$allowDrafts) { $q = $q->where('draft', '=', false); } return $q; } /** * Check if an entity with the given id exists. * @param $type * @param $id * @return bool */ public function exists($type, $id) { return $this->entityQuery($type)->where('id', '=', $id)->exists(); } /** * Get an entity by ID * @param string $type * @param integer $id * @param bool $allowDrafts * @param bool $ignorePermissions * @return Entity */ public function getById($type, $id, $allowDrafts = false, $ignorePermissions = false) { if ($ignorePermissions) { $entity = $this->getEntity($type); return $entity->newQuery()->find($id); } return $this->entityQuery($type, $allowDrafts)->find($id); } /** * Get an entity by its url slug. * @param string $type * @param string $slug * @param string|bool $bookSlug * @return Entity * @throws NotFoundException */ public function getBySlug($type, $slug, $bookSlug = false) { $q = $this->entityQuery($type)->where('slug', '=', $slug); if (strtolower($type) === 'chapter' || strtolower($type) === 'page') { $q = $q->where('book_id', '=', function ($query) use ($bookSlug) { $query->select('id') ->from($this->book->getTable()) ->where('slug', '=', $bookSlug)->limit(1); }); } $entity = $q->first(); if ($entity === null) { throw new NotFoundException(trans('errors.' . strtolower($type) . '_not_found')); } return $entity; } /** * Search through page revisions and retrieve the last page in the * current book that has a slug equal to the one given. * @param string $pageSlug * @param string $bookSlug * @return null|Page */ public function getPageByOldSlug($pageSlug, $bookSlug) { $revision = $this->pageRevision->where('slug', '=', $pageSlug) ->whereHas('page', function ($query) { $this->permissionService->enforceEntityRestrictions('page', $query); }) ->where('type', '=', 'version') ->where('book_slug', '=', $bookSlug) ->orderBy('created_at', 'desc') ->with('page')->first(); return $revision !== null ? $revision->page : null; } /** * Get all entities of a type with the given permission, limited by count unless count is false. * @param string $type * @param integer|bool $count * @param string $permission * @return Collection */ public function getAll($type, $count = 20, $permission = 'view') { $q = $this->entityQuery($type, false, $permission)->orderBy('name', 'asc'); if ($count !== false) { $q = $q->take($count); } return $q->get(); } /** * Get all entities in a paginated format * @param $type * @param int $count * @return \Illuminate\Contracts\Pagination\LengthAwarePaginator */ public function getAllPaginated($type, $count = 10) { return $this->entityQuery($type)->orderBy('name', 'asc')->paginate($count); } /** * Get the most recently created entities of the given type. * @param string $type * @param int $count * @param int $page * @param bool|callable $additionalQuery * @return Collection */ public function getRecentlyCreated($type, $count = 20, $page = 0, $additionalQuery = false) { $query = $this->permissionService->enforceEntityRestrictions($type, $this->getEntity($type)) ->orderBy('created_at', 'desc'); if (strtolower($type) === 'page') { $query = $query->where('draft', '=', false); } if ($additionalQuery !== false && is_callable($additionalQuery)) { $additionalQuery($query); } return $query->skip($page * $count)->take($count)->get(); } /** * Get the most recently updated entities of the given type. * @param string $type * @param int $count * @param int $page * @param bool|callable $additionalQuery * @return Collection */ public function getRecentlyUpdated($type, $count = 20, $page = 0, $additionalQuery = false) { $query = $this->permissionService->enforceEntityRestrictions($type, $this->getEntity($type)) ->orderBy('updated_at', 'desc'); if (strtolower($type) === 'page') { $query = $query->where('draft', '=', false); } if ($additionalQuery !== false && is_callable($additionalQuery)) { $additionalQuery($query); } return $query->skip($page * $count)->take($count)->get(); } /** * Get the most recently viewed entities. * @param string|bool $type * @param int $count * @param int $page * @return mixed */ public function getRecentlyViewed($type, $count = 10, $page = 0) { $filter = is_bool($type) ? false : $this->getEntity($type); return $this->viewService->getUserRecentlyViewed($count, $page, $filter); } /** * Get the latest pages added to the system with pagination. * @param string $type * @param int $count * @return mixed */ public function getRecentlyCreatedPaginated($type, $count = 20) { return $this->entityQuery($type)->orderBy('created_at', 'desc')->paginate($count); } /** * Get the latest pages added to the system with pagination. * @param string $type * @param int $count * @return mixed */ public function getRecentlyUpdatedPaginated($type, $count = 20) { return $this->entityQuery($type)->orderBy('updated_at', 'desc')->paginate($count); } /** * Get the most popular entities base on all views. * @param string|bool $type * @param int $count * @param int $page * @return mixed */ public function getPopular($type, $count = 10, $page = 0) { $filter = is_bool($type) ? false : $this->getEntity($type); return $this->viewService->getPopular($count, $page, $filter); } /** * Get draft pages owned by the current user. * @param int $count * @param int $page */ public function getUserDraftPages($count = 20, $page = 0) { return $this->page->where('draft', '=', true) ->where('created_by', '=', user()->id) ->orderBy('updated_at', 'desc') ->skip($count * $page)->take($count)->get(); } /** * Get all child objects of a book. * Returns a sorted collection of Pages and Chapters. * Loads the book slug onto child elements to prevent access database access for getting the slug. * @param Book $book * @param bool $filterDrafts * @param bool $renderPages * @return mixed */ public function getBookChildren(Book $book, $filterDrafts = false, $renderPages = false) { $q = $this->permissionService->bookChildrenQuery($book->id, $filterDrafts, $renderPages)->get(); $entities = []; $parents = []; $tree = []; foreach ($q as $index => $rawEntity) { if ($rawEntity->entity_type === 'BookStack\\Page') { $entities[$index] = $this->page->newFromBuilder($rawEntity); if ($renderPages) { $entities[$index]->html = $rawEntity->html; $entities[$index]->html = $this->renderPage($entities[$index]); }; } else if ($rawEntity->entity_type === 'BookStack\\Chapter') { $entities[$index] = $this->chapter->newFromBuilder($rawEntity); $key = $entities[$index]->entity_type . ':' . $entities[$index]->id; $parents[$key] = $entities[$index]; $parents[$key]->setAttribute('pages', collect()); } if ($entities[$index]->chapter_id === 0 || $entities[$index]->chapter_id === '0') { $tree[] = $entities[$index]; } $entities[$index]->book = $book; } foreach ($entities as $entity) { if ($entity->chapter_id === 0 || $entity->chapter_id === '0') { continue; } $parentKey = 'BookStack\\Chapter:' . $entity->chapter_id; if (!isset($parents[$parentKey])) { $tree[] = $entity; continue; } $chapter = $parents[$parentKey]; $chapter->pages->push($entity); } return collect($tree); } /** * Get the child items for a chapter sorted by priority but * with draft items floated to the top. * @param Chapter $chapter * @return \Illuminate\Database\Eloquent\Collection|static[] */ public function getChapterChildren(Chapter $chapter) { return $this->permissionService->enforceEntityRestrictions('page', $chapter->pages()) ->orderBy('draft', 'DESC')->orderBy('priority', 'ASC')->get(); } /** * Get the next sequential priority for a new child element in the given book. * @param Book $book * @return int */ public function getNewBookPriority(Book $book) { $lastElem = $this->getBookChildren($book)->pop(); return $lastElem ? $lastElem->priority + 1 : 0; } /** * Get a new priority for a new page to be added to the given chapter. * @param Chapter $chapter * @return int */ public function getNewChapterPriority(Chapter $chapter) { $lastPage = $chapter->pages('DESC')->first(); return $lastPage !== null ? $lastPage->priority + 1 : 0; } /** * Find a suitable slug for an entity. * @param string $type * @param string $name * @param bool|integer $currentId * @param bool|integer $bookId Only pass if type is not a book * @return string */ public function findSuitableSlug($type, $name, $currentId = false, $bookId = false) { $slug = $this->nameToSlug($name); while ($this->slugExists($type, $slug, $currentId, $bookId)) { $slug .= '-' . substr(md5(rand(1, 500)), 0, 3); } return $slug; } /** * Check if a slug already exists in the database. * @param string $type * @param string $slug * @param bool|integer $currentId * @param bool|integer $bookId * @return bool */ protected function slugExists($type, $slug, $currentId = false, $bookId = false) { $query = $this->getEntity($type)->where('slug', '=', $slug); if (strtolower($type) === 'page' || strtolower($type) === 'chapter') { $query = $query->where('book_id', '=', $bookId); } if ($currentId) { $query = $query->where('id', '!=', $currentId); } return $query->count() > 0; } /** * Updates entity restrictions from a request * @param $request * @param Entity $entity */ public function updateEntityPermissionsFromRequest($request, Entity $entity) { $entity->restricted = $request->get('restricted', '') === 'true'; $entity->permissions()->delete(); if ($request->filled('restrictions')) { foreach ($request->get('restrictions') as $roleId => $restrictions) { foreach ($restrictions as $action => $value) { $entity->permissions()->create([ 'role_id' => $roleId, 'action' => strtolower($action) ]); } } } $entity->save(); $this->permissionService->buildJointPermissionsForEntity($entity); } /** * Create a new entity from request input. * Used for books and chapters. * @param string $type * @param array $input * @param bool|Book $book * @return Entity */ public function createFromInput($type, $input = [], $book = false) { $isChapter = strtolower($type) === 'chapter'; $entityModel = $this->getEntity($type)->newInstance($input); $entityModel->slug = $this->findSuitableSlug($type, $entityModel->name, false, $isChapter ? $book->id : false); $entityModel->created_by = user()->id; $entityModel->updated_by = user()->id; $isChapter ? $book->chapters()->save($entityModel) : $entityModel->save(); if (isset($input['tags'])) { $this->tagRepo->saveTagsToEntity($entityModel, $input['tags']); } $this->permissionService->buildJointPermissionsForEntity($entityModel); $this->searchService->indexEntity($entityModel); return $entityModel; } /** * Update entity details from request input. * Used for books and chapters * @param string $type * @param Entity $entityModel * @param array $input * @return Entity */ public function updateFromInput($type, Entity $entityModel, $input = []) { if ($entityModel->name !== $input['name']) { $entityModel->slug = $this->findSuitableSlug($type, $input['name'], $entityModel->id); } $entityModel->fill($input); $entityModel->updated_by = user()->id; $entityModel->save(); if (isset($input['tags'])) { $this->tagRepo->saveTagsToEntity($entityModel, $input['tags']); } $this->permissionService->buildJointPermissionsForEntity($entityModel); $this->searchService->indexEntity($entityModel); return $entityModel; } /** * Change the book that an entity belongs to. * @param string $type * @param integer $newBookId * @param Entity $entity * @param bool $rebuildPermissions * @return Entity */ public function changeBook($type, $newBookId, Entity $entity, $rebuildPermissions = false) { $entity->book_id = $newBookId; // Update related activity foreach ($entity->activity as $activity) { $activity->book_id = $newBookId; $activity->save(); } $entity->slug = $this->findSuitableSlug($type, $entity->name, $entity->id, $newBookId); $entity->save(); // Update all child pages if a chapter if (strtolower($type) === 'chapter') { foreach ($entity->pages as $page) { $this->changeBook('page', $newBookId, $page, false); } } // Update permissions if applicable if ($rebuildPermissions) { $entity->load('book'); $this->permissionService->buildJointPermissionsForEntity($entity->book); } return $entity; } /** * Alias method to update the book jointPermissions in the PermissionService. * @param Book $book */ public function buildJointPermissionsForBook(Book $book) { $this->permissionService->buildJointPermissionsForEntity($book); } /** * Format a name as a url slug. * @param $name * @return string */ protected function nameToSlug($name) { $slug = preg_replace('/[\+\/\\\?\@\}\{\.\,\=\[\]\#\&\!\*\'\;\:\$\%]/', '', mb_strtolower($name)); $slug = preg_replace('/\s{2,}/', ' ', $slug); $slug = str_replace(' ', '-', $slug); if ($slug === "") { $slug = substr(md5(rand(1, 500)), 0, 5); } return $slug; } /** * Publish a draft page to make it a normal page. * Sets the slug and updates the content. * @param Page $draftPage * @param array $input * @return Page */ public function publishPageDraft(Page $draftPage, array $input) { $draftPage->fill($input); // Save page tags if present if (isset($input['tags'])) { $this->tagRepo->saveTagsToEntity($draftPage, $input['tags']); } $draftPage->slug = $this->findSuitableSlug('page', $draftPage->name, false, $draftPage->book->id); $draftPage->html = $this->formatHtml($input['html']); $draftPage->text = $this->pageToPlainText($draftPage); $draftPage->draft = false; $draftPage->revision_count = 1; $draftPage->save(); $this->savePageRevision($draftPage, trans('entities.pages_initial_revision')); $this->searchService->indexEntity($draftPage); return $draftPage; } /** * Saves a page revision into the system. * @param Page $page * @param null|string $summary * @return PageRevision */ public function savePageRevision(Page $page, $summary = null) { $revision = $this->pageRevision->newInstance($page->toArray()); if (setting('app-editor') !== 'markdown') { $revision->markdown = ''; } $revision->page_id = $page->id; $revision->slug = $page->slug; $revision->book_slug = $page->book->slug; $revision->created_by = user()->id; $revision->created_at = $page->updated_at; $revision->type = 'version'; $revision->summary = $summary; $revision->revision_number = $page->revision_count; $revision->save(); // Clear old revisions if ($this->pageRevision->where('page_id', '=', $page->id)->count() > 50) { $this->pageRevision->where('page_id', '=', $page->id) ->orderBy('created_at', 'desc')->skip(50)->take(5)->delete(); } return $revision; } /** * Formats a page's html to be tagged correctly * within the system. * @param string $htmlText * @return string */ protected function formatHtml($htmlText) { if ($htmlText == '') { return $htmlText; } libxml_use_internal_errors(true); $doc = new DOMDocument(); $doc->loadHTML(mb_convert_encoding($htmlText, 'HTML-ENTITIES', 'UTF-8')); $container = $doc->documentElement; $body = $container->childNodes->item(0); $childNodes = $body->childNodes; // Ensure no duplicate ids are used $idArray = []; foreach ($childNodes as $index => $childNode) { /** @var \DOMElement $childNode */ if (get_class($childNode) !== 'DOMElement') { continue; } // Overwrite id if not a BookStack custom id if ($childNode->hasAttribute('id')) { $id = $childNode->getAttribute('id'); if (strpos($id, 'bkmrk') === 0 && array_search($id, $idArray) === false) { $idArray[] = $id; continue; }; } // Create an unique id for the element // Uses the content as a basis to ensure output is the same every time // the same content is passed through. $contentId = 'bkmrk-' . substr(strtolower(preg_replace('/\s+/', '-', trim($childNode->nodeValue))), 0, 20); $newId = urlencode($contentId); $loopIndex = 0; while (in_array($newId, $idArray)) { $newId = urlencode($contentId . '-' . $loopIndex); $loopIndex++; } $childNode->setAttribute('id', $newId); $idArray[] = $newId; } // Generate inner html as a string $html = ''; foreach ($childNodes as $childNode) { $html .= $doc->saveHTML($childNode); } return $html; } /** * Render the page for viewing, Parsing and performing features such as page transclusion. * @param Page $page * @param bool $ignorePermissions * @return mixed|string */ public function renderPage(Page $page, $ignorePermissions = false) { $content = $page->html; if (!config('app.allow_content_scripts')) { $content = $this->escapeScripts($content); } $matches = []; preg_match_all("/{{@\s?([0-9].*?)}}/", $content, $matches); if (count($matches[0]) === 0) { return $content; } $topLevelTags = ['table', 'ul', 'ol']; foreach ($matches[1] as $index => $includeId) { $splitInclude = explode('#', $includeId, 2); $pageId = intval($splitInclude[0]); if (is_nan($pageId)) { continue; } $matchedPage = $this->getById('page', $pageId, false, $ignorePermissions); if ($matchedPage === null) { $content = str_replace($matches[0][$index], '', $content); continue; } if (count($splitInclude) === 1) { $content = str_replace($matches[0][$index], $matchedPage->html, $content); continue; } $doc = new DOMDocument(); $doc->loadHTML(mb_convert_encoding('
'.$matchedPage->html.'', 'HTML-ENTITIES', 'UTF-8')); $matchingElem = $doc->getElementById($splitInclude[1]); if ($matchingElem === null) { $content = str_replace($matches[0][$index], '', $content); continue; } $innerContent = ''; $isTopLevel = in_array(strtolower($matchingElem->nodeName), $topLevelTags); if ($isTopLevel) { $innerContent .= $doc->saveHTML($matchingElem); } else { foreach ($matchingElem->childNodes as $childNode) { $innerContent .= $doc->saveHTML($childNode); } } $content = str_replace($matches[0][$index], trim($innerContent), $content); } return $content; } /** * Escape script tags within HTML content. * @param string $html * @return mixed */ protected function escapeScripts(string $html) { $scriptSearchRegex = '/