BookStack Code Mirror - bookstack/blob - app/Entities/Controllers/PageApiController.php

   1 <?php
   2
   3 namespace BookStack\Entities\Controllers;
   4
   5 use BookStack\Activity\Tools\CommentTree;
   6 use BookStack\Entities\Queries\EntityQueries;
   7 use BookStack\Entities\Queries\PageQueries;
   8 use BookStack\Entities\Repos\PageRepo;
   9 use BookStack\Exceptions\PermissionsException;
  10 use BookStack\Http\ApiController;
  11 use BookStack\Permissions\Permission;
  12 use Exception;
  13 use Illuminate\Http\Request;
  14
  15 class PageApiController extends ApiController
  16 {
  17     protected array $rules = [
  18         'create' => [
  19             'book_id'    => ['required_without:chapter_id', 'integer'],
  20             'chapter_id' => ['required_without:book_id', 'integer'],
  21             'name'       => ['required', 'string', 'max:255'],
  22             'html'       => ['required_without:markdown', 'string'],
  23             'markdown'   => ['required_without:html', 'string'],
  24             'tags'       => ['array'],
  25             'priority'   => ['integer'],
  26         ],
  27         'update' => [
  28             'book_id'    => ['integer'],
  29             'chapter_id' => ['integer'],
  30             'name'       => ['string', 'min:1', 'max:255'],
  31             'html'       => ['string'],
  32             'markdown'   => ['string'],
  33             'tags'       => ['array'],
  34             'priority'   => ['integer'],
  35         ],
  36     ];
  37
  38     public function __construct(
  39         protected PageRepo $pageRepo,
  40         protected PageQueries $queries,
  41         protected EntityQueries $entityQueries,
  42     ) {
  43     }
  44
  45     /**
  46      * Get a listing of pages visible to the user.
  47      */
  48     public function list()
  49     {
  50         $pages = $this->queries->visibleForList()
  51             ->addSelect(['created_by', 'updated_by', 'revision_count', 'editor']);
  52
  53         return $this->apiListingResponse($pages, [
  54             'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority',
  55             'draft', 'template',
  56             'created_at', 'updated_at',
  57             'created_by', 'updated_by', 'owned_by',
  58         ]);
  59     }
  60
  61     /**
  62      * Create a new page in the system.
  63      *
  64      * The ID of a parent book or chapter is required to indicate
  65      * where this page should be located.
  66      *
  67      * Any HTML content provided should be kept to a single-block depth of plain HTML
  68      * elements to remain compatible with the BookStack front-end and editors.
  69      * Any images included via base64 data URIs will be extracted and saved as gallery
  70      * images against the page during upload.
  71      */
  72     public function create(Request $request)
  73     {
  74         $this->validate($request, $this->rules['create']);
  75
  76         if ($request->has('chapter_id')) {
  77             $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));
  78         } else {
  79             $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
  80         }
  81         $this->checkOwnablePermission(Permission::PageCreate, $parent);
  82
  83         $draft = $this->pageRepo->getNewDraftPage($parent);
  84         $this->pageRepo->publishDraft($draft, $request->only(array_keys($this->rules['create'])));
  85
  86         return response()->json($draft->forJsonDisplay());
  87     }
  88
  89     /**
  90      * View the details of a single page.
  91      * Pages will always have HTML content. They may have markdown content
  92      * if the Markdown editor was used to last update the page.
  93      *
  94      * The 'html' property is the fully rendered and escaped HTML content that BookStack
  95      * would show on page view, with page includes handled.
  96      * The 'raw_html' property is the direct database stored HTML content, which would be
  97      * what BookStack shows on page edit.
  98      *
  99      * See the "Content Security" section of these docs for security considerations when using
 100      * the page content returned from this endpoint.
 101      *
 102      * Comments for the page are provided in a tree-structure representing the hierarchy of top-level
 103      * comments and replies, for both archived and active comments.
 104      */
 105     public function read(string $id)
 106     {
 107         $page = $this->queries->findVisibleByIdOrFail($id);
 108
 109         $page = $page->forJsonDisplay();
 110         $commentTree = (new CommentTree($page));
 111         $commentTree->loadVisibleHtml();
 112         $page->setAttribute('comments', [
 113             'active' => $commentTree->getActive(),
 114             'archived' => $commentTree->getArchived(),
 115         ]);
 116
 117         return response()->json($page);
 118     }
 119
 120     /**
 121      * Update the details of a single page.
 122      *
 123      * See the 'create' action for details on the provided HTML/Markdown.
 124      * Providing a 'book_id' or 'chapter_id' property will essentially move
 125      * the page into that parent element if you have permissions to do so.
 126      */
 127     public function update(Request $request, string $id)
 128     {
 129         $requestData = $this->validate($request, $this->rules['update']);
 130
 131         $page = $this->queries->findVisibleByIdOrFail($id);
 132         $this->checkOwnablePermission(Permission::PageUpdate, $page);
 133
 134         $parent = null;
 135         if ($request->has('chapter_id')) {
 136             $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));
 137         } elseif ($request->has('book_id')) {
 138             $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
 139         }
 140
 141         if ($parent && !$parent->matches($page->getParent())) {
 142             $this->checkOwnablePermission(Permission::PageDelete, $page);
 143
 144             try {
 145                 $this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);
 146             } catch (Exception $exception) {
 147                 if ($exception instanceof  PermissionsException) {
 148                     $this->showPermissionError();
 149                 }
 150
 151                 return $this->jsonError(trans('errors.selected_book_chapter_not_found'));
 152             }
 153         }
 154
 155         $updatedPage = $this->pageRepo->update($page, $requestData);
 156
 157         return response()->json($updatedPage->forJsonDisplay());
 158     }
 159
 160     /**
 161      * Delete a page.
 162      * This will typically send the page to the recycle bin.
 163      */
 164     public function delete(string $id)
 165     {
 166         $page = $this->queries->findVisibleByIdOrFail($id);
 167         $this->checkOwnablePermission(Permission::PageDelete, $page);
 168
 169         $this->pageRepo->destroy($page);
 170
 171         return response('', 204);
 172     }
 173 }