]> BookStack Code Mirror - bookstack/blob - app/Uploads/Controllers/AttachmentController.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #5917 from BookStackApp/copy_references
[bookstack] / app / Uploads / Controllers / AttachmentController.php
1 <?php
2
3 namespace BookStack\Uploads\Controllers;
4
5 use BookStack\Entities\EntityExistsRule;
6 use BookStack\Entities\Queries\PageQueries;
7 use BookStack\Entities\Repos\PageRepo;
8 use BookStack\Exceptions\FileUploadException;
9 use BookStack\Exceptions\NotFoundException;
10 use BookStack\Http\Controller;
11 use BookStack\Permissions\Permission;
12 use BookStack\Uploads\Attachment;
13 use BookStack\Uploads\AttachmentService;
14 use Exception;
15 use Illuminate\Contracts\Filesystem\FileNotFoundException;
16 use Illuminate\Http\Request;
17 use Illuminate\Support\MessageBag;
18 use Illuminate\Validation\ValidationException;
19
20 class AttachmentController extends Controller
21 {
22     public function __construct(
23         protected AttachmentService $attachmentService,
24         protected PageQueries $pageQueries,
25         protected PageRepo $pageRepo
26     ) {
27     }
28
29     /**
30      * Endpoint at which attachments are uploaded to.
31      *
32      * @throws ValidationException
33      * @throws NotFoundException
34      */
35     public function upload(Request $request)
36     {
37         $this->validate($request, [
38             'uploaded_to' => ['required', 'integer',  new EntityExistsRule('page')],
39             'file'        => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
40         ]);
41
42         $pageId = $request->get('uploaded_to');
43         $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
44
45         $this->checkPermission(Permission::AttachmentCreateAll);
46         $this->checkOwnablePermission(Permission::PageUpdate, $page);
47
48         $uploadedFile = $request->file('file');
49
50         try {
51             $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
52         } catch (FileUploadException $e) {
53             return response($e->getMessage(), 500);
54         }
55
56         return response()->json($attachment);
57     }
58
59     /**
60      * Update an uploaded attachment.
61      *
62      * @throws ValidationException
63      */
64     public function uploadUpdate(Request $request, $attachmentId)
65     {
66         $this->validate($request, [
67             'file' => array_merge(['required'], $this->attachmentService->getFileValidationRules()),
68         ]);
69
70         /** @var Attachment $attachment */
71         $attachment = Attachment::query()->findOrFail($attachmentId);
72         $this->checkOwnablePermission(Permission::PageView, $attachment->page);
73         $this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
74         $this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
75
76         $uploadedFile = $request->file('file');
77
78         try {
79             $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
80         } catch (FileUploadException $e) {
81             return response($e->getMessage(), 500);
82         }
83
84         return response()->json($attachment);
85     }
86
87     /**
88      * Get the update form for an attachment.
89      */
90     public function getUpdateForm(string $attachmentId)
91     {
92         /** @var Attachment $attachment */
93         $attachment = Attachment::query()->findOrFail($attachmentId);
94
95         $this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
96         $this->checkOwnablePermission(Permission::AttachmentCreate, $attachment);
97
98         return view('attachments.manager-edit-form', [
99             'attachment' => $attachment,
100         ]);
101     }
102
103     /**
104      * Update the details of an existing file.
105      */
106     public function update(Request $request, string $attachmentId)
107     {
108         /** @var Attachment $attachment */
109         $attachment = Attachment::query()->findOrFail($attachmentId);
110
111         try {
112             $this->validate($request, [
113                 'attachment_edit_name' => ['required', 'string', 'min:1', 'max:255'],
114                 'attachment_edit_url'  => ['string', 'min:1', 'max:2000', 'safe_url'],
115             ]);
116         } catch (ValidationException $exception) {
117             return response()->view('attachments.manager-edit-form', array_merge($request->only(['attachment_edit_name', 'attachment_edit_url']), [
118                 'attachment' => $attachment,
119                 'errors'     => new MessageBag($exception->errors()),
120             ]), 422);
121         }
122
123         $this->checkOwnablePermission(Permission::PageView, $attachment->page);
124         $this->checkOwnablePermission(Permission::PageUpdate, $attachment->page);
125         $this->checkOwnablePermission(Permission::AttachmentUpdate, $attachment);
126
127         $attachment = $this->attachmentService->updateFile($attachment, [
128             'name' => $request->get('attachment_edit_name'),
129             'link' => $request->get('attachment_edit_url'),
130         ]);
131
132         return view('attachments.manager-edit-form', [
133             'attachment' => $attachment,
134         ]);
135     }
136
137     /**
138      * Attach a link to a page.
139      *
140      * @throws NotFoundException
141      */
142     public function attachLink(Request $request)
143     {
144         $pageId = $request->get('attachment_link_uploaded_to');
145
146         try {
147             $this->validate($request, [
148                 'attachment_link_uploaded_to' => ['required', 'integer',  new EntityExistsRule('page')],
149                 'attachment_link_name'        => ['required', 'string', 'min:1', 'max:255'],
150                 'attachment_link_url'         => ['required', 'string', 'min:1', 'max:2000', 'safe_url'],
151             ]);
152         } catch (ValidationException $exception) {
153             return response()->view('attachments.manager-link-form', array_merge($request->only(['attachment_link_name', 'attachment_link_url']), [
154                 'pageId' => $pageId,
155                 'errors' => new MessageBag($exception->errors()),
156             ]), 422);
157         }
158
159         $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
160
161         $this->checkPermission(Permission::AttachmentCreateAll);
162         $this->checkOwnablePermission(Permission::PageUpdate, $page);
163
164         $attachmentName = $request->get('attachment_link_name');
165         $link = $request->get('attachment_link_url');
166         $this->attachmentService->saveNewFromLink($attachmentName, $link, intval($pageId));
167
168         return view('attachments.manager-link-form', [
169             'pageId' => $pageId,
170         ]);
171     }
172
173     /**
174      * Get the attachments for a specific page.
175      *
176      * @throws NotFoundException
177      */
178     public function listForPage(int $pageId)
179     {
180         $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
181
182         return view('attachments.manager-list', [
183             'attachments' => $page->attachments->all(),
184         ]);
185     }
186
187     /**
188      * Update the attachment sorting.
189      *
190      * @throws ValidationException
191      * @throws NotFoundException
192      */
193     public function sortForPage(Request $request, int $pageId)
194     {
195         $this->validate($request, [
196             'order' => ['required', 'array'],
197         ]);
198         $page = $this->pageQueries->findVisibleByIdOrFail($pageId);
199         $this->checkOwnablePermission(Permission::PageUpdate, $page);
200
201         $attachmentOrder = $request->get('order');
202         $this->attachmentService->updateFileOrderWithinPage($attachmentOrder, $pageId);
203
204         return response()->json(['message' => trans('entities.attachments_order_updated')]);
205     }
206
207     /**
208      * Get an attachment from storage.
209      *
210      * @throws FileNotFoundException
211      * @throws NotFoundException
212      */
213     public function get(Request $request, string $attachmentId)
214     {
215         /** @var Attachment $attachment */
216         $attachment = Attachment::query()->findOrFail($attachmentId);
217
218         try {
219             $page = $this->pageQueries->findVisibleByIdOrFail($attachment->uploaded_to);
220         } catch (NotFoundException $exception) {
221             throw new NotFoundException(trans('errors.attachment_not_found'));
222         }
223
224         $this->checkOwnablePermission(Permission::PageView, $page);
225
226         if ($attachment->external) {
227             return redirect($attachment->path);
228         }
229
230         $fileName = $attachment->getFileName();
231         $attachmentStream = $this->attachmentService->streamAttachmentFromStorage($attachment);
232         $attachmentSize = $this->attachmentService->getAttachmentFileSize($attachment);
233
234         if ($request->get('open') === 'true') {
235             return $this->download()->streamedInline($attachmentStream, $fileName, $attachmentSize);
236         }
237
238         return $this->download()->streamedDirectly($attachmentStream, $fileName, $attachmentSize);
239     }
240
241     /**
242      * Delete a specific attachment in the system.
243      *
244      * @throws Exception
245      */
246     public function delete(string $attachmentId)
247     {
248         /** @var Attachment $attachment */
249         $attachment = Attachment::query()->findOrFail($attachmentId);
250         $this->checkOwnablePermission(Permission::AttachmentDelete, $attachment);
251         $this->attachmentService->deleteFile($attachment);
252
253         return response()->json(['message' => trans('entities.attachments_deleted')]);
254     }
255 }
The core source code for the BookStack project.