namespace BookStack\Uploads\Controllers;
use BookStack\Entities\Queries\PageQueries;
+use BookStack\Exceptions\NotFoundException;
use BookStack\Http\ApiController;
+use BookStack\Permissions\Permission;
use BookStack\Uploads\Image;
use BookStack\Uploads\ImageRepo;
use BookStack\Uploads\ImageResizer;
+use BookStack\Uploads\ImageService;
use Illuminate\Http\Request;
class ImageGalleryApiController extends ApiController
protected ImageRepo $imageRepo,
protected ImageResizer $imageResizer,
protected PageQueries $pageQueries,
+ protected ImageService $imageService,
) {
}
'image' => ['required', 'file', ...$this->getImageValidationRules()],
'name' => ['string', 'max:180'],
],
+ 'readDataForUrl' => [
+ 'url' => ['required', 'string', 'url'],
+ ],
'update' => [
'name' => ['string', 'max:180'],
'image' => ['file', ...$this->getImageValidationRules()],
*/
public function create(Request $request)
{
- $this->checkPermission('image-create-all');
+ $this->checkPermission(Permission::ImageCreateAll);
$data = $this->validate($request, $this->rules()['create']);
$page = $this->pageQueries->findVisibleByIdOrFail($data['uploaded_to']);
* The "thumbs" response property contains links to scaled variants that BookStack may use in its UI.
* The "content" response property provides HTML and Markdown content, in the format that BookStack
* would typically use by default to add the image in page content, as a convenience.
- * Actual image file data is not provided but can be fetched via the "url" response property.
+ * Actual image file data is not provided but can be fetched via the "url" response property or by
+ * using the "read-data" endpoint.
*/
public function read(string $id)
{
return response()->json($this->formatForSingleResponse($image));
}
+ /**
+ * Read the image file data for a single image in the system.
+ * The returned response will be a stream of image data instead of a JSON response.
+ */
+ public function readData(string $id)
+ {
+ $image = Image::query()->scopes(['visible'])->findOrFail($id);
+
+ return $this->imageService->streamImageFromStorageResponse('gallery', $image->path);
+ }
+
+ /**
+ * Read the image file data for a single image in the system, using the provided URL
+ * to identify the image instead of its ID, which is provided as a "URL" query parameter.
+ * The returned response will be a stream of image data instead of a JSON response.
+ */
+ public function readDataForUrl(Request $request)
+ {
+ $data = $this->validate($request, $this->rules()['readDataForUrl']);
+ $basePath = url('/uploads/images/');
+ $imagePath = str_replace($basePath, '', $data['url']);
+
+ if (!$this->imageService->pathAccessible($imagePath)) {
+ throw (new NotFoundException(trans('errors.image_not_found')))
+ ->setSubtitle(trans('errors.image_not_found_subtitle'))
+ ->setDetails(trans('errors.image_not_found_details'));
+ }
+
+ return $this->imageService->streamImageFromStorageResponse('gallery', $imagePath);
+ }
+
/**
* Update the details of an existing image in the system.
* Since "image" is expected to be a file, this needs to be a 'multipart/form-data' type request if providing a
{
$data = $this->validate($request, $this->rules()['update']);
$image = $this->imageRepo->getById($id);
- $this->checkOwnablePermission('page-view', $image->getPage());
- $this->checkOwnablePermission('image-update', $image);
+ $this->checkOwnablePermission(Permission::PageView, $image->getPage());
+ $this->checkOwnablePermission(Permission::ImageUpdate, $image);
$this->imageRepo->updateImageDetails($image, $data);
if (isset($data['image'])) {
public function delete(string $id)
{
$image = $this->imageRepo->getById($id);
- $this->checkOwnablePermission('page-view', $image->getPage());
- $this->checkOwnablePermission('image-delete', $image);
+ $this->checkOwnablePermission(Permission::PageView, $image->getPage());
+ $this->checkOwnablePermission(Permission::ImageDelete, $image);
$this->imageRepo->destroyImage($image);
return response('', 204);
$data['content']['html'] = "<div drawio-diagram=\"{$image->id}\"><img src=\"{$escapedUrl}\"></div>";
$data['content']['markdown'] = $data['content']['html'];
} else {
- $escapedDisplayThumb = htmlentities($image->thumbs['display']);
+ $escapedDisplayThumb = htmlentities($image->getAttribute('thumbs')['display']);
$data['content']['html'] = "<a href=\"{$escapedUrl}\" target=\"_blank\"><img src=\"{$escapedDisplayThumb}\" alt=\"{$escapedName}\"></a>";
$mdEscapedName = str_replace(']', '', str_replace('[', '', $image->name));
- $mdEscapedThumb = str_replace(']', '', str_replace('[', '', $image->thumbs['display']));
+ $mdEscapedThumb = str_replace(']', '', str_replace('[', '', $image->getAttribute('thumbs')['display']));
$data['content']['markdown'] = "";
}
projects / bookstack / blobdiff