bookstack/app/Http/Controllers/Controller.php

<?php

namespace BookStack\Http\Controllers;

use BookStack\Auth\User;
use BookStack\Ownable;
use Illuminate\Foundation\Bus\DispatchesJobs;
use Illuminate\Foundation\Validation\ValidatesRequests;
use Illuminate\Http\Exceptions\HttpResponseException;
use Illuminate\Http\Request;
use Illuminate\Routing\Controller as BaseController;

abstract class Controller extends BaseController
{
    use DispatchesJobs, ValidatesRequests;

    /**
     * @var User static
     */
    protected $currentUser;
    /**
     * @var bool
     */
    protected $signedIn;

    /**
     * Controller constructor.
     */
    public function __construct()
    {
        $this->middleware(function ($request, $next) {

            // Get a user instance for the current user
            $user = user();

            // Share variables with controllers
            $this->currentUser = $user;
            $this->signedIn = auth()->check();

            // Share variables with views
            view()->share('signedIn', $this->signedIn);
            view()->share('currentUser', $user);

            return $next($request);
        });
    }

    /**
     * Stops the application and shows a permission error if
     * the application is in demo mode.
     */
    protected function preventAccessForDemoUsers()
    {
        if (config('app.env') === 'demo') {
            $this->showPermissionError();
        }
    }

    /**
     * Adds the page title into the view.
     * @param $title
     */
    public function setPageTitle($title)
    {
        view()->share('pageTitle', $title);
    }

    /**
     * On a permission error redirect to home and display.
     * the error as a notification.
     */
    protected function showPermissionError()
    {
        if (request()->wantsJson()) {
            $response = response()->json(['error' => trans('errors.permissionJson')], 403);
        } else {
            $response = redirect('/');
            session()->flash('error', trans('errors.permission'));
        }

        throw new HttpResponseException($response);
    }

    /**
     * Checks for a permission.
     * @param string $permissionName
     * @return bool|\Illuminate\Http\RedirectResponse
     */
    protected function checkPermission($permissionName)
    {
        if (!user() || !user()->can($permissionName)) {
            $this->showPermissionError();
        }
        return true;
    }

    /**
     * Check the current user's permissions against an ownable item.
     * @param $permission
     * @param Ownable $ownable
     * @return bool
     */
    protected function checkOwnablePermission($permission, Ownable $ownable)
    {
        if (userCan($permission, $ownable)) {
            return true;
        }
        return $this->showPermissionError();
    }

    /**
     * Check if a user has a permission or bypass if the callback is true.
     * @param $permissionName
     * @param $callback
     * @return bool
     */
    protected function checkPermissionOr($permissionName, $callback)
    {
        $callbackResult = $callback();
        if ($callbackResult === false) {
            $this->checkPermission($permissionName);
        }
        return true;
    }

    /**
     * Send back a json error message.
     * @param string $messageText
     * @param int $statusCode
     * @return mixed
     */
    protected function jsonError($messageText = "", $statusCode = 500)
    {
        return response()->json(['message' => $messageText], $statusCode);
    }

    /**
     * Create the response for when a request fails validation.
     * @param  \Illuminate\Http\Request  $request
     * @param  array  $errors
     * @return \Symfony\Component\HttpFoundation\Response
     */
    protected function buildFailedValidationResponse(Request $request, array $errors)
    {
        if ($request->expectsJson()) {
            return response()->json(['validation' => $errors], 422);
        }

        return redirect()->to($this->getRedirectUrl())
            ->withInput($request->input())
            ->withErrors($errors, $this->errorBag());
    }

    /**
     * Create a response that forces a download in the browser.
     * @param string $content
     * @param string $fileName
     * @return \Illuminate\Http\Response
     */
    protected function downloadResponse(string $content, string $fileName)
    {
        return response()->make($content, 200, [
            'Content-Type'        => 'application/octet-stream',
            'Content-Disposition' => 'attachment; filename="' . $fileName . '"'
        ]);
    }
}
Initial commit 2015-07-13 03:01:42 +08:00			`<?php`

Change application namespace to BookStack 2015-09-11 02:31:09 +08:00			`namespace BookStack\Http\Controllers;`
Initial commit 2015-07-13 03:01:42 +08:00
Fleshed out entity provided and optimized imports 2018-09-25 23:58:03 +08:00			`use BookStack\Auth\User;`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`use BookStack\Ownable;`
Initial commit 2015-07-13 03:01:42 +08:00			`use Illuminate\Foundation\Bus\DispatchesJobs;`
Fleshed out entity provided and optimized imports 2018-09-25 23:58:03 +08:00			`use Illuminate\Foundation\Validation\ValidatesRequests;`
Upgraded to Laravel 5.4 2017-01-26 03:35:40 +08:00			`use Illuminate\Http\Exceptions\HttpResponseException;`
Page Attachments - Improved UI, Now initially complete Closes #62 2016-10-24 00:55:48 +08:00			`use Illuminate\Http\Request;`
Initial commit 2015-07-13 03:01:42 +08:00			`use Illuminate\Routing\Controller as BaseController;`

			`abstract class Controller extends BaseController`
			`{`
			`use DispatchesJobs, ValidatesRequests;`
Added some user/view helper methods 2015-08-25 04:10:04 +08:00
Added permission system 2015-08-29 22:03:42 +08:00			`/**`
			`* @var User static`
			`*/`
			`protected $currentUser;`
			`/**`
			`* @var bool`
			`*/`
			`protected $signedIn;`

Added some user/view helper methods 2015-08-25 04:10:04 +08:00			`/**`
			`* Controller constructor.`
			`*/`
			`public function __construct()`
			`{`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`$this->middleware(function ($request, $next) {`
Started social registration 2015-09-06 00:42:05 +08:00
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`// Get a user instance for the current user`
Started work on making the public role/user configurable Create a new 'public' guest user and made the public role visible on role setting screens. 2016-09-29 19:43:46 +08:00			`$user = user();`
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00
			`// Share variables with controllers`
			`$this->currentUser = $user;`
			`$this->signedIn = auth()->check();`

Started work on making the public role/user configurable Create a new 'public' guest user and made the public role visible on role setting screens. 2016-09-29 19:43:46 +08:00			`// Share variables with views`
			`view()->share('signedIn', $this->signedIn);`
			`view()->share('currentUser', $user);`

Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process 2016-09-18 01:22:04 +08:00			`return $next($request);`
			`});`
Added permission system 2015-08-29 22:03:42 +08:00			`}`

Added public build folder and support for a demo mode 2016-01-01 01:57:34 +08:00			`/**`
			`* Stops the application and shows a permission error if`
			`* the application is in demo mode.`
			`*/`
			`protected function preventAccessForDemoUsers()`
			`{`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-29 00:58:52 +08:00			`if (config('app.env') === 'demo') {`
			`$this->showPermissionError();`
			`}`
Added public build folder and support for a demo mode 2016-01-01 01:57:34 +08:00			`}`

Added custom meta titles to many pages. Closes #30. 2015-12-05 22:41:51 +08:00			`/**`
			`* Adds the page title into the view.`
			`* @param $title`
			`*/`
			`public function setPageTitle($title)`
			`{`
			`view()->share('pageTitle', $title);`
			`}`

Added public build folder and support for a demo mode 2016-01-01 01:57:34 +08:00			`/**`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`* On a permission error redirect to home and display.`
Added public build folder and support for a demo mode 2016-01-01 01:57:34 +08:00			`* the error as a notification.`
			`*/`
			`protected function showPermissionError()`
			`{`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`if (request()->wantsJson()) {`
			`$response = response()->json(['error' => trans('errors.permissionJson')], 403);`
			`} else {`
			`$response = redirect('/');`
			`session()->flash('error', trans('errors.permission'));`
			`}`

Added missing permission checkboxes and improved image AJAX permission responses 2016-02-28 04:52:46 +08:00			`throw new HttpResponseException($response);`
Added public build folder and support for a demo mode 2016-01-01 01:57:34 +08:00			`}`

Added permission system 2015-08-29 22:03:42 +08:00			`/**`
			`* Checks for a permission.`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`* @param string $permissionName`
Added permission system 2015-08-29 22:03:42 +08:00			`* @return bool\|\Illuminate\Http\RedirectResponse`
			`*/`
			`protected function checkPermission($permissionName)`
			`{`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`if (!user() \|\| !user()->can($permissionName)) {`
Added public build folder and support for a demo mode 2016-01-01 01:57:34 +08:00			`$this->showPermissionError();`
Added permission system 2015-08-29 22:03:42 +08:00			`}`
			`return true;`
			`}`

Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`/**`
			`* Check the current user's permissions against an ownable item.`
			`* @param $permission`
			`* @param Ownable $ownable`
			`* @return bool`
			`*/`
			`protected function checkOwnablePermission($permission, Ownable $ownable)`
			`{`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-29 00:58:52 +08:00			`if (userCan($permission, $ownable)) {`
			`return true;`
			`}`
Tied entity restriction system into userCan checks 2016-03-01 04:31:21 +08:00			`return $this->showPermissionError();`
Finished initial implementation of custom role system 2016-02-28 03:24:42 +08:00			`}`

Added public build folder and support for a demo mode 2016-01-01 01:57:34 +08:00			`/**`
			`* Check if a user has a permission or bypass if the callback is true.`
			`* @param $permissionName`
			`* @param $callback`
			`* @return bool`
			`*/`
Added permission system 2015-08-29 22:03:42 +08:00			`protected function checkPermissionOr($permissionName, $callback)`
			`{`
			`$callbackResult = $callback();`
Set /app PHP code to PSR-2 standard Also adde draw.io to attribution list. Closes #649 2018-01-29 00:58:52 +08:00			`if ($callbackResult === false) {`
			`$this->checkPermission($permissionName);`
			`}`
Added permission system 2015-08-29 22:03:42 +08:00			`return true;`
Added some user/view helper methods 2015-08-25 04:10:04 +08:00			`}`

Added further attribute endpoints and added tests 2016-05-07 21:29:43 +08:00			`/**`
			`* Send back a json error message.`
			`* @param string $messageText`
			`* @param int $statusCode`
			`* @return mixed`
			`*/`
			`protected function jsonError($messageText = "", $statusCode = 500)`
			`{`
			`return response()->json(['message' => $messageText], $statusCode);`
			`}`

Page Attachments - Improved UI, Now initially complete Closes #62 2016-10-24 00:55:48 +08:00			`/**`
			`* Create the response for when a request fails validation.`
			`* @param \Illuminate\Http\Request $request`
			`* @param array $errors`
			`* @return \Symfony\Component\HttpFoundation\Response`
			`*/`
			`protected function buildFailedValidationResponse(Request $request, array $errors)`
			`{`
			`if ($request->expectsJson()) {`
			`return response()->json(['validation' => $errors], 422);`
			`}`

			`return redirect()->to($this->getRedirectUrl())`
			`->withInput($request->input())`
			`->withErrors($errors, $this->errorBag());`
			`}`
Extracted download response logic into controller method Fixes incorrect 'Content-Disposition' header value. Fixes #581 2018-09-22 18:34:09 +08:00
			`/**`
			`* Create a response that forces a download in the browser.`
			`* @param string $content`
			`* @param string $fileName`
			`* @return \Illuminate\Http\Response`
			`*/`
			`protected function downloadResponse(string $content, string $fileName)`
			`{`
			`return response()->make($content, 200, [`
			`'Content-Type' => 'application/octet-stream',`
			`'Content-Disposition' => 'attachment; filename="' . $fileName . '"'`
			`]);`
			`}`
Initial commit 2015-07-13 03:01:42 +08:00			`}`