bookstack/app/Entities/Controllers/PageApiController.php

<?php

namespace BookStack\Entities\Controllers;

use BookStack\Entities\Queries\EntityQueries;
use BookStack\Entities\Queries\PageQueries;
use BookStack\Entities\Repos\PageRepo;
use BookStack\Exceptions\PermissionsException;
use BookStack\Http\ApiController;
use Exception;
use Illuminate\Http\Request;

class PageApiController extends ApiController
{
    protected $rules = [
        'create' => [
            'book_id'    => ['required_without:chapter_id', 'integer'],
            'chapter_id' => ['required_without:book_id', 'integer'],
            'name'       => ['required', 'string', 'max:255'],
            'html'       => ['required_without:markdown', 'string'],
            'markdown'   => ['required_without:html', 'string'],
            'tags'       => ['array'],
            'priority'   => ['integer'],
        ],
        'update' => [
            'book_id'    => ['integer'],
            'chapter_id' => ['integer'],
            'name'       => ['string', 'min:1', 'max:255'],
            'html'       => ['string'],
            'markdown'   => ['string'],
            'tags'       => ['array'],
            'priority'   => ['integer'],
        ],
    ];

    public function __construct(
        protected PageRepo $pageRepo,
        protected PageQueries $queries,
        protected EntityQueries $entityQueries,
    ) {
    }

    /**
     * Get a listing of pages visible to the user.
     */
    public function list()
    {
        $pages = $this->queries->visibleForList()
            ->addSelect(['created_by', 'updated_by', 'revision_count', 'editor']);

        return $this->apiListingResponse($pages, [
            'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority',
            'draft', 'template',
            'created_at', 'updated_at',
            'created_by', 'updated_by', 'owned_by',
        ]);
    }

    /**
     * Create a new page in the system.
     *
     * The ID of a parent book or chapter is required to indicate
     * where this page should be located.
     *
     * Any HTML content provided should be kept to a single-block depth of plain HTML
     * elements to remain compatible with the BookStack front-end and editors.
     * Any images included via base64 data URIs will be extracted and saved as gallery
     * images against the page during upload.
     */
    public function create(Request $request)
    {
        $this->validate($request, $this->rules['create']);

        if ($request->has('chapter_id')) {
            $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));
        } else {
            $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
        }
        $this->checkOwnablePermission('page-create', $parent);

        $draft = $this->pageRepo->getNewDraftPage($parent);
        $this->pageRepo->publishDraft($draft, $request->only(array_keys($this->rules['create'])));

        return response()->json($draft->forJsonDisplay());
    }

    /**
     * View the details of a single page.
     * Pages will always have HTML content. They may have markdown content
     * if the markdown editor was used to last update the page.
     *
     * The 'html' property is the fully rendered & escaped HTML content that BookStack
     * would show on page view, with page includes handled.
     * The 'raw_html' property is the direct database stored HTML content, which would be
     * what BookStack shows on page edit.
     *
     * See the "Content Security" section of these docs for security considerations when using
     * the page content returned from this endpoint.
     */
    public function read(string $id)
    {
        $page = $this->queries->findVisibleByIdOrFail($id);

        return response()->json($page->forJsonDisplay());
    }

    /**
     * Update the details of a single page.
     *
     * See the 'create' action for details on the provided HTML/Markdown.
     * Providing a 'book_id' or 'chapter_id' property will essentially move
     * the page into that parent element if you have permissions to do so.
     */
    public function update(Request $request, string $id)
    {
        $requestData = $this->validate($request, $this->rules['update']);

        $page = $this->queries->findVisibleByIdOrFail($id);
        $this->checkOwnablePermission('page-update', $page);

        $parent = null;
        if ($request->has('chapter_id')) {
            $parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));
        } elseif ($request->has('book_id')) {
            $parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));
        }

        if ($parent && !$parent->matches($page->getParent())) {
            $this->checkOwnablePermission('page-delete', $page);

            try {
                $this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);
            } catch (Exception $exception) {
                if ($exception instanceof  PermissionsException) {
                    $this->showPermissionError();
                }

                return $this->jsonError(trans('errors.selected_book_chapter_not_found'));
            }
        }

        $updatedPage = $this->pageRepo->update($page, $requestData);

        return response()->json($updatedPage->forJsonDisplay());
    }

    /**
     * Delete a page.
     * This will typically send the page to the recycle bin.
     */
    public function delete(string $id)
    {
        $page = $this->queries->findVisibleByIdOrFail($id);
        $this->checkOwnablePermission('page-delete', $page);

        $this->pageRepo->destroy($page);

        return response('', 204);
    }
}
Started pages API 2020-11-22 22:56:19 +08:00			`<?php`

Played around with a new app structure 2023-05-18 00:56:55 +08:00			`namespace BookStack\Entities\Controllers;`
Started pages API 2020-11-22 22:56:19 +08:00
Queries: Updated all app book static query uses 2024-02-08 00:37:36 +08:00			`use BookStack\Entities\Queries\EntityQueries;`
Queries: Extracted PageRepo queries to own class Started new class for PageRevisions too as part of these changes 2024-02-06 01:35:49 +08:00			`use BookStack\Entities\Queries\PageQueries;`
Started pages API 2020-11-22 22:56:19 +08:00			`use BookStack\Entities\Repos\PageRepo;`
			`use BookStack\Exceptions\PermissionsException;`
Cleaned up namespacing in routes Also moved home controller and moved controllers up a level in http. 2023-05-19 03:53:39 +08:00			`use BookStack\Http\ApiController;`
Started pages API 2020-11-22 22:56:19 +08:00			`use Exception;`
			`use Illuminate\Http\Request;`

			`class PageApiController extends ApiController`
			`{`
			`protected $rules = [`
			`'create' => [`
Standardised laravel validation to be array based Converted from string-only-based validation. Array based validation works nicer once you have validation classess or advanced validation options. 2021-11-05 08:26:55 +08:00			`'book_id' => ['required_without:chapter_id', 'integer'],`
			`'chapter_id' => ['required_without:book_id', 'integer'],`
			`'name' => ['required', 'string', 'max:255'],`
			`'html' => ['required_without:markdown', 'string'],`
			`'markdown' => ['required_without:html', 'string'],`
			`'tags' => ['array'],`
[API] add priority in book read [API] add priority in chapter create and update [API] add priority in page create and update 2023-06-12 21:12:46 +08:00			`'priority' => ['integer'],`
Started pages API 2020-11-22 22:56:19 +08:00			`],`
			`'update' => [`
Touched entity timestamps on entity tag update Decided it's relevant to entity updated_at since tags are now indexed alongside content. - Also fixed tags not applied on shelf. - Also enforced proper page API update validation. - Adds tests to cover. For #3319 Fixes #3370 2022-04-05 00:24:05 +08:00			`'book_id' => ['integer'],`
			`'chapter_id' => ['integer'],`
Standardised laravel validation to be array based Converted from string-only-based validation. Array based validation works nicer once you have validation classess or advanced validation options. 2021-11-05 08:26:55 +08:00			`'name' => ['string', 'min:1', 'max:255'],`
			`'html' => ['string'],`
			`'markdown' => ['string'],`
			`'tags' => ['array'],`
[API] add priority in book read [API] add priority in chapter create and update [API] add priority in page create and update 2023-06-12 21:12:46 +08:00			`'priority' => ['integer'],`
Started pages API 2020-11-22 22:56:19 +08:00			`],`
			`];`

Pages API: Made raw_html available on page responses To provide a way to see the original un-pre-processed database HTML content. For #4310 2023-06-21 00:07:46 +08:00			`public function __construct(`
Queries: Extracted PageRepo queries to own class Started new class for PageRevisions too as part of these changes 2024-02-06 01:35:49 +08:00			`protected PageRepo $pageRepo,`
			`protected PageQueries $queries,`
Queries: Updated all app book static query uses 2024-02-08 00:37:36 +08:00			`protected EntityQueries $entityQueries,`
Pages API: Made raw_html available on page responses To provide a way to see the original un-pre-processed database HTML content. For #4310 2023-06-21 00:07:46 +08:00			`) {`
Started pages API 2020-11-22 22:56:19 +08:00			`}`

			`/**`
			`* Get a listing of pages visible to the user.`
			`*/`
			`public function list()`
			`{`
Queries: Update API to align data with previous versions Ensures fields returned match API docs and previous versions of BookStack where we were accidentally returning more fields than expected. Updates tests to cover many of these. Also updated clockwork to ignore image requests for less noisy debugging. Also updated chapter page query to not be loading all page data, via new query in PageQueries. 2024-02-11 23:42:37 +08:00			`$pages = $this->queries->visibleForList()`
			`->addSelect(['created_by', 'updated_by', 'revision_count', 'editor']);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Started pages API 2020-11-22 22:56:19 +08:00			`return $this->apiListingResponse($pages, [`
			`'id', 'book_id', 'chapter_id', 'name', 'slug', 'priority',`
			`'draft', 'template',`
Made fixes/updates during pre-release review - Fixed page editor default focus not working as expected due to misnamed attribute. - Added owned_by to relevant areas of the API including the docs. - Made book relation on page accessible even if deleted since it could cause an issue on views, such as audit trail, when the relation is accessed when the book is deleted. 2021-01-04 06:29:58 +08:00			`'created_at', 'updated_at',`
			`'created_by', 'updated_by', 'owned_by',`
Started pages API 2020-11-22 22:56:19 +08:00			`]);`
			`}`

			`/**`
			`* Create a new page in the system.`
Added pages API doc examples Made some tweaks to related content and other examples while there. 2020-11-28 23:21:54 +08:00			`*`
			`* The ID of a parent book or chapter is required to indicate`
			`* where this page should be located.`
			`*`
			`* Any HTML content provided should be kept to a single-block depth of plain HTML`
			`* elements to remain compatible with the BookStack front-end and editors.`
Reviewed base64 image upload support - Added test cases to cover. - Altered parsing logic to be a little less reliant on regex. - Added new iamge repo method for creating from data. - Added extension validation and additional type support. - Done some cleanup of common operations within PageContent. - Added message to API docs/method to mention image usage. For #2700 and #2631. 2021-06-03 04:34:34 +08:00			`* Any images included via base64 data URIs will be extracted and saved as gallery`
			`* images against the page during upload.`
Started pages API 2020-11-22 22:56:19 +08:00			`*/`
			`public function create(Request $request)`
			`{`
			`$this->validate($request, $this->rules['create']);`

			`if ($request->has('chapter_id')) {`
Queries: Updated all app book static query uses 2024-02-08 00:37:36 +08:00			`$parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));`
Started pages API 2020-11-22 22:56:19 +08:00			`} else {`
Queries: Updated all app book static query uses 2024-02-08 00:37:36 +08:00			`$parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));`
Started pages API 2020-11-22 22:56:19 +08:00			`}`
			`$this->checkOwnablePermission('page-create', $parent);`

			`$draft = $this->pageRepo->getNewDraftPage($parent);`
			`$this->pageRepo->publishDraft($draft, $request->only(array_keys($this->rules['create'])));`

Added pages API doc examples Made some tweaks to related content and other examples while there. 2020-11-28 23:21:54 +08:00			`return response()->json($draft->forJsonDisplay());`
Started pages API 2020-11-22 22:56:19 +08:00			`}`

			`/**`
			`* View the details of a single page.`
Added pages API doc examples Made some tweaks to related content and other examples while there. 2020-11-28 23:21:54 +08:00			`* Pages will always have HTML content. They may have markdown content`
			`* if the markdown editor was used to last update the page.`
Added content security section to the api docs Related to #3636 2022-08-11 17:49:45 +08:00			`*`
Pages API: Added extra helper text to read endpoint 2023-06-21 00:15:32 +08:00			`* The 'html' property is the fully rendered & escaped HTML content that BookStack`
			`* would show on page view, with page includes handled.`
			`* The 'raw_html' property is the direct database stored HTML content, which would be`
			`* what BookStack shows on page edit.`
			`*`
Added content security section to the api docs Related to #3636 2022-08-11 17:49:45 +08:00			`* See the "Content Security" section of these docs for security considerations when using`
			`* the page content returned from this endpoint.`
Started pages API 2020-11-22 22:56:19 +08:00			`*/`
			`public function read(string $id)`
			`{`
Queries: Extracted PageRepo queries to own class Started new class for PageRevisions too as part of these changes 2024-02-06 01:35:49 +08:00			`$page = $this->queries->findVisibleByIdOrFail($id);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Added pages API doc examples Made some tweaks to related content and other examples while there. 2020-11-28 23:21:54 +08:00			`return response()->json($page->forJsonDisplay());`
Started pages API 2020-11-22 22:56:19 +08:00			`}`

			`/**`
			`* Update the details of a single page.`
Added pages API doc examples Made some tweaks to related content and other examples while there. 2020-11-28 23:21:54 +08:00			`*`
			`* See the 'create' action for details on the provided HTML/Markdown.`
			`* Providing a 'book_id' or 'chapter_id' property will essentially move`
			`* the page into that parent element if you have permissions to do so.`
Started pages API 2020-11-22 22:56:19 +08:00			`*/`
			`public function update(Request $request, string $id)`
			`{`
Touched entity timestamps on entity tag update Decided it's relevant to entity updated_at since tags are now indexed alongside content. - Also fixed tags not applied on shelf. - Also enforced proper page API update validation. - Adds tests to cover. For #3319 Fixes #3370 2022-04-05 00:24:05 +08:00			`$requestData = $this->validate($request, $this->rules['update']);`

Queries: Extracted PageRepo queries to own class Started new class for PageRevisions too as part of these changes 2024-02-06 01:35:49 +08:00			`$page = $this->queries->findVisibleByIdOrFail($id);`
Started pages API 2020-11-22 22:56:19 +08:00			`$this->checkOwnablePermission('page-update', $page);`

			`$parent = null;`
			`if ($request->has('chapter_id')) {`
Queries: Updated all app book static query uses 2024-02-08 00:37:36 +08:00			`$parent = $this->entityQueries->chapters->findVisibleByIdOrFail(intval($request->get('chapter_id')));`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00			`} elseif ($request->has('book_id')) {`
Queries: Updated all app book static query uses 2024-02-08 00:37:36 +08:00			`$parent = $this->entityQueries->books->findVisibleByIdOrFail(intval($request->get('book_id')));`
Started pages API 2020-11-22 22:56:19 +08:00			`}`

			`if ($parent && !$parent->matches($page->getParent())) {`
			`$this->checkOwnablePermission('page-delete', $page);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Started pages API 2020-11-22 22:56:19 +08:00			`try {`
			`$this->pageRepo->move($page, $parent->getType() . ':' . $parent->id);`
			`} catch (Exception $exception) {`
			`if ($exception instanceof PermissionsException) {`
			`$this->showPermissionError();`
			`}`

			`return $this->jsonError(trans('errors.selected_book_chapter_not_found'));`
			`}`
			`}`

Touched entity timestamps on entity tag update Decided it's relevant to entity updated_at since tags are now indexed alongside content. - Also fixed tags not applied on shelf. - Also enforced proper page API update validation. - Adds tests to cover. For #3319 Fixes #3370 2022-04-05 00:24:05 +08:00			`$updatedPage = $this->pageRepo->update($page, $requestData);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Added pages API doc examples Made some tweaks to related content and other examples while there. 2020-11-28 23:21:54 +08:00			`return response()->json($updatedPage->forJsonDisplay());`
Started pages API 2020-11-22 22:56:19 +08:00			`}`

			`/**`
Added pages API doc examples Made some tweaks to related content and other examples while there. 2020-11-28 23:21:54 +08:00			`* Delete a page.`
			`* This will typically send the page to the recycle bin.`
Started pages API 2020-11-22 22:56:19 +08:00			`*/`
			`public function delete(string $id)`
			`{`
Queries: Extracted PageRepo queries to own class Started new class for PageRevisions too as part of these changes 2024-02-06 01:35:49 +08:00			`$page = $this->queries->findVisibleByIdOrFail($id);`
Started pages API 2020-11-22 22:56:19 +08:00			`$this->checkOwnablePermission('page-delete', $page);`

			`$this->pageRepo->destroy($page);`
Apply fixes from StyleCI 2021-06-26 23:23:15 +08:00
Started pages API 2020-11-22 22:56:19 +08:00			`return response('', 204);`
			`}`
			`}`