bookstack/app/Http/Controllers/AttachmentController.php

<?php namespace BookStack\Http\Controllers;

use BookStack\Exceptions\FileUploadException;
use BookStack\Attachment;
use BookStack\Exceptions\NotFoundException;
use BookStack\Repos\EntityRepo;
use BookStack\Services\AttachmentService;
use Illuminate\Http\Request;

class AttachmentController extends Controller
{
    protected $attachmentService;
    protected $attachment;
    protected $entityRepo;

    /**
     * AttachmentController constructor.
     * @param AttachmentService $attachmentService
     * @param Attachment $attachment
     * @param EntityRepo $entityRepo
     */
    public function __construct(AttachmentService $attachmentService, Attachment $attachment, EntityRepo $entityRepo)
    {
        $this->attachmentService = $attachmentService;
        $this->attachment = $attachment;
        $this->entityRepo = $entityRepo;
        parent::__construct();
    }


    /**
     * Endpoint at which attachments are uploaded to.
     * @param Request $request
     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\JsonResponse|\Symfony\Component\HttpFoundation\Response
     */
    public function upload(Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'file' => 'required|file'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->entityRepo->getById('page', $pageId, true);

        $this->checkPermission('attachment-create-all');
        $this->checkOwnablePermission('page-update', $page);

        $uploadedFile = $request->file('file');

        try {
            $attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);
        } catch (FileUploadException $e) {
            return response($e->getMessage(), 500);
        }

        return response()->json($attachment);
    }

    /**
     * Update an uploaded attachment.
     * @param int $attachmentId
     * @param Request $request
     * @return mixed
     */
    public function uploadUpdate($attachmentId, Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'file' => 'required|file'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->entityRepo->getById('page', $pageId, true);
        $attachment = $this->attachment->findOrFail($attachmentId);

        $this->checkOwnablePermission('page-update', $page);
        $this->checkOwnablePermission('attachment-create', $attachment);
        
        if (intval($pageId) !== intval($attachment->uploaded_to)) {
            return $this->jsonError(trans('errors.attachment_page_mismatch'));
        }

        $uploadedFile = $request->file('file');

        try {
            $attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);
        } catch (FileUploadException $e) {
            return response($e->getMessage(), 500);
        }

        return response()->json($attachment);
    }

    /**
     * Update the details of an existing file.
     * @param $attachmentId
     * @param Request $request
     * @return Attachment|mixed
     */
    public function update($attachmentId, Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'name' => 'required|string|min:1|max:255',
            'link' =>  'url|min:1|max:255'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->entityRepo->getById('page', $pageId, true);
        $attachment = $this->attachment->findOrFail($attachmentId);

        $this->checkOwnablePermission('page-update', $page);
        $this->checkOwnablePermission('attachment-create', $attachment);

        if (intval($pageId) !== intval($attachment->uploaded_to)) {
            return $this->jsonError(trans('errors.attachment_page_mismatch'));
        }

        $attachment = $this->attachmentService->updateFile($attachment, $request->all());
        return response()->json($attachment);
    }

    /**
     * Attach a link to a page.
     * @param Request $request
     * @return mixed
     */
    public function attachLink(Request $request)
    {
        $this->validate($request, [
            'uploaded_to' => 'required|integer|exists:pages,id',
            'name' => 'required|string|min:1|max:255',
            'link' =>  'required|url|min:1|max:255'
        ]);

        $pageId = $request->get('uploaded_to');
        $page = $this->entityRepo->getById('page', $pageId, true);

        $this->checkPermission('attachment-create-all');
        $this->checkOwnablePermission('page-update', $page);

        $attachmentName = $request->get('name');
        $link = $request->get('link');
        $attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);

        return response()->json($attachment);
    }

    /**
     * Get the attachments for a specific page.
     * @param $pageId
     * @return mixed
     */
    public function listForPage($pageId)
    {
        $page = $this->entityRepo->getById('page', $pageId, true);
        $this->checkOwnablePermission('page-view', $page);
        return response()->json($page->attachments);
    }

    /**
     * Update the attachment sorting.
     * @param $pageId
     * @param Request $request
     * @return mixed
     */
    public function sortForPage($pageId, Request $request)
    {
        $this->validate($request, [
            'files' => 'required|array',
            'files.*.id' => 'required|integer',
        ]);
        $page = $this->entityRepo->getById('page', $pageId);
        $this->checkOwnablePermission('page-update', $page);

        $attachments = $request->get('files');
        $this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);
        return response()->json(['message' => trans('entities.attachments_order_updated')]);
    }

    /**
     * Get an attachment from storage.
     * @param $attachmentId
     * @return \Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\RedirectResponse|\Illuminate\Routing\Redirector|\Symfony\Component\HttpFoundation\Response
     * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
     */
    public function get($attachmentId)
    {
        $attachment = $this->attachment->findOrFail($attachmentId);
        $page = $this->entityRepo->getById('page', $attachment->uploaded_to);
        if ($page === null) {
            throw new NotFoundException(trans('errors.attachment_not_found'));
        }

        $this->checkOwnablePermission('page-view', $page);

        if ($attachment->external) {
            return redirect($attachment->path);
        }

        $attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);
        return response($attachmentContents, 200, [
            'Content-Type' => 'application/octet-stream',
            'Content-Disposition' => 'attachment; filename="'. $attachment->getFileName() .'"'
        ]);
    }

    /**
     * Delete a specific attachment in the system.
     * @param $attachmentId
     * @return mixed
     * @throws \Exception
     */
    public function delete($attachmentId)
    {
        $attachment = $this->attachment->findOrFail($attachmentId);
        $this->checkOwnablePermission('attachment-delete', $attachment);
        $this->attachmentService->deleteFile($attachment);
        return response()->json(['message' => trans('entities.attachments_deleted')]);
    }
}
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`<?php namespace BookStack\Http\Controllers;`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00
			`use BookStack\Exceptions\FileUploadException;`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`use BookStack\Attachment;`
Fixed error when accessing non-authed attachment Also updated attachment tests to use standard test-case. Fixes #681 2018-02-11 20:37:02 +08:00			`use BookStack\Exceptions\NotFoundException;`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`use BookStack\Repos\EntityRepo;`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`use BookStack\Services\AttachmentService;`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`use Illuminate\Http\Request;`

Renamed files to attachments 2016-11-12 22:12:26 +08:00			`class AttachmentController extends Controller`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`{`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`protected $attachmentService;`
			`protected $attachment;`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`protected $entityRepo;`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00
			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* AttachmentController constructor.`
			`* @param AttachmentService $attachmentService`
			`* @param Attachment $attachment`
Finished refactor of entity repos Removed entity-specific repos and standardised the majority of repo calls to be applicable to all entity types 2017-01-02 19:07:27 +08:00			`* @param EntityRepo $entityRepo`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`*/`
Finished refactor of entity repos Removed entity-specific repos and standardised the majority of repo calls to be applicable to all entity types 2017-01-02 19:07:27 +08:00			`public function __construct(AttachmentService $attachmentService, Attachment $attachment, EntityRepo $entityRepo)`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`{`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$this->attachmentService = $attachmentService;`
			`$this->attachment = $attachment;`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$this->entityRepo = $entityRepo;`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`parent::__construct();`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`}`


			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* Endpoint at which attachments are uploaded to.`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`* @param Request $request`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* @return \Illuminate\Contracts\Routing\ResponseFactory\|\Illuminate\Http\JsonResponse\|\Symfony\Component\HttpFoundation\Response`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`*/`
			`public function upload(Request $request)`
			`{`
			`$this->validate($request, [`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
			`'file' => 'required\|file'`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`]);`

			`$pageId = $request->get('uploaded_to');`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$page = $this->entityRepo->getById('page', $pageId, true);`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$this->checkPermission('attachment-create-all');`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`$this->checkOwnablePermission('page-update', $page);`

			`$uploadedFile = $request->file('file');`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00
			`try {`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachmentService->saveNewUpload($uploadedFile, $pageId);`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`} catch (FileUploadException $e) {`
			`return response($e->getMessage(), 500);`
			`}`

Renamed files to attachments 2016-11-12 22:12:26 +08:00			`return response()->json($attachment);`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`}`

Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* Update an uploaded attachment.`
			`* @param int $attachmentId`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`* @param Request $request`
			`* @return mixed`
			`*/`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`public function uploadUpdate($attachmentId, Request $request)`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`{`
			`$this->validate($request, [`
			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
			`'file' => 'required\|file'`
			`]);`

			`$pageId = $request->get('uploaded_to');`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$page = $this->entityRepo->getById('page', $pageId, true);`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00
			`$this->checkOwnablePermission('page-update', $page);`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$this->checkOwnablePermission('attachment-create', $attachment);`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`if (intval($pageId) !== intval($attachment->uploaded_to)) {`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`return $this->jsonError(trans('errors.attachment_page_mismatch'));`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`}`

			`$uploadedFile = $request->file('file');`

			`try {`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachmentService->saveUpdatedUpload($uploadedFile, $attachment);`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`} catch (FileUploadException $e) {`
			`return response($e->getMessage(), 500);`
			`}`

Renamed files to attachments 2016-11-12 22:12:26 +08:00			`return response()->json($attachment);`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`}`

			`/**`
			`* Update the details of an existing file.`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* @param $attachmentId`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`* @param Request $request`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* @return Attachment\|mixed`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`*/`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`public function update($attachmentId, Request $request)`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`{`
			`$this->validate($request, [`
			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
Page Attachments - Improved UI, Now initially complete Closes #62 2016-10-24 00:55:48 +08:00			`'name' => 'required\|string\|min:1\|max:255',`
			`'link' => 'url\|min:1\|max:255'`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`]);`

			`$pageId = $request->get('uploaded_to');`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$page = $this->entityRepo->getById('page', $pageId, true);`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00
			`$this->checkOwnablePermission('page-update', $page);`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$this->checkOwnablePermission('attachment-create', $attachment);`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`if (intval($pageId) !== intval($attachment->uploaded_to)) {`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`return $this->jsonError(trans('errors.attachment_page_mismatch'));`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`}`

Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachmentService->updateFile($attachment, $request->all());`
Created solution for JS translations Also tidied up existing components and JS 2016-12-31 22:27:40 +08:00			`return response()->json($attachment);`
Added basic attachment editing functionality 2016-10-12 03:39:11 +08:00			`}`

Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* Attach a link to a page.`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`* @param Request $request`
			`* @return mixed`
			`*/`
			`public function attachLink(Request $request)`
			`{`
			`$this->validate($request, [`
			`'uploaded_to' => 'required\|integer\|exists:pages,id',`
Page Attachments - Improved UI, Now initially complete Closes #62 2016-10-24 00:55:48 +08:00			`'name' => 'required\|string\|min:1\|max:255',`
			`'link' => 'required\|url\|min:1\|max:255'`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`]);`

			`$pageId = $request->get('uploaded_to');`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$page = $this->entityRepo->getById('page', $pageId, true);`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$this->checkPermission('attachment-create-all');`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`$this->checkOwnablePermission('page-update', $page);`

Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachmentName = $request->get('name');`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`$link = $request->get('link');`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachmentService->saveNewFromLink($attachmentName, $link, $pageId);`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`return response()->json($attachment);`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`}`

Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* Get the attachments for a specific page.`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`* @param $pageId`
			`* @return mixed`
			`*/`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`public function listForPage($pageId)`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`{`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$page = $this->entityRepo->getById('page', $pageId, true);`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`$this->checkOwnablePermission('page-view', $page);`
Fixed attachments on draft pages 2016-11-12 22:21:54 +08:00			`return response()->json($page->attachments);`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`}`

			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* Update the attachment sorting.`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`* @param $pageId`
			`* @param Request $request`
			`* @return mixed`
			`*/`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`public function sortForPage($pageId, Request $request)`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`{`
			`$this->validate($request, [`
			`'files' => 'required\|array',`
			`'files.*.id' => 'required\|integer',`
			`]);`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$page = $this->entityRepo->getById('page', $pageId);`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`$this->checkOwnablePermission('page-update', $page);`

Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachments = $request->get('files');`
			`$this->attachmentService->updateFileOrderWithinPage($attachments, $pageId);`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`return response()->json(['message' => trans('entities.attachments_order_updated')]);`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`}`

Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* Get an attachment from storage.`
			`* @param $attachmentId`
			`* @return \Illuminate\Contracts\Routing\ResponseFactory\|\Illuminate\Http\RedirectResponse\|\Illuminate\Routing\Redirector\|\Symfony\Component\HttpFoundation\Response`
Fixed error when accessing non-authed attachment Also updated attachment tests to use standard test-case. Fixes #681 2018-02-11 20:37:02 +08:00			`* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`*/`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`public function get($attachmentId)`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`{`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
Started refactor to merge entity repos 2017-01-02 00:05:44 +08:00			`$page = $this->entityRepo->getById('page', $attachment->uploaded_to);`
Fixed error when accessing non-authed attachment Also updated attachment tests to use standard test-case. Fixes #681 2018-02-11 20:37:02 +08:00			`if ($page === null) {`
			`throw new NotFoundException(trans('errors.attachment_not_found'));`
			`}`

Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`$this->checkOwnablePermission('page-view', $page);`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`if ($attachment->external) {`
			`return redirect($attachment->path);`
Added attachment creation from link/name 2016-10-11 04:13:18 +08:00			`}`

Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachmentContents = $this->attachmentService->getAttachmentFromStorage($attachment);`
			`return response($attachmentContents, 200, [`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`'Content-Type' => 'application/octet-stream',`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`'Content-Disposition' => 'attachment; filename="'. $attachment->getFileName() .'"'`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`]);`
			`}`

			`/**`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`* Delete a specific attachment in the system.`
			`* @param $attachmentId`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`* @return mixed`
Fixed error when accessing non-authed attachment Also updated attachment tests to use standard test-case. Fixes #681 2018-02-11 20:37:02 +08:00			`* @throws \Exception`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`*/`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`public function delete($attachmentId)`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`{`
Renamed files to attachments 2016-11-12 22:12:26 +08:00			`$attachment = $this->attachment->findOrFail($attachmentId);`
			`$this->checkOwnablePermission('attachment-delete', $attachment);`
			`$this->attachmentService->deleteFile($attachment);`
Extracted text from logic files 2016-12-05 00:51:39 +08:00			`return response()->json(['message' => trans('entities.attachments_deleted')]);`
Added view, deletion and permissions for files 2016-10-11 03:30:27 +08:00			`}`
Started work on attachments Created base models and started user-facing controls. 2016-10-10 01:58:22 +08:00			`}`