From 4051d5b8037119b382c576042bc668b8f00eee14 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Tue, 29 Oct 2024 12:11:51 +0000
Subject: [PATCH] ZIP Exports: Added new import permission

Also updated new route/view to new non-book-specific flow.
Also fixed down migration of old export permissions migration.
---
 app/Exports/Controllers/ImportController.php  | 24 ++++++++
 ...8_28_161743_add_export_role_permission.php |  7 ++-
 ...0_29_114420_add_import_role_permission.php | 61 +++++++++++++++++++
 lang/en/entities.php                          |  1 +
 lang/en/settings.php                          |  1 +
 resources/views/books/index.blade.php         |  7 +++
 resources/views/exports/import.blade.php      | 34 +++++++++++
 .../views/settings/roles/parts/form.blade.php |  1 +
 routes/web.php                                |  4 ++
 9 files changed, 137 insertions(+), 3 deletions(-)
 create mode 100644 app/Exports/Controllers/ImportController.php
 create mode 100644 database/migrations/2024_10_29_114420_add_import_role_permission.php
 create mode 100644 resources/views/exports/import.blade.php

diff --git a/app/Exports/Controllers/ImportController.php b/app/Exports/Controllers/ImportController.php
new file mode 100644
index 000000000..acc803a0f
--- /dev/null
+++ b/app/Exports/Controllers/ImportController.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace BookStack\Exports\Controllers;
+
+use BookStack\Http\Controller;
+use Illuminate\Http\Request;
+
+class ImportController extends Controller
+{
+    public function __construct()
+    {
+        $this->middleware('can:content-import');
+    }
+
+    public function start(Request $request)
+    {
+        return view('exports.import');
+    }
+
+    public function upload(Request $request)
+    {
+        // TODO
+    }
+}
diff --git a/database/migrations/2021_08_28_161743_add_export_role_permission.php b/database/migrations/2021_08_28_161743_add_export_role_permission.php
index 21f45aa06..99416f9fc 100644
--- a/database/migrations/2021_08_28_161743_add_export_role_permission.php
+++ b/database/migrations/2021_08_28_161743_add_export_role_permission.php
@@ -11,8 +11,7 @@ return new class extends Migration
      */
     public function up(): void
     {
-        // Create new templates-manage permission and assign to admin role
-        $roles = DB::table('roles')->get('id');
+        // Create new content-export permission
         $permissionId = DB::table('role_permissions')->insertGetId([
             'name'         => 'content-export',
             'display_name' => 'Export Content',
@@ -20,6 +19,7 @@ return new class extends Migration
             'updated_at'   => Carbon::now()->toDateTimeString(),
         ]);
 
+        $roles = DB::table('roles')->get('id');
         $permissionRoles = $roles->map(function ($role) use ($permissionId) {
             return [
                 'role_id'       => $role->id,
@@ -27,6 +27,7 @@ return new class extends Migration
             ];
         })->values()->toArray();
 
+        // Assign to all existing roles in the system
         DB::table('permission_role')->insert($permissionRoles);
     }
 
@@ -40,6 +41,6 @@ return new class extends Migration
             ->where('name', '=', 'content-export')->first();
 
         DB::table('permission_role')->where('permission_id', '=', $contentExportPermission->id)->delete();
-        DB::table('role_permissions')->where('id', '=', 'content-export')->delete();
+        DB::table('role_permissions')->where('id', '=', $contentExportPermission->id)->delete();
     }
 };
diff --git a/database/migrations/2024_10_29_114420_add_import_role_permission.php b/database/migrations/2024_10_29_114420_add_import_role_permission.php
new file mode 100644
index 000000000..17bbe4cff
--- /dev/null
+++ b/database/migrations/2024_10_29_114420_add_import_role_permission.php
@@ -0,0 +1,61 @@
+<?php
+
+use Carbon\Carbon;
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        // Create new content-import permission
+        $permissionId = DB::table('role_permissions')->insertGetId([
+            'name'         => 'content-import',
+            'display_name' => 'Import Content',
+            'created_at'   => Carbon::now()->toDateTimeString(),
+            'updated_at'   => Carbon::now()->toDateTimeString(),
+        ]);
+
+        // Get existing admin-level role ids
+        $settingManagePermission = DB::table('role_permissions')
+            ->where('name', '=', 'settings-manage')->first();
+
+        if (!$settingManagePermission) {
+            return;
+        }
+
+        $adminRoleIds = DB::table('permission_role')
+            ->where('permission_id', '=', $settingManagePermission->id)
+            ->pluck('role_id')->all();
+
+        // Assign the new permission to all existing admins
+        $newPermissionRoles = array_values(array_map(function ($roleId) use ($permissionId) {
+            return [
+                'role_id'       => $roleId,
+                'permission_id' => $permissionId,
+            ];
+        }, $adminRoleIds));
+
+        DB::table('permission_role')->insert($newPermissionRoles);
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        // Remove content-import permission
+        $importPermission = DB::table('role_permissions')
+            ->where('name', '=', 'content-import')->first();
+
+        if (!$importPermission) {
+            return;
+        }
+
+        DB::table('permission_role')->where('permission_id', '=', $importPermission->id)->delete();
+        DB::table('role_permissions')->where('id', '=', $importPermission->id)->delete();
+    }
+};
diff --git a/lang/en/entities.php b/lang/en/entities.php
index 7e5a708ef..1a61b629a 100644
--- a/lang/en/entities.php
+++ b/lang/en/entities.php
@@ -43,6 +43,7 @@ return [
     'default_template' => 'Default Page Template',
     'default_template_explain' => 'Assign a page template that will be used as the default content for all pages created within this item. Keep in mind this will only be used if the page creator has view access to the chosen template page.',
     'default_template_select' => 'Select a template page',
+    'import' => 'Import',
 
     // Permissions and restrictions
     'permissions' => 'Permissions',
diff --git a/lang/en/settings.php b/lang/en/settings.php
index 5427cb941..c0b6b692a 100644
--- a/lang/en/settings.php
+++ b/lang/en/settings.php
@@ -162,6 +162,7 @@ return [
     'role_access_api' => 'Access system API',
     'role_manage_settings' => 'Manage app settings',
     'role_export_content' => 'Export content',
+    'role_import_content' => 'Import content',
     'role_editor_change' => 'Change page editor',
     'role_notifications' => 'Receive & manage notifications',
     'role_asset' => 'Asset Permissions',
diff --git a/resources/views/books/index.blade.php b/resources/views/books/index.blade.php
index 0b407a860..418c0fea8 100644
--- a/resources/views/books/index.blade.php
+++ b/resources/views/books/index.blade.php
@@ -49,6 +49,13 @@
                 <span>@icon('tag')</span>
                 <span>{{ trans('entities.tags_view_tags') }}</span>
             </a>
+
+            @if(userCan('content-import'))
+                <a href="{{ url('/import') }}" class="icon-list-item">
+                    <span>@icon('upload')</span>
+                    <span>{{ trans('entities.import') }}</span>
+                </a>
+            @endif
         </div>
     </div>
 
diff --git a/resources/views/exports/import.blade.php b/resources/views/exports/import.blade.php
new file mode 100644
index 000000000..df8f705cb
--- /dev/null
+++ b/resources/views/exports/import.blade.php
@@ -0,0 +1,34 @@
+@extends('layouts.simple')
+
+@section('body')
+
+    <div class="container small">
+
+        <main class="card content-wrap auto-height mt-xxl">
+            <div class="grid half left-focus v-end gap-m wrap">
+                <div>
+                    <h1 class="list-heading">{{ trans('entities.import') }}</h1>
+                    <p class="text-muted mb-s">
+                        TODO - Desc
+{{--                        {{ trans('entities.permissions_desc') }}--}}
+                    </p>
+                </div>
+            </div>
+            <form action="{{ url('/import') }}" method="POST">
+                {{ csrf_field() }}
+                <div class="flex-container-row justify-flex-end">
+                    <div class="form-group mb-m">
+                        @include('form.checkbox', ['name' => 'images', 'label' => 'Include Images'])
+                        @include('form.checkbox', ['name' => 'attachments', 'label' => 'Include Attachments'])
+                    </div>
+                </div>
+
+                <div class="text-right">
+                    <a href="{{ url('/books') }}" class="button outline">{{ trans('common.cancel') }}</a>
+                    <button type="submit" class="button">{{ trans('entities.import') }}</button>
+                </div>
+            </form>
+        </main>
+    </div>
+
+@stop
diff --git a/resources/views/settings/roles/parts/form.blade.php b/resources/views/settings/roles/parts/form.blade.php
index 9fa76f2bf..a77b80e4c 100644
--- a/resources/views/settings/roles/parts/form.blade.php
+++ b/resources/views/settings/roles/parts/form.blade.php
@@ -37,6 +37,7 @@
                 <div>@include('settings.roles.parts.checkbox', ['permission' => 'templates-manage', 'label' => trans('settings.role_manage_page_templates')])</div>
                 <div>@include('settings.roles.parts.checkbox', ['permission' => 'access-api', 'label' => trans('settings.role_access_api')])</div>
                 <div>@include('settings.roles.parts.checkbox', ['permission' => 'content-export', 'label' => trans('settings.role_export_content')])</div>
+                <div>@include('settings.roles.parts.checkbox', ['permission' => 'content-import', 'label' => trans('settings.role_import_content')])</div>
                 <div>@include('settings.roles.parts.checkbox', ['permission' => 'editor-change', 'label' => trans('settings.role_editor_change')])</div>
                 <div>@include('settings.roles.parts.checkbox', ['permission' => 'receive-notifications', 'label' => trans('settings.role_notifications')])</div>
             </div>
diff --git a/routes/web.php b/routes/web.php
index e6f3683c6..91aab13fe 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -206,6 +206,10 @@ Route::middleware('auth')->group(function () {
     // Watching
     Route::put('/watching/update', [ActivityControllers\WatchController::class, 'update']);
 
+    // Importing
+    Route::get('/import', [ExportControllers\ImportController::class, 'start']);
+    Route::post('/import', [ExportControllers\ImportController::class, 'upload']);
+
     // Other Pages
     Route::get('/', [HomeController::class, 'index']);
     Route::get('/home', [HomeController::class, 'index']);