mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-08-06 12:02:45 +03:00
Added view, deletion and permissions for files
This commit is contained in:
Dan Brown
10
app/File.php
10
app/File.php
@@ -7,12 +7,20 @@ class File extends Ownable
|
||||
|
||||
/**
|
||||
* Get the page this file was uploaded to.
|
||||
* @return mixed
|
||||
* @return Page
|
||||
*/
|
||||
public function page()
|
||||
{
|
||||
return $this->belongsTo(Page::class, 'uploaded_to');
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the url of this file.
|
||||
* @return string
|
||||
*/
|
||||
public function getUrl()
|
||||
{
|
||||
return '/files/' . $this->id;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,10 +1,7 @@
|
||||
<?php
|
||||
|
||||
namespace BookStack\Http\Controllers;
|
||||
<?php namespace BookStack\Http\Controllers;
|
||||
|
||||
use BookStack\Exceptions\FileUploadException;
|
||||
use BookStack\File;
|
||||
use BookStack\Page;
|
||||
use BookStack\Repos\PageRepo;
|
||||
use BookStack\Services\FileService;
|
||||
use Illuminate\Http\Request;
|
||||
@@ -37,16 +34,18 @@ class FileController extends Controller
|
||||
*/
|
||||
public function upload(Request $request)
|
||||
{
|
||||
// TODO - Add file upload permission check
|
||||
// TODO - ensure user has permission to edit relevant page.
|
||||
// TODO - ensure uploads are deleted on page delete.
|
||||
|
||||
$this->validate($request, [
|
||||
'uploaded_to' => 'required|integer|exists:pages,id'
|
||||
]);
|
||||
|
||||
$uploadedFile = $request->file('file');
|
||||
$pageId = $request->get('uploaded_to');
|
||||
$page = $this->pageRepo->getById($pageId);
|
||||
|
||||
$this->checkPermission('file-create-all');
|
||||
$this->checkOwnablePermission('page-update', $page);
|
||||
|
||||
$uploadedFile = $request->file('file');
|
||||
|
||||
try {
|
||||
$file = $this->fileService->saveNewUpload($uploadedFile, $pageId);
|
||||
@@ -62,10 +61,10 @@ class FileController extends Controller
|
||||
* @param $pageId
|
||||
* @return mixed
|
||||
*/
|
||||
public function getFilesForPage($pageId)
|
||||
public function listForPage($pageId)
|
||||
{
|
||||
// TODO - check view permission on page?
|
||||
$page = $this->pageRepo->getById($pageId);
|
||||
$this->checkOwnablePermission('page-view', $page);
|
||||
return response()->json($page->files);
|
||||
}
|
||||
|
||||
@@ -75,17 +74,47 @@ class FileController extends Controller
|
||||
* @param Request $request
|
||||
* @return mixed
|
||||
*/
|
||||
public function sortFilesForPage($pageId, Request $request)
|
||||
public function sortForPage($pageId, Request $request)
|
||||
{
|
||||
$this->validate($request, [
|
||||
'files' => 'required|array',
|
||||
'files.*.id' => 'required|integer',
|
||||
]);
|
||||
$page = $this->pageRepo->getById($pageId);
|
||||
$this->checkOwnablePermission('page-update', $page);
|
||||
|
||||
$files = $request->get('files');
|
||||
$this->fileService->updateFileOrderWithinPage($files, $pageId);
|
||||
return response()->json(['message' => 'File order updated']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a file from storage.
|
||||
* @param $fileId
|
||||
*/
|
||||
public function get($fileId)
|
||||
{
|
||||
$file = $this->file->findOrFail($fileId);
|
||||
$page = $this->pageRepo->getById($file->uploaded_to);
|
||||
$this->checkOwnablePermission('page-view', $page);
|
||||
|
||||
$fileContents = $this->fileService->getFile($file);
|
||||
return response($fileContents, 200, [
|
||||
'Content-Type' => 'application/octet-stream',
|
||||
'Content-Disposition' => 'attachment; filename="'. $file->name .'"'
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete a specific file in the system.
|
||||
* @param $fileId
|
||||
* @return mixed
|
||||
*/
|
||||
public function delete($fileId)
|
||||
{
|
||||
$file = $this->file->findOrFail($fileId);
|
||||
$this->checkOwnablePermission($file, 'file-delete');
|
||||
$this->fileService->deleteFile($file);
|
||||
return response()->json(['message' => 'File deleted']);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,12 +4,24 @@
|
||||
use BookStack\Exceptions\FileUploadException;
|
||||
use BookStack\File;
|
||||
use Exception;
|
||||
use Illuminate\Contracts\Filesystem\FileNotFoundException;
|
||||
use Illuminate\Support\Collection;
|
||||
use Symfony\Component\HttpFoundation\File\UploadedFile;
|
||||
|
||||
class FileService extends UploadService
|
||||
{
|
||||
|
||||
/**
|
||||
* Get a file from storage.
|
||||
* @param File $file
|
||||
* @return string
|
||||
*/
|
||||
public function getFile(File $file)
|
||||
{
|
||||
$filePath = $this->getStorageBasePath() . $file->path;
|
||||
return $this->getStorage()->get($filePath);
|
||||
}
|
||||
|
||||
/**
|
||||
* Store a new file upon user upload.
|
||||
* @param UploadedFile $uploadedFile
|
||||
@@ -76,4 +88,22 @@ class FileService extends UploadService
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete a file and any empty folders the deletion leaves.
|
||||
* @param File $file
|
||||
*/
|
||||
public function deleteFile(File $file)
|
||||
{
|
||||
$storedFilePath = $this->getStorageBasePath() . $file->path;
|
||||
$storage = $this->getStorage();
|
||||
$dirPath = dirname($storedFilePath);
|
||||
|
||||
$storage->delete($storedFilePath);
|
||||
if (count($storage->allFiles($dirPath)) === 0) {
|
||||
$storage->deleteDirectory($dirPath);
|
||||
}
|
||||
|
||||
$file->delete();
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user