Image API Endpoints

app/Http/Controllers/Api/ContentPermissionsController.php → app/Http/Controllers/Api/ContentPermissionApiController.php

@@ -7,7 +7,7 @@
 use BookStack\Entities\Tools\PermissionsUpdater;
 use Illuminate\Http\Request;
 
-class ContentPermissionsController extends ApiController
+class ContentPermissionApiController extends ApiController
 {
     public function __construct(
         protected PermissionsUpdater $permissionsUpdater,

app/Http/Controllers/Api/ImageGalleryApiController.php

@@ -0,0 +1,146 @@
+<?php
+
+namespace BookStack\Http\Controllers\Api;
+
+use BookStack\Entities\Models\Page;
+use BookStack\Uploads\Image;
+use BookStack\Uploads\ImageRepo;
+use Illuminate\Http\Request;
+
+class ImageGalleryApiController extends ApiController
+{
+    protected array $fieldsToExpose = [
+        'id', 'name', 'url', 'path', 'type', 'uploaded_to', 'created_by', 'updated_by',  'created_at', 'updated_at',
+    ];
+
+    public function __construct(
+        protected ImageRepo $imageRepo
+    ) {
+    }
+
+    protected function rules(): array
+    {
+        return [
+            'create' => [
+                'type'  => ['required', 'string', 'in:gallery,drawio'],
+                'uploaded_to' => ['required', 'integer'],
+                'image' => ['required', 'file', ...$this->getImageValidationRules()],
+                'name'  => ['string', 'max:180'],
+            ],
+            'update' => [
+                'name'  => ['string', 'max:180'],
+            ]
+        ];
+    }
+
+    /**
+     * Get a listing of images in the system. Includes gallery (page content) images and drawings.
+     * Requires visibility of the page they're originally uploaded to.
+     */
+    public function list()
+    {
+        $images = Image::query()->scopes(['visible'])
+            ->select($this->fieldsToExpose)
+            ->whereIn('type', ['gallery', 'drawio']);
+
+        return $this->apiListingResponse($images, [
+            ...$this->fieldsToExpose
+        ]);
+    }
+
+    /**
+     * Create a new image in the system.
+     * Since "image" is expected to be a file, this needs to be a 'multipart/form-data' type request.
+     * The provided "uploaded_to" should be an existing page ID in the system.
+     * If the "name" parameter is omitted, the filename of the provided image file will be used instead.
+     * The "type" parameter should be 'gallery' for page content images, and 'drawio' should only be used
+     * when the file is a PNG file with diagrams.net image data embedded within.
+     */
+    public function create(Request $request)
+    {
+        $this->checkPermission('image-create-all');
+        $data = $this->validate($request, $this->rules()['create']);
+        Page::visible()->findOrFail($data['uploaded_to']);
+
+        $image = $this->imageRepo->saveNew($data['image'], $data['type'], $data['uploaded_to']);
+
+        if (isset($data['name'])) {
+            $image->refresh();
+            $image->update(['name' => $data['name']]);
+        }
+
+        return response()->json($this->formatForSingleResponse($image));
+    }
+
+    /**
+     * View the details of a single image.
+     * The "thumbs" response property contains links to scaled variants that BookStack may use in its UI.
+     * The "content" response property provides HTML and Markdown content, in the format that BookStack
+     * would typically use by default to add the image in page content, as a convenience.
+     * Actual image file data is not provided but can be fetched via the "url" response property.
+     */
+    public function read(string $id)
+    {
+        $image = Image::query()->scopes(['visible'])->findOrFail($id);
+
+        return response()->json($this->formatForSingleResponse($image));
+    }
+
+    /**
+     * Update the details of an existing image in the system.
+     * Only allows updating of the image name at this time.
+     */
+    public function update(Request $request, string $id)
+    {
+        $data = $this->validate($request, $this->rules()['update']);
+        $image = $this->imageRepo->getById($id);
+        $this->checkOwnablePermission('page-view', $image->getPage());
+        $this->checkOwnablePermission('image-update', $image);
+
+        $this->imageRepo->updateImageDetails($image, $data);
+
+        return response()->json($this->formatForSingleResponse($image));
+    }
+
+    /**
+     * Delete an image from the system.
+     * Will also delete thumbnails for the image.
+     * Does not check or handle image usage so this could leave pages with broken image references.
+     */
+    public function delete(string $id)
+    {
+        $image = $this->imageRepo->getById($id);
+        $this->checkOwnablePermission('page-view', $image->getPage());
+        $this->checkOwnablePermission('image-delete', $image);
+        $this->imageRepo->destroyImage($image);
+
+        return response('', 204);
+    }
+
+    /**
+     * Format the given image model for single-result display.
+     */
+    protected function formatForSingleResponse(Image $image): array
+    {
+        $this->imageRepo->loadThumbs($image);
+        $data = $image->getAttributes();
+        $data['created_by'] = $image->createdBy;
+        $data['updated_by'] = $image->updatedBy;
+        $data['content'] = [];
+
+        $escapedUrl = htmlentities($image->url);
+        $escapedName = htmlentities($image->name);
+        if ($image->type === 'drawio') {
+            $data['content']['html'] = "<div drawio-diagram=\"{$image->id}\"><img src=\"{$escapedUrl}\"></div>";
+            $data['content']['markdown'] = $data['content']['html'];
+        } else {
+            $escapedDisplayThumb = htmlentities($image->thumbs['display']);
+            $data['content']['html'] = "<a href=\"{$escapedUrl}\" target=\"_blank\"><img src=\"{$escapedDisplayThumb}\" alt=\"{$escapedName}\"></a>";
+            $mdEscapedName = str_replace(']', '', str_replace('[', '', $image->name));
+            $mdEscapedThumb = str_replace(']', '', str_replace('[', '', $image->thumbs['display']));
+            $data['content']['markdown'] = "![{$mdEscapedName}]({$mdEscapedThumb})";
+        }
+
+        return $data;
+    }
+}

app/Http/Controllers/Api/RoleApiController.php

@@ -88,10 +88,10 @@ public function create(Request $request)
      */
     public function read(string $id)
     {
-        $user = $this->permissionsRepo->getRoleById($id);
-        $this->singleFormatter($user);
+        $role = $this->permissionsRepo->getRoleById($id);
+        $this->singleFormatter($role);
 
-        return response()->json($user);
+        return response()->json($role);
     }
 
     /**

app/Http/Controllers/Images/GalleryImageController.php

@@ -10,14 +10,9 @@
 
 class GalleryImageController extends Controller
 {
-    protected $imageRepo;
-
-    /**
-     * GalleryImageController constructor.
-     */
-    public function __construct(ImageRepo $imageRepo)
-    {
-        $this->imageRepo = $imageRepo;
+    public function __construct(
+        protected ImageRepo $imageRepo
+    ) {
     }
 
     /**

app/Uploads/Image.php

@@ -3,9 +3,11 @@
 namespace BookStack\Uploads;
 
 use BookStack\Auth\Permissions\JointPermission;
+use BookStack\Auth\Permissions\PermissionApplicator;
 use BookStack\Entities\Models\Page;
 use BookStack\Model;
 use BookStack\Traits\HasCreatorAndUpdater;
+use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 
@@ -33,12 +35,21 @@ public function jointPermissions(): HasMany
             ->where('joint_permissions.entity_type', '=', 'page');
     }
 
+    /**
+     * Scope the query to just the images visible to the user based upon the
+     * user visibility of the uploaded_to page.
+     */
+    public function scopeVisible(Builder $query): Builder
+    {
+        return app()->make(PermissionApplicator::class)->restrictPageRelationQuery($query, 'images', 'uploaded_to');
+    }
+
     /**
      * Get a thumbnail for this image.
      *
      * @throws \Exception
      */
-    public function getThumb(int $width, int $height, bool $keepRatio = false): string
+    public function getThumb(?int $width, ?int $height, bool $keepRatio = false): string
     {
         return app()->make(ImageService::class)->getThumbnail($this, $width, $height, $keepRatio);
     }

dev/api/requests/image-gallery-update.json

@@ -0,0 +1,3 @@
+{
+  "name": "My updated image name"
+}

dev/api/responses/image-gallery-create.json

@@ -0,0 +1,28 @@
+{
+  "name": "cute-cat-image.png",
+  "path": "\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png",
+  "url": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png",
+  "type": "gallery",
+  "uploaded_to": 1,
+  "created_by": {
+    "id": 1,
+    "name": "Admin",
+    "slug": "admin"
+  },
+  "updated_by": {
+    "id": 1,
+    "name": "Admin",
+    "slug": "admin"
+  },
+  "updated_at": "2023-03-15 08:17:37",
+  "created_at": "2023-03-15 08:17:37",
+  "id": 618,
+  "thumbs": {
+    "gallery": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/thumbs-150-150\/cute-cat-image.png",
+    "display": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png"
+  },
+  "content": {
+    "html": "<a href=\"https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png\" target=\"_blank\"><img src=\"https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png\" alt=\"cute-cat-image.png\"><\/a>",
+    "markdown": "![cute-cat-image.png](https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png)"
+  }
+}

dev/api/responses/image-gallery-list.json

@@ -0,0 +1,41 @@
+{
+  "data": [
+    {
+      "id": 1,
+      "name": "My cat scribbles",
+      "url": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-02\/scribbles.jpg",
+      "path": "\/uploads\/images\/gallery\/2023-02\/scribbles.jpg",
+      "type": "gallery",
+      "uploaded_to": 1,
+      "created_by": 1,
+      "updated_by": 1,
+      "created_at": "2023-02-12T16:34:57.000000Z",
+      "updated_at": "2023-02-12T16:34:57.000000Z"
+    },
+    {
+      "id": 2,
+      "name": "Drawing-1.png",
+      "url": "https:\/\/bookstack.example.com\/uploads\/images\/drawio\/2023-02\/drawing-1.png",
+      "path": "\/uploads\/images\/drawio\/2023-02\/drawing-1.png",
+      "type": "drawio",
+      "uploaded_to": 2,
+      "created_by": 2,
+      "updated_by": 2,
+      "created_at": "2023-02-12T16:39:19.000000Z",
+      "updated_at": "2023-02-12T16:39:19.000000Z"
+    },
+    {
+      "id": 8,
+      "name": "beans.jpg",
+      "url": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-02\/beans.jpg",
+      "path": "\/uploads\/images\/gallery\/2023-02\/beans.jpg",
+      "type": "gallery",
+      "uploaded_to": 6,
+      "created_by": 1,
+      "updated_by": 1,
+      "created_at": "2023-02-15T19:37:44.000000Z",
+      "updated_at": "2023-02-15T19:37:44.000000Z"
+    }
+  ],
+  "total": 3
+}

dev/api/responses/image-gallery-read.json

@@ -0,0 +1,28 @@
+{
+  "id": 618,
+  "name": "cute-cat-image.png",
+  "url": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png",
+  "created_at": "2023-03-15 08:17:37",
+  "updated_at": "2023-03-15 08:17:37",
+  "created_by": {
+    "id": 1,
+    "name": "Admin",
+    "slug": "admin"
+  },
+  "updated_by": {
+    "id": 1,
+    "name": "Admin",
+    "slug": "admin"
+  },
+  "path": "\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png",
+  "type": "gallery",
+  "uploaded_to": 1,
+  "thumbs": {
+    "gallery": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/thumbs-150-150\/cute-cat-image.png",
+    "display": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png"
+  },
+  "content": {
+    "html": "<a href=\"https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png\" target=\"_blank\"><img src=\"https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png\" alt=\"cute-cat-image.png\"><\/a>",
+    "markdown": "![cute-cat-image.png](https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png)"
+  }
+}

dev/api/responses/image-gallery-update.json

@@ -0,0 +1,28 @@
+{
+  "id": 618,
+  "name": "My updated image name",
+  "url": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png",
+  "created_at": "2023-03-15 08:17:37",
+  "updated_at": "2023-03-15 08:24:50",
+  "created_by": {
+    "id": 1,
+    "name": "Admin",
+    "slug": "admin"
+  },
+  "updated_by": {
+    "id": 1,
+    "name": "Admin",
+    "slug": "admin"
+  },
+  "path": "\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png",
+  "type": "gallery",
+  "uploaded_to": 1,
+  "thumbs": {
+    "gallery": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/thumbs-150-150\/cute-cat-image.png",
+    "display": "https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png"
+  },
+  "content": {
+    "html": "<a href=\"https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/cute-cat-image.png\" target=\"_blank\"><img src=\"https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png\" alt=\"My updated image name\"><\/a>",
+    "markdown": "![My updated image name](https:\/\/bookstack.example.com\/uploads\/images\/gallery\/2023-03\/scaled-1680-\/cute-cat-image.png)"
+  }
+}

resources/views/api-docs/parts/getting-started.blade.php

@@ -14,11 +14,11 @@
         HTTP POST calls upon events occurring in BookStack.
     </li>
     <li>
-        <a href="https://github.com/BookStackApp/BookStack/blob/master/dev/docs/visual-theme-system.md" target="_blank" rel="noopener noreferrer">Visual Theme System</a> -
+        <a href="https://github.com/BookStackApp/BookStack/blob/development/dev/docs/visual-theme-system.md" target="_blank" rel="noopener noreferrer">Visual Theme System</a> -
         Methods to override views, translations and icons within BookStack.
     </li>
     <li>
-        <a href="https://github.com/BookStackApp/BookStack/blob/master/dev/docs/logical-theme-system.md" target="_blank" rel="noopener noreferrer">Logical Theme System</a> -
+        <a href="https://github.com/BookStackApp/BookStack/blob/development/dev/docs/logical-theme-system.md" target="_blank" rel="noopener noreferrer">Logical Theme System</a> -
         Methods to extend back-end functionality within BookStack.
     </li>
 </ul>