prevention to get other user folder when folder upload is trying to recreate folder structure

2026-04-05 18:23:48 +00:00 · 2022-06-23 17:49:56 +02:00
parent 74898d007f
commit 06ee3faa1e
2 changed files with 37 additions and 5 deletions
--- a/src/Domain/Files/Actions/GetFileParentId.php
+++ b/src/Domain/Files/Actions/GetFileParentId.php
@@ -34,12 +34,14 @@ class GetFileParentId
        $directoryName = $directoryPath->shift();

        // Get requested directory
-        $requestedDirectory = Folder::where('name', $directoryName);
+        $requestedDirectory = Folder::where('name', $directoryName)
+            ->where('user_id', $userId);

        // Check if root exists, if not, create him
        if ($requestedDirectory->exists()) {
            // Get parent folder
            $parentCheck = Folder::where('name', $directoryName)
+                ->where('user_id', $userId)
                ->where('parent_id', $parentId);

            // Check if parent folder of requested directory name exists, if not, create it
--- a/tests/Domain/Folders/FolderUploadTest.php
+++ b/tests/Domain/Folders/FolderUploadTest.php
@@ -53,6 +53,29 @@ class FolderUploadTest extends TestCase
            ->hasSettings()
            ->create();

+        $otherUser = User::factory()
+            ->hasSettings()
+            ->create();
+
+        // Make same folders for other user
+        Folder::factory()
+            ->create([
+                'name'    => 'level_1',
+                'user_id' => $otherUser->id,
+            ]);
+
+        Folder::factory()
+            ->create([
+                'name'    => 'level_2',
+                'user_id' => $otherUser->id,
+            ]);
+
+        Folder::factory()
+            ->create([
+                'name'    => 'level_3',
+                'user_id' => $otherUser->id,
+            ]);
+
        $file = UploadedFile::fake()
            ->create('fake-file_1.pdf', 120000, 'application/pdf');

@@ -78,9 +101,16 @@ class FolderUploadTest extends TestCase

        $file = File::first();

-        $level_1 = Folder::where('name', 'level_1')->first();
-        $level_2 = Folder::where('name', 'level_2')->first();
-        $level_3 = Folder::where('name', 'level_3')->first();
+        // Get created folders by upload
+        $level_1 = Folder::where('name', 'level_1')
+            ->where('user_id', $user->id)
+            ->first();
+        $level_2 = Folder::where('name', 'level_2')
+            ->where('user_id', $user->id)
+            ->first();
+        $level_3 = Folder::where('name', 'level_3')
+            ->where('user_id', $user->id)
+            ->first();

        $this->assertEquals(null, $level_1->parent_id);
        $this->assertEquals($level_2->parent_id, $level_1->id);
@@ -88,7 +118,7 @@ class FolderUploadTest extends TestCase

        $this->assertEquals($level_3->id, $file->parent_id);

-        $this->assertDatabaseCount('folders', 3);
+        $this->assertDatabaseCount('folders', 6);
    }

    /**