vuefilemanager v1.5-alpha.1

2026-04-30 11:35:59 +00:00 · 2020-04-29 11:32:08 +02:00
parent 2614efe601
commit 0f3cbaec3d
50 changed files with 426 additions and 355 deletions
@@ -3,6 +3,7 @@
 namespace App\Http\Controllers;

 use App\FileManagerFolder;
+use App\Http\Tools\Guardian;
 use App\Share;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Facades\Auth;
@@ -63,8 +64,7 @@ class FileAccessController extends Controller
        if ( ! $request->user()->tokenCan('master') ) {

            // Get shared token
-            $shared = Share::where(DB::raw('BINARY `token`'), $request->cookie('shared_token'))
-                ->firstOrFail();
+            $shared = get_shared($request->cookie('shared_token'));

            // Check access to file
            $this->check_file_access($shared, $file);
@@ -84,7 +84,7 @@ class FileAccessController extends Controller
    public function get_file_public($filename, $token)
    {
        // Get sharing record
-        $shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
+        $shared = get_shared($token);

        // Abort if shared is protected
        if ($shared->protected) {
@@ -137,7 +137,7 @@ class FileAccessController extends Controller
    public function get_thumbnail_public($filename, $token)
    {
        // Get sharing record
-        $shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
+        $shared = get_shared($token);

        // Abort if thumbnail is protected
        if ($shared->protected) {
@@ -165,18 +165,7 @@ class FileAccessController extends Controller
    {
        // Check by parent folder permission
        if ($shared->type === 'folder') {
-
-            // Get all children folders
-            $foldersIds = FileManagerFolder::with('folders:id,parent_id,unique_id,name')
-                ->where('user_id', $shared->user_id)
-                ->where('parent_id', $shared->item_id)
-                ->get();
-
-            // Get all authorized parent folders by shared folder as root of tree
-            $accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
-
-            // Check user access
-            if (!in_array($file->folder_id, $accessible_folder_ids)) abort(403);
+            Guardian::check_item_access($file->folder_id, $shared);
        }

        // Check by single file permission
@@ -127,7 +127,14 @@ class EditItemsController extends Controller
        }

        // Rename item
-        return Editor::rename_item($request, $unique_id, $shared);
+        $item = Editor::rename_item($request, $unique_id, $shared);
+
+        // Set public url
+        if ($item->type !== 'folder') {
+            $item->setPublicUrl($token);
+        }
+
+        return $item;
    }

    /**
@@ -33,7 +33,7 @@ class FileSharingController extends Controller
            ->firstOrFail();

        // Delete old access_token if exist
-        Cookie::queue('access_token', '', -1);
+        Cookie::queue('shared_access_token', '', -1);

        // Set cookies
        if ($shared->protected) {
@@ -61,7 +61,7 @@ class FileSharingController extends Controller
        // Check password
        if (!Hash::check($request->password, $shared->password)) {

-            abort(401, 'Sorry, your password is incorrect.');
+            abort(401, __('vuefilemanager.incorrect_password'));
        }

        // Get owner of shared content
@@ -71,12 +71,12 @@ class FileSharingController extends Controller
        $scope = !is_null($shared->permission) ? $shared->permission : 'visitor';

        // Generate token for visitor/editor
-        $access_token = $user->createToken('access_token', [$scope])->accessToken;
+        $access_token = $user->createToken('shared_access_token', [$scope])->accessToken;

        // Return authorize token with shared options
        return response(new ShareResource($shared), 200)
            ->cookie('shared_token', $shared->token, 43200)
-            ->cookie('access_token', $access_token, 43200);
+            ->cookie('shared_access_token', $access_token, 43200);
    }

    /**