nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-29 03:10:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

- gate implementation

Browse Source 
- protected shared view fix
This commit is contained in:
Čarodej
2021-09-24 10:52:19 +02:00
parent d40108f6a9
commit 19cc01131b
84 changed files with 876 additions and 406 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/App/Console/Commands/SetupDevEnvironment.php
+19 -21
View File
@@ -1,5 +1,4 @@
<?php
namespace App\Console\Commands;
use App\Users\Models\User;
@@ -38,8 +37,7 @@ class SetupDevEnvironment extends Command
private SeedDefaultSettingsAction $seedDefaultSettings,
private SeedDefaultLanguageAction $seedDefaultLanguage,
private SeedDefaultPagesAction $seedDefaultPages,
)
{
) {
parent::__construct();
$this->setUpFaker();
}
@@ -392,7 +390,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => null,
'parent_id' => null,
'user_id' => $user->id,
'name' => $file['name'],
'basename' => $basename,
@@ -435,7 +433,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $documents->id,
'parent_id' => $documents->id,
'user_id' => $user->id,
'name' => $file['name'],
'basename' => $basename,
@@ -468,7 +466,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $shared_folder->id,
'parent_id' => $shared_folder->id,
'user_id' => $user->id,
'name' => $file['name'],
'basename' => $basename,
@@ -526,7 +524,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $peters_files->id,
'parent_id' => $peters_files->id,
'user_id' => $user->id,
'name' => $file['name'],
'basename' => $basename,
@@ -553,7 +551,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $videohive->id,
'parent_id' => $videohive->id,
'user_id' => $user->id,
'name' => $file,
'basename' => $basename,
@@ -577,7 +575,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $video->id,
'parent_id' => $video->id,
'user_id' => $user->id,
'name' => $file,
'basename' => $basename,
@@ -601,7 +599,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $audio->id,
'parent_id' => $audio->id,
'user_id' => $user->id,
'name' => $file,
'basename' => $basename,
@@ -637,7 +635,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => null,
'parent_id' => null,
'user_id' => $user->id,
'name' => $file,
'basename' => $basename,
@@ -669,7 +667,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $apartments->id,
'parent_id' => $apartments->id,
'user_id' => $user->id,
'name' => $file,
'basename' => $basename,
@@ -705,7 +703,7 @@ class SetupDevEnvironment extends Command
// Create file record
File::create([
'folder_id' => $nature->id,
'parent_id' => $nature->id,
'user_id' => $user->id,
'name' => $file,
'basename' => $basename,
@@ -758,9 +756,9 @@ class SetupDevEnvironment extends Command
collect([$members[0]->id, $members[1]->id])
->each(
fn($id) => DB::table('team_folder_members')
fn ($id) => DB::table('team_folder_members')
->insert([
'folder_id' => $companyProjectFolder->id,
'parent_id' => $companyProjectFolder->id,
'user_id' => $id,
'permission' => 'can-edit',
])
@@ -768,9 +766,9 @@ class SetupDevEnvironment extends Command
collect([$members[2]->id, $members[3]->id])
->each(
fn($id) => DB::table('team_folder_members')
fn ($id) => DB::table('team_folder_members')
->insert([
'folder_id' => $financeDocumentsFolder->id,
'parent_id' => $financeDocumentsFolder->id,
'user_id' => $id,
'permission' => 'can-edit',
])
@@ -779,10 +777,10 @@ class SetupDevEnvironment extends Command
// Create invitations
collect([$members[4], $members[5]])
->each(
fn($user) => TeamFolderInvitation::factory()
fn ($user) => TeamFolderInvitation::factory()
->create([
'email' => $user->email,
'folder_id' => $companyProjectFolder->id,
'parent_id' => $companyProjectFolder->id,
'status' => 'pending',
'permission' => 'can-edit',
])
@@ -795,7 +793,7 @@ class SetupDevEnvironment extends Command
->first();
$images = File::whereType('image')
->whereFolderId(null)
->whereParentId(null)
->take(3)
->pluck('id');
@@ -812,7 +810,7 @@ class SetupDevEnvironment extends Command
});
$files = File::whereType('file')
->whereFolderId(null)
->whereParentId(null)
->take(2)
->pluck('id');
src/App/Providers/AuthServiceProvider.php
+65
View File
@@ -1,7 +1,13 @@
<?php
namespace App\Providers;
use DB;
use App\Users\Models\User;
use Domain\Files\Models\File;
use Domain\Sharing\Models\Share;
use Domain\Folders\Models\Folder;
use Illuminate\Support\Facades\Gate;
use Domain\Sharing\Actions\ProtectShareRecordAction;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
class AuthServiceProvider extends ServiceProvider
@@ -26,5 +32,64 @@ class AuthServiceProvider extends ServiceProvider
// Define admin maintenance gate
Gate::define('maintenance', fn ($user) => $user->role === 'admin');
// Define user ability
collect(['can-edit', 'can-visit'])
->each(function ($ability) {
Gate::define($ability, function (?User $user, File | Folder $item, ?Share $share) use ($ability) {
// If share link exist, then check share access
if ($share) {
return $this->share_guard($share, $item);
}
// Check user owner status
if ($user?->id === $item->user_id) {
return true;
}
// Check team member ability to access into requested item
return $this->team_member_guard($item, $user, $ability);
});
});
}
private function share_guard(Share $share, Folder | File $item): bool
{
$isOwner = $share->user_id === $item->user_id;
if (! $share->is_protected && $isOwner) {
return true;
}
if (! request()->hasCookie('share_session')) {
return false;
}
// Get shared session
$share_session = json_decode(
request()->cookie('share_session')
);
// Check if is requested same share record
if ($share_session->token !== $share->token) {
return false;
}
// Check if share record was previously authenticated
if (! $share_session->authenticated) {
return false;
}
return $isOwner;
}
private function team_member_guard(Folder | File $item, ?User $user, $ability): bool
{
$membership = DB::table('team_folder_members')
->where('parent_id', $item->getLatestParent()->id)
->where('user_id', $user->id)
->first();
return $membership?->permission === $ability;
}
}
src/App/Users/Models/User.php
+1 -1
View File
@@ -145,7 +145,7 @@ class User extends Authenticatable implements MustVerifyEmail
*/
public function favouriteFolders(): BelongsToMany
{
return $this->belongsToMany(Folder::class, 'favourite_folder', 'user_id', 'folder_id', 'id', 'id')
return $this->belongsToMany(Folder::class, 'favourite_folder', 'user_id', 'parent_id', 'id', 'id')
->where('team_folder', false);
}