nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-05 18:23:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

added it_get_private_user_file, guest_try_to_get_private_user_file, logged_user_try_to_get_another_private_user_file test

Browse Source
This commit is contained in:
Peter Papp
2021-03-07 10:46:51 +01:00
parent 6b909c2380
commit 1f615c54af
4 changed files with 109 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
app/Http/Controllers/FileAccessController.php
View File

@@ -6,7 +6,6 @@ use App\Models\Folder;
use App\Http\Tools\Editor;
use App\Http\Tools\Guardian;
use App\Models\Share;
use App\Models\User;
use App\Models\Zip;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Auth;
@@ -70,29 +69,29 @@ class FileAccessController extends Controller
*/
public function get_file(Request $request, $filename)
{
// Get user id
$user_id = Auth::id();
// Get file record
$file = File::withTrashed()
->where('user_id', $user_id)
$file = UserFile::withTrashed()
->where('user_id', Auth::id())
->where('basename', $filename)
->firstOrFail();
// Check user permission
if (!$request->user()->tokenCan('master')) {
/*if (!$request->user()->tokenCan('master')) {
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Check access to file
$this->check_file_access($shared, $file);
}
}*/
// Store user download size
$request->user()->record_download((int)$file->getRawOriginal('filesize'));
$request->user()->record_download(
(int) $file->getRawOriginal('filesize')
);
return $this->download_file($file);
return $this->download_file($file, Auth::id());
}
/**
@@ -254,28 +253,32 @@ class FileAccessController extends Controller
* Call and download file
*
* @param $file
* @param $user_id
* @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
private function download_file($file)
private function download_file($file, $user_id)
{
$file_pretty_name = get_pretty_name($file->basename, $file->name, $file->mimetype);
// Get file path
$path = '/file-manager/' . $file->basename;
$path = "files/$user_id/$file->basename";
// Check if file exist
if (!Storage::exists($path)) abort(404);
if (!Storage::exists($path)) {
abort(404);
}
// Get pretty name
$pretty_name = get_pretty_name($file->basename, $file->name, $file->mimetype);
$headers = [
"Accept-Ranges" => "bytes",
"Content-Type" => Storage::mimeType($path),
"Content-Length" => Storage::size($path),
"Content-Range" => "bytes 0-600/" . Storage::size($path),
"Content-Disposition" => "attachment; filename=" . $file_pretty_name,
"Content-Disposition" => "attachment; filename=$pretty_name",
];
return response()->download(config('filesystems.disks.local.root') . '/file-manager/' . $file->basename, $file_pretty_name, $headers);
return response()
->download(Storage::path($path), $pretty_name, $headers);
}
/**
@@ -286,7 +289,7 @@ class FileAccessController extends Controller
private function thumbnail_file($file)
{
// Get file path
$path = '/file-manager/' . $file->getRawOriginal('thumbnail');
$path = '/files/' . $file->getRawOriginal('thumbnail');
// Check if file exist
if (!Storage::exists($path)) abort(404);

2
app/Models/File.php
View File

@@ -137,7 +137,7 @@ class File extends Model
'ResponseContentDisposition' => 'attachment; filename=' . $file_pretty_name,
];
return Storage::temporaryUrl('file-manager/' . $this->attributes['basename'], now()->addDay(), $header);
return Storage::temporaryUrl('files/' . $this->attributes['basename'], now()->addDay(), $header);
}
// Get thumbnail from local storage

3
routes/web.php
View File

@@ -10,8 +10,7 @@ use App\Http\Controllers\WebhookController;
Route::post('/stripe/webhook', [WebhookController::class, 'handleWebhook']);
Route::post('/admin-setup', [SetupWizardController::class, 'create_admin_account']);
// App public files
// TODO: testy
// Get avatars and system images
Route::get('/avatars/{avatar}', [FileAccessController::class, 'get_avatar'])->name('avatar');
Route::get('/system/{image}', [FileAccessController::class, 'get_system_image']);

85
tests/Feature/FileAccessTest.php
View File

@@ -2,10 +2,12 @@
namespace Tests\Feature;
use App\Models\File;
use App\Models\User;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use App\Services\SetupService;
use Illuminate\Http\UploadedFile;
use Illuminate\Support\Str;
use Laravel\Sanctum\Sanctum;
use Storage;
use Tests\TestCase;
@@ -59,4 +61,87 @@ class FileAccessTest extends TestCase
Storage::assertExists('system/fake-logo.jpg');
}
/**
* @test
*/
public function it_get_private_user_file()
{
Storage::fake('local');
$this->setup->create_directories();
$file = UploadedFile::fake()
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
$user = User::factory(User::class)
->create();
Sanctum::actingAs($user);
$this->postJson('/api/upload', [
'file' => $file,
'folder_id' => null,
'is_last' => true,
])->assertStatus(201);
$this->get("file/$file->name")
->assertOk();
}
/**
* @test
*/
public function guest_try_to_get_private_user_file()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$file = UploadedFile::fake()
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
Storage::putFileAs("files/$user->id", $file, $file->name);
File::factory(File::class)
->create([
'basename' => $file->name,
'name' => 'fake-file.pdf',
]);
$this->get("file/$file->name")
->assertStatus(302);
}
/**
* @test
*/
public function logged_user_try_to_get_another_private_user_file()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$file = UploadedFile::fake()
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
Storage::putFileAs("files/$user->id", $file, $file->name);
File::factory(File::class)
->create([
'basename' => $file->name,
'name' => 'fake-file.pdf',
]);
Sanctum::actingAs($user);
$this->get("file/$file->name")
->assertNotFound();
}
}