mirror of
https://github.com/VueFileManager/vuefilemanager.git
synced 2026-04-18 16:22:14 +00:00
added it_get_private_user_file, guest_try_to_get_private_user_file, logged_user_try_to_get_another_private_user_file test
This commit is contained in:
Peter Papp
@@ -6,7 +6,6 @@ use App\Models\Folder;
|
|||||||
use App\Http\Tools\Editor;
|
use App\Http\Tools\Editor;
|
||||||
use App\Http\Tools\Guardian;
|
use App\Http\Tools\Guardian;
|
||||||
use App\Models\Share;
|
use App\Models\Share;
|
||||||
use App\Models\User;
|
|
||||||
use App\Models\Zip;
|
use App\Models\Zip;
|
||||||
use Illuminate\Support\Arr;
|
use Illuminate\Support\Arr;
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
@@ -70,29 +69,29 @@ class FileAccessController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function get_file(Request $request, $filename)
|
public function get_file(Request $request, $filename)
|
||||||
{
|
{
|
||||||
// Get user id
|
|
||||||
$user_id = Auth::id();
|
|
||||||
|
|
||||||
// Get file record
|
// Get file record
|
||||||
$file = File::withTrashed()
|
$file = UserFile::withTrashed()
|
||||||
->where('user_id', $user_id)
|
->where('user_id', Auth::id())
|
||||||
->where('basename', $filename)
|
->where('basename', $filename)
|
||||||
->firstOrFail();
|
->firstOrFail();
|
||||||
|
|
||||||
// Check user permission
|
// Check user permission
|
||||||
if (!$request->user()->tokenCan('master')) {
|
/*if (!$request->user()->tokenCan('master')) {
|
||||||
|
|
||||||
// Get shared token
|
// Get shared token
|
||||||
$shared = get_shared($request->cookie('shared_token'));
|
$shared = get_shared($request->cookie('shared_token'));
|
||||||
|
|
||||||
// Check access to file
|
// Check access to file
|
||||||
$this->check_file_access($shared, $file);
|
$this->check_file_access($shared, $file);
|
||||||
}
|
}*/
|
||||||
|
|
||||||
|
|
||||||
// Store user download size
|
// Store user download size
|
||||||
$request->user()->record_download((int)$file->getRawOriginal('filesize'));
|
$request->user()->record_download(
|
||||||
|
(int) $file->getRawOriginal('filesize')
|
||||||
|
);
|
||||||
|
|
||||||
return $this->download_file($file);
|
return $this->download_file($file, Auth::id());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -254,28 +253,32 @@ class FileAccessController extends Controller
|
|||||||
* Call and download file
|
* Call and download file
|
||||||
*
|
*
|
||||||
* @param $file
|
* @param $file
|
||||||
|
* @param $user_id
|
||||||
* @return mixed
|
* @return mixed
|
||||||
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
|
|
||||||
*/
|
*/
|
||||||
private function download_file($file)
|
private function download_file($file, $user_id)
|
||||||
{
|
{
|
||||||
$file_pretty_name = get_pretty_name($file->basename, $file->name, $file->mimetype);
|
|
||||||
|
|
||||||
// Get file path
|
// Get file path
|
||||||
$path = '/file-manager/' . $file->basename;
|
$path = "files/$user_id/$file->basename";
|
||||||
|
|
||||||
// Check if file exist
|
// Check if file exist
|
||||||
if (!Storage::exists($path)) abort(404);
|
if (!Storage::exists($path)) {
|
||||||
|
abort(404);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get pretty name
|
||||||
|
$pretty_name = get_pretty_name($file->basename, $file->name, $file->mimetype);
|
||||||
|
|
||||||
$headers = [
|
$headers = [
|
||||||
"Accept-Ranges" => "bytes",
|
"Accept-Ranges" => "bytes",
|
||||||
"Content-Type" => Storage::mimeType($path),
|
"Content-Type" => Storage::mimeType($path),
|
||||||
"Content-Length" => Storage::size($path),
|
"Content-Length" => Storage::size($path),
|
||||||
"Content-Range" => "bytes 0-600/" . Storage::size($path),
|
"Content-Range" => "bytes 0-600/" . Storage::size($path),
|
||||||
"Content-Disposition" => "attachment; filename=" . $file_pretty_name,
|
"Content-Disposition" => "attachment; filename=$pretty_name",
|
||||||
];
|
];
|
||||||
|
|
||||||
return response()->download(config('filesystems.disks.local.root') . '/file-manager/' . $file->basename, $file_pretty_name, $headers);
|
return response()
|
||||||
|
->download(Storage::path($path), $pretty_name, $headers);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -286,7 +289,7 @@ class FileAccessController extends Controller
|
|||||||
private function thumbnail_file($file)
|
private function thumbnail_file($file)
|
||||||
{
|
{
|
||||||
// Get file path
|
// Get file path
|
||||||
$path = '/file-manager/' . $file->getRawOriginal('thumbnail');
|
$path = '/files/' . $file->getRawOriginal('thumbnail');
|
||||||
|
|
||||||
// Check if file exist
|
// Check if file exist
|
||||||
if (!Storage::exists($path)) abort(404);
|
if (!Storage::exists($path)) abort(404);
|
||||||
|
|||||||
@@ -137,7 +137,7 @@ class File extends Model
|
|||||||
'ResponseContentDisposition' => 'attachment; filename=' . $file_pretty_name,
|
'ResponseContentDisposition' => 'attachment; filename=' . $file_pretty_name,
|
||||||
];
|
];
|
||||||
|
|
||||||
return Storage::temporaryUrl('file-manager/' . $this->attributes['basename'], now()->addDay(), $header);
|
return Storage::temporaryUrl('files/' . $this->attributes['basename'], now()->addDay(), $header);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get thumbnail from local storage
|
// Get thumbnail from local storage
|
||||||
|
|||||||
@@ -10,8 +10,7 @@ use App\Http\Controllers\WebhookController;
|
|||||||
Route::post('/stripe/webhook', [WebhookController::class, 'handleWebhook']);
|
Route::post('/stripe/webhook', [WebhookController::class, 'handleWebhook']);
|
||||||
Route::post('/admin-setup', [SetupWizardController::class, 'create_admin_account']);
|
Route::post('/admin-setup', [SetupWizardController::class, 'create_admin_account']);
|
||||||
|
|
||||||
// App public files
|
// Get avatars and system images
|
||||||
// TODO: testy
|
|
||||||
Route::get('/avatars/{avatar}', [FileAccessController::class, 'get_avatar'])->name('avatar');
|
Route::get('/avatars/{avatar}', [FileAccessController::class, 'get_avatar'])->name('avatar');
|
||||||
Route::get('/system/{image}', [FileAccessController::class, 'get_system_image']);
|
Route::get('/system/{image}', [FileAccessController::class, 'get_system_image']);
|
||||||
|
|
||||||
|
|||||||
@@ -2,10 +2,12 @@
|
|||||||
|
|
||||||
namespace Tests\Feature;
|
namespace Tests\Feature;
|
||||||
|
|
||||||
|
use App\Models\File;
|
||||||
use App\Models\User;
|
use App\Models\User;
|
||||||
use Illuminate\Foundation\Testing\DatabaseMigrations;
|
use Illuminate\Foundation\Testing\DatabaseMigrations;
|
||||||
use App\Services\SetupService;
|
use App\Services\SetupService;
|
||||||
use Illuminate\Http\UploadedFile;
|
use Illuminate\Http\UploadedFile;
|
||||||
|
use Illuminate\Support\Str;
|
||||||
use Laravel\Sanctum\Sanctum;
|
use Laravel\Sanctum\Sanctum;
|
||||||
use Storage;
|
use Storage;
|
||||||
use Tests\TestCase;
|
use Tests\TestCase;
|
||||||
@@ -59,4 +61,87 @@ class FileAccessTest extends TestCase
|
|||||||
|
|
||||||
Storage::assertExists('system/fake-logo.jpg');
|
Storage::assertExists('system/fake-logo.jpg');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test
|
||||||
|
*/
|
||||||
|
public function it_get_private_user_file()
|
||||||
|
{
|
||||||
|
Storage::fake('local');
|
||||||
|
|
||||||
|
$this->setup->create_directories();
|
||||||
|
|
||||||
|
$file = UploadedFile::fake()
|
||||||
|
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
|
||||||
|
|
||||||
|
$user = User::factory(User::class)
|
||||||
|
->create();
|
||||||
|
|
||||||
|
Sanctum::actingAs($user);
|
||||||
|
|
||||||
|
$this->postJson('/api/upload', [
|
||||||
|
'file' => $file,
|
||||||
|
'folder_id' => null,
|
||||||
|
'is_last' => true,
|
||||||
|
])->assertStatus(201);
|
||||||
|
|
||||||
|
$this->get("file/$file->name")
|
||||||
|
->assertOk();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test
|
||||||
|
*/
|
||||||
|
public function guest_try_to_get_private_user_file()
|
||||||
|
{
|
||||||
|
Storage::fake('local');
|
||||||
|
|
||||||
|
$this->setup->create_directories();
|
||||||
|
|
||||||
|
$user = User::factory(User::class)
|
||||||
|
->create();
|
||||||
|
|
||||||
|
$file = UploadedFile::fake()
|
||||||
|
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
|
||||||
|
|
||||||
|
Storage::putFileAs("files/$user->id", $file, $file->name);
|
||||||
|
|
||||||
|
File::factory(File::class)
|
||||||
|
->create([
|
||||||
|
'basename' => $file->name,
|
||||||
|
'name' => 'fake-file.pdf',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->get("file/$file->name")
|
||||||
|
->assertStatus(302);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test
|
||||||
|
*/
|
||||||
|
public function logged_user_try_to_get_another_private_user_file()
|
||||||
|
{
|
||||||
|
Storage::fake('local');
|
||||||
|
|
||||||
|
$this->setup->create_directories();
|
||||||
|
|
||||||
|
$user = User::factory(User::class)
|
||||||
|
->create();
|
||||||
|
|
||||||
|
$file = UploadedFile::fake()
|
||||||
|
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
|
||||||
|
|
||||||
|
Storage::putFileAs("files/$user->id", $file, $file->name);
|
||||||
|
|
||||||
|
File::factory(File::class)
|
||||||
|
->create([
|
||||||
|
'basename' => $file->name,
|
||||||
|
'name' => 'fake-file.pdf',
|
||||||
|
]);
|
||||||
|
|
||||||
|
Sanctum::actingAs($user);
|
||||||
|
|
||||||
|
$this->get("file/$file->name")
|
||||||
|
->assertNotFound();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user