diff --git a/app/Http/Controllers/FileFunctions/EditItemsController.php b/app/Http/Controllers/FileFunctions/EditItemsController.php index adb7a684..36b901cb 100644 --- a/app/Http/Controllers/FileFunctions/EditItemsController.php +++ b/app/Http/Controllers/FileFunctions/EditItemsController.php @@ -168,41 +168,45 @@ class EditItemsController extends Controller * @return ResponseFactory|\Illuminate\Http\Response * @throws Exception */ - public function user_delete_item(DeleteItemRequest $request, $unique_id) + public function user_delete_item(DeleteItemRequest $request) { // Demo preview if (is_demo(Auth::id())) { return Demo::response_204(); } - // Check permission to delete item for authenticated editor - if ($request->user()->tokenCan('editor')) { + foreach($request->input('data') as $file){ + $unique_id = $file['unique_id']; - // Prevent force delete for non-master users - if ($request->input('data.force_delete')) abort('401'); + // Check permission to delete item for authenticated editor + if ($request->user()->tokenCan('editor')) { - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); + // Prevent force delete for non-master users + if ($file['force_delete']) abort('401'); - // Get shared token - $shared = get_shared($request->cookie('shared_token')); + // check if shared_token cookie exist + if (!$request->hasCookie('shared_token')) abort('401'); - // Get file|folder item - $item = get_item($request->input('data.type'), $unique_id, Auth::id()); + // Get shared token + $shared = get_shared($request->cookie('shared_token')); - // Check access to requested directory - if ($request->input('data.type') === 'folder') { - Guardian::check_item_access($item->unique_id, $shared); - } else { - Guardian::check_item_access($item->folder_id, $shared); + // Get file|folder item + $item = get_item($file['type'], $unique_id, Auth::id()); + + // Check access to requested directory + if ($file['type'] === 'folder') { + Guardian::check_item_access($item->unique_id, $shared); + } else { + Guardian::check_item_access($item->folder_id, $shared); + } } - } - // Delete item - Editor::delete_item($request, $unique_id); + // Delete item + Editor::delete_item($file, $unique_id); // Return response - return response(null, 204); + } + return response(null, 204); } /** @@ -214,7 +218,7 @@ class EditItemsController extends Controller * @return ResponseFactory|\Illuminate\Http\Response * @throws Exception */ - public function guest_delete_item(DeleteItemRequest $request, $unique_id, $token) + public function guest_delete_item(DeleteItemRequest $request, $token) { // Get shared record $shared = get_shared($token); @@ -224,22 +228,26 @@ class EditItemsController extends Controller return Demo::response_204(); } + // Check shared permission if (!is_editor($shared)) abort(403); + + foreach($request->input('data') as $file){ + $unique_id = $file['unique_id']; - // Get file|folder item - $item = get_item($request->input('data.type'), $unique_id, $shared->user_id); + // Get file|folder item + $item = get_item($file['type'], $unique_id, $shared->user_id); - // Check access to requested item - if ($request->input('data.type') === 'folder') { - Guardian::check_item_access($item->unique_id, $shared); - } else { - Guardian::check_item_access($item->folder_id, $shared); + // Check access to requested item + if ($file['type'] === 'folder') { + Guardian::check_item_access($item->unique_id, $shared); + } else { + Guardian::check_item_access($item->folder_id, $shared); + } + + // Delete item + Editor::delete_item($file, $unique_id, $shared); } - - // Delete item - Editor::delete_item($request, $unique_id, $shared); - // Return response return response(null, 204); } diff --git a/app/Http/Requests/FileFunctions/DeleteItemRequest.php b/app/Http/Requests/FileFunctions/DeleteItemRequest.php index 7288b9b3..f5364598 100644 --- a/app/Http/Requests/FileFunctions/DeleteItemRequest.php +++ b/app/Http/Requests/FileFunctions/DeleteItemRequest.php @@ -25,8 +25,9 @@ class DeleteItemRequest extends FormRequest public function rules() { return [ - 'data.type' => 'required|string', - 'data.force_delete' => 'required|boolean', + 'data[*].force_delete' => 'required|boolean', + 'data[*].type' => 'required|string', + 'data[*].unique_id' => 'required|numeric' ]; } } diff --git a/app/Http/Tools/Editor.php b/app/Http/Tools/Editor.php index 5e02a17d..75cb0644 100644 --- a/app/Http/Tools/Editor.php +++ b/app/Http/Tools/Editor.php @@ -86,13 +86,13 @@ class Editor * @param null $shared * @throws \Exception */ - public static function delete_item($request, $unique_id, $shared = null) + public static function delete_item($file, $unique_id, $shared = null) { // Get user id $user = is_null($shared) ? Auth::user() : User::findOrFail($shared->user_id); // Delete folder - if ($request->input('data.type') === 'folder') { + if ($file['type'] === 'folder') { // Get folder $folder = FileManagerFolder::withTrashed() @@ -113,7 +113,7 @@ class Editor } // Force delete children files - if ($request->input('data.force_delete')) { + if ($file['force_delete']) { // Get children folder ids $child_folders = filter_folders_ids($folder->trashed_folders, 'unique_id'); @@ -142,7 +142,7 @@ class Editor } // Soft delete items - if (!$request->input('data.force_delete')) { + if (!$file['force_delete']) { // Remove folder from user favourites $user->favourite_folders()->detach($unique_id); @@ -153,7 +153,7 @@ class Editor } // Delete item - if ($request->input('data.type') !== 'folder') { + if ($file['type'] !== 'folder') { // Get file $file = FileManagerFile::withTrashed() @@ -173,7 +173,7 @@ class Editor } // Force delete file - if ($request->input('data.force_delete')) { + if ($file['force_delete']) { // Delete file Storage::delete('/file-manager/' . $file->basename); @@ -186,7 +186,7 @@ class Editor } // Soft delete file - if (!$request->input('data.force_delete')) { + if (!$file['force_delete']) { // Soft delete file $file->delete(); diff --git a/database/factories/FileFactory.php b/database/factories/FileFactory.php new file mode 100644 index 00000000..1adeb39d --- /dev/null +++ b/database/factories/FileFactory.php @@ -0,0 +1,20 @@ +define(FileManagerFile::class, function (Faker $faker) { + return [ + 'unique_id' => $faker->randomDigit, + 'user_id' => 0, + 'folder_id' => 0, + 'name' => $faker->firstName, + 'basename' => $faker->lastName, + 'user_scope' => 'master', + 'updated_at' => Carbon::now(), + 'created_at' => Carbon::now() + ]; +}); diff --git a/database/factories/FolderFactory.php b/database/factories/FolderFactory.php new file mode 100644 index 00000000..cca6abbc --- /dev/null +++ b/database/factories/FolderFactory.php @@ -0,0 +1,17 @@ +define(FileManagerFolder::class, function (Faker $faker) { + return [ + 'id' => $faker->randomDigit, + 'unique_id' => $faker->randomDigit, + 'user_id' => 1, + 'parent_id' => 0, + 'name' => $faker->sentence, + 'type' => 'folder', + ]; +}); diff --git a/env.testing b/env.testing new file mode 100644 index 00000000..7313089c --- /dev/null +++ b/env.testing @@ -0,0 +1,70 @@ +APP_NAME=vueFileManager +APP_ENV=local +APP_KEY=base64:v+s0R2C5q8jYySj3uwrKA8KH8c9JBIZTdXqB2ytk4j8= +APP_DEBUG=true +APP_URL=http://localhost +APP_DEMO=false + +LOG_CHANNEL=stack + + +DB_CONNECTION=sqlite +DB_HOST=null +DB_PORT=null +DB_DATABASE=database/database.sqlite +DB_USERNAME=null +DB_PASSWORD=null + +BROADCAST_DRIVER=log +CACHE_DRIVER=file +QUEUE_CONNECTION=sync +SESSION_DRIVER=file +SESSION_LIFETIME=120 + +REDIS_HOST=127.0.0.1 +REDIS_PASSWORD=null +REDIS_PORT=6379 + +MAIL_DRIVER=smtp +MAIL_HOST=sty +MAIL_PORT=3254 +MAIL_USERNAME=Milos +MAIL_PASSWORD=milos123 +MAIL_ENCRYPTION=tls +MAIL_FROM_ADDRESS="${MAIL_USERNAME}" +MAIL_FROM_NAME="${MAIL_USERNAME}" + +AWS_ACCESS_KEY_ID= +AWS_SECRET_ACCESS_KEY= +AWS_DEFAULT_REGION= +AWS_BUCKET= + +DO_SPACES_KEY= +DO_SPACES_SECRET= +DO_SPACES_ENDPOINT= +DO_SPACES_REGION= +DO_SPACES_BUCKET= + +WASABI_KEY= +WASABI_SECRET= +WASABI_ENDPOINT= +WASABI_REGION= +WASABI_BUCKET= + +BACKBLAZE_KEY= +BACKBLAZE_SECRET= +BACKBLAZE_ENDPOINT= +BACKBLAZE_REGION= +BACKBLAZE_BUCKET= + +PASSPORT_CLIENT_ID=1 +PASSPORT_CLIENT_SECRET=TqSdKJUbCbC7g5To3Clriw9BMblef0nIdEaI81Q5 + +APP_DEPLOY_SECRET= + +CASHIER_LOGGER=stack +CASHIER_CURRENCY= +STRIPE_KEY= +STRIPE_SECRET= +STRIPE_WEBHOOK_SECRET= +CASHIER_PAYMENT_NOTIFICATION=App\Notifications\ConfirmPayment \ No newline at end of file diff --git a/routes/api.php b/routes/api.php index 14a85305..a4ed95a6 100644 --- a/routes/api.php +++ b/routes/api.php @@ -44,7 +44,7 @@ Route::group(['middleware' => ['api'], 'prefix' => 'public'], function () { Route::group(['middleware' => ['api']], function () { // Edit Functions - Route::delete('/remove-item/{unique_id}/public/{token}', 'FileFunctions\EditItemsController@guest_delete_item'); + Route::post('/remove-item/public/{token}', 'FileFunctions\EditItemsController@guest_delete_item'); Route::patch('/rename-item/{unique_id}/public/{token}', 'FileFunctions\EditItemsController@guest_rename_item'); Route::post('/create-folder/public/{token}', 'FileFunctions\EditItemsController@guest_create_folder'); Route::patch('/move/{unique_id}/public/{token}', 'FileFunctions\EditItemsController@guest_move'); @@ -184,7 +184,7 @@ Route::group(['middleware' => ['auth:api', 'auth.shared', 'scope:visitor,editor' Route::group(['middleware' => ['auth:api', 'auth.shared', 'auth.master', 'scope:master,editor']], function () { // Edit items - Route::delete('/remove-item/{unique_id}', 'FileFunctions\EditItemsController@user_delete_item'); + Route::post('/remove-item', 'FileFunctions\EditItemsController@user_delete_item'); Route::patch('/rename-item/{unique_id}', 'FileFunctions\EditItemsController@user_rename_item'); Route::post('/create-folder', 'FileFunctions\EditItemsController@user_create_folder'); Route::patch('/move/{unique_id}', 'FileFunctions\EditItemsController@user_move'); diff --git a/tests/Feature/ExampleTest.php b/tests/Feature/ExampleTest.php deleted file mode 100644 index cdb51119..00000000 --- a/tests/Feature/ExampleTest.php +++ /dev/null @@ -1,21 +0,0 @@ -get('/'); - - $response->assertStatus(200); - } -} diff --git a/tests/Unit/BulkdTest.php b/tests/Unit/BulkdTest.php new file mode 100644 index 00000000..8c4bbb44 --- /dev/null +++ b/tests/Unit/BulkdTest.php @@ -0,0 +1,59 @@ +withoutExceptionHandling(); + + $data ='{ + "data": [ + { + "force_delete": false, + "type": "file", + "unique_id": 0 + }, + { + "force_delete": false, + "type": "file", + "unique_id": 1 + }, + { + "force_delete": false, + "type": "file", + "unique_id": 2 + } + ] + }'; + + $user = factory(User::class)->create(); + + factory(FileManagerFile::class, 3)->create(); + + $this->assertDatabaseCount('file_manager_files', 3); + + $this->actingAs($user)->withoutMiddleware()->json('POST','/api/remove-item', json_decode($data , true)) + ->assertStatus(201); + + // $this->assertDatabaseCount('file_manager_files', 3); + + } +} diff --git a/tests/Unit/ExampleTest.php b/tests/Unit/ExampleTest.php deleted file mode 100644 index 358cfc88..00000000 --- a/tests/Unit/ExampleTest.php +++ /dev/null @@ -1,18 +0,0 @@ -assertTrue(true); - } -}