nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-05-17 18:55:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase

Browse Source
This commit is contained in:
Milos Holba
2020-11-13 19:02:08 +01:00
parent 1c62da4e7c
commit 382756a6f0
10 changed files with 218 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/FileFunctions/EditItemsController.php
+40 -32
View File
@@ -168,41 +168,45 @@ class EditItemsController extends Controller
* @return ResponseFactory|\Illuminate\Http\Response
* @throws Exception
*/
public function user_delete_item(DeleteItemRequest $request, $unique_id)
public function user_delete_item(DeleteItemRequest $request)
{
// Demo preview
if (is_demo(Auth::id())) {
return Demo::response_204();
}
// Check permission to delete item for authenticated editor
if ($request->user()->tokenCan('editor')) {
foreach($request->input('data') as $file){
$unique_id = $file['unique_id'];
// Prevent force delete for non-master users
if ($request->input('data.force_delete')) abort('401');
// Check permission to delete item for authenticated editor
if ($request->user()->tokenCan('editor')) {
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Prevent force delete for non-master users
if ($file['force_delete']) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get file|folder item
$item = get_item($request->input('data.type'), $unique_id, Auth::id());
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Check access to requested directory
if ($request->input('data.type') === 'folder') {
Guardian::check_item_access($item->unique_id, $shared);
} else {
Guardian::check_item_access($item->folder_id, $shared);
// Get file|folder item
$item = get_item($file['type'], $unique_id, Auth::id());
// Check access to requested directory
if ($file['type'] === 'folder') {
Guardian::check_item_access($item->unique_id, $shared);
} else {
Guardian::check_item_access($item->folder_id, $shared);
}
}
}
// Delete item
Editor::delete_item($request, $unique_id);
// Delete item
Editor::delete_item($file, $unique_id);
// Return response
return response(null, 204);
}
return response(null, 204);
}
/**
@@ -214,7 +218,7 @@ class EditItemsController extends Controller
* @return ResponseFactory|\Illuminate\Http\Response
* @throws Exception
*/
public function guest_delete_item(DeleteItemRequest $request, $unique_id, $token)
public function guest_delete_item(DeleteItemRequest $request, $token)
{
// Get shared record
$shared = get_shared($token);
@@ -224,22 +228,26 @@ class EditItemsController extends Controller
return Demo::response_204();
}
// Check shared permission
if (!is_editor($shared)) abort(403);
foreach($request->input('data') as $file){
$unique_id = $file['unique_id'];
// Get file|folder item
$item = get_item($request->input('data.type'), $unique_id, $shared->user_id);
// Get file|folder item
$item = get_item($file['type'], $unique_id, $shared->user_id);
// Check access to requested item
if ($request->input('data.type') === 'folder') {
Guardian::check_item_access($item->unique_id, $shared);
} else {
Guardian::check_item_access($item->folder_id, $shared);
// Check access to requested item
if ($file['type'] === 'folder') {
Guardian::check_item_access($item->unique_id, $shared);
} else {
Guardian::check_item_access($item->folder_id, $shared);
}
// Delete item
Editor::delete_item($file, $unique_id, $shared);
}
// Delete item
Editor::delete_item($request, $unique_id, $shared);
// Return response
return response(null, 204);
}
app/Http/Requests/FileFunctions/DeleteItemRequest.php
+3 -2
View File
@@ -25,8 +25,9 @@ class DeleteItemRequest extends FormRequest
public function rules()
{
return [
'data.type' => 'required|string',
'data.force_delete' => 'required|boolean',
'data[*].force_delete' => 'required|boolean',
'data[*].type' => 'required|string',
'data[*].unique_id' => 'required|numeric'
];
}
}
app/Http/Tools/Editor.php
+7 -7
View File
@@ -86,13 +86,13 @@ class Editor
* @param null $shared
* @throws \Exception
*/
public static function delete_item($request, $unique_id, $shared = null)
public static function delete_item($file, $unique_id, $shared = null)
{
// Get user id
$user = is_null($shared) ? Auth::user() : User::findOrFail($shared->user_id);
// Delete folder
if ($request->input('data.type') === 'folder') {
if ($file['type'] === 'folder') {
// Get folder
$folder = FileManagerFolder::withTrashed()
@@ -113,7 +113,7 @@ class Editor
}
// Force delete children files
if ($request->input('data.force_delete')) {
if ($file['force_delete']) {
// Get children folder ids
$child_folders = filter_folders_ids($folder->trashed_folders, 'unique_id');
@@ -142,7 +142,7 @@ class Editor
}
// Soft delete items
if (!$request->input('data.force_delete')) {
if (!$file['force_delete']) {
// Remove folder from user favourites
$user->favourite_folders()->detach($unique_id);
@@ -153,7 +153,7 @@ class Editor
}
// Delete item
if ($request->input('data.type') !== 'folder') {
if ($file['type'] !== 'folder') {
// Get file
$file = FileManagerFile::withTrashed()
@@ -173,7 +173,7 @@ class Editor
}
// Force delete file
if ($request->input('data.force_delete')) {
if ($file['force_delete']) {
// Delete file
Storage::delete('/file-manager/' . $file->basename);
@@ -186,7 +186,7 @@ class Editor
}
// Soft delete file
if (!$request->input('data.force_delete')) {
if (!$file['force_delete']) {
// Soft delete file
$file->delete();