diff --git a/app/Http/Controllers/FileFunctions/EditItemsController.php b/app/Http/Controllers/FileFunctions/EditItemsController.php index 5f58e334..dbbb7919 100644 --- a/app/Http/Controllers/FileFunctions/EditItemsController.php +++ b/app/Http/Controllers/FileFunctions/EditItemsController.php @@ -330,8 +330,8 @@ class EditItemsController extends Controller return $new_file; } - -/** + + /** * User download folder via zip * * @param $id @@ -341,7 +341,7 @@ class EditItemsController extends Controller { // Get user id $user_id = Auth::id(); - + // Check permission to download for authenticated editor if ($request->user()->tokenCan('editor')) { @@ -359,7 +359,7 @@ class EditItemsController extends Controller $folder = Folder::whereUserId($user_id) ->where('id', $id); - if (! $folder->exists()) { + if (!$folder->exists()) { abort(404, 'Requested folder doesn\'t exists.'); } @@ -391,8 +391,8 @@ class EditItemsController extends Controller // Get folder $folder = Folder::whereUserId($shared->user_id) ->where('id', $id); - - if (! $folder->exists()) { + + if (!$folder->exists()) { abort(404, 'Requested folder doesn\'t exists.'); } @@ -535,39 +535,38 @@ class EditItemsController extends Controller // Get shared record $shared = get_shared($token); - //Unique id of Folder where move - $to_id = $request->input('to_id'); - // Demo preview if (is_demo(Auth::id())) { return Demo::response_204(); } // Check shared permission - if (!is_editor($shared)) abort(403); + if (is_visitor($shared)) { + abort(403); + } - foreach ($request->input('items') as $item) { + foreach ($request->items as $item) { - $id = $item['id']; - $moving_id = $id; + if ($item['type'] === 'folder') { + Guardian::check_item_access([ + $request->to_id, $item['id'] + ], $shared); + } if ($item['type'] !== 'folder') { - $file = File::where('id', $id) + + $file = File::where('id', $item['id']) ->where('user_id', $shared->user_id) ->firstOrFail(); - $moving_id = $file->folder_id; + Guardian::check_item_access([ + $request->to_id, $file->folder_id + ], $shared); } - - // Check access to requested item - Guardian::check_item_access([ - $to_id, $moving_id - ], $shared); } - // Move item - Editor::move($request, $to_id, $shared); + Editor::move($request, $request->to_id); return response('Done!', 204); } diff --git a/app/Providers/RouteServiceProvider.php b/app/Providers/RouteServiceProvider.php index 8adf49de..62414734 100644 --- a/app/Providers/RouteServiceProvider.php +++ b/app/Providers/RouteServiceProvider.php @@ -42,6 +42,8 @@ class RouteServiceProvider extends ServiceProvider { $this->mapApiRoutes(); + $this->mapShareRoutes(); + $this->mapAdminApiRoutes(); $this->mapSetupWizardApiRoutes(); @@ -98,6 +100,14 @@ class RouteServiceProvider extends ServiceProvider ->group(base_path('routes/api.php')); } + protected function mapShareRoutes() + { + Route::prefix('api') + ->middleware('api') + ->namespace($this->namespace) + ->group(base_path('routes/share.php')); + } + protected function mapAdminApiRoutes() { Route::prefix('api/admin') diff --git a/routes/api.php b/routes/api.php index 38564cfb..71009640 100644 --- a/routes/api.php +++ b/routes/api.php @@ -11,28 +11,6 @@ use App\Http\Controllers\FileFunctions\TrashController; use App\Http\Controllers\General\PricingController; use App\Http\Controllers\Sharing\FileSharingController; -// Edit Functions -Route::group(['prefix' => 'editor'], function () { - Route::patch('/rename/{id}/public/{token}', [EditItemsController::class, 'guest_rename_item']); - Route::post('/create-folder/public/{token}', [EditItemsController::class, 'guest_create_folder']); - Route::post('/remove/public/{token}', [EditItemsController::class, 'guest_delete_item']); - Route::post('/upload/public/{token}', [EditItemsController::class, 'guest_upload']); - Route::post('/move/public/{token}', [EditItemsController::class, 'guest_move']); -}); - -Route::group(['prefix' => 'zip'], function () { - Route::get('/folder/{id}/public/{token}', [EditItemsController::class, 'guest_zip_folder']); - Route::post('/files/public/{token}', [EditItemsController::class, 'guest_zip_multiple_files']); -}); - -// Sharing page browsing -Route::get('/folders/{unique_id}/public/{token}', [FileSharingController::class, 'get_public_folders']); -Route::get('/navigation/public/{token}', [FileSharingController::class, 'get_public_navigation_tree']); -Route::post('/shared/authenticate/{token}', [FileSharingController::class, 'authenticate']); -Route::get('/search/public/{token}', [FileSharingController::class, 'search_public']); -Route::get('/files/{token}/public', [FileSharingController::class, 'file_public']); -Route::get('/shared/{token}', [ShareController::class, 'show']); - // Pages Route::post('/contact', [AppFunctionsController::class, 'contact_form']); Route::get('/page/{slug}', [AppFunctionsController::class, 'get_page']); diff --git a/routes/share.php b/routes/share.php new file mode 100644 index 00000000..40410684 --- /dev/null +++ b/routes/share.php @@ -0,0 +1,27 @@ + 'editor'], function () { + Route::patch('/rename/{id}/public/{token}', [EditItemsController::class, 'guest_rename_item']); + Route::post('/create-folder/public/{token}', [EditItemsController::class, 'guest_create_folder']); + Route::post('/remove/public/{token}', [EditItemsController::class, 'guest_delete_item']); + Route::post('/upload/public/{token}', [EditItemsController::class, 'guest_upload']); + Route::post('/move/public/{token}', [EditItemsController::class, 'guest_move']); +}); + +// Editor/Visitor zip functions +Route::group(['prefix' => 'zip'], function () { + Route::get('/folder/{id}/public/{token}', [EditItemsController::class, 'guest_zip_folder']); + Route::post('/files/public/{token}', [EditItemsController::class, 'guest_zip_multiple_files']); +}); + +// Sharing page browsing +Route::get('/folders/{id}/public/{token}', [FileSharingController::class, 'get_public_folders']); +Route::get('/navigation/public/{token}', [FileSharingController::class, 'get_public_navigation_tree']); +Route::post('/shared/authenticate/{token}', [FileSharingController::class, 'authenticate']); +Route::get('/search/public/{token}', [FileSharingController::class, 'search_public']); +Route::get('/files/{token}/public', [FileSharingController::class, 'file_public']); +Route::get('/shared/{token}', [ShareController::class, 'show']); \ No newline at end of file diff --git a/tests/Feature/Share/ShareEditorTest.php b/tests/Feature/Share/ShareEditorTest.php index d6cb3e96..f2babce4 100644 --- a/tests/Feature/Share/ShareEditorTest.php +++ b/tests/Feature/Share/ShareEditorTest.php @@ -201,7 +201,7 @@ class ShareEditorTest extends TestCase $folder = Folder::factory(Folder::class) ->create([ - 'user_id' => $user->id, + 'user_id' => $user->id, 'user_scope' => 'master', ]); @@ -224,7 +224,7 @@ class ShareEditorTest extends TestCase ])->assertStatus(201); $this->assertDatabaseHas('traffic', [ - 'user_id' => $user->id, + 'user_id' => $user->id, ]); $this->assertDatabaseHas('files', [ @@ -240,7 +240,107 @@ class ShareEditorTest extends TestCase /** * @test */ - public function it_zip_shared_multiple_files() + public function editor_move_file_to_another_folder() + { + $user = User::factory(User::class) + ->create(); + + $root = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id + ]); + + $children = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'parent_id' => $root->id, + ]); + + $file = File::factory(File::class) + ->create([ + 'user_id' => $user->id, + 'folder_id' => $root->id + ]); + + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $root->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => false, + 'permission' => 'editor', + ]); + + $this->postJson("/api/editor/move/public/$share->token", [ + 'to_id' => $children->id, + 'items' => [ + [ + 'type' => 'file', + 'id' => $file->id, + ] + ], + ])->assertStatus(204); + + $this->assertDatabaseHas('files', [ + 'id' => $file->id, + 'folder_id' => $children->id, + ]); + } + + /** + * @test + */ + public function editor_move_folder_to_another_folder() + { + $user = User::factory(User::class) + ->create(); + + $root = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id + ]); + + $brother = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'parent_id' => $root->id, + ]); + + $sister = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'parent_id' => $root->id, + ]); + + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $root->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => false, + 'permission' => 'editor', + ]); + + $this->postJson("/api/editor/move/public/$share->token", [ + 'to_id' => $brother->id, + 'items' => [ + [ + 'type' => 'folder', + 'id' => $sister->id, + ] + ], + ])->assertStatus(204); + + $this->assertDatabaseHas('folders', [ + 'id' => $sister->id, + 'parent_id' => $brother->id, + ]); + } + + /** + * @test + */ + public function guest_zip_shared_multiple_files() { Storage::fake('local'); @@ -295,7 +395,7 @@ class ShareEditorTest extends TestCase /** * @test */ - public function it_try_zip_non_shared_file_with_already_shared_multiple_files() + public function guest_try_zip_non_shared_file_with_already_shared_multiple_files() { $user = User::factory(User::class) ->create(); @@ -332,7 +432,7 @@ class ShareEditorTest extends TestCase /** * @test */ - public function it_zip_shared_folder() + public function guest_zip_shared_folder() { Storage::fake('local'); @@ -392,7 +492,7 @@ class ShareEditorTest extends TestCase /** * @test */ - public function it_try_zip_non_shared_folder() + public function guest_try_zip_non_shared_folder() { Storage::fake('local');