controller refactoring part 24

2026-04-21 01:12:14 +00:00 · 2021-07-21 18:46:55 +02:00
parent 54f1f4c9a8
commit 6d8a7a429c
29 changed files with 561 additions and 209 deletions
--- a/src/Domain/Sharing/Actions/ProtectShareRecordAction.php
+++ b/src/Domain/Sharing/Actions/ProtectShareRecordAction.php
@@ -0,0 +1,33 @@
+<?php
+namespace Domain\Sharing\Actions;
+
+use Domain\Sharing\Models\Share;
+
+class ProtectShareRecordAction
+{
+    public function __invoke(Share $shared): void
+    {
+        if ($shared->is_protected) {
+            $abort_message = "Sorry, you don't have permission";
+
+            if (! request()->hasCookie('share_session')) {
+                abort(403, $abort_message);
+            }
+
+            // Get shared session
+            $share_session = json_decode(
+                request()->cookie('share_session')
+            );
+
+            // Check if is requested same share record
+            if ($share_session->token !== $shared->token) {
+                abort(403, $abort_message);
+            }
+
+            // Check if share record was authenticated previously via ShareController@authenticate
+            if (! $share_session->authenticated) {
+                abort(403, $abort_message);
+            }
+        }
+    }
+}
--- a/src/Domain/Sharing/Actions/VerifyAccessToItemAction.php
+++ b/src/Domain/Sharing/Actions/VerifyAccessToItemAction.php
@@ -0,0 +1,41 @@
+<?php
+namespace Domain\Sharing\Actions;
+
+use Illuminate\Support\Arr;
+use Domain\Sharing\Models\Share;
+use Domain\Folders\Models\Folder;
+
+class VerifyAccessToItemAction
+{
+    /**
+     * Check access to requested directory
+     */
+    public function __invoke(
+        string | array $requested_id,
+        Share $shared,
+    ): void {
+        // Get all children folders
+        $foldersIds = Folder::with('folders:id,parent_id,id,name')
+            ->where('user_id', $shared->user_id)
+            ->where('parent_id', $shared->item_id)
+            ->get();
+
+        // Get all authorized parent folders by shared folder as root of tree
+        $accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
+
+        // Check user access
+        if (is_array($requested_id)) {
+            foreach ($requested_id as $id) {
+                if (! in_array($id, $accessible_folder_ids)) {
+                    abort(403);
+                }
+            }
+        }
+
+        if (! is_array($requested_id)) {
+            if (! in_array($requested_id, $accessible_folder_ids)) {
+                abort(403);
+            }
+        }
+    }
+}
--- a/src/Domain/Sharing/Actions/VerifyAccessToItemWithinAction.php
+++ b/src/Domain/Sharing/Actions/VerifyAccessToItemWithinAction.php
@@ -0,0 +1,33 @@
+<?php
+namespace Domain\Sharing\Actions;
+
+use Domain\Files\Models\File;
+use Domain\Sharing\Models\Share;
+
+class VerifyAccessToItemWithinAction
+{
+    public function __construct(
+        private VerifyAccessToItemAction $verifyAccessToItem,
+    ) {
+    }
+
+    /**
+     * Check user file access
+     */
+    public function __invoke(
+        Share $shared,
+        File $file
+    ): void {
+        // Check by parent folder permission
+        if ($shared->type === 'folder') {
+            ($this->verifyAccessToItem)($file->folder_id, $shared);
+        }
+
+        // Check by single file permission
+        if ($shared->type === 'file') {
+            if ($shared->item_id !== $file->id) {
+                abort(403);
+            }
+        }
+    }
+}
--- a/src/Domain/Sharing/Controllers/ShareViaEmailController.php
+++ b/src/Domain/Sharing/Controllers/ShareViaEmailController.php
@@ -8,14 +8,18 @@ use Domain\Sharing\Actions\SendViaEmailAction;

 class ShareViaEmailController extends Controller
 {
+    public function __construct(
+        private SendViaEmailAction $sendLinkToEmailAction,
+    ) {
+    }
+
    public function __invoke(
-        SendViaEmailAction $sendLinkToEmailAction,
        Request $request,
        string $token,
    ): Response {
-        ($sendLinkToEmailAction)(
-            $request->input('emails'),
-            $token
+        ($this->sendLinkToEmailAction)(
+            emails: $request->input('emails'),
+            token: $token,
        );

        return response('Done!', 204);
--- a/src/Domain/Sharing/Controllers/VisitorAuthenticateProtectedShareController.php
+++ b/src/Domain/Sharing/Controllers/VisitorAuthenticateProtectedShareController.php
@@ -9,7 +9,7 @@ use Illuminate\Support\Facades\Hash;
 use Domain\Sharing\Resources\ShareResource;
 use Domain\Sharing\Requests\AuthenticateShareRequest;

-class VisitorAuthenticateProtectedShareController extends Controller
+class VisitorUnlockLockedShareController extends Controller
 {
    /**
     * Check Password for protected item
--- a/src/Domain/Sharing/Controllers/WebCrawlerOpenGraphController.php
+++ b/src/Domain/Sharing/Controllers/WebCrawlerOpenGraphController.php
@@ -5,7 +5,7 @@ use Illuminate\View\View;
 use Domain\Sharing\Models\Share;
 use App\Http\Controllers\Controller;

-class OGSiteController extends Controller
+class WebCrawlerOpenGraphController extends Controller
 {
    /**
     * Get og site for web crawlers
--- a/src/Domain/Sharing/Models/Share.php
+++ b/src/Domain/Sharing/Models/Share.php
@@ -12,6 +12,12 @@ use Illuminate\Database\Eloquent\Factories\HasFactory;
 * @method static whereNotNull(string $string)
 * @method static where(string $string, string $token)
 * @property string user_id
+ * @property mixed is_protected
+ * @property string token
+ * @property string item_id
+ * @property string type
+ * @property string password
+ * @property User user
 */
 class Share extends Model
 {