controller refactoring part 24

src/Domain/Sharing/Actions/ProtectShareRecordAction.php

@@ -0,0 +1,33 @@
+<?php
+namespace Domain\Sharing\Actions;
+
+use Domain\Sharing\Models\Share;
+
+class ProtectShareRecordAction
+{
+    public function __invoke(Share $shared): void
+    {
+        if ($shared->is_protected) {
+            $abort_message = "Sorry, you don't have permission";
+
+            if (! request()->hasCookie('share_session')) {
+                abort(403, $abort_message);
+            }
+
+            // Get shared session
+            $share_session = json_decode(
+                request()->cookie('share_session')
+            );
+
+            // Check if is requested same share record
+            if ($share_session->token !== $shared->token) {
+                abort(403, $abort_message);
+            }
+
+            // Check if share record was authenticated previously via ShareController@authenticate
+            if (! $share_session->authenticated) {
+                abort(403, $abort_message);
+            }
+        }
+    }
+}

src/Domain/Sharing/Actions/VerifyAccessToItemAction.php

@@ -0,0 +1,41 @@
+<?php
+namespace Domain\Sharing\Actions;
+
+use Illuminate\Support\Arr;
+use Domain\Sharing\Models\Share;
+use Domain\Folders\Models\Folder;
+
+class VerifyAccessToItemAction
+{
+    /**
+     * Check access to requested directory
+     */
+    public function __invoke(
+        string | array $requested_id,
+        Share $shared,
+    ): void {
+        // Get all children folders
+        $foldersIds = Folder::with('folders:id,parent_id,id,name')
+            ->where('user_id', $shared->user_id)
+            ->where('parent_id', $shared->item_id)
+            ->get();
+
+        // Get all authorized parent folders by shared folder as root of tree
+        $accessible_folder_ids = Arr::flatten([filter_folders_ids($foldersIds), $shared->item_id]);
+
+        // Check user access
+        if (is_array($requested_id)) {
+            foreach ($requested_id as $id) {
+                if (! in_array($id, $accessible_folder_ids)) {
+                    abort(403);
+                }
+            }
+        }
+
+        if (! is_array($requested_id)) {
+            if (! in_array($requested_id, $accessible_folder_ids)) {
+                abort(403);
+            }
+        }
+    }
+}

src/Domain/Sharing/Actions/VerifyAccessToItemWithinAction.php

@@ -0,0 +1,33 @@
+<?php
+namespace Domain\Sharing\Actions;
+
+use Domain\Files\Models\File;
+use Domain\Sharing\Models\Share;
+
+class VerifyAccessToItemWithinAction
+{
+    public function __construct(
+        private VerifyAccessToItemAction $verifyAccessToItem,
+    ) {
+    }
+
+    /**
+     * Check user file access
+     */
+    public function __invoke(
+        Share $shared,
+        File $file
+    ): void {
+        // Check by parent folder permission
+        if ($shared->type === 'folder') {
+            ($this->verifyAccessToItem)($file->folder_id, $shared);
+        }
+
+        // Check by single file permission
+        if ($shared->type === 'file') {
+            if ($shared->item_id !== $file->id) {
+                abort(403);
+            }
+        }
+    }
+}