api refactoring

2026-04-05 18:23:48 +00:00 · 2022-05-31 15:12:31 +02:00
parent a4b18c26b5
commit 7659cc7221
9 changed files with 38 additions and 18 deletions
--- a/resources/js/components/Popups/ShareCreatePopup.vue
+++ b/resources/js/components/Popups/ShareCreatePopup.vue
@@ -213,6 +213,7 @@ export default {
            isExpiration: false,
            isEmailSharing: false,
            shareOptions: {
+				id: undefined,
                isPassword: undefined,
                expiration: undefined,
                password: undefined,
@@ -244,7 +245,7 @@ export default {

            // Send request to get share link
            axios
-                .post(`/api/share/${this.id}`, this.shareOptions)
+                .post('/api/share', this.shareOptions)
                .then((response) => {
                    // End loading
                    this.isGeneratedShared = true
@@ -278,18 +279,18 @@ export default {
            this.pickedItem = args.item

            this.shareOptions.type = args.item.data.type
-            this.id = args.item.data.id
+            this.shareOptions.id = args.item.data.id
        })

        // Close popup
        events.$on('popup:close', () => {
            // Restore data
            setTimeout(() => {
-				this.id = undefined
                this.isGeneratedShared = false
                this.isExpiration = false
                this.isEmailSharing = false
                this.shareOptions = {
+					id: undefined,
                    isPassword: false,
                    expiration: undefined,
                    password: undefined,
--- a/routes/api.php
+++ b/routes/api.php
@@ -83,7 +83,7 @@ Route::group(['middleware' => ['auth:sanctum']], function () {
    Route::get('/share/{token}/qr', GetShareLinkViaQrCodeController::class);
    Route::post('/share/{token}/email', ShareViaEmailController::class);
    Route::apiResource('/share', ShareController::class);
-    Route::post('/share/{id}', ShareItemController::class);
+    Route::post('/share', ShareItemController::class);

    // Notifications
    Route::post('/notifications/read', MarkUserNotificationsAsReadController::class);
--- a/routes/teams.php
+++ b/routes/teams.php
@@ -13,7 +13,9 @@ Route::group(['middleware' => ['auth:sanctum']], function () {
    Route::get('/shared-with-me/{id}', BrowseSharedWithMeController::class);
    Route::apiResource('/folders', TeamFoldersController::class);

-    Route::post('/folders/{folder}/convert', ConvertFolderIntoTeamFolderController::class);
-    Route::delete('/folders/{folder}/leave', LeaveTeamFolderController::class);
-    Route::get('/folders/{folder}/tree', NavigationTreeController::class);
+    Route::group(['prefix' => '/folders'], function() {
+        Route::post('/{folder}/convert', ConvertFolderIntoTeamFolderController::class);
+        Route::delete('/{folder}/leave', LeaveTeamFolderController::class);
+        Route::get('/{folder}/tree', NavigationTreeController::class);
+    });
 });
--- a/src/App/Users/Requests/UpdateAvatarRequest.php
+++ b/src/App/Users/Requests/UpdateAvatarRequest.php
@@ -23,7 +23,7 @@ class UpdateAvatarRequest extends FormRequest
    public function rules()
    {
        return [
-            'avatar' => 'required|file',
+            'avatar' => 'required|file|mimes:jpg,jpeg,png',
        ];
    }
 }
--- a/src/Domain/Browsing/Controllers/SpotlightSearchController.php
+++ b/src/Domain/Browsing/Controllers/SpotlightSearchController.php
@@ -38,7 +38,10 @@ class SpotlightSearchController
    ): JsonResponse {
        // Prevent to show non admin user searching
        if (Auth::user()->role !== 'admin') {
-            abort(response()->json(accessDeniedError()), 403);
+            abort(response()->json([
+                'type'    => 'error',
+                'message' => 'Access denied. You need administrator privileges to search the users.',
+            ]), 403);
        }

        // Get user ids
--- a/src/Domain/Browsing/Controllers/VisitorBrowseFolderController.php
+++ b/src/Domain/Browsing/Controllers/VisitorBrowseFolderController.php
@@ -10,6 +10,7 @@ use Domain\Folders\Resources\FolderResource;
 use Domain\Folders\Resources\FolderCollection;
 use Domain\Sharing\Actions\ProtectShareRecordAction;
 use Domain\Sharing\Actions\VerifyAccessToItemAction;
+use Str;

 /**
 * Browse shared folder
@@ -26,14 +27,19 @@ class VisitorBrowseFolderController
        string $id,
        Share $shared,
    ): JsonResponse {
+
+        $folderId = Str::isUuid($id)
+            ? $id
+            : $shared->item_id;
+
        // Check ability to access protected share record
        ($this->protectShareRecord)($shared);

        // Check if user can get directory
-        ($this->verifyAccessToItem)($id, $shared);
+        ($this->verifyAccessToItem)($folderId, $shared);

        // Get requested folder
-        $requestedFolder = Folder::findOrFail($id);
+        $requestedFolder = Folder::findOrFail($folderId);

        $page = request()->has('page')
            ? request()->input('page')
@@ -43,13 +49,13 @@ class VisitorBrowseFolderController
        $query = [
            'folder' => [
                'where' => [
-                    'parent_id'   => $id,
+                    'parent_id'   => $folderId,
                    'user_id'     => $shared->user_id,
                ],
            ],
            'file' => [
                'where' => [
-                    'parent_id'   => $id,
+                    'parent_id'   => $folderId,
                    'user_id'     => $shared->user_id,
                ],
            ],
--- a/src/Domain/Sharing/Controllers/ShareItemController.php
+++ b/src/Domain/Sharing/Controllers/ShareItemController.php
@@ -21,9 +21,8 @@ class ShareItemController extends Controller
     */
    public function __invoke(
        CreateShareRequest $request,
-        string $id,
    ): JsonResponse {
-        $item = get_item($request->input('type'), $id);
+        $item = get_item($request->input('type'), $request->input('id'));

        // Check if item is currently shared
        if ($item->shared()->exists()) {
--- a/src/Domain/Sharing/Requests/CreateShareRequest.php
+++ b/src/Domain/Sharing/Requests/CreateShareRequest.php
@@ -24,6 +24,7 @@ class CreateShareRequest extends FormRequest
    public function rules()
    {
        return [
+            'id'         => 'required|uuid',
            'isPassword' => 'sometimes|boolean',
            'password'   => 'required_if:isPassword,true',
            'type'       => 'required|string',
--- a/src/Domain/Teams/Controllers/TeamFoldersController.php
+++ b/src/Domain/Teams/Controllers/TeamFoldersController.php
@@ -1,6 +1,7 @@
 <?php
 namespace Domain\Teams\Controllers;

+use Gate;
 use Illuminate\Support\Str;
 use Domain\Files\Models\File;
 use Domain\Folders\Models\Folder;
@@ -41,9 +42,16 @@ class TeamFoldersController extends Controller

        $entriesPerPage = config('vuefilemanager.paginate.perPage');

-        // TODO: check privileges
-
        if ($id) {
+            // Get team folder
+            $teamFolder = Folder::findOrFail($id)
+                ->getLatestParent();
+
+            // Check privileges
+            if (! Gate::any(['can-edit', 'can-view'], [$teamFolder, null])) {
+                return response()->json(accessDeniedError(), 403);
+            }
+
            $query = [
                'folder' => [
                    'where' => [
@@ -111,7 +119,7 @@ class TeamFoldersController extends Controller
            'meta'       => [
                'paginate'   => $paginate,
                'teamFolder' => $id
-                    ? new FolderResource(Folder::findOrFail($id)->getLatestParent())
+                    ? new FolderResource($teamFolder)
                    : null,
                'root'       => $id
                    ? new FolderResource(Folder::findOrFail($id))