nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-05-23 21:34:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

added it_get_private_user_image_thumbnail, guest_try_to_get_private_user_image_thumbnail, logged_user_try_to_get_another_private_user_image_thumbnail

Browse Source
This commit is contained in:
Peter Papp
2021-03-07 11:47:12 +01:00
parent 9f1174b547
commit 891ca7260b
2 changed files with 129 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Http/Controllers/FileAccessController.php
+17 -19
View File
@@ -88,7 +88,7 @@ class FileAccessController extends Controller
// Store user download size // Store user download size
$request->user()->record_download( $request->user()->record_download(
(int) $file->getRawOriginal('filesize') (int)$file->getRawOriginal('filesize')
); );
return $this->download_file($file, Auth::id()); return $this->download_file($file, Auth::id());
@@ -186,17 +186,17 @@ class FileAccessController extends Controller
public function get_thumbnail(Request $request, $filename) public function get_thumbnail(Request $request, $filename)
{ {
// Get file record // Get file record
$file = File::withTrashed() $file = UserFile::withTrashed()
->where('user_id', $request->user()->id) ->whereUserId(Auth::id())
->where('thumbnail', $filename) ->whereThumbnail($filename)
->firstOrFail(); ->firstOrFail();
// Check user permission // Check user permission
if (!$request->user()->tokenCan('master')) { /*if (!$request->user()->tokenCan('master')) {
$this->check_file_access($request, $file); $this->check_file_access($request, $file);
} }*/
return $this->thumbnail_file($file); return $this->thumbnail_file($file, Auth::id());
} }
/** /**
@@ -267,27 +267,25 @@ class FileAccessController extends Controller
// Get pretty name // Get pretty name
$pretty_name = get_pretty_name($file->basename, $file->name, $file->mimetype); $pretty_name = get_pretty_name($file->basename, $file->name, $file->mimetype);
$headers = [
"Accept-Ranges" => "bytes",
"Content-Type" => Storage::mimeType($path),
"Content-Length" => Storage::size($path),
"Content-Range" => "bytes 0-600/" . Storage::size($path),
"Content-Disposition" => "attachment; filename=$pretty_name",
];
return response() return response()
->download(Storage::path($path), $pretty_name, $headers); ->download(Storage::path($path), $pretty_name, [
"Accept-Ranges" => "bytes",
"Content-Type" => Storage::mimeType($path),
"Content-Length" => Storage::size($path),
"Content-Range" => "bytes 0-600/" . Storage::size($path),
"Content-Disposition" => "attachment; filename=$pretty_name",
]);
} }
/** /**
* @param $file * @param $file
* @param $user_id
* @return mixed * @return mixed
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/ */
private function thumbnail_file($file) private function thumbnail_file($file, $user_id)
{ {
// Get file path // Get file path
$path = '/files/' . $file->getRawOriginal('thumbnail'); $path = "/files/$user_id/{$file->getRawOriginal('thumbnail')}";
// Check if file exist // Check if file exist
if (!Storage::exists($path)) abort(404); if (!Storage::exists($path)) abort(404);
tests/Feature/FileAccessTest.php
+112 -38
View File
@@ -73,43 +73,6 @@ class FileAccessTest extends TestCase
$this->setup->create_directories(); $this->setup->create_directories();
$file = UploadedFile::fake()
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
$user = User::factory(User::class)
->create();
Sanctum::actingAs($user);
$this->postJson('/api/upload', [
'file' => $file,
'folder_id' => null,
'is_last' => true,
])->assertStatus(201);
$this->get("file/$file->name")
->assertOk();
}
/**
* @test
*/
public function guest_try_to_get_private_user_file()
{
$this->get("file/fake-file.pdf")
->assertRedirect();
}
/**
* @test
*/
public function logged_user_try_to_get_another_private_user_file()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class) $user = User::factory(User::class)
->create(); ->create();
@@ -120,6 +83,7 @@ class FileAccessTest extends TestCase
File::factory(File::class) File::factory(File::class)
->create([ ->create([
'user_id' => $user->id,
'basename' => $file->name, 'basename' => $file->name,
'name' => 'fake-file.pdf', 'name' => 'fake-file.pdf',
]); ]);
@@ -127,7 +91,37 @@ class FileAccessTest extends TestCase
Sanctum::actingAs($user); Sanctum::actingAs($user);
$this->get("file/$file->name") $this->get("file/$file->name")
->assertNotFound(); ->assertOk();
}
/**
* @test
*/
public function it_get_private_user_image_thumbnail()
{
Storage::fake('local');
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
$thumbnail = UploadedFile::fake()
->image(Str::random() . '-fake-thumbnail.jpg');
Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name);
File::factory(File::class)
->create([
'user_id' => $user->id,
'thumbnail' => $thumbnail->name,
'name' => 'fake-thumbnail.jpg',
]);
Sanctum::actingAs($user);
$this->get("thumbnail/$thumbnail->name")
->assertStatus(200);
} }
/** /**
@@ -158,6 +152,68 @@ class FileAccessTest extends TestCase
->assertOk(); ->assertOk();
} }
/**
* @test
*/
public function logged_user_try_to_get_another_private_user_image_thumbnail()
{
Storage::fake('local');
$this->setup->create_directories();
$users = User::factory(User::class)
->count(2)
->create();
$thumbnail = UploadedFile::fake()
->image(Str::random() . '-fake-thumbnail.jpg');
Storage::putFileAs("files/{$users[0]->id}", $thumbnail, $thumbnail->name);
File::factory(File::class)
->create([
'user_id' => $users[0]->id,
'thumbnail' => $thumbnail->name,
'name' => 'fake-thumbnail.jpg',
]);
Sanctum::actingAs($users[1]);
$this->get("thumbnail/$thumbnail->name")
->assertNotFound();
}
/**
* @test
*/
public function logged_user_try_to_get_another_private_user_file()
{
Storage::fake('local');
$this->setup->create_directories();
$users = User::factory(User::class)
->count(2)
->create();
$file = UploadedFile::fake()
->create(Str::random() . '-fake-file.pdf', 1200, 'application/pdf');
Storage::putFileAs("files/{$users[0]->id}", $file, $file->name);
File::factory(File::class)
->create([
'user_id' => $users[0]->id,
'basename' => $file->name,
'name' => 'fake-file.pdf',
]);
Sanctum::actingAs($users[1]);
$this->get("file/$file->name")
->assertNotFound();
}
/** /**
* @test * @test
*/ */
@@ -185,6 +241,15 @@ class FileAccessTest extends TestCase
->assertNotFound(); ->assertNotFound();
} }
/**
* @test
*/
public function guest_try_to_get_private_user_file()
{
$this->get("file/fake-file.pdf")
->assertRedirect();
}
/** /**
* @test * @test
*/ */
@@ -193,4 +258,13 @@ class FileAccessTest extends TestCase
$this->get("zip/EHWKcuvKzA4Gv29v-archive.zip") $this->get("zip/EHWKcuvKzA4Gv29v-archive.zip")
->assertRedirect(); ->assertRedirect();
} }
/**
* @test
*/
public function guest_try_to_get_private_user_image_thumbnail()
{
$this->get("thumbnail/fake-thumbnail.jpg")
->assertRedirect();
}
} }