diff --git a/app/Http/Controllers/FileFunctions/EditItemsController.php b/app/Http/Controllers/FileFunctions/EditItemsController.php index 36b901cb..b4d43912 100644 --- a/app/Http/Controllers/FileFunctions/EditItemsController.php +++ b/app/Http/Controllers/FileFunctions/EditItemsController.php @@ -323,28 +323,28 @@ class EditItemsController extends Controller * @param $unique_id * @return ResponseFactory|\Illuminate\Http\Response */ - public function user_move(MoveItemRequest $request, $unique_id) + public function user_move(MoveItemRequest $request) { // Demo preview if (is_demo(Auth::id())) { return Demo::response_204(); } + + $to_unique_id = $request->input('to_unique_id'); - // Check permission to upload for authenticated editor - if ($request->user()->tokenCan('editor')) { + // Check permission to upload for authenticated editor + if ($request->user()->tokenCan('editor')) { + // check if shared_token cookie exist + if (!$request->hasCookie('shared_token')) abort('401'); - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - // Check access to requested directory - Guardian::check_item_access($request->to_unique_id, $shared); - } + // Get shared token + $shared = get_shared($request->cookie('shared_token')); + // Check access to requested directory + Guardian::check_item_access($to_unique_id, $shared); + } // Move item - Editor::move($request, $unique_id); + Editor::move($request, $to_unique_id); return response('Done!', 204); } @@ -357,11 +357,14 @@ class EditItemsController extends Controller * @param $token * @return ResponseFactory|\Illuminate\Http\Response */ - public function guest_move(MoveItemRequest $request, $unique_id, $token) + public function guest_move(MoveItemRequest $request, $token) { // Get shared record $shared = get_shared($token); + //Unique id of Folder where move + $to_unique_id = $request->input('to_unique_id'); + // Demo preview if (is_demo(Auth::id())) { return Demo::response_204(); @@ -370,23 +373,28 @@ class EditItemsController extends Controller // Check shared permission if (!is_editor($shared)) abort(403); - $moving_unique_id = $unique_id; + foreach($request->input('items') as $item) { - if ($request->from_type !== 'folder') { - $file = FileManagerFile::where('unique_id', $unique_id) - ->where('user_id', $shared->user_id) - ->firstOrFail(); + $unique_id = $item['unique_id']; + $moving_unique_id = $unique_id; + - $moving_unique_id = $file->folder_id; + if ($item['type'] !== 'folder') { + $file = FileManagerFile::where('unique_id', $unique_id) + ->where('user_id', $shared->user_id) + ->firstOrFail(); + + $moving_unique_id = $file->folder_id; + } + + // Check access to requested item + Guardian::check_item_access([ + $to_unique_id, $moving_unique_id + ], $shared); } - // Check access to requested item - Guardian::check_item_access([ - $request->to_unique_id, $moving_unique_id - ], $shared); - // Move item - Editor::move($request, $unique_id, $shared); + Editor::move($request, $to_unique_id, $shared); return response('Done!', 204); } diff --git a/app/Http/Requests/FileFunctions/DeleteItemRequest.php b/app/Http/Requests/FileFunctions/DeleteItemRequest.php index f5364598..1524479e 100644 --- a/app/Http/Requests/FileFunctions/DeleteItemRequest.php +++ b/app/Http/Requests/FileFunctions/DeleteItemRequest.php @@ -27,7 +27,7 @@ class DeleteItemRequest extends FormRequest return [ 'data[*].force_delete' => 'required|boolean', 'data[*].type' => 'required|string', - 'data[*].unique_id' => 'required|numeric' + 'data[*].unique_id' => 'required|integer' ]; } } diff --git a/app/Http/Requests/FileFunctions/MoveItemRequest.php b/app/Http/Requests/FileFunctions/MoveItemRequest.php index 407f4cb3..a0977e20 100644 --- a/app/Http/Requests/FileFunctions/MoveItemRequest.php +++ b/app/Http/Requests/FileFunctions/MoveItemRequest.php @@ -25,8 +25,9 @@ class MoveItemRequest extends FormRequest public function rules() { return [ - 'to_unique_id' => 'required|integer', - 'from_type' => 'required|string', + 'to_unique_id' => 'required|integer', + 'items[*].type' => 'required|string', + 'items[*].unique_id' => 'required|integer', ]; } } diff --git a/app/Http/Tools/Editor.php b/app/Http/Tools/Editor.php index 75cb0644..b4ac2f7a 100644 --- a/app/Http/Tools/Editor.php +++ b/app/Http/Tools/Editor.php @@ -201,32 +201,36 @@ class Editor * @param $unique_id * @param null $shared */ - public static function move($request, $unique_id, $shared = null) + public static function move($request, $to_unique_id, $shared = null) { // Get user id $user_id = is_null($shared) ? Auth::id() : $shared->user_id; - if ($request->from_type === 'folder') { + foreach($request->input('items') as $item) { + $unique_id = $item['unique_id']; - // Move folder - $item = FileManagerFolder::where('user_id', $user_id) - ->where('unique_id', $unique_id) - ->firstOrFail(); + if ($item['type'] === 'folder') { - $item->update([ - 'parent_id' => $request->to_unique_id - ]); + // Move folder + $item = FileManagerFolder::where('user_id', $user_id) + ->where('unique_id', $unique_id) + ->firstOrFail(); - } else { + $item->update([ + 'parent_id' => $to_unique_id + ]); - // Move file under new folder - $item = FileManagerFile::where('user_id', $user_id) - ->where('unique_id', $unique_id) - ->firstOrFail(); + } else { - $item->update([ - 'folder_id' => $request->to_unique_id - ]); + // Move file under new folder + $item = FileManagerFile::where('user_id', $user_id) + ->where('unique_id', $unique_id) + ->firstOrFail(); + + $item->update([ + 'folder_id' => $to_unique_id + ]); + } } } diff --git a/routes/api.php b/routes/api.php index a4ed95a6..8990e6f3 100644 --- a/routes/api.php +++ b/routes/api.php @@ -47,7 +47,7 @@ Route::group(['middleware' => ['api']], function () { Route::post('/remove-item/public/{token}', 'FileFunctions\EditItemsController@guest_delete_item'); Route::patch('/rename-item/{unique_id}/public/{token}', 'FileFunctions\EditItemsController@guest_rename_item'); Route::post('/create-folder/public/{token}', 'FileFunctions\EditItemsController@guest_create_folder'); - Route::patch('/move/{unique_id}/public/{token}', 'FileFunctions\EditItemsController@guest_move'); + Route::post('/move/public/{token}', 'FileFunctions\EditItemsController@guest_move'); Route::post('/upload/public/{token}', 'FileFunctions\EditItemsController@guest_upload'); // Sharing page browsing @@ -187,6 +187,6 @@ Route::group(['middleware' => ['auth:api', 'auth.shared', 'auth.master', 'scope: Route::post('/remove-item', 'FileFunctions\EditItemsController@user_delete_item'); Route::patch('/rename-item/{unique_id}', 'FileFunctions\EditItemsController@user_rename_item'); Route::post('/create-folder', 'FileFunctions\EditItemsController@user_create_folder'); - Route::patch('/move/{unique_id}', 'FileFunctions\EditItemsController@user_move'); + Route::post('/move', 'FileFunctions\EditItemsController@user_move'); Route::post('/upload', 'FileFunctions\EditItemsController@user_upload'); });