nexus/vuefilemanager
2
0
Fork 0
mirror of https://github.com/VueFileManager/vuefilemanager.git synced 2026-04-05 18:23:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

- public sharing refactored part 3

Browse Source
This commit is contained in:
Peter Papp
2021-03-19 10:13:48 +01:00
parent ed8ab2978f
commit f4b3f1f163
10 changed files with 593 additions and 486 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Http/Controllers/FileManager/BrowseController.php
View File

@@ -199,7 +199,7 @@ class BrowseController extends Controller
{
$user_id = Auth::id();
$query = remove_accents($request->query);
$query = remove_accents($request->input('query'));
// Search files id db
$searched_files = File::search($query)

166
app/Http/Controllers/FileManager/EditItemsController.php
View File

@@ -24,6 +24,7 @@ class EditItemsController extends Controller
{
private $filemanager;
private $helper;
private $demo;
public function __construct()
{
@@ -36,29 +37,15 @@ class EditItemsController extends Controller
* Create new folder for authenticated master|editor user
*
* @param CreateFolderRequest $request
* @return array
* @return Folder|array|Model
* @throws Exception
*/
public function create_folder(CreateFolderRequest $request)
{
// Demo preview
if (is_demo(Auth::id())) {
if (is_demo_account('howdy@hi5ve.digital')) {
return $this->demo->create_folder($request);
}
// Check permission to create folder for authenticated editor
/*if ($request->user()->tokenCan('editor')) {
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Check access to requested directory
$this->helper->check_item_access($request->parent_id, $shared);
}*/
// Create new folder
return $this->filemanager->create_folder($request);
}
@@ -73,34 +60,13 @@ class EditItemsController extends Controller
*/
public function rename_item(RenameItemRequest $request, $id)
{
// Demo preview
if (is_demo(Auth::id())) {
if (is_demo_account('howdy@hi5ve.digital')) {
return $this->demo->rename_item($request, $id);
}
// Check permission to rename item for authenticated editor
/*if ($request->user()->tokenCan('editor')) {
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Get file|folder item
$item = get_item($request->type, $id);
// Check access to requested directory
if ($request->type === 'folder') {
$this->helper->check_item_access($item->id, $shared);
} else {
$this->helper->check_item_access($item->folder_id, $shared);
}
}*/
// If request have a change folder icon values set the folder icon
if ($request->type === 'folder' && ($request->filled('emoji') || $request->filled('color'))) {
$this->filemanager->set_folder_icon($request, $id);
// If request contain icon or color, then change it
if ($request->filled('emoji') || $request->filled('color')) {
$this->filemanager->edit_folder_properties($request, $id);
}
// Rename Item
@@ -111,77 +77,35 @@ class EditItemsController extends Controller
* Delete item for authenticated master|editor user
*
* @param DeleteItemRequest $request
* @param $id
* @return ResponseFactory|\Illuminate\Http\Response
* @throws Exception
*/
public function delete_item(DeleteItemRequest $request)
{
// Demo preview
if (is_demo(Auth::id())) {
if (is_demo_account('howdy@hi5ve.digital')) {
return $this->demo->response_with_no_content();
}
foreach ($request->input('items') as $item) {
// Check permission to delete item for authenticated editor
/*if ($request->user()->tokenCan('editor')) {
// Prevent force delete for non-master users
if ($item['force_delete']) abort('401');
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Get file|folder item
$item = get_item($item['type'], $item['id']);
// Check access to requested directory
if ($item['type'] === 'folder') {
$this->helper->check_item_access($item->id, $shared);
} else {
$this->helper->check_item_access($item->folder_id, $shared);
}
}*/
// Delete item
$this->filemanager->delete_item($item, $item['id']);
}
return response(null, 204);
return response('Done', 204);
}
/**
* Upload file for authenticated master|editor user
*
* @param UploadRequest $request
* @return File|Model
* @return array|Model|\Illuminate\Support\Facades\File
* @throws Exception
*/
public function upload(UploadRequest $request)
{
// Demo preview
if (is_demo(Auth::id())) {
if (is_demo_account('howdy@hi5ve.digital')) {
return $this->demo->upload($request);
}
// Check permission to upload for authenticated editor
/*if ($request->user()->tokenCan('editor')) {
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Check access to requested directory
$this->helper->check_item_access($request->parent_id, $shared);
}*/
// Return new uploaded file
return $this->filemanager->upload($request);
}
@@ -189,33 +113,15 @@ class EditItemsController extends Controller
* Move item for authenticated master|editor user
*
* @param MoveItemRequest $request
* @param $id
* @return ResponseFactory|\Illuminate\Http\Response
*/
public function move(MoveItemRequest $request)
{
// Demo preview
if (is_demo(Auth::id())) {
if (is_demo_account('howdy@hi5ve.digital')) {
return $this->demo->response_with_no_content();
}
$to_id = $request->input('to_id');
// Check permission to upload for authenticated editor
/*if ($request->user()->tokenCan('editor')) {
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Check access to requested directory
$this->helper->check_item_access($to_id, $shared);
}*/
// Move item
$this->filemanager->move($request, $to_id);
$this->filemanager->move($request, $request->to_id);
return response('Done!', 204);
}
@@ -225,36 +131,19 @@ class EditItemsController extends Controller
*
* @param $id
* @return string
* @throws \Illuminate\Contracts\Filesystem\FileNotFoundException
*/
public function zip_folder(Request $request, $id)
public function zip_folder($id)
{
// Get user id
$user_id = Auth::id();
// Check permission to download for authenticated editor
/*if ($request->user()->tokenCan('editor')) {
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
// Check access to requested directory
$this->helper->check_item_access($id, $shared);
}*/
// Get folder
$folder = Folder::whereUserId($user_id)
$folder = Folder::whereUserId(Auth::id())
->where('id', $id);
if (!$folder->exists()) {
abort(404, 'Requested folder doesn\'t exists.');
abort(404, "Requested folder doesn't exists.");
}
$zip = $this->filemanager->zip_folder($id);
// Get file
return response([
'url' => route('zip', $zip->id),
'name' => $zip->basename,
@@ -269,33 +158,12 @@ class EditItemsController extends Controller
*/
public function zip_multiple_files(Request $request)
{
// Check permission to upload for authenticated editor
/*if ($request->user()->tokenCan('editor')) {
// check if shared_token cookie exist
if (!$request->hasCookie('shared_token')) abort('401');
// Get shared token
$shared = get_shared($request->cookie('shared_token'));
$file_parent_folders = File::whereUserId(Auth::id())
->whereIn('id', $request->input('files'))
->get()
->pluck('folder_id')
->toArray();
// Check access to requested directory
$this->helper->check_item_access($file_parent_folders, $shared);
}*/
// Get requested files
$files = File::whereUserId(Auth::id())
->whereIn('id', $request->input('items'))
->get();
$zip = $this->filemanager->zip_files($files);
// Get file
return response([
'url' => route('zip', $zip->id),
'name' => $zip->basename,

9
app/Http/Controllers/Sharing/BrowseShareController.php
View File

@@ -61,6 +61,7 @@ class BrowseShareController extends Controller
/**
* Check Password for protected item
*
* @param AuthenticateShareRequest $request
* @param Share $shared
* @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\Response
@@ -84,7 +85,7 @@ class BrowseShareController extends Controller
}
/**
* Browse public folders
* Browse shared folder
*
* @param $id
* @param Share $shared
@@ -112,7 +113,7 @@ class BrowseShareController extends Controller
}
/**
* Search public files
* Search shared files
*
* @param Request $request
* @param Share $shared
@@ -167,7 +168,7 @@ class BrowseShareController extends Controller
}
/**
* Get navigation tree
* Get navigation tree of shared folder
*
* @param Share $shared
* @return array
@@ -198,7 +199,7 @@ class BrowseShareController extends Controller
}
/**
* Get shared public file record
* Get shared file record
*
* @param Share $shared
* @return mixed

10
app/Http/Controllers/Sharing/FileSharedAccessController.php
View File

@@ -54,14 +54,13 @@ class FileSharedAccessController extends Controller
* Get file public
*
* @param $filename
* @param $permission
* @param Share $shared
* @return mixed
*/
public function get_file_public($filename, $permission, Share $shared)
public function get_file_public($filename, Share $shared)
{
// Check ability to access protected share files
$this->helper->check_protected_share_record($shared, $permission);
$this->helper->check_protected_share_record($shared);
// Get file record
$file = UserFile::where('user_id', $shared->user_id)
@@ -85,14 +84,13 @@ class FileSharedAccessController extends Controller
* Get public image thumbnail
*
* @param $filename
* @param $permission
* @param Share $shared
* @return mixed
*/
public function get_thumbnail_public($filename, $permission, Share $shared)
public function get_thumbnail_public($filename, Share $shared)
{
// Check ability to access protected share files
$this->helper->check_protected_share_record($shared, $permission);
$this->helper->check_protected_share_record($shared);
// Get file record
$file = UserFile::where('user_id', $shared->user_id)

19
app/Http/Controllers/Sharing/EditShareItemsController.php → app/Http/Controllers/Sharing/ManipulateShareItemsController.php
View File

@@ -19,7 +19,7 @@ use Illuminate\Database\Eloquent\Model;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class EditShareItemsController extends Controller
class ManipulateShareItemsController extends Controller
{
private $filemanager;
private $helper;
@@ -45,6 +45,9 @@ class EditShareItemsController extends Controller
return $this->demo->create_folder($request);
}
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check shared permission
if (is_visitor($shared)) {
abort(403);
@@ -74,6 +77,9 @@ class EditShareItemsController extends Controller
return $this->demo->rename_item($request, $id);
}
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check shared permission
if (is_visitor($shared)) {
abort(403);
@@ -91,7 +97,7 @@ class EditShareItemsController extends Controller
// If request have a change folder icon values set the folder icon
if ($request->type === 'folder' && $request->filled('icon')) {
$this->filemanager->set_folder_icon($request, $id);
$this->filemanager->edit_folder_properties($request, $id);
}
// Rename item
@@ -119,6 +125,9 @@ class EditShareItemsController extends Controller
return $this->demo->response_with_no_content();
}
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check shared permission
if (is_visitor($shared)) {
abort(403);
@@ -157,6 +166,9 @@ class EditShareItemsController extends Controller
return $this->demo->upload($request);
}
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check shared permission
if (is_visitor($shared)) {
abort(403);
@@ -187,6 +199,9 @@ class EditShareItemsController extends Controller
return $this->demo->response_with_no_content();
}
// Check ability to access protected share record
$this->helper->check_protected_share_record($shared);
// Check shared permission
if (is_visitor($shared)) {
abort(403);

3
app/Models/Folder.php
View File

@@ -10,6 +10,9 @@ use TeamTNT\TNTSearch\Indexer\TNTIndexer;
use \Illuminate\Database\Eloquent\SoftDeletes;
use Kyslik\ColumnSortable\Sortable;
/**
* @method static whereUserId(int|string|null $id)
*/
class Folder extends Model
{
use Searchable, SoftDeletes, Sortable, HasFactory;

2
app/Services/FileManagerService.php
View File

@@ -447,7 +447,7 @@ class FileManagerService
* @param $request
* @param $id
*/
public function set_folder_icon($request, $id)
public function edit_folder_properties($request, $id)
{
// Get folder
$folder = Folder::find($id);

16
routes/share.php
View File

@@ -2,22 +2,22 @@
use App\Http\Controllers\App\AppFunctionsController;
use App\Http\Controllers\Sharing\BrowseShareController;
use App\Http\Controllers\Sharing\EditShareItemsController;
use App\Http\Controllers\Sharing\ManipulateShareItemsController;
use App\Http\Controllers\FileManager\ShareController;
// Browse functions
Route::group(['prefix' => 'editor'], function () {
Route::post('/create-folder/{shared}', [EditShareItemsController::class, 'create_folder']);
Route::patch('/rename/{id}/{shared}', [EditShareItemsController::class, 'rename_item']);
Route::post('/remove/{shared}', [EditShareItemsController::class, 'delete_item']);
Route::post('/upload/{shared}', [EditShareItemsController::class, 'upload']);
Route::post('/move/{shared}', [EditShareItemsController::class, 'move']);
Route::post('/create-folder/{shared}', [ManipulateShareItemsController::class, 'create_folder']);
Route::patch('/rename/{id}/{shared}', [ManipulateShareItemsController::class, 'rename_item']);
Route::post('/remove/{shared}', [ManipulateShareItemsController::class, 'delete_item']);
Route::post('/upload/{shared}', [ManipulateShareItemsController::class, 'upload']);
Route::post('/move/{shared}', [ManipulateShareItemsController::class, 'move']);
});
// Zip shared items
Route::group(['prefix' => 'zip'], function () {
Route::post('/files/{shared}', [EditShareItemsController::class, 'zip_multiple_files']);
Route::get('/folder/{id}/{shared}', [EditShareItemsController::class, 'zip_folder']);
Route::post('/files/{shared}', [ManipulateShareItemsController::class, 'zip_multiple_files']);
Route::get('/folder/{id}/{shared}', [ManipulateShareItemsController::class, 'zip_folder']);
});
// Browse share content

199
tests/Feature/Share/VisitorAccessToItemsTest.php
View File

@@ -27,14 +27,14 @@ class VisitorAccessToItemsTest extends TestCase
/**
* @test
*/
public function it_get_public_file_record_and_download_file_within()
public function it_download_file()
{
Storage::fake('local');
$this->setup->create_directories();
collect(['private', 'public'])
->each(function ($permission) {
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
@@ -49,7 +49,7 @@ class VisitorAccessToItemsTest extends TestCase
'filesize' => $document->getSize(),
'user_id' => $user->id,
'basename' => $document->name,
'name' => 'fake-file.pdf',
'name' => $document->name,
]);
$share = Share::factory(Share::class)
@@ -57,46 +57,31 @@ class VisitorAccessToItemsTest extends TestCase
'item_id' => $file->id,
'user_id' => $user->id,
'type' => 'file',
'is_protected' => $permission === 'private',
'password' => \Hash::make('secret'),
'is_protected' => $is_protected,
]);
if ($permission === 'private') {
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this->disableCookieEncryption();
$this->defaultCookies = $cookie;
$this->get("/api/browse/file/$share->token/private")
->assertStatus(200)
->assertJsonFragment([
'basename' => $document->name
]);
$this->get("/file/$document->name/private/$share->token")
$this->withCookies($cookie)
->get("/file/$document->name/$share->token")
->assertStatus(200);
}
if ($permission === 'public') {
$this->get("/api/browse/file/$share->token/public")
->assertStatus(200)
->assertJsonFragment([
'basename' => $document->name
]);
if (!$is_protected) {
// Get shared file
$this->get("/file/$document->name/public/$share->token")
$this->get("/file/$document->name/$share->token")
->assertStatus(200);
}
/*$this->assertDatabaseHas('traffic', [
$this->assertDatabaseHas('traffic', [
'user_id' => $user->id,
]);*/
]);
});
}
@@ -112,7 +97,7 @@ class VisitorAccessToItemsTest extends TestCase
]);
// Get share record
$this->get("/api/browse/file/$share->token/public")
$this->get("/api/browse/file/$share->token")
->assertStatus(403);
}
@@ -125,34 +110,54 @@ class VisitorAccessToItemsTest extends TestCase
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
collect([true, false])
->each(function ($is_protected) {
$thumbnail = UploadedFile::fake()
->image(Str::random() . '-fake-image.jpg');
$user = User::factory(User::class)
->create();
Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name);
$thumbnail = UploadedFile::fake()
->image(Str::random() . '-fake-image.jpg');
$file = File::factory(File::class)
->create([
'user_id' => $user->id,
'thumbnail' => $thumbnail->name,
'basename' => $thumbnail->name,
'name' => 'fake-thumbnail.jpg',
'type' => 'image',
'mimetype' => 'jpg',
]);
Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name);
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $user->id,
'type' => 'file',
'is_protected' => false,
]);
$file = File::factory(File::class)
->create([
'user_id' => $user->id,
'thumbnail' => $thumbnail->name,
'basename' => $thumbnail->name,
'name' => 'fake-thumbnail.jpg',
'type' => 'image',
'mimetype' => 'jpg',
]);
$this->get("/share/$share->token")
->assertStatus(200);
$share = Share::factory(Share::class)
->create([
'item_id' => $file->id,
'user_id' => $user->id,
'type' => 'file',
'is_protected' => $is_protected,
]);
if ($is_protected) {
$cookie = [
'share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])
];
$this->withCookies($cookie)
->get("/share/$share->token")
->assertStatus(200);
}
if (!$is_protected) {
$this->get("/share/$share->token")
->assertStatus(200);
}
});
}
/**
@@ -164,8 +169,8 @@ class VisitorAccessToItemsTest extends TestCase
$this->setup->create_directories();
collect(['private', 'public'])
->each(function ($permission) {
collect([true, false])
->each(function ($is_protected) {
$user = User::factory(User::class)
->create();
@@ -187,22 +192,26 @@ class VisitorAccessToItemsTest extends TestCase
'item_id' => $file->id,
'user_id' => $user->id,
'type' => 'file',
'is_protected' => $permission === 'private',
'password' => \Hash::make('secret'),
'is_protected' => $is_protected,
]);
// Get thumbnail file
if ($permission === 'private') {
$this->withCookie('share_session', json_encode([
'token' => $share->token,
'authenticated' => true,
]))
->get("/thumbnail/$thumbnail->name/private/$share->token")
if ($is_protected) {
$cookie = [
'share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])
];
$this->withCookies($cookie)
->get("/thumbnail/$thumbnail->name/$share->token")
->assertStatus(200);
}
if ($permission === 'public') {
$this->get("/thumbnail/$thumbnail->name/public/$share->token")
if (!$is_protected) {
$this->get("/thumbnail/$thumbnail->name/$share->token")
->assertStatus(200);
}
@@ -222,33 +231,53 @@ class VisitorAccessToItemsTest extends TestCase
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
collect([true, false])
->each(function ($is_protected) {
$share = Share::factory(Share::class)
->create([
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
]);
$user = User::factory(User::class)
->create();
$zip = Zip::factory(Zip::class)->create([
'basename' => 'EHWKcuvKzA4Gv29v-archive.zip',
'user_id' => $user->id,
'shared_token' => $share->token,
]);
$share = Share::factory(Share::class)
->create([
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
]);
$file = UploadedFile::fake()
->create($zip->basename, 1000, 'application/zip');
$zip = Zip::factory(Zip::class)->create([
'basename' => 'EHWKcuvKzA4Gv29v-archive.zip',
'user_id' => $user->id,
'shared_token' => $share->token,
]);
Storage::putFileAs("zip", $file, $file->name);
$file = UploadedFile::fake()
->create($zip->basename, 1000, 'application/zip');
$this->get("/zip/$zip->id/public/$share->token")
->assertStatus(200);
Storage::putFileAs("zip", $file, $file->name);
$this->assertDatabaseMissing('traffic', [
'user_id' => $user->id,
'download' => null,
]);
if ($is_protected) {
$cookie = [
'share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])
];
$this->withCookies($cookie)
->get("/zip/$zip->id/$share->token")
->assertStatus(200);
}
if (!$is_protected) {
$this->get("/zip/$zip->id/$share->token")
->assertStatus(200);
}
$this->assertDatabaseMissing('traffic', [
'user_id' => $user->id,
'download' => null,
]);
});
}
}

653
tests/Feature/Share/VisitorManipulatingTest.php
View File

@@ -9,6 +9,7 @@ use App\Models\User;
use App\Services\SetupService;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Illuminate\Http\UploadedFile;
use Storage;
use Tests\TestCase;
class VisitorManipulatingTest extends TestCase
@@ -26,40 +27,69 @@ class VisitorManipulatingTest extends TestCase
*/
public function editor_rename_shared_file()
{
$user = User::factory(User::class)
->create();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$user = User::factory(User::class)
->create();
$file = File::factory(File::class)
->create([
'folder_id' => $folder->id
]);
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$file = File::factory(File::class)
->create([
'folder_id' => $folder->id
]);
$this->patchJson("/api/editor/rename/{$file->id}/public/$share->token", [
'name' => 'Renamed Item',
'type' => 'file',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Item',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$this->assertDatabaseHas('files', [
'name' => 'Renamed Item'
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->patch("/api/editor/rename/{$file->id}/$share->token", [
'name' => 'Renamed Item',
'type' => 'file',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Item',
]);
}
// Check public shared item
if (!$is_protected) {
$this->patchJson("/api/editor/rename/{$file->id}/$share->token", [
'name' => 'Renamed Item',
'type' => 'file',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Item',
]);
}
$this->assertDatabaseHas('files', [
'name' => 'Renamed Item',
'id' => $file->id,
]);
});
}
/**
@@ -67,41 +97,71 @@ class VisitorManipulatingTest extends TestCase
*/
public function editor_rename_shared_folder()
{
$user = User::factory(User::class)
->create();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$user = User::factory(User::class)
->create();
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id
]);
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id
]);
$this->patchJson("/api/editor/rename/{$children->id}/public/$share->token", [
'name' => 'Renamed Folder',
'type' => 'folder',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Folder',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$this->assertDatabaseHas('folders', [
'name' => 'Renamed Folder'
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->patch("/api/editor/rename/{$children->id}/$share->token", [
'name' => 'Renamed Folder',
'type' => 'folder',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Folder',
]);
}
// Check public shared item
if (!$is_protected) {
$this->patchJson("/api/editor/rename/{$children->id}/$share->token", [
'name' => 'Renamed Folder',
'type' => 'folder',
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Renamed Folder',
]);
}
$this->assertDatabaseHas('folders', [
'name' => 'Renamed Folder',
'id' => $children->id
]);
});
}
/**
@@ -109,37 +169,66 @@ class VisitorManipulatingTest extends TestCase
*/
public function editor_create_new_folder_in_shared_folder()
{
$user = User::factory(User::class)
->create();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$user = User::factory(User::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$this->postJson("/api/editor/create-folder/public/$share->token", [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Awesome New Folder',
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$this->assertDatabaseHas('folders', [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
'user_scope' => 'editor',
]);
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->post("/api/editor/create-folder/$share->token", [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Awesome New Folder',
]);
}
// Check public shared item
if (!$is_protected) {
$this->postJson("/api/editor/create-folder/$share->token", [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
])
->assertStatus(201)
->assertJsonFragment([
'name' => 'Awesome New Folder',
]);
}
$this->assertDatabaseHas('folders', [
'name' => 'Awesome New Folder',
'parent_id' => $folder->id,
'user_scope' => 'editor',
]);
});
}
/**
@@ -147,49 +236,75 @@ class VisitorManipulatingTest extends TestCase
*/
public function editor_delete_multiple_files_in_shared_folder()
{
$user = User::factory(User::class)
->create();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$user = User::factory(User::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
]);
$files = File::factory(File::class)
->count(2)
->create([
'folder_id' => $folder->id
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$this->postJson("/api/editor/remove/public/$share->token", [
'items' => [
[
'id' => $files[0]->id,
'type' => 'file',
'force_delete' => false,
],
[
'id' => $files[1]->id,
'type' => 'file',
'force_delete' => false,
],
],
])->assertStatus(204);
$files = File::factory(File::class)
->count(2)
->create([
'folder_id' => $folder->id
]);
$files
->each(function ($file) {
$this->assertSoftDeleted('files', [
'id' => $file->id,
]);
$payload = [
'items' => [
[
'id' => $files[0]->id,
'type' => 'file',
'force_delete' => false,
],
[
'id' => $files[1]->id,
'type' => 'file',
'force_delete' => false,
],
],
];
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->post("/api/editor/remove/$share->token", $payload)
->assertStatus(204);
}
// Check public shared item
if (!$is_protected) {
$this->postJson("/api/editor/remove/$share->token", $payload)
->assertStatus(204);
}
$files
->each(function ($file) {
$this->assertSoftDeleted('files', [
'id' => $file->id,
]);
});
});
}
@@ -202,45 +317,71 @@ class VisitorManipulatingTest extends TestCase
$this->setup->create_directories();
$user = User::factory(User::class)
->create();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'user_scope' => 'master',
]);
$user = User::factory(User::class)
->create();
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$folder = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'user_scope' => 'master',
]);
$file = UploadedFile::fake()
->create('fake-file.pdf', 1000, 'application/pdf');
$share = Share::factory(Share::class)
->create([
'item_id' => $folder->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$this->postJson("/api/editor/upload/public/$share->token", [
'file' => $file,
'folder_id' => $folder->id,
'is_last' => true,
])->assertStatus(201);
$file = UploadedFile::fake()
->create('fake-file.pdf', 1000, 'application/pdf');
$this->assertDatabaseHas('traffic', [
'user_id' => $user->id,
]);
// Check shared item protected by password
if ($is_protected) {
$this->assertDatabaseHas('files', [
'user_scope' => 'editor',
]);
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
Storage::disk('local')
->assertExists(
"files/$user->id/fake-file.pdf"
);
$this
->withUnencryptedCookies($cookie)
->post("/api/editor/upload/$share->token", [
'file' => $file,
'folder_id' => $folder->id,
'is_last' => true,
])->assertStatus(201);
}
// Check public shared item
if (!$is_protected) {
$this->postJson("/api/editor/upload/$share->token", [
'file' => $file,
'folder_id' => $folder->id,
'is_last' => true,
])->assertStatus(201);
}
$this->assertDatabaseHas('traffic', [
'user_id' => $user->id,
]);
$this->assertDatabaseHas('files', [
'user_scope' => 'editor',
]);
Storage::disk('local')
->assertExists(
"files/$user->id/fake-file.pdf"
);
});
}
/**
@@ -248,49 +389,75 @@ class VisitorManipulatingTest extends TestCase
*/
public function editor_move_file_to_another_folder()
{
$user = User::factory(User::class)
->create();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$user = User::factory(User::class)
->create();
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$file = File::factory(File::class)
->create([
'user_id' => $user->id,
'folder_id' => $root->id
]);
$children = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$file = File::factory(File::class)
->create([
'user_id' => $user->id,
'folder_id' => $root->id
]);
$this->postJson("/api/editor/move/public/$share->token", [
'to_id' => $children->id,
'items' => [
[
'type' => 'file',
'id' => $file->id,
]
],
])->assertStatus(204);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$this->assertDatabaseHas('files', [
'id' => $file->id,
'folder_id' => $children->id,
]);
$payload = [
'to_id' => $children->id,
'items' => [
[
'type' => 'file',
'id' => $file->id,
]
],
];
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->post("/api/editor/move/$share->token", $payload)
->assertStatus(204);
}
// Check public shared item
if (!$is_protected) {
$this->postJson("/api/editor/move/$share->token", $payload)
->assertStatus(204);
}
$this->assertDatabaseHas('files', [
'id' => $file->id,
'folder_id' => $children->id,
]);
});
}
/**
@@ -298,48 +465,74 @@ class VisitorManipulatingTest extends TestCase
*/
public function editor_move_folder_to_another_folder()
{
$user = User::factory(User::class)
->create();
// check private or public share record
collect([true, false])
->each(function ($is_protected) {
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$user = User::factory(User::class)
->create();
$brother = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$root = Folder::factory(Folder::class)
->create([
'user_id' => $user->id
]);
$sister = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$brother = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => false,
'permission' => 'editor',
]);
$sister = Folder::factory(Folder::class)
->create([
'user_id' => $user->id,
'parent_id' => $root->id,
]);
$this->postJson("/api/editor/move/public/$share->token", [
'to_id' => $brother->id,
'items' => [
[
'type' => 'folder',
'id' => $sister->id,
]
],
])->assertStatus(204);
$share = Share::factory(Share::class)
->create([
'item_id' => $root->id,
'user_id' => $user->id,
'type' => 'folder',
'is_protected' => $is_protected,
'permission' => 'editor',
]);
$this->assertDatabaseHas('folders', [
'id' => $sister->id,
'parent_id' => $brother->id,
]);
$payload = [
'to_id' => $brother->id,
'items' => [
[
'type' => 'folder',
'id' => $sister->id,
]
],
];
// Check shared item protected by password
if ($is_protected) {
$cookie = ['share_session' => json_encode([
'token' => $share->token,
'authenticated' => true,
])];
$this
->withUnencryptedCookies($cookie)
->post("/api/editor/move/$share->token", $payload)
->assertStatus(204);
}
// Check public shared item
if (!$is_protected) {
$this->postJson("/api/editor/move/$share->token", $payload)
->assertStatus(204);
}
$this->assertDatabaseHas('folders', [
'id' => $sister->id,
'parent_id' => $brother->id,
]);
});
}
}