From f4b3f1f163848f112a26e92e254c3b7182990d51 Mon Sep 17 00:00:00 2001 From: Peter Papp Date: Fri, 19 Mar 2021 10:13:48 +0100 Subject: [PATCH] - public sharing refactored part 3 --- .../FileManager/BrowseController.php | 2 +- .../FileManager/EditItemsController.php | 166 +---- .../Sharing/BrowseShareController.php | 9 +- .../Sharing/FileSharedAccessController.php | 10 +- ...php => ManipulateShareItemsController.php} | 19 +- app/Models/Folder.php | 3 + app/Services/FileManagerService.php | 2 +- routes/share.php | 16 +- .../Share/VisitorAccessToItemsTest.php | 199 +++--- .../Feature/Share/VisitorManipulatingTest.php | 653 ++++++++++++------ 10 files changed, 593 insertions(+), 486 deletions(-) rename app/Http/Controllers/Sharing/{EditShareItemsController.php => ManipulateShareItemsController.php} (92%) diff --git a/app/Http/Controllers/FileManager/BrowseController.php b/app/Http/Controllers/FileManager/BrowseController.php index 7775ce60..57d69ddc 100644 --- a/app/Http/Controllers/FileManager/BrowseController.php +++ b/app/Http/Controllers/FileManager/BrowseController.php @@ -199,7 +199,7 @@ class BrowseController extends Controller { $user_id = Auth::id(); - $query = remove_accents($request->query); + $query = remove_accents($request->input('query')); // Search files id db $searched_files = File::search($query) diff --git a/app/Http/Controllers/FileManager/EditItemsController.php b/app/Http/Controllers/FileManager/EditItemsController.php index 983958c8..d050ef35 100644 --- a/app/Http/Controllers/FileManager/EditItemsController.php +++ b/app/Http/Controllers/FileManager/EditItemsController.php @@ -24,6 +24,7 @@ class EditItemsController extends Controller { private $filemanager; private $helper; + private $demo; public function __construct() { @@ -36,29 +37,15 @@ class EditItemsController extends Controller * Create new folder for authenticated master|editor user * * @param CreateFolderRequest $request - * @return array + * @return Folder|array|Model * @throws Exception */ public function create_folder(CreateFolderRequest $request) { - // Demo preview - if (is_demo(Auth::id())) { + if (is_demo_account('howdy@hi5ve.digital')) { return $this->demo->create_folder($request); } - // Check permission to create folder for authenticated editor - /*if ($request->user()->tokenCan('editor')) { - - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - // Check access to requested directory - $this->helper->check_item_access($request->parent_id, $shared); - }*/ - // Create new folder return $this->filemanager->create_folder($request); } @@ -73,34 +60,13 @@ class EditItemsController extends Controller */ public function rename_item(RenameItemRequest $request, $id) { - // Demo preview - if (is_demo(Auth::id())) { + if (is_demo_account('howdy@hi5ve.digital')) { return $this->demo->rename_item($request, $id); } - // Check permission to rename item for authenticated editor - /*if ($request->user()->tokenCan('editor')) { - - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - // Get file|folder item - $item = get_item($request->type, $id); - - // Check access to requested directory - if ($request->type === 'folder') { - $this->helper->check_item_access($item->id, $shared); - } else { - $this->helper->check_item_access($item->folder_id, $shared); - } - }*/ - - // If request have a change folder icon values set the folder icon - if ($request->type === 'folder' && ($request->filled('emoji') || $request->filled('color'))) { - $this->filemanager->set_folder_icon($request, $id); + // If request contain icon or color, then change it + if ($request->filled('emoji') || $request->filled('color')) { + $this->filemanager->edit_folder_properties($request, $id); } // Rename Item @@ -111,77 +77,35 @@ class EditItemsController extends Controller * Delete item for authenticated master|editor user * * @param DeleteItemRequest $request - * @param $id * @return ResponseFactory|\Illuminate\Http\Response * @throws Exception */ public function delete_item(DeleteItemRequest $request) { - // Demo preview - if (is_demo(Auth::id())) { + if (is_demo_account('howdy@hi5ve.digital')) { return $this->demo->response_with_no_content(); } foreach ($request->input('items') as $item) { - - // Check permission to delete item for authenticated editor - /*if ($request->user()->tokenCan('editor')) { - - // Prevent force delete for non-master users - if ($item['force_delete']) abort('401'); - - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - // Get file|folder item - $item = get_item($item['type'], $item['id']); - - // Check access to requested directory - if ($item['type'] === 'folder') { - $this->helper->check_item_access($item->id, $shared); - } else { - $this->helper->check_item_access($item->folder_id, $shared); - } - }*/ - - // Delete item $this->filemanager->delete_item($item, $item['id']); } - return response(null, 204); + return response('Done', 204); } /** * Upload file for authenticated master|editor user * * @param UploadRequest $request - * @return File|Model + * @return array|Model|\Illuminate\Support\Facades\File * @throws Exception */ public function upload(UploadRequest $request) { - // Demo preview - if (is_demo(Auth::id())) { + if (is_demo_account('howdy@hi5ve.digital')) { return $this->demo->upload($request); } - // Check permission to upload for authenticated editor - /*if ($request->user()->tokenCan('editor')) { - - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - // Check access to requested directory - $this->helper->check_item_access($request->parent_id, $shared); - }*/ - - // Return new uploaded file return $this->filemanager->upload($request); } @@ -189,33 +113,15 @@ class EditItemsController extends Controller * Move item for authenticated master|editor user * * @param MoveItemRequest $request - * @param $id * @return ResponseFactory|\Illuminate\Http\Response */ public function move(MoveItemRequest $request) { - // Demo preview - if (is_demo(Auth::id())) { + if (is_demo_account('howdy@hi5ve.digital')) { return $this->demo->response_with_no_content(); } - $to_id = $request->input('to_id'); - - // Check permission to upload for authenticated editor - /*if ($request->user()->tokenCan('editor')) { - - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - // Check access to requested directory - $this->helper->check_item_access($to_id, $shared); - }*/ - - // Move item - $this->filemanager->move($request, $to_id); + $this->filemanager->move($request, $request->to_id); return response('Done!', 204); } @@ -225,36 +131,19 @@ class EditItemsController extends Controller * * @param $id * @return string + * @throws \Illuminate\Contracts\Filesystem\FileNotFoundException */ - public function zip_folder(Request $request, $id) + public function zip_folder($id) { - // Get user id - $user_id = Auth::id(); - - // Check permission to download for authenticated editor - /*if ($request->user()->tokenCan('editor')) { - - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - // Check access to requested directory - $this->helper->check_item_access($id, $shared); - }*/ - - // Get folder - $folder = Folder::whereUserId($user_id) + $folder = Folder::whereUserId(Auth::id()) ->where('id', $id); if (!$folder->exists()) { - abort(404, 'Requested folder doesn\'t exists.'); + abort(404, "Requested folder doesn't exists."); } $zip = $this->filemanager->zip_folder($id); - // Get file return response([ 'url' => route('zip', $zip->id), 'name' => $zip->basename, @@ -269,33 +158,12 @@ class EditItemsController extends Controller */ public function zip_multiple_files(Request $request) { - // Check permission to upload for authenticated editor - /*if ($request->user()->tokenCan('editor')) { - - // check if shared_token cookie exist - if (!$request->hasCookie('shared_token')) abort('401'); - - // Get shared token - $shared = get_shared($request->cookie('shared_token')); - - $file_parent_folders = File::whereUserId(Auth::id()) - ->whereIn('id', $request->input('files')) - ->get() - ->pluck('folder_id') - ->toArray(); - - // Check access to requested directory - $this->helper->check_item_access($file_parent_folders, $shared); - }*/ - - // Get requested files $files = File::whereUserId(Auth::id()) ->whereIn('id', $request->input('items')) ->get(); $zip = $this->filemanager->zip_files($files); - // Get file return response([ 'url' => route('zip', $zip->id), 'name' => $zip->basename, diff --git a/app/Http/Controllers/Sharing/BrowseShareController.php b/app/Http/Controllers/Sharing/BrowseShareController.php index ab2d2510..5c590863 100644 --- a/app/Http/Controllers/Sharing/BrowseShareController.php +++ b/app/Http/Controllers/Sharing/BrowseShareController.php @@ -61,6 +61,7 @@ class BrowseShareController extends Controller /** * Check Password for protected item + * * @param AuthenticateShareRequest $request * @param Share $shared * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\Routing\ResponseFactory|\Illuminate\Http\Response @@ -84,7 +85,7 @@ class BrowseShareController extends Controller } /** - * Browse public folders + * Browse shared folder * * @param $id * @param Share $shared @@ -112,7 +113,7 @@ class BrowseShareController extends Controller } /** - * Search public files + * Search shared files * * @param Request $request * @param Share $shared @@ -167,7 +168,7 @@ class BrowseShareController extends Controller } /** - * Get navigation tree + * Get navigation tree of shared folder * * @param Share $shared * @return array @@ -198,7 +199,7 @@ class BrowseShareController extends Controller } /** - * Get shared public file record + * Get shared file record * * @param Share $shared * @return mixed diff --git a/app/Http/Controllers/Sharing/FileSharedAccessController.php b/app/Http/Controllers/Sharing/FileSharedAccessController.php index 3a4dde6f..3cbb9bd7 100644 --- a/app/Http/Controllers/Sharing/FileSharedAccessController.php +++ b/app/Http/Controllers/Sharing/FileSharedAccessController.php @@ -54,14 +54,13 @@ class FileSharedAccessController extends Controller * Get file public * * @param $filename - * @param $permission * @param Share $shared * @return mixed */ - public function get_file_public($filename, $permission, Share $shared) + public function get_file_public($filename, Share $shared) { // Check ability to access protected share files - $this->helper->check_protected_share_record($shared, $permission); + $this->helper->check_protected_share_record($shared); // Get file record $file = UserFile::where('user_id', $shared->user_id) @@ -85,14 +84,13 @@ class FileSharedAccessController extends Controller * Get public image thumbnail * * @param $filename - * @param $permission * @param Share $shared * @return mixed */ - public function get_thumbnail_public($filename, $permission, Share $shared) + public function get_thumbnail_public($filename, Share $shared) { // Check ability to access protected share files - $this->helper->check_protected_share_record($shared, $permission); + $this->helper->check_protected_share_record($shared); // Get file record $file = UserFile::where('user_id', $shared->user_id) diff --git a/app/Http/Controllers/Sharing/EditShareItemsController.php b/app/Http/Controllers/Sharing/ManipulateShareItemsController.php similarity index 92% rename from app/Http/Controllers/Sharing/EditShareItemsController.php rename to app/Http/Controllers/Sharing/ManipulateShareItemsController.php index cf9ab5e0..f2c44d98 100644 --- a/app/Http/Controllers/Sharing/EditShareItemsController.php +++ b/app/Http/Controllers/Sharing/ManipulateShareItemsController.php @@ -19,7 +19,7 @@ use Illuminate\Database\Eloquent\Model; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; -class EditShareItemsController extends Controller +class ManipulateShareItemsController extends Controller { private $filemanager; private $helper; @@ -45,6 +45,9 @@ class EditShareItemsController extends Controller return $this->demo->create_folder($request); } + // Check ability to access protected share record + $this->helper->check_protected_share_record($shared); + // Check shared permission if (is_visitor($shared)) { abort(403); @@ -74,6 +77,9 @@ class EditShareItemsController extends Controller return $this->demo->rename_item($request, $id); } + // Check ability to access protected share record + $this->helper->check_protected_share_record($shared); + // Check shared permission if (is_visitor($shared)) { abort(403); @@ -91,7 +97,7 @@ class EditShareItemsController extends Controller // If request have a change folder icon values set the folder icon if ($request->type === 'folder' && $request->filled('icon')) { - $this->filemanager->set_folder_icon($request, $id); + $this->filemanager->edit_folder_properties($request, $id); } // Rename item @@ -119,6 +125,9 @@ class EditShareItemsController extends Controller return $this->demo->response_with_no_content(); } + // Check ability to access protected share record + $this->helper->check_protected_share_record($shared); + // Check shared permission if (is_visitor($shared)) { abort(403); @@ -157,6 +166,9 @@ class EditShareItemsController extends Controller return $this->demo->upload($request); } + // Check ability to access protected share record + $this->helper->check_protected_share_record($shared); + // Check shared permission if (is_visitor($shared)) { abort(403); @@ -187,6 +199,9 @@ class EditShareItemsController extends Controller return $this->demo->response_with_no_content(); } + // Check ability to access protected share record + $this->helper->check_protected_share_record($shared); + // Check shared permission if (is_visitor($shared)) { abort(403); diff --git a/app/Models/Folder.php b/app/Models/Folder.php index 6accb193..557a0c3a 100644 --- a/app/Models/Folder.php +++ b/app/Models/Folder.php @@ -10,6 +10,9 @@ use TeamTNT\TNTSearch\Indexer\TNTIndexer; use \Illuminate\Database\Eloquent\SoftDeletes; use Kyslik\ColumnSortable\Sortable; +/** + * @method static whereUserId(int|string|null $id) + */ class Folder extends Model { use Searchable, SoftDeletes, Sortable, HasFactory; diff --git a/app/Services/FileManagerService.php b/app/Services/FileManagerService.php index 698faf0f..c2e0150d 100644 --- a/app/Services/FileManagerService.php +++ b/app/Services/FileManagerService.php @@ -447,7 +447,7 @@ class FileManagerService * @param $request * @param $id */ - public function set_folder_icon($request, $id) + public function edit_folder_properties($request, $id) { // Get folder $folder = Folder::find($id); diff --git a/routes/share.php b/routes/share.php index 3b02864f..a03d3ecb 100644 --- a/routes/share.php +++ b/routes/share.php @@ -2,22 +2,22 @@ use App\Http\Controllers\App\AppFunctionsController; use App\Http\Controllers\Sharing\BrowseShareController; -use App\Http\Controllers\Sharing\EditShareItemsController; +use App\Http\Controllers\Sharing\ManipulateShareItemsController; use App\Http\Controllers\FileManager\ShareController; // Browse functions Route::group(['prefix' => 'editor'], function () { - Route::post('/create-folder/{shared}', [EditShareItemsController::class, 'create_folder']); - Route::patch('/rename/{id}/{shared}', [EditShareItemsController::class, 'rename_item']); - Route::post('/remove/{shared}', [EditShareItemsController::class, 'delete_item']); - Route::post('/upload/{shared}', [EditShareItemsController::class, 'upload']); - Route::post('/move/{shared}', [EditShareItemsController::class, 'move']); + Route::post('/create-folder/{shared}', [ManipulateShareItemsController::class, 'create_folder']); + Route::patch('/rename/{id}/{shared}', [ManipulateShareItemsController::class, 'rename_item']); + Route::post('/remove/{shared}', [ManipulateShareItemsController::class, 'delete_item']); + Route::post('/upload/{shared}', [ManipulateShareItemsController::class, 'upload']); + Route::post('/move/{shared}', [ManipulateShareItemsController::class, 'move']); }); // Zip shared items Route::group(['prefix' => 'zip'], function () { - Route::post('/files/{shared}', [EditShareItemsController::class, 'zip_multiple_files']); - Route::get('/folder/{id}/{shared}', [EditShareItemsController::class, 'zip_folder']); + Route::post('/files/{shared}', [ManipulateShareItemsController::class, 'zip_multiple_files']); + Route::get('/folder/{id}/{shared}', [ManipulateShareItemsController::class, 'zip_folder']); }); // Browse share content diff --git a/tests/Feature/Share/VisitorAccessToItemsTest.php b/tests/Feature/Share/VisitorAccessToItemsTest.php index 2e00cbf0..a9997de2 100644 --- a/tests/Feature/Share/VisitorAccessToItemsTest.php +++ b/tests/Feature/Share/VisitorAccessToItemsTest.php @@ -27,14 +27,14 @@ class VisitorAccessToItemsTest extends TestCase /** * @test */ - public function it_get_public_file_record_and_download_file_within() + public function it_download_file() { Storage::fake('local'); $this->setup->create_directories(); - collect(['private', 'public']) - ->each(function ($permission) { + collect([true, false]) + ->each(function ($is_protected) { $user = User::factory(User::class) ->create(); @@ -49,7 +49,7 @@ class VisitorAccessToItemsTest extends TestCase 'filesize' => $document->getSize(), 'user_id' => $user->id, 'basename' => $document->name, - 'name' => 'fake-file.pdf', + 'name' => $document->name, ]); $share = Share::factory(Share::class) @@ -57,46 +57,31 @@ class VisitorAccessToItemsTest extends TestCase 'item_id' => $file->id, 'user_id' => $user->id, 'type' => 'file', - 'is_protected' => $permission === 'private', - 'password' => \Hash::make('secret'), + 'is_protected' => $is_protected, ]); - if ($permission === 'private') { + if ($is_protected) { $cookie = ['share_session' => json_encode([ 'token' => $share->token, 'authenticated' => true, ])]; - $this->disableCookieEncryption(); - $this->defaultCookies = $cookie; - - $this->get("/api/browse/file/$share->token/private") - ->assertStatus(200) - ->assertJsonFragment([ - 'basename' => $document->name - ]); - - $this->get("/file/$document->name/private/$share->token") + $this->withCookies($cookie) + ->get("/file/$document->name/$share->token") ->assertStatus(200); } - if ($permission === 'public') { - - $this->get("/api/browse/file/$share->token/public") - ->assertStatus(200) - ->assertJsonFragment([ - 'basename' => $document->name - ]); + if (!$is_protected) { // Get shared file - $this->get("/file/$document->name/public/$share->token") + $this->get("/file/$document->name/$share->token") ->assertStatus(200); } - /*$this->assertDatabaseHas('traffic', [ + $this->assertDatabaseHas('traffic', [ 'user_id' => $user->id, - ]);*/ + ]); }); } @@ -112,7 +97,7 @@ class VisitorAccessToItemsTest extends TestCase ]); // Get share record - $this->get("/api/browse/file/$share->token/public") + $this->get("/api/browse/file/$share->token") ->assertStatus(403); } @@ -125,34 +110,54 @@ class VisitorAccessToItemsTest extends TestCase $this->setup->create_directories(); - $user = User::factory(User::class) - ->create(); + collect([true, false]) + ->each(function ($is_protected) { - $thumbnail = UploadedFile::fake() - ->image(Str::random() . '-fake-image.jpg'); + $user = User::factory(User::class) + ->create(); - Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name); + $thumbnail = UploadedFile::fake() + ->image(Str::random() . '-fake-image.jpg'); - $file = File::factory(File::class) - ->create([ - 'user_id' => $user->id, - 'thumbnail' => $thumbnail->name, - 'basename' => $thumbnail->name, - 'name' => 'fake-thumbnail.jpg', - 'type' => 'image', - 'mimetype' => 'jpg', - ]); + Storage::putFileAs("files/$user->id", $thumbnail, $thumbnail->name); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $file->id, - 'user_id' => $user->id, - 'type' => 'file', - 'is_protected' => false, - ]); + $file = File::factory(File::class) + ->create([ + 'user_id' => $user->id, + 'thumbnail' => $thumbnail->name, + 'basename' => $thumbnail->name, + 'name' => 'fake-thumbnail.jpg', + 'type' => 'image', + 'mimetype' => 'jpg', + ]); - $this->get("/share/$share->token") - ->assertStatus(200); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $file->id, + 'user_id' => $user->id, + 'type' => 'file', + 'is_protected' => $is_protected, + ]); + + if ($is_protected) { + + $cookie = [ + 'share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ]) + ]; + + $this->withCookies($cookie) + ->get("/share/$share->token") + ->assertStatus(200); + } + + if (!$is_protected) { + $this->get("/share/$share->token") + ->assertStatus(200); + } + }); } /** @@ -164,8 +169,8 @@ class VisitorAccessToItemsTest extends TestCase $this->setup->create_directories(); - collect(['private', 'public']) - ->each(function ($permission) { + collect([true, false]) + ->each(function ($is_protected) { $user = User::factory(User::class) ->create(); @@ -187,22 +192,26 @@ class VisitorAccessToItemsTest extends TestCase 'item_id' => $file->id, 'user_id' => $user->id, 'type' => 'file', - 'is_protected' => $permission === 'private', - 'password' => \Hash::make('secret'), + 'is_protected' => $is_protected, ]); // Get thumbnail file - if ($permission === 'private') { - $this->withCookie('share_session', json_encode([ - 'token' => $share->token, - 'authenticated' => true, - ])) - ->get("/thumbnail/$thumbnail->name/private/$share->token") + if ($is_protected) { + + $cookie = [ + 'share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ]) + ]; + + $this->withCookies($cookie) + ->get("/thumbnail/$thumbnail->name/$share->token") ->assertStatus(200); } - if ($permission === 'public') { - $this->get("/thumbnail/$thumbnail->name/public/$share->token") + if (!$is_protected) { + $this->get("/thumbnail/$thumbnail->name/$share->token") ->assertStatus(200); } @@ -222,33 +231,53 @@ class VisitorAccessToItemsTest extends TestCase $this->setup->create_directories(); - $user = User::factory(User::class) - ->create(); + collect([true, false]) + ->each(function ($is_protected) { - $share = Share::factory(Share::class) - ->create([ - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - ]); + $user = User::factory(User::class) + ->create(); - $zip = Zip::factory(Zip::class)->create([ - 'basename' => 'EHWKcuvKzA4Gv29v-archive.zip', - 'user_id' => $user->id, - 'shared_token' => $share->token, - ]); + $share = Share::factory(Share::class) + ->create([ + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + ]); - $file = UploadedFile::fake() - ->create($zip->basename, 1000, 'application/zip'); + $zip = Zip::factory(Zip::class)->create([ + 'basename' => 'EHWKcuvKzA4Gv29v-archive.zip', + 'user_id' => $user->id, + 'shared_token' => $share->token, + ]); - Storage::putFileAs("zip", $file, $file->name); + $file = UploadedFile::fake() + ->create($zip->basename, 1000, 'application/zip'); - $this->get("/zip/$zip->id/public/$share->token") - ->assertStatus(200); + Storage::putFileAs("zip", $file, $file->name); - $this->assertDatabaseMissing('traffic', [ - 'user_id' => $user->id, - 'download' => null, - ]); + if ($is_protected) { + + $cookie = [ + 'share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ]) + ]; + + $this->withCookies($cookie) + ->get("/zip/$zip->id/$share->token") + ->assertStatus(200); + } + + if (!$is_protected) { + $this->get("/zip/$zip->id/$share->token") + ->assertStatus(200); + } + + $this->assertDatabaseMissing('traffic', [ + 'user_id' => $user->id, + 'download' => null, + ]); + }); } } diff --git a/tests/Feature/Share/VisitorManipulatingTest.php b/tests/Feature/Share/VisitorManipulatingTest.php index 6c017656..02bf1d5f 100644 --- a/tests/Feature/Share/VisitorManipulatingTest.php +++ b/tests/Feature/Share/VisitorManipulatingTest.php @@ -9,6 +9,7 @@ use App\Models\User; use App\Services\SetupService; use Illuminate\Foundation\Testing\DatabaseMigrations; use Illuminate\Http\UploadedFile; +use Storage; use Tests\TestCase; class VisitorManipulatingTest extends TestCase @@ -26,40 +27,69 @@ class VisitorManipulatingTest extends TestCase */ public function editor_rename_shared_file() { - $user = User::factory(User::class) - ->create(); + // check private or public share record + collect([true, false]) + ->each(function ($is_protected) { - $folder = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id - ]); + $user = User::factory(User::class) + ->create(); - $file = File::factory(File::class) - ->create([ - 'folder_id' => $folder->id - ]); + $folder = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id + ]); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $folder->id, - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - 'permission' => 'editor', - ]); + $file = File::factory(File::class) + ->create([ + 'folder_id' => $folder->id + ]); - $this->patchJson("/api/editor/rename/{$file->id}/public/$share->token", [ - 'name' => 'Renamed Item', - 'type' => 'file', - ]) - ->assertStatus(201) - ->assertJsonFragment([ - 'name' => 'Renamed Item', - ]); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $folder->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + 'permission' => 'editor', + ]); - $this->assertDatabaseHas('files', [ - 'name' => 'Renamed Item' - ]); + // Check shared item protected by password + if ($is_protected) { + + $cookie = ['share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ])]; + + $this + ->withUnencryptedCookies($cookie) + ->patch("/api/editor/rename/{$file->id}/$share->token", [ + 'name' => 'Renamed Item', + 'type' => 'file', + ]) + ->assertStatus(201) + ->assertJsonFragment([ + 'name' => 'Renamed Item', + ]); + } + + // Check public shared item + if (!$is_protected) { + $this->patchJson("/api/editor/rename/{$file->id}/$share->token", [ + 'name' => 'Renamed Item', + 'type' => 'file', + ]) + ->assertStatus(201) + ->assertJsonFragment([ + 'name' => 'Renamed Item', + ]); + } + + $this->assertDatabaseHas('files', [ + 'name' => 'Renamed Item', + 'id' => $file->id, + ]); + }); } /** @@ -67,41 +97,71 @@ class VisitorManipulatingTest extends TestCase */ public function editor_rename_shared_folder() { - $user = User::factory(User::class) - ->create(); + // check private or public share record + collect([true, false]) + ->each(function ($is_protected) { - $root = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id - ]); + $user = User::factory(User::class) + ->create(); - $children = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id, - 'parent_id' => $root->id - ]); + $root = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id + ]); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $root->id, - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - 'permission' => 'editor', - ]); + $children = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'parent_id' => $root->id + ]); - $this->patchJson("/api/editor/rename/{$children->id}/public/$share->token", [ - 'name' => 'Renamed Folder', - 'type' => 'folder', - ]) - ->assertStatus(201) - ->assertJsonFragment([ - 'name' => 'Renamed Folder', - ]); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $root->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + 'permission' => 'editor', + ]); - $this->assertDatabaseHas('folders', [ - 'name' => 'Renamed Folder' - ]); + // Check shared item protected by password + if ($is_protected) { + + $cookie = ['share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ])]; + + $this + ->withUnencryptedCookies($cookie) + ->patch("/api/editor/rename/{$children->id}/$share->token", [ + 'name' => 'Renamed Folder', + 'type' => 'folder', + ]) + ->assertStatus(201) + ->assertJsonFragment([ + 'name' => 'Renamed Folder', + ]); + } + + // Check public shared item + if (!$is_protected) { + + $this->patchJson("/api/editor/rename/{$children->id}/$share->token", [ + 'name' => 'Renamed Folder', + 'type' => 'folder', + ]) + ->assertStatus(201) + ->assertJsonFragment([ + 'name' => 'Renamed Folder', + ]); + } + + $this->assertDatabaseHas('folders', [ + 'name' => 'Renamed Folder', + 'id' => $children->id + ]); + }); } /** @@ -109,37 +169,66 @@ class VisitorManipulatingTest extends TestCase */ public function editor_create_new_folder_in_shared_folder() { - $user = User::factory(User::class) - ->create(); + // check private or public share record + collect([true, false]) + ->each(function ($is_protected) { - $folder = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id, - ]); + $user = User::factory(User::class) + ->create(); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $folder->id, - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - 'permission' => 'editor', - ]); + $folder = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + ]); - $this->postJson("/api/editor/create-folder/public/$share->token", [ - 'name' => 'Awesome New Folder', - 'parent_id' => $folder->id, - ]) - ->assertStatus(201) - ->assertJsonFragment([ - 'name' => 'Awesome New Folder', - ]); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $folder->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + 'permission' => 'editor', + ]); - $this->assertDatabaseHas('folders', [ - 'name' => 'Awesome New Folder', - 'parent_id' => $folder->id, - 'user_scope' => 'editor', - ]); + // Check shared item protected by password + if ($is_protected) { + + $cookie = ['share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ])]; + + $this + ->withUnencryptedCookies($cookie) + ->post("/api/editor/create-folder/$share->token", [ + 'name' => 'Awesome New Folder', + 'parent_id' => $folder->id, + ]) + ->assertStatus(201) + ->assertJsonFragment([ + 'name' => 'Awesome New Folder', + ]); + } + + // Check public shared item + if (!$is_protected) { + + $this->postJson("/api/editor/create-folder/$share->token", [ + 'name' => 'Awesome New Folder', + 'parent_id' => $folder->id, + ]) + ->assertStatus(201) + ->assertJsonFragment([ + 'name' => 'Awesome New Folder', + ]); + } + + $this->assertDatabaseHas('folders', [ + 'name' => 'Awesome New Folder', + 'parent_id' => $folder->id, + 'user_scope' => 'editor', + ]); + }); } /** @@ -147,49 +236,75 @@ class VisitorManipulatingTest extends TestCase */ public function editor_delete_multiple_files_in_shared_folder() { - $user = User::factory(User::class) - ->create(); + // check private or public share record + collect([true, false]) + ->each(function ($is_protected) { - $folder = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id, - ]); + $user = User::factory(User::class) + ->create(); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $folder->id, - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - 'permission' => 'editor', - ]); + $folder = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + ]); - $files = File::factory(File::class) - ->count(2) - ->create([ - 'folder_id' => $folder->id - ]); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $folder->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + 'permission' => 'editor', + ]); - $this->postJson("/api/editor/remove/public/$share->token", [ - 'items' => [ - [ - 'id' => $files[0]->id, - 'type' => 'file', - 'force_delete' => false, - ], - [ - 'id' => $files[1]->id, - 'type' => 'file', - 'force_delete' => false, - ], - ], - ])->assertStatus(204); + $files = File::factory(File::class) + ->count(2) + ->create([ + 'folder_id' => $folder->id + ]); - $files - ->each(function ($file) { - $this->assertSoftDeleted('files', [ - 'id' => $file->id, - ]); + $payload = [ + 'items' => [ + [ + 'id' => $files[0]->id, + 'type' => 'file', + 'force_delete' => false, + ], + [ + 'id' => $files[1]->id, + 'type' => 'file', + 'force_delete' => false, + ], + ], + ]; + + // Check shared item protected by password + if ($is_protected) { + + $cookie = ['share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ])]; + + $this + ->withUnencryptedCookies($cookie) + ->post("/api/editor/remove/$share->token", $payload) + ->assertStatus(204); + } + + // Check public shared item + if (!$is_protected) { + + $this->postJson("/api/editor/remove/$share->token", $payload) + ->assertStatus(204); + } + + $files + ->each(function ($file) { + $this->assertSoftDeleted('files', [ + 'id' => $file->id, + ]); + }); }); } @@ -202,45 +317,71 @@ class VisitorManipulatingTest extends TestCase $this->setup->create_directories(); - $user = User::factory(User::class) - ->create(); + // check private or public share record + collect([true, false]) + ->each(function ($is_protected) { - $folder = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id, - 'user_scope' => 'master', - ]); + $user = User::factory(User::class) + ->create(); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $folder->id, - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - 'permission' => 'editor', - ]); + $folder = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'user_scope' => 'master', + ]); - $file = UploadedFile::fake() - ->create('fake-file.pdf', 1000, 'application/pdf'); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $folder->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + 'permission' => 'editor', + ]); - $this->postJson("/api/editor/upload/public/$share->token", [ - 'file' => $file, - 'folder_id' => $folder->id, - 'is_last' => true, - ])->assertStatus(201); + $file = UploadedFile::fake() + ->create('fake-file.pdf', 1000, 'application/pdf'); - $this->assertDatabaseHas('traffic', [ - 'user_id' => $user->id, - ]); + // Check shared item protected by password + if ($is_protected) { - $this->assertDatabaseHas('files', [ - 'user_scope' => 'editor', - ]); + $cookie = ['share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ])]; - Storage::disk('local') - ->assertExists( - "files/$user->id/fake-file.pdf" - ); + $this + ->withUnencryptedCookies($cookie) + ->post("/api/editor/upload/$share->token", [ + 'file' => $file, + 'folder_id' => $folder->id, + 'is_last' => true, + ])->assertStatus(201); + } + + // Check public shared item + if (!$is_protected) { + + $this->postJson("/api/editor/upload/$share->token", [ + 'file' => $file, + 'folder_id' => $folder->id, + 'is_last' => true, + ])->assertStatus(201); + } + + $this->assertDatabaseHas('traffic', [ + 'user_id' => $user->id, + ]); + + $this->assertDatabaseHas('files', [ + 'user_scope' => 'editor', + ]); + + Storage::disk('local') + ->assertExists( + "files/$user->id/fake-file.pdf" + ); + }); } /** @@ -248,49 +389,75 @@ class VisitorManipulatingTest extends TestCase */ public function editor_move_file_to_another_folder() { - $user = User::factory(User::class) - ->create(); + // check private or public share record + collect([true, false]) + ->each(function ($is_protected) { - $root = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id - ]); + $user = User::factory(User::class) + ->create(); - $children = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id, - 'parent_id' => $root->id, - ]); + $root = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id + ]); - $file = File::factory(File::class) - ->create([ - 'user_id' => $user->id, - 'folder_id' => $root->id - ]); + $children = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'parent_id' => $root->id, + ]); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $root->id, - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - 'permission' => 'editor', - ]); + $file = File::factory(File::class) + ->create([ + 'user_id' => $user->id, + 'folder_id' => $root->id + ]); - $this->postJson("/api/editor/move/public/$share->token", [ - 'to_id' => $children->id, - 'items' => [ - [ - 'type' => 'file', - 'id' => $file->id, - ] - ], - ])->assertStatus(204); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $root->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + 'permission' => 'editor', + ]); - $this->assertDatabaseHas('files', [ - 'id' => $file->id, - 'folder_id' => $children->id, - ]); + $payload = [ + 'to_id' => $children->id, + 'items' => [ + [ + 'type' => 'file', + 'id' => $file->id, + ] + ], + ]; + + // Check shared item protected by password + if ($is_protected) { + + $cookie = ['share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ])]; + + $this + ->withUnencryptedCookies($cookie) + ->post("/api/editor/move/$share->token", $payload) + ->assertStatus(204); + } + + // Check public shared item + if (!$is_protected) { + + $this->postJson("/api/editor/move/$share->token", $payload) + ->assertStatus(204); + } + + $this->assertDatabaseHas('files', [ + 'id' => $file->id, + 'folder_id' => $children->id, + ]); + }); } /** @@ -298,48 +465,74 @@ class VisitorManipulatingTest extends TestCase */ public function editor_move_folder_to_another_folder() { - $user = User::factory(User::class) - ->create(); + // check private or public share record + collect([true, false]) + ->each(function ($is_protected) { - $root = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id - ]); + $user = User::factory(User::class) + ->create(); - $brother = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id, - 'parent_id' => $root->id, - ]); + $root = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id + ]); - $sister = Folder::factory(Folder::class) - ->create([ - 'user_id' => $user->id, - 'parent_id' => $root->id, - ]); + $brother = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'parent_id' => $root->id, + ]); - $share = Share::factory(Share::class) - ->create([ - 'item_id' => $root->id, - 'user_id' => $user->id, - 'type' => 'folder', - 'is_protected' => false, - 'permission' => 'editor', - ]); + $sister = Folder::factory(Folder::class) + ->create([ + 'user_id' => $user->id, + 'parent_id' => $root->id, + ]); - $this->postJson("/api/editor/move/public/$share->token", [ - 'to_id' => $brother->id, - 'items' => [ - [ - 'type' => 'folder', - 'id' => $sister->id, - ] - ], - ])->assertStatus(204); + $share = Share::factory(Share::class) + ->create([ + 'item_id' => $root->id, + 'user_id' => $user->id, + 'type' => 'folder', + 'is_protected' => $is_protected, + 'permission' => 'editor', + ]); - $this->assertDatabaseHas('folders', [ - 'id' => $sister->id, - 'parent_id' => $brother->id, - ]); + $payload = [ + 'to_id' => $brother->id, + 'items' => [ + [ + 'type' => 'folder', + 'id' => $sister->id, + ] + ], + ]; + + // Check shared item protected by password + if ($is_protected) { + + $cookie = ['share_session' => json_encode([ + 'token' => $share->token, + 'authenticated' => true, + ])]; + + $this + ->withUnencryptedCookies($cookie) + ->post("/api/editor/move/$share->token", $payload) + ->assertStatus(204); + } + + // Check public shared item + if (!$is_protected) { + + $this->postJson("/api/editor/move/$share->token", $payload) + ->assertStatus(204); + } + + $this->assertDatabaseHas('folders', [ + 'id' => $sister->id, + 'parent_id' => $brother->id, + ]); + }); } }