From ff4af2978d73292db6576d1b04748d468744af68 Mon Sep 17 00:00:00 2001
From: Peter Papp <peterpapp@makingcg.com>
Date: Wed, 10 Mar 2021 17:13:49 +0100
Subject: [PATCH] added guest_get_folder_content test

---
 .../Sharing/FileSharingController.php         | 32 ++++----
 routes/api.php                                |  2 +-
 routes/share.php                              | 21 ++---
 tests/Feature/Share/ShareEditorTest.php       | 80 +++++++++++++++++++
 4 files changed, 109 insertions(+), 26 deletions(-)

diff --git a/app/Http/Controllers/Sharing/FileSharingController.php b/app/Http/Controllers/Sharing/FileSharingController.php
index c1a75ec5..49d70058 100644
--- a/app/Http/Controllers/Sharing/FileSharingController.php
+++ b/app/Http/Controllers/Sharing/FileSharingController.php
@@ -143,19 +143,19 @@ class FileSharingController extends Controller
      * Browse private folders
      *
      * @param Request $request
-     * @param $unique_id
+     * @param $id
      * @return Collection
      */
-    public function get_private_folders(Request $request, $unique_id)
+    public function get_private_folders(Request $request, $id)
     {
         // Get sharing record
         $shared = Share::where('token', $request->cookie('shared_token'))->firstOrFail();
 
         // Check if user can get directory
-        Guardian::check_item_access($unique_id, $shared);
+        Guardian::check_item_access($id, $shared);
 
         // Get files and folders
-        list($folders, $files) = $this->get_items($unique_id, $shared);
+        list($folders, $files) = $this->get_items($id, $shared);
 
         // Collect folders and files to single array
         return collect([$folders, $files])->collapse();
@@ -164,24 +164,24 @@ class FileSharingController extends Controller
     /**
      * Browse public folders
      *
-     * @param $unique_id
+     * @param $id
+     * @param $token
      * @return Collection
      */
-    public function get_public_folders($unique_id, $token)
+    public function get_public_folders($id, $token)
     {
-        // Get sharing record
-        $shared = Share::where(DB::raw('BINARY `token`'), $token)->firstOrFail();
+        $shared = get_shared($token);
 
         // Abort if folder is protected
-        if ((int) $shared->protected) {
+        if ((int) $shared->is_protected) {
             abort(403, "Sorry, you don't have permission");
         }
 
         // Check if user can get directory
-        Guardian::check_item_access($unique_id, $shared);
+        Guardian::check_item_access($id, $shared);
 
         // Get files and folders
-        list($folders, $files) = $this->get_items($unique_id, $shared);
+        list($folders, $files) = $this->get_items($id, $shared);
 
         // Set thumbnail links for public files
         $files->map(function ($item) use ($token) {
@@ -357,7 +357,7 @@ class FileSharingController extends Controller
         $shared = get_shared($token);
 
         // Abort if folder is protected
-        if ((int) $shared->protected) {
+        if ((int) $shared->is_protected) {
             abort(403, "Sorry, you don't have permission");
         }
 
@@ -402,19 +402,19 @@ class FileSharingController extends Controller
     /**
      * Get folders and files
      *
-     * @param $unique_id
+     * @param $id
      * @param $shared
      * @return array
      */
-    private function get_items($unique_id, $shared): array
+    private function get_items($id, $shared): array
     {
         $folders = Folder::where('user_id', $shared->user_id)
-            ->where('parent_id', $unique_id)
+            ->where('parent_id', $id)
             ->sortable()
             ->get();
 
         $files = File::where('user_id', $shared->user_id)
-            ->where('folder_id', $unique_id)
+            ->where('folder_id', $id)
             ->sortable()
             ->get();
 
diff --git a/routes/api.php b/routes/api.php
index 71009640..c08a7287 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -74,8 +74,8 @@ Route::group(['middleware' => ['auth:api', 'auth.shared', 'scope:visitor,editor'
 Route::group(['middleware' => ['auth:sanctum']], function () {
 
     // Edit items
-    Route::patch('/rename/{id}', [EditItemsController::class, 'user_rename_item']);
     Route::post('/create-folder', [EditItemsController::class, 'user_create_folder']);
+    Route::patch('/rename/{id}', [EditItemsController::class, 'user_rename_item']);
     Route::post('/remove', [EditItemsController::class, 'user_delete_item']);
     Route::post('/upload', [EditItemsController::class, 'user_upload']);
     Route::post('/move', [EditItemsController::class, 'user_move']);
diff --git a/routes/share.php b/routes/share.php
index 40410684..521321ce 100644
--- a/routes/share.php
+++ b/routes/share.php
@@ -1,12 +1,13 @@
 <?php
 
 use App\Http\Controllers\FileFunctions\EditItemsController;
+use App\Http\Controllers\FileFunctions\ShareController;
 use App\Http\Controllers\Sharing\FileSharingController;
 
 // Editor functions
 Route::group(['prefix' => 'editor'], function () {
-    Route::patch('/rename/{id}/public/{token}', [EditItemsController::class, 'guest_rename_item']);
     Route::post('/create-folder/public/{token}', [EditItemsController::class, 'guest_create_folder']);
+    Route::patch('/rename/{id}/public/{token}', [EditItemsController::class, 'guest_rename_item']);
     Route::post('/remove/public/{token}', [EditItemsController::class, 'guest_delete_item']);
     Route::post('/upload/public/{token}', [EditItemsController::class, 'guest_upload']);
     Route::post('/move/public/{token}', [EditItemsController::class, 'guest_move']);
@@ -14,14 +15,16 @@ Route::group(['prefix' => 'editor'], function () {
 
 // Editor/Visitor zip functions
 Route::group(['prefix' => 'zip'], function () {
-    Route::get('/folder/{id}/public/{token}', [EditItemsController::class, 'guest_zip_folder']);
     Route::post('/files/public/{token}', [EditItemsController::class, 'guest_zip_multiple_files']);
+    Route::get('/folder/{id}/public/{token}', [EditItemsController::class, 'guest_zip_folder']);
 });
 
-// Sharing page browsing
-Route::get('/folders/{id}/public/{token}', [FileSharingController::class, 'get_public_folders']);
-Route::get('/navigation/public/{token}', [FileSharingController::class, 'get_public_navigation_tree']);
-Route::post('/shared/authenticate/{token}', [FileSharingController::class, 'authenticate']);
-Route::get('/search/public/{token}', [FileSharingController::class, 'search_public']);
-Route::get('/files/{token}/public', [FileSharingController::class, 'file_public']);
-Route::get('/shared/{token}', [ShareController::class, 'show']);
\ No newline at end of file
+// Browse share content
+Route::group(['prefix' => 'browse'], function () {
+    Route::get('/folders/{id}/public/{token}', [FileSharingController::class, 'get_public_folders']);
+    Route::get('/navigation/public/{token}', [FileSharingController::class, 'get_public_navigation_tree']);
+    Route::post('/shared/authenticate/{token}', [FileSharingController::class, 'authenticate']);
+    Route::get('/search/public/{token}', [FileSharingController::class, 'search_public']);
+    Route::get('/files/{token}/public', [FileSharingController::class, 'file_public']);
+    Route::get('/shared/{token}', [ShareController::class, 'show']);
+});
diff --git a/tests/Feature/Share/ShareEditorTest.php b/tests/Feature/Share/ShareEditorTest.php
index f2babce4..30870338 100644
--- a/tests/Feature/Share/ShareEditorTest.php
+++ b/tests/Feature/Share/ShareEditorTest.php
@@ -516,4 +516,84 @@ class ShareEditorTest extends TestCase
         $this->getJson("/api/zip/folder/$folder->id/public/$share->token")
             ->assertStatus(403);
     }
+
+    /**
+     * @test
+     */
+    public function guest_get_folder_content()
+    {
+        $user = User::factory(User::class)
+            ->create();
+
+        $root = Folder::factory(Folder::class)
+            ->create([
+                'name'    => 'root',
+                'user_id' => $user->id,
+            ]);
+
+        $share = Share::factory(Share::class)
+            ->create([
+                'item_id'      => $root->id,
+                'user_id'      => $user->id,
+                'type'         => 'folder',
+                'is_protected' => false,
+                'permission'   => 'editor',
+            ]);
+
+        $folder = Folder::factory(Folder::class)
+            ->create([
+                'parent_id'  => $root->id,
+                'name'       => 'Documents',
+                "user_scope" => "master",
+                'user_id'    => $user->id,
+            ]);
+
+        $file = File::factory(File::class)
+            ->create([
+                'folder_id'  => $root->id,
+                'name'       => 'Document',
+                'basename'   => 'document.pdf',
+                "mimetype"   => "application/pdf",
+                "user_scope" => "master",
+                "type"       => "file",
+                'user_id'    => $user->id,
+            ]);
+
+        $this->getJson("/api/browse/folders/$root->id/public/$share->token")
+            ->assertStatus(200)
+            ->assertExactJson([
+                [
+                    "id"            => $folder->id,
+                    "user_id"       => $user->id,
+                    "parent_id"     => $root->id,
+                    "name"          => "Documents",
+                    "color"         => null,
+                    "emoji"         => null,
+                    "user_scope"    => "master",
+                    "deleted_at"    => null,
+                    "created_at"    => $folder->created_at,
+                    "updated_at"    => $folder->updated_at->toJson(),
+                    "items"         => 0,
+                    "trashed_items" => 0,
+                    "type"          => "folder",
+                ],
+                [
+                    "id"         => $file->id,
+                    "user_id"    => $user->id,
+                    "folder_id"  => $root->id,
+                    "thumbnail"  => null,
+                    "name"       => "Document",
+                    "basename"   => "document.pdf",
+                    "mimetype"   => "application/pdf",
+                    "filesize"   => $file->filesize,
+                    "type"       => "file",
+                    "metadata"   => null,
+                    "user_scope" => "master",
+                    "deleted_at" => null,
+                    "created_at" => $file->created_at,
+                    "updated_at" => $file->updated_at->toJson(),
+                    "file_url"   => "http://localhost/file/document.pdf/public/$share->token",
+                ]
+            ]);
+    }
 }