Файловый менеджер

Файловый менеджер - Редактировать - /home/clickysoft/public_html/charliapp-v2.clickysoft.net/app/Http/Middleware/CollaboratorAccess.php

Назад
<?php namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; use App\Models\Book; use App\Models\Collaboration; use Symfony\Component\HttpFoundation\Response; use App\Traits\CollaboratorTrait; class CollaboratorAccess { use CollaboratorTrait; /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response\|\Illuminate\Http\RedirectResponse) $next * @return \Illuminate\Http\Response\|\Illuminate\Http\RedirectResponse */ public function handle(Request $request, Closure $next) { // add,update,delete $user = auth()->user(); $collaboratable_type = ''; if ($request->segment(3) == 'plot-planners' \|\| $request->segment(3) == 'save-plot-lines') { $collaboratable_type = 'plot_planners'; } elseif ($request->segment(3) == 'plot-lines') { $collaboratable_type = 'plot_lines'; } elseif ($request->segment(3) == 'chapters-cards') { $collaboratable_type = 'chapters_cards'; } elseif ($request->segment(3) == 'timeline-characters') { $collaboratable_type = 'timeline_characters'; } elseif ($request->segment(3) == 'timeline-event-types') { $collaboratable_type = 'timeline_event_types'; } elseif ($request->segment(3) == 'timeline-event-blocks') { $collaboratable_type = 'timeline_event_blocks'; } elseif ($request->segment(3) == 'brainstorm-rounds') { $collaboratable_type = 'brainstorm_rounds'; } else { $collaboratable_type = $request->segment(3); } $collaboratable_id = $request->segment(4); $types_arr_except_book = ['brainstorms', 'outlines', 'plot_planners', 'timelines']; $main_collaborators_routes_arr = ['books','brainstorms', 'outlines', 'plot_planners', 'timelines']; $child_collaborators_routes_arr = ['chapters','chapters_cards','timeline_characters','timeline_event_types','timeline_event_blocks','brainstorm_rounds']; if (in_array($collaboratable_type, $main_collaborators_routes_arr)) { return $this->checkMainRouteAccess($user, $collaboratable_id, $collaboratable_type, $request, $next, $types_arr_except_book); } elseif (in_array($collaboratable_type, $child_collaborators_routes_arr)) { return $this->checkChildRouteAccess($user, $collaboratable_id, $collaboratable_type, $request, $next); } return $next($request); } private function checkMainRouteAccess($user, $collaboratable_id, $collaboratable_type, $request, $next, $types_arr_except_book) { $type_record = $this->getModelClass($collaboratable_type)::where('id',$collaboratable_id)->first(); // owner access if ($user->id === $type_record?->user_id) { return $next($request); } elseif (!$type_record) { $book = Book::where('id', $request?->book_id)->where('user_id', $user->id)->first(); if ($book) { return $next($request); } } elseif ($collaboratable_type === 'books' && !$collaboratable_id) { // book add return response(["success" => false, "message" => "Forbidden access."], 403); } elseif ($collaboratable_type !== 'books' && !$collaboratable_id) { // except book add $collaboratable_id = $request->book_id ? $request->book_id : null; $collaboratable_type = 'books'; } // collaborator access $collaboration = Collaboration::where('collaboratable_id', $collaboratable_id) ->where('collaboratable_type', $collaboratable_type) ->where('user_id', $user->id) ->where('role', 'editor') ->first(); if ($collaboration) { return $next($request); } // collaborator access further check in parents if (in_array($collaboratable_type, $types_arr_except_book)) { $book_collaboration = Collaboration::where('collaboratable_id', $type_record ? $type_record->book_id : $request?->book_id) ->where('collaboratable_type', 'books') ->where('user_id', $user->id) ->where('role', 'editor') ->first(); if ($book_collaboration) { return $next($request); } } return response(["success" => false, "message" => "Forbidden access."], 403); } private function checkChildRouteAccess($user, $collaboratable_id, $collaboratable_type, $request, $next) { $type_record = null; if ($collaboratable_type == 'chapters') { $outline_id = $request->outline_id; if ($request->isMethod('delete') \|\| $request->isMethod('put')) { $type_record = $this->getModelClass('chapters')::where('id',$collaboratable_id)->first(); $outline_id = $type_record?->outline_id; } $type_record = $this->getModelClass('outlines')::where('id',$outline_id)->first(); return $this->checkCollaboratorAccess($user, $type_record, $type_record?->id, 'outlines', $request, $next); } elseif ($collaboratable_type == 'chapters_cards') { $chapter_id = $request->chapter_id; if ($request->isMethod('delete') \|\| $request->isMethod('put')) { $type_record = $this->getModelClass('chapters_cards')::where('id',$collaboratable_id)->first(); $chapter_id = $type_record?->chapter_id; } $type_record = $this->getModelClass('chapters')::where('id',$chapter_id)->first(); return $this->checkCollaboratorAccess($user, $type_record, $type_record?->outline_id, 'outlines', $request, $next); } elseif ($collaboratable_type == 'timeline_characters') { $timeline_id = $request->timeline_id; if ($request->isMethod('delete') \|\| $request->isMethod('put')) { $type_record = $this->getModelClass('timeline_characters')::where('id',$collaboratable_id)->first(); $timeline_id = $type_record?->timeline_id; } $type_record = $this->getModelClass('timelines')::where('id',$timeline_id)->first(); return $this->checkCollaboratorAccess($user, $type_record, $type_record?->id, 'timelines', $request, $next); } elseif ($collaboratable_type == 'timeline_event_types') { $timeline_id = $request->timeline_id; if ($request->isMethod('delete') \|\| $request->isMethod('put')) { $type_record = $this->getModelClass('timeline_event_types')::where('id',$collaboratable_id)->first(); $timeline_id = $type_record?->timeline_id; } $type_record = $this->getModelClass('timelines')::where('id',$timeline_id)->first(); return $this->checkCollaboratorAccess($user, $type_record, $type_record?->id, 'timelines', $request, $next); } elseif ($collaboratable_type == 'timeline_event_blocks') { $event_type_id = $request->event_type_id; if ($request->isMethod('delete') \|\| $request->isMethod('put')) { $type_record = $this->getModelClass('timeline_event_blocks')::where('id',$collaboratable_id)->first(); $event_type_id = $type_record?->event_type_id; } $type_record = $this->getModelClass('timeline_event_types')::where('id',$event_type_id)->first(); return $this->checkCollaboratorAccess($user, $type_record, $type_record?->timeline_id, 'timelines', $request, $next); } elseif ($collaboratable_type == 'brainstorm_rounds') { $brainstorm_id = $request->brainstorm_id; if ($request->isMethod('delete') \|\| $request->isMethod('put')) { $type_record = $this->getModelClass('brainstorm_rounds')::where('id',$collaboratable_id)->first(); $brainstorm_id = $type_record?->brainstorm_id; } $type_record = $this->getModelClass('brainstorms')::where('id',$brainstorm_id)->first(); return $this->checkCollaboratorAccess($user, $type_record, $type_record?->id, 'brainstorms', $request, $next); } } }

| ver. 1.4 | Github | . | PHP 8.1.29 | Генерация страницы: 0 | proxy | phpinfo | Настройка