Файловый менеджер

Файловый менеджер - Редактировать - /home/clickysoft/public_html/charliapp-v2.clickysoft.net/app/Http/Middleware/ShowCollaboratorAccess.php

Назад
<?php namespace App\Http\Middleware; use Closure; use Illuminate\Http\Request; use App\Models\User; use App\Models\Book; use App\Models\Collaboration; use Symfony\Component\HttpFoundation\Response; use App\Traits\CollaboratorTrait; class ShowCollaboratorAccess { use CollaboratorTrait; /** * Handle an incoming request. * * @param \Illuminate\Http\Request $request * @param \Closure(\Illuminate\Http\Request): (\Illuminate\Http\Response\|\Illuminate\Http\RedirectResponse) $next * @return \Illuminate\Http\Response\|\Illuminate\Http\RedirectResponse */ public function handle(Request $request, Closure $next) { $user = auth('sanctum')->user(); $email = $user ? $user->email : null; // if (!$user && $request->email && $request->key) { if ($request->email && $request->key) { // Guest // $check_collaboration = Collaboration::where('email', $request->email)->where('key', $request->key)->first(); // if (!$check_collaboration) { // return response(["success" => false, "message" => "Forbidden access."], 403); // } $user = User::whereEmail($request->email)->first(); $email = $request->email; } if (!$user && !$request->email && !$request->key) { return response(["success" => false, "message" => "Forbidden access."], 403); } $collaboratable_type = ''; if ($request->segment(3) == 'plot-planners' \|\| $request->segment(3) == 'save-plot-lines') { $collaboratable_type = 'plot_planners'; } elseif ($request->segment(3) == 'plot-lines') { $collaboratable_type = 'plot_lines'; } elseif ($request->segment(3) == 'chapters-cards') { $collaboratable_type = 'chapters_cards'; } elseif ($request->segment(3) == 'timeline-characters') { $collaboratable_type = 'timeline_characters'; } elseif ($request->segment(3) == 'timeline-event-types') { $collaboratable_type = 'timeline_event_types'; } elseif ($request->segment(3) == 'brainstorm-rounds') { $collaboratable_type = 'brainstorm_rounds'; } else { $collaboratable_type = $request->segment(3); } $collaboratable_id = $request->segment(4); $main_collaborators_routes_arr = ['books','brainstorms', 'outlines', 'plot_planners', 'timelines']; $child_collaborators_routes_arr = ['chapters','chapters_cards','timeline_characters','timeline_event_types','timeline-event-types-list','timeline-characters-list','brainstorm-rounds-list','brainstorm_rounds']; if (in_array($collaboratable_type, $main_collaborators_routes_arr)) { return $this->checkMainRouteAccessForShowAndGuest($user, $email, $collaboratable_id, $collaboratable_type, $request, $next); } elseif (in_array($collaboratable_type, $child_collaborators_routes_arr)) { return $this->checkChildRouteAccessForShowAndGuest($user, $email, $collaboratable_id, $collaboratable_type, $request, $next); } return $next($request); } private function checkMainRouteAccessForShowAndGuest($user, $email, $collaboratable_id, $collaboratable_type, $request, $next) { $types_arr_except_book = ['brainstorms', 'outlines', 'plot_planners', 'timelines']; $type_record = $this->getModelClass($collaboratable_type)::where('id',$collaboratable_id)->first(); // owner access if ($user?->id === $type_record?->user_id) { return $next($request); } elseif (!$type_record) { $book = Book::where('id', $request?->book_id)->where('user_id', $user?->id)->first(); if ($book) { return $next($request); } } elseif ($collaboratable_type === 'books' && !$collaboratable_id) { // book add return response(["success" => false, "message" => "Forbidden access."], 403); } elseif ($collaboratable_type !== 'books' && !$collaboratable_id) { // except book add $collaboratable_id = $request->book_id ? $request->book_id : null; $collaboratable_type = 'books'; } // collaborator access if (!$request->key) { $collaboration = Collaboration::where('collaboratable_id', $collaboratable_id) ->where('collaboratable_type', $collaboratable_type) ->where('email', $email) ->first(); } else { $collaboration = Collaboration::where('collaboratable_id', $collaboratable_id) ->where('collaboratable_type', $collaboratable_type) ->where('email', $email) ->where('key', $request->key) ->first(); } if ($collaboration) { return $next($request); } // collaborator access further check in parents if (in_array($collaboratable_type, $types_arr_except_book)) { $book_collaboration = Collaboration::where('collaboratable_id', $type_record ? $type_record->book_id : $request?->book_id) ->where('collaboratable_type', 'books') ->where('email', $email) ->first(); if ($book_collaboration) { return $next($request); } } return response(["success" => false, "message" => "Forbidden access."], 403); } private function checkChildRouteAccessForShowAndGuest($user, $email, $collaboratable_id, $collaboratable_type, $request, $next) { $type_record = null; if ($collaboratable_type == 'chapters') { $outline_id = $request->outline_id; if ($request->isMethod('get')) { $type_record = $this->getModelClass('chapters')::where('id',$collaboratable_id)->first(); $outline_id = $type_record?->outline_id; } $type_record = $this->getModelClass('outlines')::where('id',$outline_id)->first(); return $this->checkCollaboratorAccessShowAndGuest($user, $email, $type_record, $type_record?->id, 'outlines', $request, $next); } elseif ($collaboratable_type == 'chapters_cards') { $chapter_id = $request->chapter_id; if ($request->isMethod('get')) { $type_record = $this->getModelClass('chapters_cards')::where('id',$collaboratable_id)->first(); $chapter_id = $type_record?->chapter_id; } $type_record = $this->getModelClass('chapters')::where('id',$chapter_id)->first(); return $this->checkCollaboratorAccessShowAndGuest($user, $email, $type_record, $type_record?->outline_id, 'outlines', $request, $next); } elseif ($collaboratable_type == 'timeline_characters') { $timeline_id = $request->timeline_id; if ($request->isMethod('get')) { $type_record = $this->getModelClass('timeline_characters')::where('id',$collaboratable_id)->first(); $timeline_id = $type_record?->timeline_id; } $type_record = $this->getModelClass('timelines')::where('id',$timeline_id)->first(); return $this->checkCollaboratorAccessShowAndGuest($user, $email, $type_record, $type_record?->id, 'timelines', $request, $next); } elseif ($collaboratable_type == 'timeline_event_types') { $timeline_id = $request->timeline_id; if ($request->isMethod('get')) { $type_record = $this->getModelClass('timeline_event_types')::where('id',$collaboratable_id)->first(); $timeline_id = $type_record?->timeline_id; } $type_record = $this->getModelClass('timelines')::where('id',$timeline_id)->first(); return $this->checkCollaboratorAccessShowAndGuest($user, $email, $type_record, $type_record?->id, 'timelines', $request, $next); } elseif ($collaboratable_type == 'timeline-characters-list' \|\| $collaboratable_type == 'timeline-event-types-list') { $timeline_id = $collaboratable_id; $type_record = $this->getModelClass('timelines')::where('id',$timeline_id)->first(); return $this->checkCollaboratorAccessShowAndGuest($user, $email, $type_record, $type_record?->id, 'timelines', $request, $next); } elseif ($collaboratable_type == 'brainstorm-rounds-list' \|\| $collaboratable_type == 'brainstorm_rounds') { $brainstorm_id = $collaboratable_id; $type_record = $this->getModelClass('brainstorms')::where('id',$brainstorm_id)->first(); return $this->checkCollaboratorAccessShowAndGuest($user, $email, $type_record, $type_record?->id, 'brainstorms', $request, $next); } } }

| ver. 1.4 | Github | . | PHP 8.1.29 | Генерация страницы: 0 | proxy | phpinfo | Настройка