STEMMechanics/Website
1
0
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects Releases 3 Wiki Activity

media security_type updates

Browse Source
This commit is contained in:
James Collins
2023-09-29 07:19:33 +10:00
parent d9c0c8f1d8
commit 42f2baca5e
12 changed files with 219 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/Conductors/MediaConductor.php
View File

@@ -69,10 +69,12 @@ class MediaConductor extends Conductor
{
$user = auth()->user();
if ($user === null) {
$builder->where('security_type', '');
$builder->where('security_type', '')
->orWhere('security_type', 'password');
} else {
$builder->where(function ($query) use ($user) {
$query->where('security_type', '')
->orWhere('security_type', 'password')
->orWhere(function ($subquery) use ($user) {
$subquery->where('security_type', 'permission')
->whereIn('security_data', $user->permissions);
@@ -89,12 +91,14 @@ class MediaConductor extends Conductor
*/
public static function viewable(Model $model): bool
{
if ($model->permission !== '') {
if (strcasecmp('permission', $model->security_type) === 0) {
/** @var \App\Models\User */
$user = auth()->user();
if ($user === null || $user->hasPermission($model->permission) === false) {
if ($user === null || $user->hasPermission($model->security_data) === false) {
return false;
}
} else if($model->security_type !== '' && strcasecmp('password', $model->security_type) !== 0) {
return false;
}
return true;

40
app/Http/Controllers/Api/MediaController.php
View File

@@ -170,6 +170,13 @@ class MediaController extends ApiController
if($data['security']['type'] === '') {
$data['security']['data'] = '';
}
if(strcasecmp($data['security']['type'], $medium->security_type) !== 0) {
if($request->has('storage') === false) {
$mime_type = $request->get('mime_type', $medium->mime_type);
$data['storage'] = Media::recommendedStorage($mime_type, $data['security']['type']);
}
}
}
if(array_key_exists('storage', $data) === true &&
@@ -288,16 +295,16 @@ class MediaController extends ApiController
* @param \App\Models\Media $medium Specified media.
* @return \Illuminate\Http\Response
*/
public function download(Request $request, Media $medium)
public function download(Request $request, Media $media)
{
$headers = [];
/* Check file exists */
if(Storage::disk($medium->storage)->exists($medium->name) === true) {
if(Storage::disk($media->storage)->exists($media->name) === false) {
return $this->respondNotFound();
}
$updated_at = Carbon::parse(Storage::disk($medium->storage)->lastModified($medium->name));
$updated_at = Carbon::parse(Storage::disk($media->storage)->lastModified($media->name));
$headerPragma = 'no-cache';
$headerCacheControl = 'max-age=0, must-revalidate';
@@ -316,21 +323,21 @@ class MediaController extends ApiController
}
}
if ($medium->security_type === '') {
if ($media->security_type === '') {
/* no security */
$headerPragma = 'public';
$headerExpires = $updated_at->addMonth()->toRfc2822String();
} else if (strcasecmp('password', $medium->security_type) === 0) {
} else if (strcasecmp('password', $media->security_type) === 0) {
/* password */
if(
($user === null || $user->hasPermission('admin/media') === false) &&
($request->has('password') === false || $request->get('password') !== $medium->security_data)) {
($request->has('password') === false || $request->get('password') !== $media->security_data)) {
return $this->respondForbidden();
}
} else if (strcasecmp('permission', $medium->security_type) === 0) {
} else if (strcasecmp('permission', $media->security_type) === 0) {
/* permission */
if(
$user === null || ($user->hasPermission('admin/media') === false && $user->hasPermission($medium->security_data) === false)) {
$user === null || ($user->hasPermission('admin/media') === false && $user->hasPermission($media->security_data) === false)) {
return $this->respondForbidden();
}
}//end if
@@ -341,7 +348,7 @@ class MediaController extends ApiController
$headers = [
'Cache-Control' => $headerCacheControl,
'Content-Disposition' => sprintf('inline; filename="%s"', basename($medium->name)),
'Content-Disposition' => sprintf('inline; filename="%s"', basename($media->name)),
'Etag' => $headerEtag,
'Expires' => $headerExpires,
'Last-Modified' => $headerLastModified,
@@ -360,15 +367,16 @@ class MediaController extends ApiController
return response()->make('', 304, $headers);
}
$headers['Content-Type'] = Storage::disk($medium->storage)->mimeType($medium->name);
$headers['Content-Length'] = Storage::disk($medium->storage)->size($medium->name);
$headers['Content-Disposition'] = 'inline; filename="' . basename($medium->name) . '"';
$headers['Content-Type'] = Storage::disk($media->storage)->mimeType($media->name);
$headers['Content-Length'] = Storage::disk($media->storage)->size($media->name);
$headers['Content-Disposition'] = 'attachment; filename="' . basename($media->name) . '"';
$stream = Storage::disk($medium->storage)->readStream($medium->name);
$stream = Storage::disk($media->storage)->readStream($media->name);
return response()->stream(
function () use ($stream) {
fclose($stream);
},
function() use($stream) {
while(ob_get_level() > 0) ob_end_flush();
fpassthru($stream);
},
200,
$headers
);

19
app/Models/Media.php
View File

@@ -327,7 +327,7 @@ class Media extends Model
public function getUrlPath(): string
{
$url = config("filesystems.disks.$this->storage.url");
return "$url/";
return "$url";
}
/**
@@ -985,11 +985,28 @@ class Media extends Model
return $this->hasMany(MediaJob::class, 'media_id');
}
public static function recommendedStorage(string $mime_type, string $security_type): string {
if($mime_type === '') {
return 'cdn';
}
if($security_type === '') {
if (strpos($mime_type, 'image/') === 0) {
return('local');
} else {
return('cdn');
}
}
return('private');
}
public static function verifyStorage($mime_type, $security_type, &$storage): int {
if($mime_type === '') {
return Media::STORAGE_MIME_MISSING;
}
Log::info('verify: ' . $storage);
if($storage === '') {
if($security_type === '') {
if (strpos($mime_type, 'image/') === 0) {