API aktiviert / Anpassungen + User Übersicht Gutschriften Umsätze

2021-05-18 19:02:18 +02:00 · 2021-05-18 19:02:18 +02:00 · a4c76d06fa
commit a4c76d06fa
parent c02fffd883
27 changed files with 500 additions and 110 deletions
--- a/app/Http/Controllers/FileController.php
+++ b/app/Http/Controllers/FileController.php
@ -6,6 +6,7 @@ use Storage;
 use Response;
 use App\Services\Credit;
 use App\Services\Invoice;
+use Auth;

 class FileController extends Controller
 {
@ -18,24 +19,32 @@ class FileController extends Controller
    {
    }

+    private function isPermission($user_id){
+
+        if(Auth::user()->isAdmin() || $user_id == Auth::user()->id){
+            return true;
+        }
+       abort(404);
+
+    }

    public function show($id = null, $disk = null, $do='file')
    {
        $path = "";
        $filename = "";

-
        if($disk === 'user'){
            $file = \App\Models\File::findOrFail($id);
+            $this->isPermission($file->user_id);
            $path = Storage::disk($disk)->path($file->dir.$file->filename);
            if (file_exists($path)) {
                return Response::file($path);
            }
        }
            
-
        if ($disk === 'invoice'){
            $shopping_order = \App\Models\ShoppingOrder::findOrFail($id);
+            $this->isPermission($shopping_order->auth_user_id);
            $filename = Invoice::getFilename($shopping_order);   
            $path = Invoice::getDownloadPath($shopping_order);
            if (!Storage::disk('public')->exists($path)) {
@ -64,8 +73,11 @@ class FileController extends Controller

        if ($disk === 'credit'){
            $UserCredit = \App\Models\UserCredit::findOrFail($id);
+            $this->isPermission($UserCredit->auth_user_id);
+
            $filename = Credit::getFilename($UserCredit);   
            $path = Credit::getDownloadPath($UserCredit);
+
            if (!Storage::disk('public')->exists($path)) {
                return Response::make('File no found.', 404);
            }