0
I’m having trouble structuring my controller Arquivocontroller. Main points of difficulty:
- Select that repeats in different methods
- I am restricting the search for the logged-in user ID, it would be but appropriate to use policy for this purpose, if yes, how to do this?
- At some points I use $this->Authorize('files', $Arq), this approach is correct?
Obs: the source code of the project is available at: https://github.com/fabiojaniolima/WebUpload
<?php
namespace App\Http\Controllers\Painel;
use Auth;
use App\Models\Arquivo;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Support\Facades\File;
use Illuminate\Support\Facades\Storage;
class ArquivoController extends Controller
{
private $redirect;
public function __construct()
{
$this->redirect = '/painel/arquivos';
}
public function index()
{
$arquivos = Arquivo::join('tags', 'tags.id', '=', 'arquivos.tag_id')
->where('tags.user_id', Auth::id())
->orderBy('created_at', 'desc')
->select('arquivos.*')
->paginate(25);
return view('painel.arquivos.index', compact('arquivos'));
}
public function download($id)
{
$arq = Arquivo::join('tags', 'tags.id', '=', 'arquivos.tag_id')
->where('arquivos.id', $id)
->first();
if (!$arq)
abort(404);
$this->authorize('arquivos', $arq);
$caminho = storage_path('app/' . $arq->caminho);
return response()->download($caminho, str_slug($arq->titulo, '-') . '.' . File::extension($caminho));
}
public function detalhes($id)
{
$arq = Arquivo::join('tags', 'tags.id', '=', 'arquivos.tag_id')
->where('arquivos.id', $id)
->first();
if (!$arq)
abort(404);
$this->authorize('arquivos', $arq);
$path_arq = storage_path('app/' . $arq->caminho);
$info = (object) [
'id' => $id,
'titulo' => $arq->titulo,
'extensao' => File::extension($path_arq),
'tamanho' => File::size($path_arq),
'carregado' => $arq->created_at->format('d/m/Y à\s H:i:s'),
'owner' => $arq->email,
'tag' => $arq->tag,
'md5' => hash_file('md5', $path_arq),
'sha256' => hash_file('sha256', $path_arq)
];
return view('/painel/arquivos/detalhes', compact('info'));
}
public function excluir($id)
{
$arq = Arquivo::join('tags', 'tags.id', '=', 'arquivos.tag_id')
->where('arquivos.id', $id)
->first();
if (!$arq)
abort(404);
$this->authorize('arquivos', $arq);
Storage::delete($arq->caminho);
$arq = Arquivo::find($id);
$arq->delete();
return redirect($this->redirect)
->with(['status' => 'success', 'msg' => 'Arquivo excluido!']);
}
}
one thing! at the time of showing the files you made a filter by
tags.user_idall right, but in the other methods should have repeated thiswhere, if you don’t think? (if you don’t have any user logged in you can see any file!!!)– novic
So you’re wrong Fabio, well that’s my opinion.
– novic
I did not repeat the filter because I am using $this->Authorize('files', $Arq); the filter is there in the app Providers Authserviceprovider.php, I did this because the Provider itself already displays a 403 page of denied access. I could not put the same approach in the index() method because I can not deny access to the page, only prevent the visualization of records...
– Fábio Jânio