Individual photo page now takes notice of private albums and doesn't allow the access to be circumvented
This commit is contained in:
parent
3ed309ec01
commit
7a59ac03fd
@ -4,6 +4,7 @@ namespace App\Http\Controllers\Gallery;
|
|||||||
|
|
||||||
use App\Album;
|
use App\Album;
|
||||||
use App\Facade\Theme;
|
use App\Facade\Theme;
|
||||||
|
use App\Helpers\DbHelper;
|
||||||
use app\Http\Controllers\Admin\AlbumController;
|
use app\Http\Controllers\Admin\AlbumController;
|
||||||
use App\Http\Controllers\Controller;
|
use App\Http\Controllers\Controller;
|
||||||
use App\Photo;
|
use App\Photo;
|
||||||
@ -14,10 +15,17 @@ class PhotoController extends Controller
|
|||||||
{
|
{
|
||||||
public function download(Request $request, $albumUrlAlias, $photoFilename)
|
public function download(Request $request, $albumUrlAlias, $photoFilename)
|
||||||
{
|
{
|
||||||
$album = PhotoController::loadAlbumByAlias($albumUrlAlias);
|
$album = DbHelper::loadAlbumByUrlAlias($albumUrlAlias);
|
||||||
|
if (is_null($album))
|
||||||
|
{
|
||||||
|
App::abort(404);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
$this->authorize('album.view', $album);
|
||||||
|
|
||||||
$albumSource = $album->getAlbumSource();
|
$albumSource = $album->getAlbumSource();
|
||||||
|
|
||||||
$thumbnail = $request->get('t', $albumSource->getOriginalsFolder());
|
$thumbnail = $request->get('t');
|
||||||
$photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);
|
$photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);
|
||||||
|
|
||||||
return response()->file($albumSource->getPathToPhoto($photo, $thumbnail));
|
return response()->file($albumSource->getPathToPhoto($photo, $thumbnail));
|
||||||
@ -25,29 +33,21 @@ class PhotoController extends Controller
|
|||||||
|
|
||||||
public function show($albumUrlAlias, $photoFilename)
|
public function show($albumUrlAlias, $photoFilename)
|
||||||
{
|
{
|
||||||
$album = PhotoController::loadAlbumByAlias($albumUrlAlias);
|
$album = DbHelper::loadAlbumByUrlAlias($albumUrlAlias);
|
||||||
$photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);
|
|
||||||
|
|
||||||
return Theme::render('gallery.photo', [
|
|
||||||
'album' => $album,
|
|
||||||
'photo' => $photo
|
|
||||||
]);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param $id
|
|
||||||
* @return Album
|
|
||||||
*/
|
|
||||||
public static function loadAlbumByAlias($alias)
|
|
||||||
{
|
|
||||||
$album = Album::where('url_alias', $alias)->first();
|
|
||||||
if (is_null($album))
|
if (is_null($album))
|
||||||
{
|
{
|
||||||
App::abort(404);
|
App::abort(404);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $album;
|
$this->authorize('album.view', $album);
|
||||||
|
|
||||||
|
$photo = PhotoController::loadPhotoByAlbumAndFilename($album, $photoFilename);
|
||||||
|
|
||||||
|
return Theme::render('gallery.photo', [
|
||||||
|
'album' => $album,
|
||||||
|
'photo' => $photo
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -0,0 +1,39 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
|
||||||
|
class AddAlbumPrivacyColumn extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
Schema::table('albums', function (Blueprint $table) {
|
||||||
|
$table->boolean('is_private');
|
||||||
|
$table->unsignedInteger('user_id');
|
||||||
|
|
||||||
|
$table->foreign('user_id')
|
||||||
|
->references('id')->on('users')
|
||||||
|
->onDelete('no action');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::table('albums', function (Blueprint $table) {
|
||||||
|
$table->dropForeign('albums_user_id_foreign');
|
||||||
|
$table->dropColumn('user_id');
|
||||||
|
$table->dropColumn('is_private');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user