#2: Added an intermediate step to the quick-post/upload feature that validates the request

2017-09-10 15:25:59 +01:00 · 2017-09-10 15:25:59 +01:00 · fee2841910
commit fee2841910
parent 544d3c5153
5 changed files with 49 additions and 2 deletions
--- a/app/Http/Controllers/Admin/DefaultController.php
+++ b/app/Http/Controllers/Admin/DefaultController.php
@ -9,6 +9,7 @@ use App\Facade\UserConfig;
 use App\Group;
 use App\Helpers\ConfigHelper;
 use App\Helpers\DbHelper;
+use App\Helpers\MiscHelper;
 use App\Http\Controllers\Controller;
 use App\Http\Requests\SaveSettingsRequest;
 use App\Label;
@ -56,6 +57,36 @@ class DefaultController extends Controller
        ]);
    }

+    public function quickUpload(Request $request)
+    {
+        $this->authorizeAccessToAdminPanel('admin:manage-albums');
+
+        $returnUrl = $request->headers->get('referer');
+        if (!MiscHelper::isSafeUrl($returnUrl))
+        {
+            $returnUrl = route('home');
+        }
+
+        // Pre-validate the upload before passing to the Photos controller
+        $files = $request->files->get('photo');
+        if (!is_array($files) || count($files) == 0)
+        {
+            $request->session()->flash('error', trans('admin.quick_upload.no_image_provided'));
+            return redirect($returnUrl);
+        }
+
+        $albumID = $request->get('album_id');
+        if (intval($albumID) == 0)
+        {
+            $request->session()->flash('error', trans('admin.quick_upload.no_album_selected'));
+            return redirect($returnUrl);
+        }
+
+        /** @var PhotoController $photoController */
+        $photoController = app(PhotoController::class);
+        return $photoController->store($request);
+    }
+
    public function saveSettings(SaveSettingsRequest $request)
    {
        $this->authorizeAccessToAdminPanel('admin:configure');
--- a/app/Http/Middleware/GlobalConfiguration.php
+++ b/app/Http/Middleware/GlobalConfiguration.php
@ -51,6 +51,7 @@ class GlobalConfiguration
            $this->addThemeInfoToView();
            $this->addAlbumsToView();
            $this->addLabelsToView();
+            $this->addFlashMessages();
        }

        // Set the default mail configuration as per user's requirements
@ -68,6 +69,16 @@ class GlobalConfiguration
        View::share('g_albums_upload', $albumsToUpload);
    }

+    private function addFlashMessages()
+    {
+        /** @var Request $request */
+        $request = app('request');
+        if ($request->session()->has('error'))
+        {
+            View::share('error', $request->session()->get('error'));
+        }
+    }
+
    private function addLabelsToView()
    {
        $NUMBER_TO_SHOW_IN_NAVBAR = 5;
--- a/resources/lang/en/admin.php
+++ b/resources/lang/en/admin.php
@ -146,6 +146,10 @@ return [
        'rotate_left' => 'Rotate left',
        'rotate_right' => 'Rotate right'
    ],
+    'quick_upload' => [
+        'no_album_selected' => 'Please select an album to upload your photo(s) into.',
+        'no_image_provided' => 'Please select one or more images to upload.'
+    ],
    'redirects_heading' => 'Redirects',
    'redirects_actions_heading' => 'Actions',
    'redirects_source_url_heading' => 'Source Address',
--- a/resources/views/themes/base/partials/quick_upload.blade.php
+++ b/resources/views/themes/base/partials/quick_upload.blade.php
@ -1,4 +1,4 @@
-<form method="POST" action="{{ route('photos.store') }}" enctype="multipart/form-data">
+<form method="POST" action="{{ route('admin.quickUpload') }}" enctype="multipart/form-data">
    {{ csrf_field() }}
    <input type="hidden" name="queue_token" value="{{ Misc::randomString() }}"/>
    <div class="modal" id="quick-upload-modal">
@ -30,7 +30,7 @@
                </div>
                <div class="modal-footer">
                    <button type="button" class="btn btn-link" data-dismiss="modal">@lang('forms.cancel_action')</button>
-                    <button type="submit" class="btn btn-success" onclick="this.disabled = true;"><i class="fa fa-upload"></i> @lang('forms.upload_action')</button>
+                    <button type="submit" class="btn btn-success"><i class="fa fa-upload"></i> @lang('forms.upload_action')</button>
                </div>
            </div>
        </div>
--- a/routes/web.php
+++ b/routes/web.php
@ -16,6 +16,7 @@ Auth::routes();
 // Administration
 Route::group(['prefix' => 'admin'], function () {
    Route::get('/', 'Admin\DefaultController@index')->name('admin');
+    Route::post('quick-upload', 'Admin\DefaultController@quickUpload')->name('admin.quickUpload');
    Route::post('settings/save', 'Admin\DefaultController@saveSettings')->name('admin.saveSettings');
    Route::post('settings/test-email', 'Admin\DefaultController@testMailSettings')->name('admin.testMailSettings');
    Route::get('settings', 'Admin\DefaultController@settings')->name('admin.settings');