From 3c7d63c0602058ffb06c05053225ce9339f4dec4 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 3 Nov 2022 13:52:23 -0700 Subject: [PATCH] Disallow uploads if app is locked Signed-off-by: snipe --- .../Accessories/AccessoriesFilesController.php | 11 ++++++++++- .../Components/ComponentsFilesController.php | 5 +++++ .../Consumables/ConsumablesFilesController.php | 4 ++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/app/Http/Controllers/Accessories/AccessoriesFilesController.php b/app/Http/Controllers/Accessories/AccessoriesFilesController.php index cc6dcfb97f..ef701020d8 100644 --- a/app/Http/Controllers/Accessories/AccessoriesFilesController.php +++ b/app/Http/Controllers/Accessories/AccessoriesFilesController.php @@ -27,10 +27,16 @@ class AccessoriesFilesController extends Controller */ public function store(AssetFileRequest $request, $accessoryId = null) { + + if (config('app.lock_passwords')) { + return redirect()->route('accessories.show', ['accessory'=>$accessoryId])->with('error', trans('general.feature_disabled')); + } + + $accessory = Accessory::find($accessoryId); if (isset($accessory->id)) { - $this->authorize('update', $accessory); + $this->authorize('accessories.files', $accessory); if ($request->hasFile('file')) { if (! Storage::exists('private_uploads/accessories')) { @@ -129,9 +135,12 @@ class AccessoriesFilesController extends Controller */ public function show($accessoryId = null, $fileId = null, $download = true) { + \Log::debug('Private filesystem is: '.config('filesystems.default')); $accessory = Accessory::find($accessoryId); + + // the accessory is valid if (isset($accessory->id)) { $this->authorize('view', $accessory); diff --git a/app/Http/Controllers/Components/ComponentsFilesController.php b/app/Http/Controllers/Components/ComponentsFilesController.php index d9f59f1d90..3fc93b74e5 100644 --- a/app/Http/Controllers/Components/ComponentsFilesController.php +++ b/app/Http/Controllers/Components/ComponentsFilesController.php @@ -27,6 +27,11 @@ class ComponentsFilesController extends Controller */ public function store(AssetFileRequest $request, $componentId = null) { + + if (config('app.lock_passwords')) { + return redirect()->route('components.show', ['component'=>$componentId])->with('error', trans('general.feature_disabled')); + } + $component = Component::find($componentId); if (isset($component->id)) { diff --git a/app/Http/Controllers/Consumables/ConsumablesFilesController.php b/app/Http/Controllers/Consumables/ConsumablesFilesController.php index 51c0d3bf8c..9b4007a43b 100644 --- a/app/Http/Controllers/Consumables/ConsumablesFilesController.php +++ b/app/Http/Controllers/Consumables/ConsumablesFilesController.php @@ -27,6 +27,10 @@ class ConsumablesFilesController extends Controller */ public function store(AssetFileRequest $request, $consumableId = null) { + if (config('app.lock_passwords')) { + return redirect()->route('consumables.show', ['consumable'=>$consumableId])->with('error', trans('general.feature_disabled')); + } + $consumable = Consumable::find($consumableId); if (isset($consumable->id)) {