複数未関係アカウントにログインした場合の修正
このコミットが含まれているのは:
コミット
aec3736abb
|
|
@ -21,67 +21,80 @@ class FilesController extends Controller {
|
|||
abort_if(!Storage::disk('private')->exists($path), 404, $err);
|
||||
abort_if(!session()->has('children') && !session()->has('fathers') && !session()->has('admins'), 404, $err);
|
||||
|
||||
if (substr($path, -4) == '.pdf') {
|
||||
if (session()->has('children')) {
|
||||
if (null !== ($rel = FatherRelation::where('child_id', (int)session()->get('children')['id'])->first())) {
|
||||
$got = true;
|
||||
}
|
||||
if (null !== (Meeting::where('father_id', $rel->father_id)->where('pdf', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
else if (session()->has('fathers')) {
|
||||
if (null !== (Meeting::where('father_id', (int)session()->get('fathers')['id'])->where('pdf', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
// 管理者は全部見えます。
|
||||
if (session()->has('admins')) {
|
||||
$got = true;
|
||||
}
|
||||
else {
|
||||
if (null !== ($meetimg = MeetingImage::where('image', '/files/'.$path)->first())) {
|
||||
|
||||
// 既にgotはtrueの場合、スキップ。このチェックが無いと、trueになったらも全部確認する様になります。
|
||||
if (!$got) {
|
||||
// PDFの場合
|
||||
if (substr($path, -4) == '.pdf') {
|
||||
// 子供
|
||||
if (session()->has('children')) {
|
||||
// ミーティング
|
||||
if (null !== ($rel = FatherRelation::where('child_id', (int)session()->get('children')['id'])->first())) {
|
||||
$got = true;
|
||||
if (null !== (Meeting::where('father_id', $rel->father_id)->where('pdf', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
}
|
||||
if (null !== (Meeting::where('id', $meetimg->meeting_id)->where('father_id', $rel->father_id)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
if (session()->has('fathers')) {
|
||||
if (null !== (Meeting::where('id', $meetimg->meeting_id)->where('father_id', (int)session()->get('fathers')['id'])->first())) {
|
||||
// 親
|
||||
if (!$got && session()->has('fathers')) {
|
||||
// ミーティング
|
||||
if (null !== (Meeting::where('father_id', (int)session()->get('fathers')['id'])->where('pdf', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
// 画像の場合
|
||||
else {
|
||||
if (session()->has('children')) {
|
||||
if (null !== (Child::where('id', (int)session()->get('children')['id'])->where('image', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
// ミーティング
|
||||
if (null !== ($meetimg = MeetingImage::where('image', '/files/'.$path)->first())) {
|
||||
// 子供
|
||||
if (session()->has('children')) {
|
||||
if (null !== ($rel = FatherRelation::where('child_id', (int)session()->get('children')['id'])->first())) {
|
||||
if (null !== (Meeting::where('id', $meetimg->meeting_id)->where('father_id', $rel->father_id)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
foreach (FatherRelation::select('father_id')->where('child_id', (int)session()->get('children')['id'])->get() as $rel) {
|
||||
if (null !== (Father::where('id', (int)$rel->father_id)->where('image', '/files/'.$path)->first())) {
|
||||
// 親
|
||||
if (!$got && session()->has('fathers')) {
|
||||
if (null !== (Meeting::where('id', $meetimg->meeting_id)->where('father_id', (int)session()->get('fathers')['id'])->first())) {
|
||||
$got = true;
|
||||
}
|
||||
}
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
if (session()->has('fathers')) {
|
||||
if (null !== (Father::where('id', (int)session()->get('fathers')['id'])->where('image', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
foreach (FatherRelation::select('child_id')->where('father_id', (int)session()->get('fathers')['id'])->get() as $rel) {
|
||||
if (null !== (Child::where('id', (int)$rel->child_id)->where('image', '/files/'.$path)->first())) {
|
||||
else {
|
||||
if (session()->has('children')) {
|
||||
if (null !== (Child::where('id', (int)session()->get('children')['id'])->where('image', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
foreach (FatherRelation::select('father_id')->where('child_id', (int)session()->get('children')['id'])->get() as $rel) {
|
||||
if (null !== (Father::where('id', (int)$rel->father_id)->where('image', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (session()->has('fathers')) {
|
||||
if (null !== (Father::where('id', (int)session()->get('fathers')['id'])->where('image', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
foreach (FatherRelation::select('child_id')->where('father_id', (int)session()->get('fathers')['id'])->get() as $rel) {
|
||||
if (null !== (Child::where('id', (int)$rel->child_id)->where('image', '/files/'.$path)->first())) {
|
||||
$got = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
|
||||
abort_if(!$got, 404, $err);
|
||||
}
|
||||
}
|
||||
|
||||
return Storage::disk('private')->response($path);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
新しいイシューから参照