public function show($id) { $file = HouseholdAttachment::find($id); if (!$file) { abort(404); } if (!Auth::user()->hasRole('admin') && $file->owner_user_id != Auth::user()) { abort(403); } return response(Storage::disk('forms')->get($file->path))->header('Content-type', 'none'); }
public function upload_attachment(Request $request) { $file = $request->file('file'); if (!$file->isValid()) { return ["error" => $file->getErrorMessage()]; } if (!Auth::user()->hasRole('admin') && Household::findOrFail($request->household_id)->nominator_user_id != Auth::user()->id) { return ["error" => "permission denied"]; } $path = "user-" . Auth::user()->id . "/" . md5_file($file->getPathName()) . "_" . $file->getClientOriginalName(); $res = Storage::disk("forms")->put($path, fopen($file->getPathName(), "r")); if (!$res) { return ["error" => "failed"]; } $attachment = new HouseholdAttachment(); $attachment->owner_user_id = Auth::user()->id; $attachment->path = $path; $attachment->household_id = $request->household_id; $attachment->save(); return ["ok" => true, "path" => $path, "id" => $attachment->id]; }