Merge branch 'release/2.1.0'

README.md

@@ -18,7 +18,7 @@
 * [Installation](./docs/installation.md)
 * [Configuration](./docs/configuration.md)
 * [Integration](./docs/integration.md)
-* [Customization](./docs/customization.md)
+* [ACL](./docs/acl.md)
 
 ## Features
 
@@ -51,6 +51,13 @@
   * TinyMCE 4
   * SummerNote
   * Standalone button
+* ACL - access control list
+  * delimiting access to files and folders
+  * two work strategies:
+    * Positive - Allow everything that is not forbidden by the ACL rules list
+    * Negative - Deny anything, that not allowed by the ACL rules list
+  * You can use different repositories for the rules - an array (configuration file), a database (there is an example implementation), or you can add your own.
+  * You can hide files and folders that are not accessible.
 * Supported locales : ru, en, ar
 
 ## Thanks

config/file-manager.php

@@ -35,10 +35,79 @@
      */
     'windowsConfig' => 2,
 
-    /**
+    /***************************************************************************
      * Middleware
      * Add your middleware name to array -> ['web', 'auth', 'admin']
      * !!!! RESTRICT ACCESS FOR NON ADMIN USERS !!!!
+     *
+     * !!! For using ACL - add 'fm-acl' to array !!! ['web', 'fm-acl']
+     */
+    'middleware' => ['web'],
+
+    /***************************************************************************
+     * ACL mechanism ON/OFF
+     *
+     * default - false(OFF)
+     */
+    'acl' => false,
+
+    /**
+     * Hide files and folders from file-manager if user doesn't have access
+     * ACL access level = 0
+     */
+    'aclHideFromFM' => true,
+
+    /**
+     * ACL strategy
+     *
+     * positive - Allow everything that is not forbidden by the ACL rules list
+     * positive access - 2 (r/w)
+     *
+     * negative - Deny anything, that not allowed by the ACL rules list
+     * negative access - 0 (deny)
+     */
+    'aclStrategy'   => 'positive',
+
+    /**
+     * ACL rules repository
+     *
+     * default - config file(ConfigACLRepository)
+     */
+    'aclRepository' => Alexusmai\LaravelFileManager\ACLService\ConfigACLRepository::class,
+    //'aclRepository' => Alexusmai\LaravelFileManager\ACLService\DBACLRepository::class,
+
+    /**
+     * ACL rules list - used for default repository
+     *
+     * 1 it's user ID
+     * null - for not authenticated user
+     *
+     * 'disk' => 'disk-name'
+     *
+     * 'path' => 'folder-name'
+     * 'path' => 'folder1*' - select folder1, folder12, folder1/sub-folder, ...
+     * 'path' => 'folder2/*' - select folder2/sub-folder,... but not select folder2 !!!
+     * 'path' => 'folder-name/file-name.jpg'
+     * 'path' => 'folder-name/*.jpg'
+     *
+     * * - wildcard
+     *
+     * access: 0 - deny, 1 - read, 2 - read/write
+     */
+    'aclRules'      => [
+        null => [
+            //['disk' => 'public', 'path' => '/', 'access' => 2],
+        ],
+        1 => [
+            //['disk' => 'public', 'path' => 'images/arch*.jpg', 'access' => 2],
+            //['disk' => 'public', 'path' => 'files/*', 'access' => 1],
+        ],
+    ],
+
+    /**
+     * ACL Rules cache
+     *
+     * null or value in minutes
      */
-    'middleware'    => ['web', 'auth']
-];
+    'aclRulesCache' => null,
+];

docs/acl.md

@@ -0,0 +1,57 @@
+## ACL
+
+You can use the access control system to differentiate access to files and folders for different users.
+For this you need to make the following settings.
+Open configuration file - config/file-manager.php
+
+1. Turn ON ACL system and add fm-acl middleware
+
+    ```php
+    // set true
+    'acl' => true,
+
+    // add acl middleware to your array
+    'middleware' => ['web', 'fm-acl'],
+    ```
+
+2. You can hide files and folders to which the user does not have access(access = 0).
+
+    ```php
+    'aclHideFromFM' => true,
+    ```
+3. ACL system operation strategies:
+
+    ```php
+    /**
+     * ACL strategy
+     *
+     * positive - Allow everything that is not forbidden by the ACL rules list
+     * positive access - 2 (r/w)
+     *
+     * negative - Deny anything, that not allowed by the ACL rules list
+     * negative access - 0 (deny)
+     */
+    'aclStrategy'   => 'positive',
+    ```
+
+4. Set the rule repository, the default is the configuration file.
+
+   ```php
+   /**
+    * ACL rules repository
+    *
+    * default - config file(ConfigACLRepository)
+    */
+   'aclRepository' => \Alexusmai\LaravelFileManager\ACLService\ConfigACLRepository::class,
+   ```
+
+   Now you can add your rules in 'aclRules' array. But if you want to store your rules in another place, such as a database, you need to create your own class, and implements two functions from ACLRepository.
+
+   I have already made a similar class for an example, and if it suits you, you can use it. You only need to replace the repository name in the configuration file. And add a new migration to the database.
+
+   ```php
+    php artisan vendor:publish --tag=fm-migrations
+    ```
+
+   See [/src/ACLService/DBACLRepository.php](./../src/ACLService/DBACLRepository.php) and [/migrations/2019_02_06_174631_make_acl_rules_table.php](./../migrations/2019_02_06_174631_make_acl_rules_table.php)
+

docs/configuration.md

@@ -10,4 +10,6 @@ Open configuration file - config/file-manager.php
 
 ## What's next
 
+[ACL](./acl.md)
+
 [Integration](./integration.md)

docs/index.md

@@ -10,7 +10,7 @@
 * [Installation](./installation.md)
 * [Configuration](./configuration.md)
 * [Integration](./integration.md)
-* [Customization](./customization.md)
+* [ACL](./acl.md)
 
 ## Requirements
  * PHP >= 7.0.0

docs/integration.md

@@ -1,6 +1,6 @@
 ## Integration
 
-> See examples in /examples folder
+> See examples in [examples](./../examples) folder
 
 ### CKEditor 4
 
@@ -89,7 +89,7 @@ function fmSetLink(url) {
 }
 ```
 
-See example - /examples/summernote.blade.php
+See [example](./../examples/wysiwyg/summernote.blade.php)
 
 ### Standalone button
 

migrations/2019_02_06_174631_make_acl_rules_table.php

@@ -0,0 +1,37 @@
+<?php
+
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Database\Migrations\Migration;
+
+class MakeAclRulesTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('acl_rules', function (Blueprint $table) {
+            $table->increments('id');
+            $table->unsignedInteger('user_id')->nullable();
+            $table->string('disk');
+            $table->string('path');
+            $table->tinyInteger('access');
+            $table->timestamps();
+
+            $table->foreign('user_id')->references('id')->on('users');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('acl_rules');
+    }
+}

resources/lang/ar/response.php

@@ -23,4 +23,6 @@
     'copied'       => 'تم النسخ بنجاح!',
     // zip
     'zipError'     => 'خطأ في إنشاء الأرشيف!',
+    // acl
+    'aclError'     => 'Access denied!',
 ];

resources/lang/en/response.php

@@ -23,4 +23,6 @@
     'copied'       => 'Copied successfully!',
     // zip
     'zipError'     => 'Error creating archive!',
+    // acl
+    'aclError'     => 'Access denied!',
 ];

resources/lang/ru/response.php

@@ -23,4 +23,6 @@
     'copied'       => 'Скопировано!',
     // zip
     'zipError'     => 'Ошибка создания архива!',
+    // acl
+    'aclError'     => 'В доступе отказано!',
 ];

src/ACLService/ACL.php

@@ -0,0 +1,83 @@
+<?php
+
+namespace Alexusmai\LaravelFileManager\ACLService;
+
+use Cache;
+
+class ACL
+{
+    /**
+     * @var ACLRepository
+     */
+    public $aclRepository;
+
+    /**
+     * ACL constructor.
+     *
+     * @param ACLRepository $aclRepository
+     */
+    public function __construct(ACLRepository $aclRepository)
+    {
+        $this->aclRepository = $aclRepository;
+    }
+
+    /**
+     * Get access level for selected path
+     *
+     * @param        $disk
+     * @param string $path
+     *
+     * @return int
+     */
+    public function getAccessLevel($disk, $path = '/')
+    {
+        // get rules list
+        $rules = $this->rulesForDisk($disk);
+
+        // find the first rule where the paths are equal
+        $firstRule = array_first($rules, function ($value) use ($path) {
+            return fnmatch($value['path'], $path);
+        });
+
+        if ($firstRule) {
+            return $firstRule['access'];
+        }
+
+        // positive or negative ACL strategy
+        return config('file-manager.aclStrategy') === 'positive' ? 2 : 0;
+    }
+
+    /**
+     * Select rules for disk
+     *
+     * @param $disk
+     *
+     * @return array
+     */
+    protected function rulesForDisk($disk)
+    {
+        return array_where($this->rulesList(),
+            function ($value) use ($disk) {
+                return $value['disk'] === $disk;
+            });
+    }
+
+    /**
+     * Get rules list from ACL Repository
+     *
+     * @return array|mixed
+     */
+    protected function rulesList()
+    {
+        // if cache on
+        if ($minutes = config('file-manager.aclRulesCache')) {
+            $cacheName = 'fm_acl_'.$this->aclRepository->getUserID();
+
+            return Cache::remember($cacheName, $minutes, function () {
+                return $this->aclRepository->getRules();
+            });
+        }
+
+        return $this->aclRepository->getRules();
+    }
+}

src/ACLService/ACLRepository.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace Alexusmai\LaravelFileManager\ACLService;
+
+/**
+ * Interface ACLRepository
+ *
+ * @package Alexusmai\LaravelFileManager\ACLService
+ */
+interface ACLRepository
+{
+    /**
+     * Get user ID
+     *
+     * @return mixed
+     */
+    public function getUserID();
+
+    /**
+     * Get ACL rules list for user
+     *
+     * You need to return an array, like this:
+     *
+     *  0 => [
+     *      "disk" => "public"
+     *      "path" => "music"
+     *      "access" => 0
+     *  ],
+     *  1 => [
+     *      "disk" => "public"
+     *      "path" => "images"
+     *      "access" => 1
+     *  ]
+     *
+     * OR [] - if no results for selected user
+     *
+     * @return array
+     */
+    public function getRules(): array;
+}