diff --git a/app/Http/Controllers/Api/ImportController.php b/app/Http/Controllers/Api/ImportController.php index 69703770f3..0432f27dd2 100644 --- a/app/Http/Controllers/Api/ImportController.php +++ b/app/Http/Controllers/Api/ImportController.php @@ -15,6 +15,7 @@ use Illuminate\Database\Eloquent\JsonEncodingException; use Illuminate\Support\Facades\Request; use Illuminate\Support\Facades\Session; use Illuminate\Support\Facades\Storage; +use Illuminate\Support\Str; use League\Csv\Reader; use Onnov\DetectEncoding\EncodingDetector; use Symfony\Component\HttpFoundation\File\Exception\FileException; @@ -149,7 +150,9 @@ class ImportController extends Controller } $date = date('Y-m-d-his'); - $fixed_filename = str_slug($file->getClientOriginalName()); + + $fixed_filename = Str::of($file->getClientOriginalName())->basename('.csv').'.csv'; + try { $file->move($path, $date.'-'.$fixed_filename); } catch (FileException $exception) { @@ -211,36 +214,47 @@ class ImportController extends Controller $redirectTo = 'hardware.index'; switch ($request->get('import-type')) { case 'asset': + $model_perms = 'App\Models\Asset'; $redirectTo = 'hardware.index'; break; case 'assetModel': + $model_perms = 'App\Models\AssetModel'; $redirectTo = 'models.index'; break; case 'accessory': + $model_perms = 'App\Models\Accessory'; $redirectTo = 'accessories.index'; break; case 'consumable': + $model_perms = 'App\Models\Consumable'; $redirectTo = 'consumables.index'; break; case 'component': + $model_perms = 'App\Models\Component'; $redirectTo = 'components.index'; break; case 'license': + $model_perms = 'App\Models\License'; $redirectTo = 'licenses.index'; break; case 'user': + $model_perms = 'App\Models\User'; $redirectTo = 'users.index'; break; case 'location': + $model_perms = 'App\Models\Location'; $redirectTo = 'locations.index'; break; case 'supplier': + $model_perms = 'App\Models\Supplier'; $redirectTo = 'suppliers.index'; break; case 'manufacturer': + $model_perms = 'App\Models\Manufacturer'; $redirectTo = 'manufacturers.index'; break; case 'category': + $model_perms = 'App\Models\Category'; $redirectTo = 'categories.index'; break; } @@ -251,7 +265,11 @@ class ImportController extends Controller //Flash message before the redirect Session::flash('success', trans('admin/hardware/message.import.success')); - return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route($redirectTo)])); + if (auth()->user()->can('view', $model_perms)) { + return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route($redirectTo)])); + } + + return response()->json(Helper::formatStandardApiResponse('success', null, ['redirect_url' => route('imports.index')])); } /** @@ -261,18 +279,25 @@ class ImportController extends Controller */ public function destroy($import_id) : JsonResponse { - $this->authorize('create', Asset::class); + $this->authorize('import'); if ($import = Import::find($import_id)) { + + + if ((auth()->user()->id != $import->created_by) && (!auth()->user()->isSuperUser())) { + return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning'))); + } + + try { // Try to delete the file Storage::delete('imports/'.$import->file_path); - $import->delete(); + // $import->delete(); return response()->json(Helper::formatStandardApiResponse('success', null, trans('admin/hardware/message.import.file_delete_success'))); } catch (\Exception $e) { // If the file delete didn't work, remove it from the database anyway and return a warning - $import->delete(); + // $import->delete(); return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning'))); } @@ -280,4 +305,6 @@ class ImportController extends Controller } return response()->json(Helper::formatStandardApiResponse('warning', null, trans('admin/hardware/message.import.file_not_deleted_warning'))); } + + }