protected function getStorageDiskName(string $imageType): string
{
$storageType = config('filesystems.images');
+ $localSecureInUse = ($storageType === 'local_secure' || $storageType === 'local_secure_restricted');
// Ensure system images (App logo) are uploaded to a public space
- if ($imageType === 'system' && $storageType === 'local_secure') {
- $storageType = 'local';
+ if ($imageType === 'system' && $localSecureInUse) {
+ return 'local';
}
// Rename local_secure options to get our image specific storage driver which
// is scoped to the relevant image directories.
- if ($storageType === 'local_secure' || $storageType === 'local_secure_restricted') {
- $storageType = 'local_secure_images';
+ if ($localSecureInUse) {
+ return 'local_secure_images';
}
return $storageType;
{
try {
$thumb = $this->imageTool->make($imageData);
- } catch (ErrorException|NotSupportedException $e) {
+ } catch (ErrorException | NotSupportedException $e) {
throw new ImageUploadException(trans('errors.cannot_create_thumbs'));
}
}
$storagePath = $this->adjustPathForStorageDisk($storagePath);
+
+ // Apply access control when local_secure_restricted images are active
+ if ($this->usingSecureRestrictedImages()) {
+ if (!$this->checkUserHasAccessToRelationOfImageAtPath($storagePath)) {
+ return null;
+ }
+ }
+
$storage = $this->getStorageDisk();
$imageData = null;
if ($storage->exists($storagePath)) {
*/
protected function checkUserHasAccessToRelationOfImageAtPath(string $path): bool
{
+ if (strpos($path, '/uploads/images/') === 0) {
+ $path = substr($path, 15);
+ }
+
// Strip thumbnail element from path if existing
- $originalPathSplit = array_filter(explode('/', $path), function(string $part) {
+ $originalPathSplit = array_filter(explode('/', $path), function (string $part) {
$resizedDir = (strpos($part, 'thumbs-') === 0 || strpos($part, 'scaled-') === 0);
$missingExtension = strpos($part, '.') === false;
+
return !($resizedDir && $missingExtension);
});
projects / bookstack / blobdiff