id !== $project->business_id || $project->id !== $task['project_id'] // || $task['user_id']!== Auth::id() ) { \abort(Response::HTTP_UNAUTHORIZED); } return [$business, $project, $task]; } public function index(int $business, int $project, int $task) { // check permissions // owner project // admin project // colleague project // guest or de active // return files as file resource [$business, $project, $task] = $this->checkBelonging($business, $project, $task); return FileResource::collection($task->files); } public function sync(Request $request,int $business, int $project, int $task) { // different size and different validation // validate // validate the wallet is not so much in debt // create record in the db // put file in s3 // return file resource [$business, $project, $task] = $this->checkBelonging($business,$project,$task); $this->validate($request, [ 'files' => 'required|array', 'files.*' => 'int', ]); $files = File::find($request->files)->each(function (File $file) { if ($file->user_id !== Auth::id()) { abort(Response::HTTP_UNAUTHORIZED); } }); // sync return FileResource::collection($files); } public function download(int $business, int $project, int $task, int $file) { // requested file belongs to this project and this business // check permisson // create perma link or temp link // return the file resource or stream it [$business, $project, $task] = $this->checkBelonging($business, $project, $task); $file = File::find($file); if ($file->user_id !== Auth::id()) { abort(Response::HTTP_UNAUTHORIZED); } return $file->getTemporaryLink(); } }