42 lines
1.4 KiB
PHP
42 lines
1.4 KiB
PHP
<?php
|
|
|
|
namespace App\Http\Controllers\Api\Messaging;
|
|
|
|
use App\Http\Controllers\Controller;
|
|
use App\Models\MessageAttachment;
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Support\Facades\Storage;
|
|
use Symfony\Component\HttpFoundation\StreamedResponse;
|
|
|
|
class AttachmentController extends Controller
|
|
{
|
|
public function show(Request $request, int $id)
|
|
{
|
|
$attachment = MessageAttachment::query()
|
|
->with('message:id,conversation_id')
|
|
->findOrFail($id);
|
|
|
|
$conversationId = (int) ($attachment->message?->conversation_id ?? 0);
|
|
abort_if($conversationId <= 0, 404, 'Attachment not available.');
|
|
|
|
$authorized = \App\Models\ConversationParticipant::query()
|
|
->where('conversation_id', $conversationId)
|
|
->where('user_id', $request->user()->id)
|
|
->whereNull('left_at')
|
|
->exists();
|
|
|
|
abort_unless($authorized, 403, 'You are not allowed to access this attachment.');
|
|
|
|
$diskName = (string) config('messaging.attachments.disk', 'local');
|
|
$disk = Storage::disk($diskName);
|
|
|
|
return new StreamedResponse(function () use ($disk, $attachment): void {
|
|
echo $disk->get($attachment->storage_path);
|
|
}, 200, [
|
|
'Content-Type' => $attachment->mime,
|
|
'Content-Disposition' => 'inline; filename="' . addslashes($attachment->original_name) . '"',
|
|
'Content-Length' => (string) $attachment->size_bytes,
|
|
]);
|
|
}
|
|
}
|