netgescon-day0/app/Http/Controllers/Admin/InsurancePolicyAssetViewController.php

58 lines
2.1 KiB
PHP

<?php
namespace App\Http\Controllers\Admin;
use App\Http\Controllers\Controller;
use App\Models\InsurancePolicy;
use App\Models\User;
use App\Support\StabileContext;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Storage;
use Symfony\Component\HttpFoundation\BinaryFileResponse;
class InsurancePolicyAssetViewController extends Controller
{
public function show(InsurancePolicy $policy, string $asset): BinaryFileResponse
{
$user = Auth::user();
if (! $user instanceof User) {
abort(403);
}
if (! $user->hasAnyRole(['super-admin', 'admin', 'amministratore', 'collaboratore'])) {
abort(403);
}
$accessible = StabileContext::accessibleStabili($user)
->contains(fn($stabile) => (int) ($stabile->id ?? 0) === (int) $policy->stabile_id);
abort_unless($accessible, 403);
[$path, $mime, $downloadName] = match ($asset) {
'document' => [
trim((string) ($policy->policy_document_path ?? '')),
trim((string) ($policy->policy_document_mime ?? '')),
(string) ($policy->policy_document_name ?: ($policy->display_name . '.pdf')),
],
'signature' => [
trim((string) ($policy->signature_image_path ?? '')),
'',
'firma-' . (int) $policy->id . '.' . pathinfo((string) ($policy->signature_image_path ?? 'firma.png'), PATHINFO_EXTENSION),
],
default => abort(404),
};
if ($path === '' || ! Storage::disk('public')->exists($path)) {
abort(404);
}
$absolutePath = Storage::disk('public')->path($path);
$resolvedMime = $mime !== '' ? $mime : ((string) (Storage::disk('public')->mimeType($path) ?: 'application/octet-stream'));
return response()->file($absolutePath, [
'Content-Type' => $resolvedMime,
'Cache-Control' => 'private, max-age=300',
'Content-Disposition' => 'inline; filename="' . addslashes($downloadName) . '"',
]);
}
}