HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: /home/xedaptot/ai.naniguide.com/app/Http/Controllers/Api/AppDirectoryApiController.php
<?php

namespace App\Http\Controllers\Api;

use App\Library\Assets\AssetManagerInterface;
use App\Library\Assets\DirectoryAssetManager;
use App\Model\User;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * Dedicated endpoint hosting {@see DirectoryAssetManager}, which is rooted
 * at base_path(). Admin-only — base_path() contains source code, .env,
 * vendor/, etc. so this MUST stay locked down.
 *
 * Inherits list/upload/delete/rename/view/createFile request handlers from
 * {@see FileManagerApiController} and only overrides the resolver.
 */
class AppDirectoryApiController extends FileManagerApiController
{
    protected function resolveManager(Request $request): AssetManagerInterface
    {
        $user = \Auth::guard('api')->user();
        if (!$user instanceof User) {
            abort(Response::HTTP_UNAUTHORIZED, 'Unauthorized');
        }
        if (!$user->isAdmin()) {
            abort(Response::HTTP_FORBIDDEN, 'Admin only');
        }
        return new DirectoryAssetManager();
    }
}