File: /home/xedaptot/ai.naniguide.com/app/Http/Controllers/Api/AppDirectoryApiController.php
<?php
namespace App\Http\Controllers\Api;
use App\Library\Assets\AssetManagerInterface;
use App\Library\Assets\DirectoryAssetManager;
use App\Model\User;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
/**
* Dedicated endpoint hosting {@see DirectoryAssetManager}, which is rooted
* at base_path(). Admin-only — base_path() contains source code, .env,
* vendor/, etc. so this MUST stay locked down.
*
* Inherits list/upload/delete/rename/view/createFile request handlers from
* {@see FileManagerApiController} and only overrides the resolver.
*/
class AppDirectoryApiController extends FileManagerApiController
{
protected function resolveManager(Request $request): AssetManagerInterface
{
$user = \Auth::guard('api')->user();
if (!$user instanceof User) {
abort(Response::HTTP_UNAUTHORIZED, 'Unauthorized');
}
if (!$user->isAdmin()) {
abort(Response::HTTP_FORBIDDEN, 'Admin only');
}
return new DirectoryAssetManager();
}
}