user(); if (!$user || !$user->roles()->where('name', 'ROLE_ADMIN')->exists()) { return response()->json(['message' => 'Forbidden'], 403); } return null; } public function index(Request $request): JsonResponse { if ($error = $this->ensureAdmin($request)) { return $error; } $extensions = AttachmentExtension::query() ->with('group') ->orderBy('extension') ->get() ->map(fn (AttachmentExtension $extension) => $this->serializeExtension($extension)); return response()->json($extensions); } public function publicIndex(): JsonResponse { $extensions = AttachmentExtension::query() ->whereNotNull('attachment_group_id') ->whereHas('group', fn ($query) => $query->where('is_active', true)) ->orderBy('extension') ->pluck('extension') ->filter() ->values(); return response()->json($extensions); } public function store(Request $request): JsonResponse { if ($error = $this->ensureAdmin($request)) { return $error; } $data = $this->validatePayload($request, true); $extension = $this->normalizeExtension($data['extension']); if ($extension === '') { return response()->json(['message' => 'Invalid extension.'], 422); } if (AttachmentExtension::query()->where('extension', $extension)->exists()) { return response()->json(['message' => 'Extension already exists.'], 422); } $created = AttachmentExtension::create([ 'extension' => $extension, 'attachment_group_id' => $data['attachment_group_id'] ?? null, 'allowed_mimes' => $data['allowed_mimes'] ?? null, ]); $created->load('group'); return response()->json($this->serializeExtension($created), 201); } public function update(Request $request, AttachmentExtension $attachmentExtension): JsonResponse { if ($error = $this->ensureAdmin($request)) { return $error; } $data = $this->validatePayload($request, false); if (array_key_exists('attachment_group_id', $data)) { $attachmentExtension->attachment_group_id = $data['attachment_group_id']; } if (array_key_exists('allowed_mimes', $data)) { $attachmentExtension->allowed_mimes = $data['allowed_mimes']; } $attachmentExtension->save(); $attachmentExtension->load('group'); return response()->json($this->serializeExtension($attachmentExtension)); } public function destroy(Request $request, AttachmentExtension $attachmentExtension): JsonResponse { if ($error = $this->ensureAdmin($request)) { return $error; } if (Attachment::query()->where('attachment_extension_id', $attachmentExtension->id)->exists()) { return response()->json(['message' => 'Extension is in use.'], 422); } $attachmentExtension->delete(); return response()->json(null, 204); } private function validatePayload(Request $request, bool $requireExtension): array { $rules = [ 'attachment_group_id' => ['nullable', 'integer', 'exists:attachment_groups,id'], 'allowed_mimes' => ['nullable', 'array'], 'allowed_mimes.*' => ['string', 'max:150'], ]; if ($requireExtension) { $rules['extension'] = ['required', 'string', 'max:30']; } return $request->validate($rules); } private function normalizeExtension(string $value): string { return ltrim(strtolower(trim($value)), '.'); } private function serializeExtension(AttachmentExtension $extension): array { return [ 'id' => $extension->id, 'extension' => $extension->extension, 'attachment_group_id' => $extension->attachment_group_id, 'allowed_mimes' => $extension->allowed_mimes, 'group' => $extension->group ? [ 'id' => $extension->group->id, 'name' => $extension->group->name, 'is_active' => $extension->group->is_active, ] : null, ]; } }