feat: add MediaCollection enum and implement media download permissions

app/Enums/MediaCollection.php

@@ -0,0 +1,10 @@
+<?php
+
+namespace App\Enums;
+
+enum MediaCollection: string
+{
+    case MANUSCRIPT = 'manuscript';
+    case SUPPLEMENTARY_FILE = 'supplementary_file';
+    case PUBLICATION = 'publication';
+}

app/Enums/SupplementaryFileType.php

@@ -4,17 +4,11 @@
 
 enum SupplementaryFileType: string
 {
-    const MANUSCRIPT_RECORD_FORM = 'manuscript_record_form';
-
-    const AUTHOR_AGREEMENT = 'author_agreement';
-
-    const JOINT_COPYRIGHT_AGREEMENT = 'joint_copyright_agreement';
-
-    const PREPRINT = 'preprint';
-
-    const AUTHORS_ACCEPTED_MANUSCRIPT = 'authors_accepted_manuscript';
-
-    const ERRATA = 'errata';
-
-    const OTHER = 'other';
+    case MANUSCRIPT_RECORD_FORM = 'manuscript_record_form';
+    case AUTHOR_AGREEMENT = 'author_agreement';
+    case JOINT_COPYRIGHT_AGREEMENT = 'joint_copyright_agreement';
+    case PREPRINT = 'preprint';
+    case AUTHORS_ACCEPTED_MANUSCRIPT = 'authors_accepted_manuscript';
+    case ERRATA = 'errata';
+    case OTHER = 'other';
 }

app/Http/Controllers/ManuscriptRecordFileController.php

@@ -21,6 +21,10 @@ public function index(Request $request, ManuscriptRecord $manuscriptRecord)
 
         $media = $manuscriptRecord->getManuscriptFiles();
 
+        // get manuscript model and all required relations to avoid n+1
+        $manuscriptRecord->load('manuscriptAuthors.author', 'managementReviewSteps', 'shareables');
+        $media->each(fn ($media) => $media->setRelation('model', $manuscriptRecord));
+
         return MediaResource::collection($media->sortBy('created_at', SORT_REGULAR, true));
     }
 

app/Http/Controllers/PublicationFileController.php

@@ -21,6 +21,17 @@ public function index(Publication $publication)
 
         $media = $publication->getMedia('publication');
 
+        // get publication model and all required relations to avoid n+1
+        $publication->load([
+            'manuscriptRecord' => [
+                'manuscriptAuthors.author',
+                'managementReviewSteps',
+                'shareables',
+            ],
+            'publicationAuthors.author',
+        ]);
+        $media->each(fn ($media) => $media->setRelation('model', $publication));
+
         return MediaResource::collection($media->sortBy('created_at', SORT_REGULAR, true));
     }
 
@@ -53,10 +64,10 @@ public function show(Request $request, Publication $publication, string $uuid)
     {
         Gate::authorize('view', $publication);
 
-        $media = $publication->getMedia('publication')->where('uuid', $uuid)->first();
+        $media = $publication->getPublicationFile($uuid);
 
         $download = $request->query('download', false);
-        if ($download && Gate::allows('viewPdf', $publication)) {
+        if ($download && Gate::allows('downloadMedia', [$publication,$media])) {
             return $media;
         }
 

app/Http/Controllers/PublicationSupplementaryFileController.php

@@ -0,0 +1,88 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Enums\SupplementaryFileType;
+use App\Http\Resources\MediaResource;
+use App\Models\Publication;
+use Exception;
+use Illuminate\Contracts\Filesystem\FileNotFoundException;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Gate;
+use Illuminate\Validation\Rule;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+class PublicationSupplementaryFileController extends Controller
+{
+    /**
+     * Display a listing of the resource.
+     */
+    public function index(Publication $publication)
+    {
+        Gate::authorize('view', $publication);
+
+        $media = $publication->getMedia('supplementary_file');
+
+        return MediaResource::collection($media->sortBy('created_at', SORT_REGULAR, true));
+    }
+
+    /**
+     * Store a newly created resource in storage.
+     */
+    public function store(Request $request, Publication $publication)
+    {
+        Gate::authorize('update', $publication);
+
+        $validated = $request->validate([
+            'pdf' => 'required|file|mimes:pdf|max:50000',
+            'supplementary_file_type' => ['required', Rule::enum(SupplementaryFileType::class)],
+            'description' => 'nullable|string',
+        ]);
+
+        $media = $publication->addSupplementaryFile($validated['pdf'], $validated['supplementary_file_type'], $validated['description'] ?? null);
+
+        activity()
+            ->performedOn($publication)
+            ->withProperties($media->toArray())
+            ->causedBy($request->user())
+            ->log('publication.file.uploaded');
+
+        return new MediaResource($media);
+    }
+
+    /**
+     * Display the specified resource.
+     */
+    public function show(Request $request, Publication $publication, string $uuid)
+    {
+        Gate::authorize('view', $publication);
+
+        $media = $publication->getSupplementaryFile($uuid);
+
+        $download = $request->query('download', false);
+        if ($download && Gate::allow('viewSupplementaryPdf', $publication, $media)) {
+            return $media;
+        }
+
+        return MediaResource::make($media);
+
+    }
+
+    /**
+     * Remove the specified resource from storage.
+     */
+    public function destroy(Publication $publication, string $uuid)
+    {
+        Gate::authorize('update', $publication);
+
+        try {
+            $publication->deleteSupplementaryFile($uuid);
+        } catch (FileNotFoundException $e) {
+            throw new NotFoundHttpException('File not found.');
+        } catch (Exception $e) {
+            return response()->json([
+                'message' => 'This file is locked.',
+            ], 403);
+        }
+    }
+}

app/Http/Resources/MediaResource.php

@@ -4,6 +4,7 @@
 
 use App\Enums\SensitivityLabel;
 use Illuminate\Http\Resources\Json\JsonResource;
+use Illuminate\Support\Facades\Gate;
 
 class MediaResource extends JsonResource
 {
@@ -16,16 +17,23 @@ class MediaResource extends JsonResource
     public function toArray($request)
     {
         return [
-            'uuid' => $this->uuid,
-            'file_name' => $this->file_name,
-            'size_bytes' => $this->size,
-            'created_at' => $this->created_at,
-            'collection_name' => $this->collection_name,
-            'mime_type' => $this->mime_type,
-            'locked' => $this->getCustomProperty('locked', false),
-            'sensitivity_label' => $this->getCustomProperty('sensitivity_label', SensitivityLabel::Unclassified),
-            'supplementary_file_type' => $this->when($this->hasCustomProperty('supplementary_file_type'), $this->getCustomProperty('supplementary_file_type')),
-            'description' => $this->when($this->hasCustomProperty('description'), $this->getCustomProperty('description')),
+            'data' => [
+                'uuid' => $this->uuid,
+                'file_name' => $this->file_name,
+                'size_bytes' => $this->size,
+                'created_at' => $this->created_at,
+                'collection_name' => $this->collection_name,
+                'mime_type' => $this->mime_type,
+                'locked' => $this->getCustomProperty('locked', false),
+                'sensitivity_label' => $this->getCustomProperty('sensitivity_label', SensitivityLabel::Unclassified),
+                'supplementary_file_type' => $this->when($this->hasCustomProperty('supplementary_file_type'), $this->getCustomProperty('supplementary_file_type')),
+                'description' => $this->when($this->hasCustomProperty('description'), $this->getCustomProperty('description')),
+            ],
+            'can' => [
+                'update' => Gate::allows('update', $this->resource),
+                'delete' => Gate::allows('delete', $this->resource),
+                'download' => Gate::allows('download', $this->resource),
+            ],
         ];
     }
 }

app/Models/ManuscriptRecord.php

@@ -5,6 +5,7 @@
 use App\Contracts\Fundable;
 use App\Enums\ManuscriptRecordStatus;
 use App\Enums\ManuscriptRecordType;
+use App\Enums\MediaCollection;
 use App\Enums\SensitivityLabel;
 use App\Models\Concerns\HasUlid;
 use App\Traits\FundableTrait;
@@ -18,6 +19,7 @@
 use Illuminate\Database\Eloquent\Relations\MorphMany;
 use Illuminate\Database\Eloquent\Relations\MorphToMany;
 use Illuminate\Database\Eloquent\SoftDeletes;
+use Illuminate\Support\Facades\Validator;
 use Spatie\Activitylog\LogOptions;
 use Spatie\Activitylog\Traits\LogsActivity;
 use Spatie\MediaLibrary\HasMedia;
@@ -153,7 +155,7 @@ public function publication(): HasOne
      */
     public function registerMediaCollections(): void
     {
-        $this->addMediaCollection('manuscript')
+        $this->addMediaCollection(MediaCollection::MANUSCRIPT->value)
             ->acceptsMimeTypes(['application/pdf']);
     }
 
@@ -162,15 +164,15 @@ public function registerMediaCollections(): void
      */
     public function getLastManuscriptFile()
     {
-        return $this->getMedia('manuscript')->last();
+        return $this->getMedia(MediaCollection::MANUSCRIPT->value)->last();
     }
 
     /**
      * Get manuscript files media model.
      */
     public function getManuscriptFiles()
     {
-        return $this->getMedia('manuscript');
+        return $this->getMedia(MediaCollection::MANUSCRIPT->value);
     }
 
     /**
@@ -186,21 +188,21 @@ public function addManuscriptFile($file, $preserveOriginal = false)
                 'sensitivity_label' => SensitivityLabel::ProtectedA,
             ])
             ->preservingOriginal($preserveOriginal)
-            ->toMediaCollection('manuscript');
+            ->toMediaCollection(MediaCollection::MANUSCRIPT->value);
 
     }
 
     public function getManuscriptFile($uuid)
     {
-        return $this->getMedia('manuscript')->where('uuid', $uuid)->first();
+        return $this->getMedia(MediaCollection::MANUSCRIPT->value)->where('uuid', $uuid)->first();
     }
 
     /**
      * Delete a manuscript file
      */
     public function deleteManuscriptFile($uuid, $force = false)
     {
-        $media = $this->getMedia('manuscript')->where('uuid', $uuid)->first();
+        $media = $this->getMedia(MediaCollection::MANUSCRIPT->value)->where('uuid', $uuid)->first();
         if (! $media) {
             throw new FileNotFoundException('File not found.');
         }
@@ -236,7 +238,7 @@ public function lockManuscriptFiles()
      */
     public function validateIsFilled(bool $noExceptions = false): bool
     {
-        $validator = \Validator::make($this->toArray(), [
+        $validator = Validator::make($this->toArray(), [
             'title' => 'required',
             'abstract' => 'required',
             'pls' => 'required',

app/Models/Publication.php

@@ -3,7 +3,9 @@
 namespace App\Models;
 
 use App\Contracts\Fundable;
+use App\Enums\MediaCollection;
 use App\Enums\PublicationStatus;
+use App\Enums\SupplementaryFileType;
 use App\Traits\FundableTrait;
 use Exception;
 use Illuminate\Contracts\Filesystem\FileNotFoundException;
@@ -17,6 +19,7 @@
 use Spatie\MediaLibrary\HasMedia;
 use Spatie\MediaLibrary\InteractsWithMedia;
 use Spatie\MediaLibrary\MediaCollections\Models\Media;
+use Symfony\Component\HttpFoundation\File\UploadedFile;
 
 class Publication extends Model implements Fundable, HasMedia
 {
@@ -83,23 +86,29 @@ public function publicationAuthors(): HasMany
     // media
     public function registerMediaCollections(): void
     {
-        $this->addMediaCollection('publication')
+        $this->addMediaCollection(MediaCollection::PUBLICATION->value)
+            ->acceptsMimeTypes(['application/pdf']);
+
+        $this->addMediaCollection(MediaCollection::SUPPLEMENTARY_FILE->value)
             ->acceptsMimeTypes(['application/pdf']);
     }
 
+    /**
+     * Add publication file media model.
+     */
     public function addPublicationFile($file, $preserveOriginal = false): Media
     {
         return $this->addMedia($file)
             ->preservingOriginal($preserveOriginal)
-            ->toMediaCollection('publication');
+            ->toMediaCollection(MediaCollection::PUBLICATION->value);
     }
 
     /**
      * Get publication file media model.
      */
     public function getPublicationFile($uuid)
     {
-        return $this->getMedia('publication')->where('uuid', $uuid)->first();
+        return $this->getMedia(MediaCollection::PUBLICATION->value)->where('uuid', $uuid)->first();
     }
 
     /**
@@ -122,6 +131,53 @@ public function deletePublicationFile($uuid, $force = false): void
         $media->delete();
     }
 
+    /**
+     * Add supplementary file media model.
+     */
+    public function addSupplementaryFile(string|UploadedFile $file, SupplementaryFileType $type, ?string $description = null, $preserveOriginal = false): Media
+    {
+
+        $properties = [
+            'supplementary_file_type' => $type->value,
+        ];
+        if ($description) {
+            $properties['description'] = $description;
+        }
+
+        return $this->addMedia($file)
+            ->preservingOriginal($preserveOriginal)
+            ->withCustomProperties($properties)
+            ->toMediaCollection(MediaCollection::SUPPLEMENTARY_FILE->value);
+    }
+
+    /**
+     * Get supplementary file media model.
+     */
+    public function getSupplementaryFile($uuid)
+    {
+        return $this->getMedia(MediaCollection::SUPPLEMENTARY_FILE->value)->where('uuid', $uuid)->first();
+    }
+
+    /**
+     * Delete supplementary file media model.
+     */
+    public function deleteSupplementaryFile($uuid, $force = false): void
+    {
+        $media = $this->getSupplementaryFile($uuid);
+        if (! $media) {
+            throw new FileNotFoundException('File not found.');
+        }
+        if ($force) {
+            $media->delete();
+
+            return;
+        }
+        if ($media->getCustomProperty('locked', false)) {
+            throw new Exception('Cannot delete locked file.');
+        }
+        $media->delete();
+    }
+
     /** Is the publication under embargo? */
     public function isUnderEmbargo(): bool
     {