From 80663b5285f701d9252d3447f901c3a60c60addb Mon Sep 17 00:00:00 2001
From: Favour Olayinka <csskfaves@gmail.com>
Date: Thu, 15 Aug 2024 12:04:12 +0100
Subject: [PATCH] allow upload routes for impersonation (#526)

---
 app/Http/Middleware/ImpersonationMiddleware.php | 3 +++
 routes/api.php                                  | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/ImpersonationMiddleware.php b/app/Http/Middleware/ImpersonationMiddleware.php
index a1b194a8..ef13336c 100644
--- a/app/Http/Middleware/ImpersonationMiddleware.php
+++ b/app/Http/Middleware/ImpersonationMiddleware.php
@@ -58,6 +58,8 @@ class ImpersonationMiddleware
 
         'user.current',
         'local.temp',
+        'vapor.signed-storage-url',
+        'upload-file'
     ];
 
     /**
@@ -78,6 +80,7 @@ class ImpersonationMiddleware
 
         // Check that route is allowed
         $routeName = $request->route()->getName();
+        ray($routeName);
         if (!in_array($routeName, self::ALLOWED_ROUTES)) {
             return response([
                 'message' => 'Unauthorized when impersonating',
diff --git a/routes/api.php b/routes/api.php
index 166bd70e..5ef45b09 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -330,11 +330,11 @@ Route::post(
 Route::post(
     '/vapor/signed-storage-url',
     [\App\Http\Controllers\Content\SignedStorageUrlController::class, 'store']
-)->middleware([]);
+)->name('vapor.signed-storage-url');
 Route::post(
     '/upload-file',
     [\App\Http\Controllers\Content\FileUploadController::class, 'upload']
-)->middleware([]);
+)->name('upload-file');
 
 Route::get('local/temp/{path}', function (Request $request, string $path) {
     if (!$request->hasValidSignature()) {