From 817b2f392fd624c439addc37d23c65be4adb1390 Mon Sep 17 00:00:00 2001
From: Chirag Chhatrala <60499540+chiragchhatrala@users.noreply.github.com>
Date: Wed, 5 Jun 2024 18:31:23 +0530
Subject: [PATCH] =?UTF-8?q?Fixed=20-=20Guest=20users=20can=E2=80=99t=20upl?=
 =?UTF-8?q?oad=20images=20(#435)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/Http/Controllers/Forms/FormController.php | 4 +---
 routes/api.php                                | 2 +-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Forms/FormController.php b/app/Http/Controllers/Forms/FormController.php
index a70ff511..cbc188e2 100644
--- a/app/Http/Controllers/Forms/FormController.php
+++ b/app/Http/Controllers/Forms/FormController.php
@@ -23,7 +23,7 @@ class FormController extends Controller
 
     public function __construct()
     {
-        $this->middleware('auth');
+        $this->middleware('auth', ['except' => ['uploadAsset']]);
         $this->formCleaner = new FormCleaner();
     }
 
@@ -217,8 +217,6 @@ class FormController extends Controller
      */
     public function uploadAsset(UploadAssetRequest $request)
     {
-        $this->authorize('viewAny', Form::class);
-
         $fileNameParser = StorageFileNameParser::parse($request->url);
 
         // Make sure we retrieve the file in tmp storage, move it to persistent
diff --git a/routes/api.php b/routes/api.php
index f5484c3c..9cdb8e8a 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -122,7 +122,7 @@ Route::group(['middleware' => 'auth:api'], function () {
             Route::post(
                 '/assets/upload',
                 [FormController::class, 'uploadAsset']
-            )->name('assets.upload');
+            )->withoutMiddleware(['auth:api'])->name('assets.upload');
             Route::get(
                 '/{id}/uploaded-file/{filename}',
                 [FormController::class, 'viewFile']