From 5ab31a81910b580bf3f86377926ef2d1fb58fac6 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Wed, 14 May 2025 18:15:20 +0100
Subject: [PATCH] Images: Updated local disk to have open dir perms

Closes #5605
---
 app/Config/filesystems.php         |  1 +
 app/Uploads/ImageStorageDisk.php   |  3 ++-
 tests/Uploads/ImageStorageTest.php | 30 ++++++++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 tests/Uploads/ImageStorageTest.php

diff --git a/app/Config/filesystems.php b/app/Config/filesystems.php
index ab507a2f8..ab73fec29 100644
--- a/app/Config/filesystems.php
+++ b/app/Config/filesystems.php
@@ -34,6 +34,7 @@ return [
             'root'       => public_path(),
             'serve'      => false,
             'throw'      => true,
+            'directory_visibility' => 'public',
         ],
 
         'local_secure_attachments' => [
diff --git a/app/Uploads/ImageStorageDisk.php b/app/Uploads/ImageStorageDisk.php
index 8e364831f..f2667d993 100644
--- a/app/Uploads/ImageStorageDisk.php
+++ b/app/Uploads/ImageStorageDisk.php
@@ -7,6 +7,7 @@ use Illuminate\Contracts\Filesystem\Filesystem;
 use Illuminate\Filesystem\FilesystemAdapter;
 use Illuminate\Support\Facades\Log;
 use League\Flysystem\UnableToSetVisibility;
+use League\Flysystem\Visibility;
 use Symfony\Component\HttpFoundation\StreamedResponse;
 
 class ImageStorageDisk
@@ -85,7 +86,7 @@ class ImageStorageDisk
         // require different ACLs for S3, and this provides us more logical control.
         if ($makePublic && !$this->isS3Like()) {
             try {
-                $this->filesystem->setVisibility($path, 'public');
+                $this->filesystem->setVisibility($path, Visibility::PUBLIC);
             } catch (UnableToSetVisibility $e) {
                 Log::warning("Unable to set visibility for image upload with relative path: {$path}");
             }
diff --git a/tests/Uploads/ImageStorageTest.php b/tests/Uploads/ImageStorageTest.php
new file mode 100644
index 000000000..117da7f52
--- /dev/null
+++ b/tests/Uploads/ImageStorageTest.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Tests\Uploads;
+
+use BookStack\Uploads\ImageStorage;
+use Tests\TestCase;
+
+class ImageStorageTest extends TestCase
+{
+    public function test_local_image_storage_sets_755_directory_permissions()
+    {
+        if (PHP_OS_FAMILY !== 'Linux') {
+            $this->markTestSkipped('Test only works on Linux');
+        }
+
+        config()->set('filesystems.default', 'local');
+        $storage = $this->app->make(ImageStorage::class);
+        $dirToCheck = 'test-dir-perms-' . substr(md5(random_bytes(16)), 0, 6);
+
+        $disk = $storage->getDisk('gallery');
+        $disk->put("{$dirToCheck}/image.png", 'abc', true);
+
+        $expectedPath = public_path("uploads/images/{$dirToCheck}");
+        $permissionsApplied = substr(sprintf('%o', fileperms($expectedPath)), -4);
+        $this->assertEquals('0755', $permissionsApplied);
+
+        @unlink("{$expectedPath}/image.png");
+        @rmdir($expectedPath);
+    }
+}