/**
* Serves up files only after passing access checks
*
* @return void
*/
public function downloadTask()
{
// Incoming
$section = Request::getVar('section', '');
$category = Request::getVar('category', '');
$thread_id = Request::getInt('thread', 0);
$post_id = Request::getInt('post', 0);
$file = Request::getVar('file', '');
// Instantiate an attachment object
if (!$post_id) {
$attach = Attachment::oneByThread($thread_id, $file);
} else {
$attach = Attachment::oneByPost($post_id);
}
if (!$attach->get('filename')) {
App::abort(404, Lang::txt('COM_FORUM_FILE_NOT_FOUND'));
}
// Get the parent ticket the file is attached to
$post = $attach->post();
if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) {
App::abort(404, ang::txt('COM_FORUM_POST_NOT_FOUND'));
}
// Check logged in status
if (User::isGuest() && !in_array($post->get('access'), User::getAuthorisedViewLevels())) {
$return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '§ion=' . $section . '&category=' . $category . '&thread=' . $thread_id . '&post=' . $post_id . '&file=' . $file));
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return));
}
// Load ACL
$this->_authorize('thread', $post->get('thread'));
// Ensure the user is authorized to view this file
if (!$this->config->get('access-view-thread')) {
App::abort(403, Lang::txt('COM_FORUM_NOT_AUTH_FILE'));
}
// Get the configured upload path
$filename = $attach->path();
// Ensure the file exist
if (!file_exists($filename)) {
App::abort(404, Lang::txt('COM_FORUM_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT)));
}
// Initiate a new content server and serve up the file
$server = new \Hubzero\Content\Server();
$server->filename($filename);
$server->disposition('inline');
$server->acceptranges(false);
// @TODO fix byte range support
if (!$server->serve()) {
// Should only get here on error
App::abort(500, Lang::txt('COM_FORUM_SERVER_ERROR'));
}
exit;
}
/**
* Serves up files only after passing access checks
*
* @return void
*/
public function download()
{
// Incoming
$thread = Request::getInt('group', 0);
$post = Request::getInt('asset', 0);
$file = Request::getVar('file', '');
// Check logged in status
if (User::isGuest()) {
$return = Route::url($this->offering->link() . '&active=' . $this->_name . '&unit=download&b=' . $thread . '&file=' . $file);
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return)));
return;
}
// Ensure we have a database object
if (!$this->database) {
App::abort(500, Lang::txt('PLG_COURSES_DISCUSSIONS_DATABASE_NOT_FOUND'));
return;
}
// Instantiate an attachment object
if (!$post_id) {
$attach = Attachment::oneByThread($thread_id, $file);
} else {
$attach = Attachment::oneByPost($post_id);
}
if (!$attach->get('filename')) {
App::abort(404, Lang::txt('PLG_COURSES_FORUM_FILE_NOT_FOUND'));
}
// Get the parent ticket the file is attached to
$post = $attach->post();
if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) {
App::abort(404, Lang::txt('PLG_COURSES_FORUM_POST_NOT_FOUND'));
}
// Load ACL
$this->_authorize('thread', $post->get('thread'));
// Ensure the user is authorized to view this file
if (!$this->course->access('view')) {
App::abort(403, Lang::txt('PLG_COURSES_DISCUSSIONS_NOT_AUTH_FILE'));
}
// Get the configured upload path
$filename = $attach->path();
// Ensure the file exist
if (!file_exists($filename)) {
App::abort(404, Lang::txt('PLG_COURSES_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT)));
}
// Initiate a new content server and serve up the file
$xserver = new \Hubzero\Content\Server();
$xserver->filename($filename);
$xserver->disposition('inline');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
App::abort(404, Lang::txt('PLG_COURSES_DISCUSSIONS_SERVER_ERROR'));
}
exit;
}
