} $bypass_auth = false; if ($params['id'] && $action == 'show') { // owner can always see his file $owner = File::GetAttrib($params['id'], 'owner'); $bypass_auth = $owner && $owner == User::GetAuthenticatedID(); } if ($action && $ACTIONS[$action]) { check_perms($ACTIONS[$action]); } else { // index check_perms(User::HasPermissions($CONTROLLER_PERMS) || $bypass_auth); } if ($action == 'show') { $id = $params['id']; $args['fileinfo'] = File::GetAttribs($id); if (!$args['fileinfo']) { Error::generate('notice', 'Invalid file ID in action show.'); header("Location: {$PAGE_REL_URL}"); } else { foreach ($args['fileinfo'] as $key => $param) { switch (strtolower($param[0])) { case 'path': $path = $param[1]; $link = $ACTIONS['get']->getLink(array('id' => $id)); $args['fileinfo'][$key][1] = "<a href=\"{$link}\">{$path}</a>"; break; default: } } include "views/show.view.php";