/**
* Download a library file.
* @param $args array
* @param $request Request
*/
function downloadLibraryFile($args, $request)
{
import('classes.file.LibraryFileManager');
$context = $request->getContext();
$libraryFileManager = new LibraryFileManager($context->getId());
$libraryFileDao = DAORegistry::getDAO('LibraryFileDAO');
$libraryFile = $libraryFileDao->getById($request->getUserVar('libraryFileId'));
if ($libraryFile) {
// If this file has a submission ID, ensure that the current
// user has access to that submission.
if ($libraryFile->getSubmissionId()) {
$allowedAccess = false;
// Managers are always allowed access.
$userRoles = $this->getAuthorizedContextObject(ASSOC_TYPE_USER_ROLES);
if (array_intersect($userRoles, array(ROLE_ID_MANAGER))) {
$allowedAccess = true;
}
// Check for specific assignments.
$user = $request->getUser();
$userStageAssignmentDao = DAORegistry::getDAO('UserStageAssignmentDAO');
$assignedUsers = $userStageAssignmentDao->getUsersBySubmissionAndStageId($libraryFile->getSubmissionId(), WORKFLOW_STAGE_ID_SUBMISSION);
if (!$assignedUsers->wasEmpty()) {
while ($assignedUser = $assignedUsers->next()) {
if ($assignedUser->getId() == $user->getId()) {
$allowedAccess = true;
break;
}
}
}
} else {
$allowedAccess = true;
// this is a Context submission document, default to access policy.
}
if ($allowedAccess) {
$filePath = $libraryFileManager->getBasePath() . $libraryFile->getOriginalFileName();
$libraryFileManager->downloadFile($filePath);
} else {
fatalError('Unauthorized access to library file.');
}
}
}
