/** * Form for editing Information Spot block instances. * * @copyright 2014 Roberto Pinna * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @package block_informationspot * @category files * @param stdClass $course course object * @param stdClass $birecord_or_cm block instance record * @param stdClass $context context object * @param string $filearea file area * @param array $args extra arguments * @param bool $forcedownload whether or not force download * @param array $options additional options affecting the file serving * @return bool */ function block_informationspot_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload, array $options = array()) { global $DB, $CFG, $USER; if ($context->contextlevel != CONTEXT_BLOCK) { send_file_not_found(); } // If block is in course context, then check if user has capability to access course. if ($context->get_course_context(false)) { require_course_login($course); } else { if ($CFG->forcelogin) { require_login(); } else { // Get parent context and see if user have proper permission. $parentcontext = $context->get_parent_context(); if ($parentcontext->contextlevel === CONTEXT_COURSECAT) { // Check if category is visible and user can view this category. $category = $DB->get_record('course_categories', array('id' => $parentcontext->instanceid), '*', MUST_EXIST); if (!$category->visible) { require_capability('moodle/category:viewhiddencategories', $parentcontext); } } else { if ($parentcontext->contextlevel === CONTEXT_USER && $parentcontext->instanceid != $USER->id) { // The block is in the context of a user, it is only visible to the user who it belongs to. send_file_not_found(); } } // At this point there is no way to check SYSTEM context, so ignoring it. } } if ($filearea != 'image') { send_file_not_found(); } $fs = get_file_storage(); $imageid = array_shift($args); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'block_informationspot', $filearea, $imageid, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } if ($parentcontext = context::instance_by_id($birecord_or_cm->parentcontextid, IGNORE_MISSING)) { if ($parentcontext->contextlevel == CONTEXT_USER) { // force download on all personal pages including /my/ //because we do not have reliable way to find out from where this is used $forcedownload = true; } } else { // weird, there should be parent context, better force dowload then $forcedownload = true; } // NOTE: it woudl be nice to have file revisions here, for now rely on standard file lifetime, // do not lower it because the files are dispalyed very often. \core\session\manager::write_close(); send_stored_file($file, null, 0, $forcedownload, $options); }
/** * Form for editing HTML block instances. * * @copyright 2010 Petr Skoda (http://skodak.org) * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later * @package block_html * @category files * @param stdClass $course course object * @param stdClass $birecord_or_cm block instance record * @param stdClass $context context object * @param string $filearea file area * @param array $args extra arguments * @param bool $forcedownload whether or not force download * @param array $options additional options affecting the file serving * @return bool * @todo MDL-36050 improve capability check on stick blocks, so we can check user capability before sending images. */ function block_html_pluginfile($course, $birecord_or_cm, $context, $filearea, $args, $forcedownload, array $options = array()) { global $DB, $CFG; if ($context->contextlevel != CONTEXT_BLOCK) { send_file_not_found(); } // If block is in course context, then check if user has capability to access course. if ($context->get_course_context(false)) { require_course_login($course); } else { if ($CFG->forcelogin) { require_login(); } else { // Get parent context and see if user have proper permission. $parentcontext = $context->get_parent_context(); if ($parentcontext->contextlevel === CONTEXT_COURSECAT) { // Check if category is visible and user can view this category. $category = $DB->get_record('course_categories', array('id' => $parentcontext->instanceid), '*', MUST_EXIST); if (!$category->visible) { require_capability('moodle/category:viewhiddencategories', $parentcontext); } } // At this point there is no way to check SYSTEM or USER context, so ignoring it. } } if ($filearea !== 'content') { send_file_not_found(); } $fs = get_file_storage(); $filename = array_pop($args); $filepath = $args ? '/' . implode('/', $args) . '/' : '/'; if (!($file = $fs->get_file($context->id, 'block_html', 'content', 0, $filepath, $filename)) or $file->is_directory()) { send_file_not_found(); } if ($parentcontext = get_context_instance_by_id($birecord_or_cm->parentcontextid)) { if ($parentcontext->contextlevel == CONTEXT_USER) { // force download on all personal pages including /my/ //because we do not have reliable way to find out from where this is used $forcedownload = true; } } else { // weird, there should be parent context, better force dowload then $forcedownload = true; } session_get_instance()->write_close(); send_stored_file($file, 60 * 60, 0, $forcedownload, $options); }