/**
* Uploads a file to a given directory and returns an attachment string
* that is appended to report/comment bodies
*
* @param integer $thread_id Directory to upload files to
* @param integer $post_id Post ID
* @return boolean
*/
public function uploadTask($thread_id, $post_id)
{
if (!$thread_id) {
$this->setError(Lang::txt('COM_FORUM_NO_UPLOAD_DIRECTORY'));
return false;
}
// Instantiate an attachment record
$attachment = Attachment::oneOrNew(Request::getInt('attachment', 0));
$attachment->set('description', trim(Request::getVar('description', '')));
$attachment->set('parent', $thread_id);
$attachment->set('post_id', $post_id);
if ($attachment->isNew()) {
$attachment->set('state', 1);
}
// Incoming file
$file = Request::getVar('upload', '', 'files', 'array');
if (!$file || !isset($file['name']) || !$file['name']) {
if ($attachment->get('id')) {
// Only updating the description
if (!$attachment->save()) {
$this->setError($attachment->getError());
return false;
}
}
return true;
}
// Upload file
if (!$attachment->upload($file['name'], $file['tmp_name'])) {
$this->setError($attachment->getError());
}
// Save entry
if (!$attachment->save()) {
$this->setError($attachment->getError());
}
return true;
}
/**
* Get a post attachment
*
* @return object
*/
public function attachment()
{
if (!isset($this->_attachment)) {
$this->_attachment = Attachment::getInstance(0, $this->get('id'));
}
return $this->_attachment;
}
/**
* Serves up files only after passing access checks
*
* @return void
*/
public function download()
{
// Incoming
$thread = Request::getInt('group', 0);
$post = Request::getInt('asset', 0);
$file = Request::getVar('file', '');
// Check logged in status
if (User::isGuest()) {
$return = Route::url($this->offering->link() . '&active=' . $this->_name . '&unit=download&b=' . $thread . '&file=' . $file);
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return)));
return;
}
// Ensure we have a database object
if (!$this->database) {
App::abort(500, Lang::txt('PLG_COURSES_DISCUSSIONS_DATABASE_NOT_FOUND'));
return;
}
// Instantiate an attachment object
if (!$post_id) {
$attach = Attachment::oneByThread($thread_id, $file);
} else {
$attach = Attachment::oneByPost($post_id);
}
if (!$attach->get('filename')) {
App::abort(404, Lang::txt('PLG_COURSES_FORUM_FILE_NOT_FOUND'));
}
// Get the parent ticket the file is attached to
$post = $attach->post();
if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) {
App::abort(404, Lang::txt('PLG_COURSES_FORUM_POST_NOT_FOUND'));
}
// Load ACL
$this->_authorize('thread', $post->get('thread'));
// Ensure the user is authorized to view this file
if (!$this->course->access('view')) {
App::abort(403, Lang::txt('PLG_COURSES_DISCUSSIONS_NOT_AUTH_FILE'));
}
// Get the configured upload path
$filename = $attach->path();
// Ensure the file exist
if (!file_exists($filename)) {
App::abort(404, Lang::txt('PLG_COURSES_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT)));
}
// Initiate a new content server and serve up the file
$xserver = new \Hubzero\Content\Server();
$xserver->filename($filename);
$xserver->disposition('inline');
$xserver->acceptranges(false);
// @TODO fix byte range support
if (!$xserver->serve()) {
// Should only get here on error
App::abort(404, Lang::txt('PLG_COURSES_DISCUSSIONS_SERVER_ERROR'));
}
exit;
}
/**
* Save the record
*
* @return boolean False if error, True on success
*/
public function save()
{
$section = $this->get('section');
$this->removeAttribute('section');
$category = $this->get('category');
$this->removeAttribute('category');
if (!$this->get('access')) {
$this->set('access', (int) \Config::get('access'));
}
$isNew = $this->isNew();
if ($isNew && !$this->get('parent')) {
$this->set('lft', 0);
$this->set('rgt', 1);
}
if ($this->isNew() && $this->get('parent')) {
$parent = $this->parent();
if (!$parent) {
$this->addError(Lang::txt('Parent node does not exist.'));
return false;
}
// Get the reposition data for shifting the tree and re-inserting the node.
if (!($reposition = $this->getTreeRepositionData($parent, 2, 'last-child'))) {
// Error message set in getNode method.
return false;
}
// Shift left values.
$query = $this->getQuery()->update($this->getTableName())->set(['lft' => new Raw('lft + 2')])->where($reposition->left_where['col'], $reposition->left_where['op'], $reposition->left_where['val'])->whereEquals('scope', $parent->get('scope'))->whereEquals('scope_id', $parent->get('scope_id'))->whereEquals('thread', $parent->get('thread'));
if (!$query->execute()) {
$this->addError($query->getError());
return false;
}
// Shift right values.
$query = $this->getQuery()->update($this->getTableName())->set(['rgt' => new Raw('rgt + 2')])->where($reposition->right_where['col'], $reposition->right_where['op'], $reposition->right_where['val'])->whereEquals('scope', $parent->get('scope'))->whereEquals('scope_id', $parent->get('scope_id'))->whereEquals('thread', $parent->get('thread'));
if (!$query->execute()) {
$this->addError($query->getError());
return false;
}
$this->set('lft', $reposition->new_lft);
$this->set('rgt', $reposition->new_rgt);
}
$result = parent::save();
if ($result) {
// Set the thread ID
if (!$this->get('parent')) {
$this->set('thread', $this->get('id'));
$result = parent::save();
}
if (!$isNew) {
// Make sure state and category changes carry through to replies
// If it's marked as deleted, skip it
$query = $this->getQuery()->update($this->getTableName())->set(['state' => $this->get('state'), 'category_id' => $this->get('category_id')])->whereEquals('parent', $this->get('id'))->where('state', '!=', self::STATE_DELETED);
if (!$query->execute()) {
$this->addError($query->getError());
return false;
}
// Make sure state changes carry through to attachments
$query = $this->getQuery()->update(Attachment::blank()->getTableName())->set(['state' => $this->get('state')])->whereEquals('post_id', $this->get('id'))->where('state', '!=', self::STATE_DELETED);
if (!$query->execute()) {
$this->addError($query->getError());
return false;
}
}
}
if ($section) {
$this->set('section', $section);
}
if ($category) {
$this->set('category', $category);
}
return $result;
}
/**
* Serves up files only after passing access checks
*
* @return void
*/
public function download()
{
// Incoming
$section = Request::getVar('section', '');
$category = Request::getVar('category', '');
$thread = Request::getInt('thread', 0);
$post = Request::getInt('post', 0);
$file = Request::getVar('file', '');
// Check logged in status
// Login check is handled in the onGroup() method
/*if (User::isGuest())
{
$return = Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=forum&scope=' . $section . '/' . $category . '/' . $thread . '/' . $post . '/' . $file);
App::redirect(
Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return))
);
return;
}*/
// Instantiate an attachment object
if (!$post) {
$attach = Attachment::oneByThread($thread, $file);
} else {
$attach = Attachment::oneByPost($post);
}
if (!$attach->get('filename')) {
App::abort(404, Lang::txt('PLG_GROUPS_FORUM_FILE_NOT_FOUND'));
}
// Get the parent ticket the file is attached to
$post = $attach->post();
if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) {
App::abort(404, Lang::txt('PLG_GROUPS_FORUM_POST_NOT_FOUND'));
}
// Load ACL
$this->_authorize('thread', $post->get('thread'));
// Ensure the user is authorized to view this file
if (!$this->params->get('access-view-thread')) {
$thread = Post::oneOrFail($post->get('thread'));
if (!in_array($thread->get('access'), User::getAuthorisedViewLevels())) {
App::abort(403, Lang::txt('PLG_GROUPS_FORUM_NOT_AUTH_FILE'));
}
}
// Get the configured upload path
$filename = $attach->path();
// Ensure the file exist
if (!file_exists($filename)) {
App::abort(404, Lang::txt('PLG_GROUPS_FORUM_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT)));
}
// Initiate a new content server and serve up the file
$server = new \Hubzero\Content\Server();
$server->filename($filename);
$server->disposition('inline');
$server->acceptranges(false);
// @TODO fix byte range support
if (!$server->serve()) {
// Should only get here on error
App::abort(500, Lang::txt('PLG_GROUPS_FORUM_SERVER_ERROR'));
}
exit;
}
