private function isFileAccessAllowed($file, $realm)
{
if (is_null($file) or !$realm instanceof Opus_Security_IRealm) {
return false;
}
return $realm->checkFile($file->getId()) && $file->getVisibleInFrontdoor() && $this->_doc->hasEmbargoPassed() || $this->getAclHelper()->accessAllowed('documents');
}
/**
* Returns all associated Opus_File objects that are visible in OAI and accessible by user
* @return array Accessible Opus_File objects
*
* TODO check embargo date
* TODO merge access checks with code for deliver controller
*/
public function getAccessibleFiles()
{
$realm = Opus_Security_Realm::getInstance();
// admins sollen immer durchgelassen werden, nutzer nur wenn das doc im publizierten Zustand ist
if (!$realm->skipSecurityChecks()) {
// kein administrator
// PUBLISHED Dokumente sind immer verfügbar (Zugriff auf Modul kann eingeschränkt sein)
if ($this->_doc->getServerState() !== 'published') {
// Dokument nicht published
if (!$realm->checkDocument($this->_docId)) {
// Dokument ist nicht verfügbar für aktuellen Nutzer
$this->logErrorMessage('document id =' . $this->_docId . ' is not published and access is not allowed for current user');
throw new Oai_Model_Exception('access to requested document is forbidden');
}
}
if ($this->_doc->hasEmbargoPassed() === false) {
if (!$realm->checkDocument($this->_docId)) {
// Dokument ist nicht verfügbar für aktuellen Nutzer
$this->logErrorMessage('document id =' . $this->_docId . ' is not embargoed and access is not allowed for current user');
throw new Oai_Model_Exception('access to requested document files is embargoed');
}
}
}
$files = array();
$filesToCheck = $this->_doc->getFile();
/* @var $file Opus_File */
foreach ($filesToCheck as $file) {
$filename = $this->_appConfig->getFilesPath() . $this->_docId . DIRECTORY_SEPARATOR . $file->getPathName();
if (is_readable($filename)) {
array_push($files, $file);
} else {
$this->logErrorMessage("skip non-readable file {$filename}");
}
}
if (empty($files)) {
$this->logErrorMessage('document with id ' . $this->_docId . ' does not have any associated files');
throw new Oai_Model_Exception('requested document does not have any associated readable files');
}
$containerFiles = array();
/* @var $file Opus_File */
foreach ($files as $file) {
if ($file->getVisibleInOai() && $realm->checkFile($file->getId())) {
array_push($containerFiles, $file);
}
}
if (empty($containerFiles)) {
$this->logErrorMessage('document with id ' . $this->_docId . ' does not have associated files that are accessible');
throw new Oai_Model_Exception('access denied on all files that are associated to the requested document');
}
return $containerFiles;
}
/**
* Invokes Opus_Document::hasEmbargoPassed(); compares EmbargoDate with parameter or system time.
*
* @param Opus_Date $now
* @return bool true - if embargo date has passed; false - if not
*/
public static function checkIfFileEmbargoHasPassed($docId)
{
$doc = new Opus_Document($docId);
return $doc->hasEmbargoPassed();
}
private function _addAccessRights(DOMNode $domNode, Opus_Document $doc)
{
$visible = 0;
$files = $doc->getFile();
if (count($files) > 0) {
foreach ($files as $file) {
if ($file->getField('VisibleInOai')->getValue() && $file->getField('VisibleInFrontdoor')->getValue()) {
$visible = 1;
}
}
} else {
$visible = 1;
}
if (!$doc->hasEmbargoPassed()) {
$visible = 2;
}
$fileElement = $domNode->ownerDocument->createElement('Rights');
switch ($visible) {
case 0:
$fileElement->setAttribute('Value', 'info:eu-repo/semantics/closedAccess');
break;
case 1:
$fileElement->setAttribute('Value', 'info:eu-repo/semantics/openAccess');
break;
case 2:
$fileElement->setAttribute('Value', 'info:eu-repo/semantics/embargoedAccess');
break;
case 3:
$fileElement->setAttribute('Value', 'info:eu-repo/semantics/restrictedAccess');
break;
}
$domNode->appendChild($fileElement);
}