/** * Serves the message attachments. Implements needed access control ;-) * * @param object $course * @param object $cm * @param object $context * @param string $filearea * @param array $args * @param bool $forcedownload * @return bool false if file not found, does not return if found - justsend the file */ function block_jmail_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload) { global $SCRIPT; if ($context->contextlevel != CONTEXT_BLOCK) { //send_file_not_found(); } require_course_login($course); $coursecontext = block_jmail_get_context(CONTEXT_COURSE, $course->id, MUST_EXIST); // The mailbox constructor does the permission validation if (!($mailbox = new block_jmail_mailbox($course, $coursecontext, $context))) { return; } $messageid = (int) array_shift($args); $message = block_jmail_message::get_from_id($messageid); // We check if we are the senders or the receivers if (!$message) { send_file_not_found(); } $pendingaprobal = !$message->approved and has_capability('block/jmail:approvemessages', $context); if (!$message->is_mine() and !$pendingaprobal) { send_file_not_found(); } $fs = get_file_storage(); $relativepath = implode('/', $args); $fullpath = "/{$context->id}/block_jmail/{$filearea}/{$messageid}/{$relativepath}"; if (!($file = $fs->get_file_by_hash(sha1($fullpath))) or $file->is_directory()) { send_file_not_found(); } $forcedownload = true; send_stored_file($file, 60 * 60, 0, $forcedownload); }
/** * Saves an attachment to your private files */ public function save_to_private_files($path) { global $USER; $args = explode('/', ltrim($path, '/')); $contextid = (int) array_shift($args); $component = clean_param(array_shift($args), PARAM_SAFEDIR); $filearea = clean_param(array_shift($args), PARAM_SAFEDIR); $messageid = clean_param(array_shift($args), PARAM_INT); $message = block_jmail_message::get_from_id($messageid); if ($contextid != $this->blockcontext->id) { return false; } if ($filearea !== 'attachment') { return false; } if ($component !== 'block_jmail') { return false; } if (!$message or !$message->is_mine()) { return false; } $fs = get_file_storage(); if (!($file = $fs->get_file_by_hash(sha1($path))) or $file->is_directory()) { return false; } $context = block_jmail_get_context(CONTEXT_USER, $USER->id); $newfile = new stdClass(); $newfile->contextid = $context->id; $newfile->component = 'user'; $newfile->filearea = 'private'; $newfile->itemid = 0; $newfile->filepath = '/jmail/' . format_string($this->course->shortname) . '/'; $newfile->filename = array_pop(explode('/', $path)); if (!$fs->create_file_from_storedfile($newfile, $file)) { return false; } return true; }
$PAGE->set_url('/blocks/jmail/message.php', array('id' => $id, 'messageid' => $messageid)); if (!($course = $DB->get_record('course', array('id' => $id)))) { throw new moodle_exception('invalidcourseid', 'error'); } if (!($block = $DB->get_record('block', array('name' => 'jmail', 'visible' => 1)))) { throw new moodle_exception('invalidcourseid', 'error'); } require_login($course->id); $context = block_jmail_get_context(CONTEXT_COURSE, $course->id, MUST_EXIST); $PAGE->set_context($context); if (!($mailbox = new block_jmail_mailbox($course, $context))) { throw new moodle_exception('Invalid mailbox'); } $blockcontext = $mailbox->blockcontext; // TODO, check block disabled or instance not visible? $message = block_jmail_message::get_from_id($messageid); if (!$message or !$message->is_mine()) { $messageid = 0; } if ($messageid and $message->courseid != $course->id) { throw new moodle_exception('invalidcourseid', 'error'); } if ($mailbox->cansend) { $mform = new block_jmail_message_form(null, array('course' => $course, 'context' => $blockcontext)); if ($messageid) { $draftitemid = file_get_submitted_draft_itemid('attachments'); file_prepare_draft_area($draftitemid, $blockcontext->id, 'block_jmail', 'attachment', $messageid); $draftideditor = file_get_submitted_draft_itemid('body'); $message->body = file_prepare_draft_area($draftideditor, $blockcontext->id, 'block_jmail', 'body', $messageid, array('subdirs' => true), $message->body); if ($mode != 'edit') { $messageid = 0;