/** * @group issue18073 * @link http://issues.ez.no/18073 */ public function testUnauthorizedContentByObject() { $this->setExpectedException('ezpContentAccessDeniedException'); // Let's take content node #5 / object #4 (users) as unauthorized content for anonymous user $unauthorizedObjectID = 4; $content = ezpContent::fromObject(eZContentObject::fetch($unauthorizedObjectID)); }
public function doViewContent() { $this->setDefaultResponseGroups(array(self::VIEWCONTENT_RESPONSEGROUP_METADATA, self::VIEWCONTENT_RESPONSEGROUP_FIELDS, self::VIEWCONTENT_RESPONSEGROUP_LOCATIONS)); $content = false; $isNodeRequested = false; if (isset($this->nodeId)) { $content = ezpContent::fromNodeId($this->nodeId); $isNodeRequested = true; } else { if (isset($this->objectId)) { $object = eZContentObject::fetch($this->objectId); if (!$object instanceof eZContentObject) { $object = eZContentObject::fetchByRemoteID($this->objectId); } if ($object instanceof eZContentObject) { $content = ezpContent::fromObject($object, true); } else { throw new ezpContentNotFoundException("Unable to find an eZContentObject with ID {$this->objectId}"); } } } if (!$content instanceof ezpContent) { throw new ezpContentNotFoundException("Unable to find content"); } $result = new ezpRestMvcResult(); // translation parameter if ($this->hasContentVariable('Translation')) { $content->setActiveLanguage($this->getContentVariable('Translation')); } // Handle metadata if ($this->hasResponseGroup(self::VIEWCONTENT_RESPONSEGROUP_METADATA)) { $objectMetadata = ITOpenDataContentModel::getMetadataByContent($content); if ($isNodeRequested) { $nodeMetadata = ITOpenDataContentModel::getMetadataByLocation(ezpContentLocation::fetchByNodeId($this->nodeId)); $objectMetadata = array_merge($objectMetadata, $nodeMetadata); } $result->variables['metadata'] = $objectMetadata; } // Handle locations if requested if ($this->hasResponseGroup(self::VIEWCONTENT_RESPONSEGROUP_LOCATIONS)) { $result->variables['locations'] = ITOpenDataContentModel::getLocationsByContent($content); } // Handle fields content if requested if ($this->hasResponseGroup(self::VIEWCONTENT_RESPONSEGROUP_FIELDS)) { $result->variables['fields'] = ITOpenDataContentModel::getFieldsByContent($content, $this->request, $this->getRouter()); } // Add links to fields resources $result->variables['links'] = ITOpenDataContentModel::getFieldsLinksByContent($content, $this->request); if ($outputFormat = $this->getContentVariable('OutputFormat')) { $renderer = ezpRestContentRenderer::getRenderer($outputFormat, $content, $this); $result->variables['renderedOutput'] = $renderer->render(); } return $result; }
public static function attributeOutputData(ezpContentField $field, ezpRestRequest $currentRequest = null, ezcMvcRouter $router = null) { $attributeValue = $stringValue = array(); switch ($field->data_type_string) { case 'ezxmltext': $html = $field->content->attribute('output')->attribute('output_text'); $attributeValue = array($html); $stringValue = array(strip_tags($html)); break; case 'ezimage': if ($field->hasContent()) { $strRepImage = $field->toString(); $delimPos = strpos($strRepImage, '|'); if ($delimPos !== false) { $strRepImage = substr($strRepImage, 0, $delimPos); } $attributeValue = array(self::getHostURIFromRequest($currentRequest) . '/' . $strRepImage); $stringValue = array($field->toString()); } break; case 'ezbinaryfile': if ($field->hasContent()) { $file = $field->content(); $filePath = "content/download/{$field->attribute('contentobject_id')}/{$field->attribute('id')}/{$field->content()->attribute('original_filename')}"; $attributeValue = array(self::getHostURIFromRequest($currentRequest) . '/' . $filePath); $stringValue = array($field->toString()); } else { $attributeValue = array(null); $stringValue = array(null); } break; case 'ezobjectrelationlist': $attributeValue = array(); $stringValueArray = array(); if ($currentRequest && $router) { if ($field->hasContent()) { $relations = $field->content(); foreach ($relations['relation_list'] as $relation) { $id = $relation['contentobject_id']; $object = eZContentObject::fetch($id); if ($object instanceof eZContentObject && $object->attribute('main_node') instanceof eZContentObjectTreeNode) { if ($object->attribute('can_read')) { $content = ezpContent::fromObject($object); $objectMetadata = OCOpenDataContentModel::getMetadataByContent($content); $contentQueryString = $currentRequest->getContentQueryString(true); try { if ($content->main_node) { $node = $content->main_node; $location = ezpContentLocation::fromNode($node); $objectMetadata = array_merge($objectMetadata, self::getMetadataByLocation($location)); $stringValueArray[] = $id; } else { throw new Exception("Node not found for object id #{$id}"); } } catch (Exception $e) { } $objectMetadata['link'] = self::getHostURIFromRequest($currentRequest) . $router->generateUrl('ezpObject', array('objectId' => $id)) . $contentQueryString; $attributeValue[] = $objectMetadata; } //else //{ // $attributeValue[] = "Access not allowed for content $id"; //} } } } } $stringValue = array(implode('-', $stringValueArray)); break; case 'ezobjectrelation': $attributeValue = array(); $stringValue = array($field->toString()); if ($currentRequest && $router) { if ($field->hasContent()) { $relation = $field->content(); if ($relation->attribute('can_read')) { $id = $relation->attribute('id'); $content = ezpContent::fromObject($relation); $objectMetadata = OCOpenDataContentModel::getMetadataByContent($content); $objectMetadata['link'] = self::getHostURIFromRequest($currentRequest) . $router->generateUrl('ezpObject', array('objectId' => $id)); $attributeValue[] = $objectMetadata; } } } break; default: $datatypeBlacklist = self::getDatatypeBlackList(); if (isset($datatypeBlacklist[$field->data_type_string])) { $attributeValue = array(null); $stringValue = array(null); } elseif ($field->hasContent()) { $attributeValue = array($field->toString()); $stringValue = array($field->toString()); } break; } if (count($attributeValue) == 0) { $attributeValue = false; } elseif (count($attributeValue) == 1) { $attributeValue = current($attributeValue); } if (count($stringValue) == 0) { $stringValue = false; } elseif (count($stringValue) == 1) { $stringValue = current($stringValue); } $return = array('name' => $field->contentclass_attribute_name, 'description' => $field->contentclass_attribute->attribute('description'), 'identifier' => $field->contentclass_attribute_identifier, 'id' => (int) $field->id, 'classattribute_id' => (int) $field->contentclassattribute_id, 'type' => $field->data_type_string, 'value' => $attributeValue, 'string_value' => $stringValue); return $return; }