public function actionFile($id) { $model = File::findOne(['id' => $id]); if ($model === NULL) { throw new HttpException(403, 'You are not allowed to perform this action.'); } if (file_exists($model->filepath)) { //Check to see if the user has permissions $ffgs = FileFileGroup::find()->where(['file_id' => $id])->all(); $ffgs_list = []; $found = 0; foreach ($ffgs as $f) { $ufg = UserFileGroup::find()->where(['file_group_id' => $f->group_id, 'user_id' => \Yii::$app->user->identity->id]); if ($ufg !== NULL) { $found = 1; break; } } if ($found == 1) { $user = User::findOne(['id' => \Yii::$app->user->identity->id]); $dl = new DownloadLog(); $dl->username = $user->username; $dl->email = $user->email; $dl->filepath = $model->filepath; $dl->download_time = date("Y-m-d H:i:s"); $dl->filename = $model->filename; $dl->user_id = $user->id; $dl->save(); return \Yii::$app->response->sendFile($model->filepath); } else { throw new HttpException(403, 'You are not allowed to perform this action.'); } } else { return $this->redirect(['/site/error']); } }
/** * Permissions to files from roles */ public function actionPermission($id) { if (!Yii::$app->user->can("admin")) { throw new HttpException(403, 'You are not allowed to perform this action.'); } $file = File::findOne($id); $fg = FileGroup::find()->where(['is_deleted' => 0])->all(); $sufg = FileFileGroup::find()->where(['file_id' => $id])->all(); if (Yii::$app->request->post()) { $post = Yii::$app->request->post(); FileFileGroup::deleteAll(['file_id' => $id]); if (isset($post['Post']['permission'])) { foreach ($post['Post']['permission'] as $perm) { $ffg = new FileFileGroup(); $ffg->group_id = $perm; $ffg->file_id = $id; $ffg->save(); } } return $this->redirect(['file/view', 'id' => $id]); } else { return $this->render('permission', ['filemodel' => $file, 'filegroups' => $fg, 'selectedfg' => $sufg]); } }
/** * Display a list of files available * to the user */ public function actionIndex() { $user = \Yii::$app->user->identity; $requestform = new RequestForm(); // get the list of files $tfiles = File::find()->orderBy('filename')->all(); //Bucket to store files we find $files = []; // Iterate through the list of files!! foreach ($tfiles as $f) { $include_file = TRUE; $groups = FileFileGroup::find()->where(['file_id' => $f->id])->all(); foreach ($groups as $group) { // Get users for the file groups $usersgroup = UserFileGroup::find()->where(['file_group_id' => $group->group_id])->all(); foreach ($usersgroup as $ug) { if ($ug->user_id == $user->id) { // exclude this file $include_file == FALSE; } } } if ($include_file == TRUE) { array_push($files, $f); } } // WHat do we do if they belong to everything??? if (sizeof($files) == 0) { $this->redirect(['site/index']); } // See if user has access to any of these files //var_dump($files); //exit; $selected_file = []; // To lazy to create a ActiveForm object to hold these values if (Yii::$app->request->post()) { $post = Yii::$app->request->post(); $requestform->load(Yii::$app->request->post()); if ($requestform->validate()) { // Create the request entry $request = new Request(); $request->create_datetime = date("Y-m-d H:i:s"); $request->reason = $requestform->request; $request->user_id = $user->id; $request->save(); if ($requestform->file !== NULL && sizeof($requestform->file) > 0) { foreach ($requestform->file as $f) { $rf = new RequestFile(); $rf->file_id = $f; $rf->request_id = $request->id; $rf->save(); } // Send the email to the administrators $admins = User::find()->where(['role_id' => 1])->all(); $body = "A new file access request has been submitted.\n"; $body .= "Please visit on the following link:\n"; $body .= 'http://gmod.wsu.edu/portal/request/verify?id=' . $request->id . ''; foreach ($admins as $admin) { Yii::$app->mailer->compose()->setTo($admin->email)->setFrom([$admin->email => $admin->username])->setSubject("File Access Request for GMOD Portal")->setTextBody($body)->send(); } $this->redirect(['requestconfirm']); } } } return $this->render('index', ['model' => $requestform, 'user' => $user, 'files' => $files, 'selected_file' => $selected_file]); }