public function executeGetUserStorageFile(sfWebRequest $request) { global $CFG; $get_params = $request->getGetParameters(); $signed_request = new GcrSignedRequest($get_params); if (!$signed_request->validateSignature()) { $CFG->current_app->gcError('Signature Invalid', 'gcpageaccessdenied'); } $file = $get_params[GcrStorageAccessS3::FILE_GET_PARAMETER]; if ($file) { if (!isset($get_params['app'])) { $app = $CFG->current_app->getInstitution(); } else { $app = GcrInstitutionTable::getApp($get_params['app']); } $s3_storage = new GcrStorageAccessS3($app); if (!$s3_storage->isPublicObject($file)) { $CFG->current_app->requireLogin(); $current_user = $CFG->current_app->getCurrentUser(); $role_manager = $current_user->getRoleManager(); if (isset($get_params['course_id']) && !$role_manager->hasPrivilege('EschoolAdmin')) { // make sure the current user has access to this course $flag = false; $mdl_course = $CFG->current_app->getCourse($get_params['course_id']); if ($mdl_course) { // For new course instances, we want to maintain access to // Cloud Storage URLs with course id signed to parent course. $course_collection = $mdl_course->getCourseCollection(); if ($course_collection) { foreach ($course_collection->getCourses() as $course_instance) { if ($role_manager->hasCourseAccess($course_instance)) { $flag = true; break; } } } else { $flag = $role_manager->hasCourseAccess($mdl_course); } } else { $CFG->current_app->gcError('course_id parameter ' . $get_params['course_id'] . 'does not exist', 'gcdatabaseerror'); } if (!$flag) { $CFG->current_app->gcError('User Does Not Have Course Access', 'gcpageaccessdenied'); } } } $url = $s3_storage->getObjectUrl($file); } else { $url = $CFG->current_app->getUrl(); } $this->redirect($url); }