/** * Loads the model especified in controller POSTed data. * * @access public * @param mixed $var An variable to be filled with Model Object * @return mixed true when single model found and instance created, error message returned if model not found. */ public function loadPostedModel(&$controller, &$var) { $debug = Configure::read() > 0; $error = false; if (!isset($controller->buroData['request'])) { $error = $debug ? 'BuroBurocrataController::_load - Request security field not defined' : true; } if ($error === false) { // The counter-part of this code is in BuroBurocrataHelper::_security method @(list($secure, $model_plugin, $model_alias) = SecureParams::unpack($controller->buroData['request'])); $hash = substr(Security::hash($controller->here), -5); if ($secure != $hash) { $error = $debug ? 'BuroBurocrataController::_load - POST Destination check failed.' : true; } } if ($error === false) { $model_class_name = $model_alias; if (!empty($model_plugin)) { $model_class_name = $model_plugin . '.' . $model_class_name; } if (!$controller->loadModel($model_class_name)) { $error = $debug ? 'BuroBurocrataController::_load - Couldn\'t load model.' : true; } } if ($error === false) { $controller->model_name = $model_alias; $controller->model_plugin = $model_plugin; $controller->set('model_name', $controller->model_name); $controller->set('model_plugin', $controller->model_plugin); $controller->set('model_class_name', $model_class_name); $controller->set('fullModelName', $model_class_name); $var = $controller->{$model_alias}; } return $error; }
/** * Performs the logic of saving the upload data * * This method receive the POSTed data from each action (classic or ajax upload) * validates the upload and saves it. * The returned data is a array of the generated data (that will generally be * sent back to the view, through JSON object) * * @access protected * @param array $data The POSTed data to be analised and saved * @param string $forceModel When not null, will force a Model to be used, instead of the specified on POSTed data * @return array The array of data of generated data */ protected function saveUpload($data, $forceModel = null) { $saved = $error = false; $filename = ''; $validationErrors = array(); $version = $fieldName = $modelName = null; if (!empty($this->buroData['data'])) { list($version, $fieldName, $modelName) = SecureParams::unpack($this->buroData['data']); } if ($forceModel) { $modelName = $forceModel; } if (is_null($version) || is_null($fieldName) || is_null($modelName)) { $validationErrors['file'] = 'post_max_size'; } elseif (!$this->loadModel($modelName)) { $error = Configure::read() > 0 ? 'JjMediaController::upload - Model ' . $modelName . ' not found.' : true; } else { list($plugin, $modelName) = pluginSplit($modelName); /** @var AppModel $Model */ $Model =& $this->{$modelName}; $model_alias = $Model->alias; if (!empty($data)) { $scope = $Model->findTheScope($fieldName); if ($scope) { $Model->setScope($scope); } $Model->set($data); $validationErrors = $this->validateErrors($Model); if (empty($validationErrors) && $Model->save(null, false)) { $saved = $Model->id; if (isset($data[$model_alias]['file']['name'])) { $filename = $data[$model_alias]['file']['name']; } list($fieldModelName, $fieldName) = pluginSplit($fieldName); if (!empty($data[$fieldModelName][$fieldName])) { $Model->delete($data[$fieldModelName][$fieldName]); } if (Configure::read('JjMedia.asyncGeneration') == false) { App::import('Lib', array('JjUtils.SecureParams')); $packed_params = SecureParams::pack(array($saved, $version), true); $baseUrl = array('plugin' => 'jj_media', 'controller' => 'jj_media', 'action' => 'index'); $dlurl = Router::url($baseUrl + array('1', $packed_params)); $url = Router::url($baseUrl + array($packed_params)); } else { $dlurl = $url = $this->SfilStoredFile->webPath($saved, $version); } } } } return compact('error', 'validationErrors', 'saved', 'version', 'filename', 'url', 'dlurl'); }