/** * Uploads a file to a given directory and returns an attachment string * that is appended to report/comment bodies * * @param integer $thread_id Directory to upload files to * @param integer $post_id Post ID * @return boolean */ public function uploadTask($thread_id, $post_id) { if (!$thread_id) { $this->setError(Lang::txt('COM_FORUM_NO_UPLOAD_DIRECTORY')); return false; } // Instantiate an attachment record $attachment = Attachment::oneOrNew(Request::getInt('attachment', 0)); $attachment->set('description', trim(Request::getVar('description', ''))); $attachment->set('parent', $thread_id); $attachment->set('post_id', $post_id); if ($attachment->isNew()) { $attachment->set('state', 1); } // Incoming file $file = Request::getVar('upload', '', 'files', 'array'); if (!$file || !isset($file['name']) || !$file['name']) { if ($attachment->get('id')) { // Only updating the description if (!$attachment->save()) { $this->setError($attachment->getError()); return false; } } return true; } // Upload file if (!$attachment->upload($file['name'], $file['tmp_name'])) { $this->setError($attachment->getError()); } // Save entry if (!$attachment->save()) { $this->setError($attachment->getError()); } return true; }
/** * Get a post attachment * * @return object */ public function attachment() { if (!isset($this->_attachment)) { $this->_attachment = Attachment::getInstance(0, $this->get('id')); } return $this->_attachment; }
/** * Serves up files only after passing access checks * * @return void */ public function download() { // Incoming $thread = Request::getInt('group', 0); $post = Request::getInt('asset', 0); $file = Request::getVar('file', ''); // Check logged in status if (User::isGuest()) { $return = Route::url($this->offering->link() . '&active=' . $this->_name . '&unit=download&b=' . $thread . '&file=' . $file); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return))); return; } // Ensure we have a database object if (!$this->database) { App::abort(500, Lang::txt('PLG_COURSES_DISCUSSIONS_DATABASE_NOT_FOUND')); return; } // Instantiate an attachment object if (!$post_id) { $attach = Attachment::oneByThread($thread_id, $file); } else { $attach = Attachment::oneByPost($post_id); } if (!$attach->get('filename')) { App::abort(404, Lang::txt('PLG_COURSES_FORUM_FILE_NOT_FOUND')); } // Get the parent ticket the file is attached to $post = $attach->post(); if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) { App::abort(404, Lang::txt('PLG_COURSES_FORUM_POST_NOT_FOUND')); } // Load ACL $this->_authorize('thread', $post->get('thread')); // Ensure the user is authorized to view this file if (!$this->course->access('view')) { App::abort(403, Lang::txt('PLG_COURSES_DISCUSSIONS_NOT_AUTH_FILE')); } // Get the configured upload path $filename = $attach->path(); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('PLG_COURSES_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT))); } // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($filename); $xserver->disposition('inline'); $xserver->acceptranges(false); // @TODO fix byte range support if (!$xserver->serve()) { // Should only get here on error App::abort(404, Lang::txt('PLG_COURSES_DISCUSSIONS_SERVER_ERROR')); } exit; }
/** * Save the record * * @return boolean False if error, True on success */ public function save() { $section = $this->get('section'); $this->removeAttribute('section'); $category = $this->get('category'); $this->removeAttribute('category'); if (!$this->get('access')) { $this->set('access', (int) \Config::get('access')); } $isNew = $this->isNew(); if ($isNew && !$this->get('parent')) { $this->set('lft', 0); $this->set('rgt', 1); } if ($this->isNew() && $this->get('parent')) { $parent = $this->parent(); if (!$parent) { $this->addError(Lang::txt('Parent node does not exist.')); return false; } // Get the reposition data for shifting the tree and re-inserting the node. if (!($reposition = $this->getTreeRepositionData($parent, 2, 'last-child'))) { // Error message set in getNode method. return false; } // Shift left values. $query = $this->getQuery()->update($this->getTableName())->set(['lft' => new Raw('lft + 2')])->where($reposition->left_where['col'], $reposition->left_where['op'], $reposition->left_where['val'])->whereEquals('scope', $parent->get('scope'))->whereEquals('scope_id', $parent->get('scope_id'))->whereEquals('thread', $parent->get('thread')); if (!$query->execute()) { $this->addError($query->getError()); return false; } // Shift right values. $query = $this->getQuery()->update($this->getTableName())->set(['rgt' => new Raw('rgt + 2')])->where($reposition->right_where['col'], $reposition->right_where['op'], $reposition->right_where['val'])->whereEquals('scope', $parent->get('scope'))->whereEquals('scope_id', $parent->get('scope_id'))->whereEquals('thread', $parent->get('thread')); if (!$query->execute()) { $this->addError($query->getError()); return false; } $this->set('lft', $reposition->new_lft); $this->set('rgt', $reposition->new_rgt); } $result = parent::save(); if ($result) { // Set the thread ID if (!$this->get('parent')) { $this->set('thread', $this->get('id')); $result = parent::save(); } if (!$isNew) { // Make sure state and category changes carry through to replies // If it's marked as deleted, skip it $query = $this->getQuery()->update($this->getTableName())->set(['state' => $this->get('state'), 'category_id' => $this->get('category_id')])->whereEquals('parent', $this->get('id'))->where('state', '!=', self::STATE_DELETED); if (!$query->execute()) { $this->addError($query->getError()); return false; } // Make sure state changes carry through to attachments $query = $this->getQuery()->update(Attachment::blank()->getTableName())->set(['state' => $this->get('state')])->whereEquals('post_id', $this->get('id'))->where('state', '!=', self::STATE_DELETED); if (!$query->execute()) { $this->addError($query->getError()); return false; } } } if ($section) { $this->set('section', $section); } if ($category) { $this->set('category', $category); } return $result; }
/** * Serves up files only after passing access checks * * @return void */ public function download() { // Incoming $section = Request::getVar('section', ''); $category = Request::getVar('category', ''); $thread = Request::getInt('thread', 0); $post = Request::getInt('post', 0); $file = Request::getVar('file', ''); // Check logged in status // Login check is handled in the onGroup() method /*if (User::isGuest()) { $return = Route::url('index.php?option=' . $this->option . '&cn=' . $this->group->get('cn') . '&active=forum&scope=' . $section . '/' . $category . '/' . $thread . '/' . $post . '/' . $file); App::redirect( Route::url('index.php?option=com_users&view=login&return=' . base64_encode($return)) ); return; }*/ // Instantiate an attachment object if (!$post) { $attach = Attachment::oneByThread($thread, $file); } else { $attach = Attachment::oneByPost($post); } if (!$attach->get('filename')) { App::abort(404, Lang::txt('PLG_GROUPS_FORUM_FILE_NOT_FOUND')); } // Get the parent ticket the file is attached to $post = $attach->post(); if (!$post->get('id') || $post->get('state') == $post::STATE_DELETED) { App::abort(404, Lang::txt('PLG_GROUPS_FORUM_POST_NOT_FOUND')); } // Load ACL $this->_authorize('thread', $post->get('thread')); // Ensure the user is authorized to view this file if (!$this->params->get('access-view-thread')) { $thread = Post::oneOrFail($post->get('thread')); if (!in_array($thread->get('access'), User::getAuthorisedViewLevels())) { App::abort(403, Lang::txt('PLG_GROUPS_FORUM_NOT_AUTH_FILE')); } } // Get the configured upload path $filename = $attach->path(); // Ensure the file exist if (!file_exists($filename)) { App::abort(404, Lang::txt('PLG_GROUPS_FORUM_FILE_NOT_FOUND') . ' ' . substr($filename, strlen(PATH_ROOT))); } // Initiate a new content server and serve up the file $server = new \Hubzero\Content\Server(); $server->filename($filename); $server->disposition('inline'); $server->acceptranges(false); // @TODO fix byte range support if (!$server->serve()) { // Should only get here on error App::abort(500, Lang::txt('PLG_GROUPS_FORUM_SERVER_ERROR')); } exit; }