function attach($inputName, $max, $uploader = null)
{
$models = $list = array();
$files = Input::file($inputName);
if ($files) {
// Converting single file upload into multiple which has this form:
// array(
// 'name' => array('up-1.txt', 'f-2.htm'),
// 'type' => array('plain/text', 'text/html'),
// 'tmp_name' => array(...),
// 'error' => array(...),
// 'size' => array(...)
// )
$files = S($files, '(array) ?');
foreach ($files['error'] as $i => $error) {
if ($max >= 0 and count($models) >= $max) {
$having = count(array_omit($files['error']));
$s = count($having) == 1 ? '' : 's';
Log::info_Post("Attempting to attach {$having} file{$s}, max allowed number" . " is {$max} - ignoring the rest.");
break;
}
if (!$error and is_uploaded_file($tmp = $files['tmp_name'][$i])) {
$model = File::reuseOrPlace(file_get_contents($tmp), array('uploader' => $uploader ? $uploader->id : null, 'mime' => $files['type'][$i], 'name' => $files['name'][$i]));
// the same file might be accidentally uploaded twice - ignore.
if (empty($models[$model->md5])) {
$models[$model->md5] = $model;
$list[$model->id] = array('type' => 'post', 'file' => $model->id, 'object' => $this->id);
}
}
}
}
try {
$list and FileListItem::insert($list);
} catch (\Exception $e) {
foreach ($models as $model) {
try {
$model->unused();
} catch (\Exception $e2) {
}
}
throw $e;
}
foreach ($models as $file) {
Event::fire('post.attached', array($this, $file));
}
return $models;
}
//
// This filter will always deny access for non-authorized users even if guest
// permissions allow for given features - this is so because protected controllers
// rely on current user being logged in.
\Route::filter('vane::auth', function ($feature_1 = null) {
$features = is_array($feature_1) ? $feature_1 : func_get_args();
$block = is_object(end($features)) ? array_pop($features) : null;
$user = \Auth::user();
if ($user and !$user instanceof UserInterface) {
$msg = "When using vane::auth filter object returned by Auth::user()" . " (" . get_class($user) . " here) must implement Vane\\UserInterface." . " This is not so - returned 403 for user {$user->id}.";
$deny = Log::error_Auth($msg);
} elseif (!$user) {
$name = $block ? ' ' . $block->name : '';
$deny = Log::info_Auth("Block{$name} needs authorized user, denying access for guest.");
} elseif ($features) {
list($toMiss, $toHave) = S::divide($features, '?[0] === "!"');
$having = array_filter(S($toMiss, array('.substr', 1)), array($user, 'can'));
$missing = array_omit($toHave, array($user, 'can'));
$reasons = array();
$having and $reasons[] = "present flag(s): " . join(', ', $having);
$missing and $reasons[] = "missing permission(s): " . join(', ', $missing);
if ($reasons) {
$name = $block ? ' ' . $block->name : '';
$msg = "Denied access to block{$name} via vane::auth for user {$user->id} due to " . join(' and ', $reasons) . '.';
$deny = Log::info_Auth($msg);
}
}
if (!empty($deny)) {
return $block ? $block->toResponse(false) : false;
}
});
