function attach($inputName, $max, $uploader = null) { $models = $list = array(); $files = Input::file($inputName); if ($files) { // Converting single file upload into multiple which has this form: // array( // 'name' => array('up-1.txt', 'f-2.htm'), // 'type' => array('plain/text', 'text/html'), // 'tmp_name' => array(...), // 'error' => array(...), // 'size' => array(...) // ) $files = S($files, '(array) ?'); foreach ($files['error'] as $i => $error) { if ($max >= 0 and count($models) >= $max) { $having = count(array_omit($files['error'])); $s = count($having) == 1 ? '' : 's'; Log::info_Post("Attempting to attach {$having} file{$s}, max allowed number" . " is {$max} - ignoring the rest."); break; } if (!$error and is_uploaded_file($tmp = $files['tmp_name'][$i])) { $model = File::reuseOrPlace(file_get_contents($tmp), array('uploader' => $uploader ? $uploader->id : null, 'mime' => $files['type'][$i], 'name' => $files['name'][$i])); // the same file might be accidentally uploaded twice - ignore. if (empty($models[$model->md5])) { $models[$model->md5] = $model; $list[$model->id] = array('type' => 'post', 'file' => $model->id, 'object' => $this->id); } } } } try { $list and FileListItem::insert($list); } catch (\Exception $e) { foreach ($models as $model) { try { $model->unused(); } catch (\Exception $e2) { } } throw $e; } foreach ($models as $file) { Event::fire('post.attached', array($this, $file)); } return $models; }
// // This filter will always deny access for non-authorized users even if guest // permissions allow for given features - this is so because protected controllers // rely on current user being logged in. \Route::filter('vane::auth', function ($feature_1 = null) { $features = is_array($feature_1) ? $feature_1 : func_get_args(); $block = is_object(end($features)) ? array_pop($features) : null; $user = \Auth::user(); if ($user and !$user instanceof UserInterface) { $msg = "When using vane::auth filter object returned by Auth::user()" . " (" . get_class($user) . " here) must implement Vane\\UserInterface." . " This is not so - returned 403 for user {$user->id}."; $deny = Log::error_Auth($msg); } elseif (!$user) { $name = $block ? ' ' . $block->name : ''; $deny = Log::info_Auth("Block{$name} needs authorized user, denying access for guest."); } elseif ($features) { list($toMiss, $toHave) = S::divide($features, '?[0] === "!"'); $having = array_filter(S($toMiss, array('.substr', 1)), array($user, 'can')); $missing = array_omit($toHave, array($user, 'can')); $reasons = array(); $having and $reasons[] = "present flag(s): " . join(', ', $having); $missing and $reasons[] = "missing permission(s): " . join(', ', $missing); if ($reasons) { $name = $block ? ' ' . $block->name : ''; $msg = "Denied access to block{$name} via vane::auth for user {$user->id} due to " . join(' and ', $reasons) . '.'; $deny = Log::info_Auth($msg); } } if (!empty($deny)) { return $block ? $block->toResponse(false) : false; } });