/** * Checks whether the user may access a file or a bunch of files if you * pass an array. * * @param mixed $files Either a single directory entry id or an array of those * (DirectoryEntry or File object(s) are also valid) * @param mixed $user_id Id of the user or null for current user (default) * @param bool $throw_exception Throw an AccessDeniedException instead of * returning false * @return bool indicating whether the user may access this file/these files * @throws AccessDeniedException if $throw_exception is true and the user * may not access the file(s) */ public static function CheckAccess($files, $user_id = null, $throw_exception = true) { if (!is_array($files)) { $files = array($files); } $user_id = $user_id ?: $GLOBALS['user']->id; foreach ($files as $file) { try { if (!is_object($file)) { $file = DirectoryEntry::find($file); } if ($file instanceof DirectoryEntry) { $file = $file->file; } if (!$file instanceof File || !$file->checkAccess()) { throw new Exception(); } } catch (Exception $e) { if (!is_object($file) && ($file === $GLOBALS['user']->id || $GLOBALS['perm']->have_perm('root'))) { continue; } if ($throw_exception) { throw new AccessDeniedException(_('Sie dürfen auf dieses Objekt nicht zugreifen.')); } return false; } } return true; }
/** * Converts URLs in images so that the webserver can access them without proxy. * @param string $url of an image * @return string " src=\"".$converted_url."\"" */ protected function convertURL($url) { $convurl = $url; $url_elements = @parse_url($url); $url = $url_elements['path'] . '?' . $url_elements['query']; if (strpos(implode('#', $this->domains), $url_elements['host']) !== false) { if (strpos($url, 'dispatch.php/media_proxy?url=') !== false) { $targeturl = urldecode(substr($url, 4)); try { // is file in cache? if (!($metadata = $this->media_proxy->getMetaData($targeturl))) { $convurl = $targeturl; } else { $convurl = $this->config->getValue('MEDIA_CACHE_PATH') . '/' . md5($targeturl); } } catch (Exception $e) { $convurl = ''; } } else { if (stripos($url, 'dispatch.php/document/download') !== false) { if (preg_match('#([a-f0-9]{32})#', $url, $matches)) { $convurl = DirectoryEntry::find($matches[1])->file->getStorageObject()->getPath(); } } else { if (stripos($url, 'download') !== false || stripos($url, 'sendfile.php') !== false) { //// get file id if (preg_match('#([a-f0-9]{32})#', $url, $matches)) { $document = new StudipDocument($matches[1]); if ($document->checkAccess($GLOBALS['user']->id)) { $convurl = get_upload_file_path($matches[1]); } else { $convurl = Assets::image_path('messagebox/exception.png'); } } } } } } return 'src="' . $convurl . '"'; }
/** * Deletes a file. * * @param String $id Directory entry id of the file to delete */ public function delete_action($id) { if (!$this->full_access) { throw new AccessDeniedException(); } $entry = DirectoryEntry::find($id); $parent_id = FileHelper::getParentId($id) ?: $this->context_id; $entry->checkAccess(); if (!Request::isPost()) { $question = createQuestion2(_('Soll die Datei wirklich gelöscht werden?'), array(), array(), $this->url_for('document/files/delete/' . $id)); $this->flash['question'] = $question; } elseif (Request::isPost() && Request::submitted('yes')) { File::get($entry->directory->id)->unlink($entry->name); PageLayout::postMessage(MessageBox::success(_('Die Datei wurde gelöscht.'))); } $this->redirect('document/files/index/' . $parent_id); }
/** * Deletes a folder. * * @param String $folder_id Directory entry id of the folder */ public function delete_action($folder_id) { if (!$this->full_access) { throw new AccessDeniedException(); } FileHelper::checkAccess($folder_id); $parent_id = FileHelper::getParentId($folder_id) ?: $this->context_id; if (!Request::isPost()) { $message = $folder_id === 'all' ? _('Soll der gesamte Dateibereich inklusive aller Order und Dateien wirklich gelöscht werden?') : _('Soll der Ordner inklusive aller darin enthaltenen Dateien wirklich gelöscht werden?'); $question = createQuestion2($message, array(), array(), $this->url_for('document/folder/delete/' . $folder_id)); $this->flash['question'] = $question; } elseif (Request::isPost() && Request::submitted('yes')) { if ($folder_id === 'all') { $entry = RootDirectory::find($this->context_id); foreach ($entry->listFiles() as $file) { $entry->unlink($file->name); } PageLayout::postMessage(MessageBox::success(_('Der Dateibereich wurde geleert.'))); } else { $entry = DirectoryEntry::find($folder_id); $entry->directory->unlink($entry->name); PageLayout::postMessage(MessageBox::success(_('Der Ordner wurde gelöscht.'))); } } $this->redirect('document/files/index/' . $parent_id); }