/**
* Check permissions required by command before it's executed
*
* @throws \Exception if access is restricted
*/
public function checkPermissions()
{
if (!empty($this->requires)) {
$workingFolder = $this->app->getWorkingFolder();
$aclMask = $workingFolder->getAclMask();
$requiredPermissionsMask = array_sum($this->requires);
if (($aclMask & $requiredPermissionsMask) !== $requiredPermissionsMask) {
throw new UnauthorizedException();
}
}
}
/**
* Returns acl mask computed for current user and current working folder
*
* @return int
*/
public function getAclMask()
{
if (null === $this->aclMask) {
$this->aclMask = $this->app->getAcl()->getComputedMask($this->getResourceTypeName(), $this->getClientCurrentFolder());
}
return $this->aclMask;
}
/**
* Adds information about aborting to long running request response
*/
public function addInfoToResponse()
{
$this->app->on(KernelEvents::RESPONSE, function (FilterResponseEvent $event) {
$response = $event->getResponse();
if ($response instanceof JsonResponse) {
$responseData = (array) $response->getData();
$responseData = array('aborted' => $this->isAborted()) + $responseData;
$response->setData($responseData);
}
}, 512);
}
/**
* This method looks for a 'command' request attribute. An appropriate class
* is then instantiated and used to build a callable.
*
* @param Request $request current Request instance
*
* @return callable Callable built to execute the command.
*
* @throws InvalidCommandException if a valid command cannot be found.
* @throws MethodNotAllowedException if a command was called using an invalid HTTP method.
*/
public function getController(Request $request)
{
$commandName = ucfirst((string) $request->get('command'));
/* @var Command\CommandAbstract $commandObject */
$commandObject = null;
// First check for regular command class
$commandClassName = $this->commandsNamespace . $commandName;
if (class_exists($commandClassName)) {
$reflectedClass = new \ReflectionClass($commandClassName);
if (!$reflectedClass->isInstantiable()) {
throw new InvalidCommandException(sprintf('CKFinder command class %s is not instantiable', $commandClassName));
}
$commandObject = new $commandClassName($this->app);
}
// If not found - check if command plugin with given name exists
if (null === $commandObject) {
$plugin = $this->app->getPlugin($commandName);
if ($plugin instanceof CommandAbstract) {
$commandObject = $plugin;
}
}
if (null === $commandObject) {
throw new InvalidCommandException(sprintf('CKFinder command %s not found', $commandName));
}
if (!$commandObject instanceof CommandAbstract) {
throw new InvalidCommandException(sprintf("CKFinder command must be a subclass of CommandAbstract (%s given)", get_class($commandObject)));
}
if (!method_exists($commandObject, self::COMMAND_EXECUTE_METHOD)) {
throw new InvalidCommandException(sprintf("CKFinder command class %s doesn't contain required 'execute' method", $commandClassName));
}
if ($commandObject->getRequestMethod() !== $request->getMethod()) {
throw new MethodNotAllowedException(sprintf('CKFinder command %s expects to be called with %s HTTP request. Actual method: %s', $commandName, $commandObject->getRequestMethod(), $request->getMethod()));
}
/* @var $dispatcher \Symfony\Component\EventDispatcher\EventDispatcher */
$dispatcher = $this->app['dispatcher'];
$beforeCommandEvent = new BeforeCommandEvent($this->app, $commandName, $commandObject);
$eventName = CKFinderEvent::BEFORE_COMMAND_PREFIX . lcfirst($commandName);
$dispatcher->dispatch($eventName, $beforeCommandEvent);
$commandObject = $beforeCommandEvent->getCommandObject();
$commandObject->checkPermissions();
return array($commandObject, self::COMMAND_EXECUTE_METHOD);
}
/**
* Returns a URL to a file.
*
* If the useProxyCommand option is set for a backend, the returned
* URL will point to the CKFinder connector Proxy command.
*
* @param ResourceType $resourceType the file resource type
* @param string $folderPath the resource-type relative folder path
* @param string $fileName the file name
* @param string|null $thumbnailFileName the thumbnail file name - if the file is a thumbnail
*
* @return string|null URL to a file or `null` if the backend does not support it.
*/
public function getFileUrl(ResourceType $resourceType, $folderPath, $fileName, $thumbnailFileName = null)
{
if (isset($this->backendConfig['useProxyCommand'])) {
$connectorUrl = $this->app->getConnectorUrl();
$queryParameters = array('command' => 'Proxy', 'type' => $resourceType->getName(), 'currentFolder' => $folderPath, 'fileName' => $fileName);
if ($thumbnailFileName) {
$queryParameters['thumbnail'] = $thumbnailFileName;
}
$proxyCacheLifetime = (int) $this->ckConfig->get('cache.proxyCommand');
if ($proxyCacheLifetime > 0) {
$queryParameters['cache'] = $proxyCacheLifetime;
}
return $connectorUrl . '?' . http_build_query($queryParameters, '', '&');
}
$path = $thumbnailFileName ? Path::combine($resourceType->getDirectory(), $folderPath, ResizedImage::DIR, $fileName, $thumbnailFileName) : Path::combine($resourceType->getDirectory(), $folderPath, $fileName);
if (isset($this->backendConfig['baseUrl'])) {
return Path::combine($this->backendConfig['baseUrl'], Utils::encodeURLParts($path));
}
$baseAdapter = $this->getBaseAdapter();
if (method_exists($baseAdapter, 'getFileUrl')) {
return $baseAdapter->getFileUrl($path);
}
return null;
}
<?php /* * CKFinder * ======== * http://cksource.com/ckfinder * Copyright (c) 2007-2016, CKSource - Frederico Knabben. All rights reserved. * * The software, this file and its contents are subject to the CKFinder * License. Please read the license.txt file before using, installing, copying, * modifying or distribute this file or part of its contents. The contents of * this file is part of the Source Code of CKFinder. */ require_once __DIR__ . '/vendor/autoload.php'; use CKSource\CKFinder\CKFinder; $ckfinder = new CKFinder(__DIR__ . '/../../../config.php'); $ckfinder->run();
