/**
* Manages file downloads based on the privacy of the file/folder
*
* @uses bp_displayed_user_id() to be sure we're not on a profile
* @uses bp_is_current_component() to check for BuddyDrive component
* @uses bp_current_action() to check if current action is file / folder
* @uses esc_url()
* @uses wp_get_referer() to eventually redirect the user
* @uses bp_action_variable() to get the name of the file / folder
* @uses buddydrive_get_buddyfile() to get the file / folder object
* @uses buddydrive_get_folder_post_type() to get the folder post type
* @uses bp_loggedin_user_id() to get current user id
* @uses is_super_admin() as super admin can download anything
* @uses bp_core_add_message() to eventually display a warning message to user
* @uses buddydrive_get_user_buddydrive_url() to construct the user's BuddyDrive url
* @uses bp_core_redirect() to redirect user if needed
* @uses friends_check_friendship() to check if the current user is friend with the file owner
* @uses bp_is_active() to check a BuddyPress component is active
* @uses groups_is_user_member() to check if the current user is member of the group of the file
* @uses groups_get_group() to get the group object of the group the file / folder is attached to
* @uses bp_get_group_permalink() to build the group link
* @uses buddydrive_get_group_buddydrive_url() to build the link to the BuddyDrive of the group
* @uses site_url() to redirect to home if nothing match
* @return binary the file! (or redirects to the folder)
*/
function buddydrive_file_downloader()
{
if (!bp_displayed_user_id() && bp_is_current_component('buddydrive') && 'file' == bp_current_action()) {
$redirect = esc_url(wp_get_referer());
$buddyfile_name = bp_action_variable(0);
$buddydrive_file = buddydrive_get_buddyfile($buddyfile_name);
if (empty($buddydrive_file)) {
bp_core_add_message(__('OOps, we could not find your file.', 'buddydrive'), 'error');
bp_core_redirect(buddydrive_get_root_url());
}
$buddydrive_file_path = $buddydrive_file->path;
$buddydrive_file_name = $buddydrive_file->file;
$buddydrive_file_mime = $buddydrive_file->mime_type;
// if the file belongs to a folder, we need to get the folder's privacy settings
if (!empty($buddydrive_file->post_parent)) {
$parent = $buddydrive_file->post_parent;
$buddydrive_file = buddydrive_get_buddyfile($parent, buddydrive_get_folder_post_type());
}
$can_donwload = false;
if (!empty($buddydrive_file->check_for)) {
switch ($buddydrive_file->check_for) {
case 'private':
if ($buddydrive_file->user_id == bp_loggedin_user_id() || is_super_admin()) {
$can_donwload = true;
}
break;
case 'password':
if ($buddydrive_file->user_id == bp_loggedin_user_id() || is_super_admin()) {
$can_donwload = true;
} elseif (empty($_POST['buddyfile-form'])) {
bp_core_add_message(__('This file is password protected', 'buddydrive'), 'error');
add_action('buddydrive_directory_content', 'buddydrive_file_password_form');
$can_donwload = false;
} else {
//check admin referer
if ($buddydrive_file->password == $_POST['buddyfile-form']['password']) {
$can_donwload = true;
} else {
$redirect = buddydrive_get_user_buddydrive_url($buddydrive_file->user_id);
bp_core_add_message(__('Wrong password', 'buddydrive'), 'error');
bp_core_redirect($redirect);
$can_donwload = false;
}
}
break;
case 'public':
$can_donwload = true;
break;
case 'friends':
if ($buddydrive_file->user_id == bp_loggedin_user_id() || is_super_admin()) {
$can_donwload = true;
} elseif (bp_is_active('friends') && friends_check_friendship($buddydrive_file->user_id, bp_loggedin_user_id())) {
$can_donwload = true;
} else {
$redirect = buddydrive_get_user_buddydrive_url($buddydrive_file->user_id);
bp_core_add_message(__('You must be a friend of this member to download the file', 'buddydrive'), 'error');
bp_core_redirect($redirect);
$can_donwload = false;
}
break;
case 'groups':
if ($buddydrive_file->user_id == bp_loggedin_user_id() || is_super_admin()) {
$can_donwload = true;
} elseif (!bp_is_active('groups')) {
bp_core_add_message(__('Group component is deactivated, please contact the administrator.', 'buddydrive'), 'error');
bp_core_redirect(buddydrive_get_root_url());
$can_donwload = false;
} elseif (groups_is_user_member(bp_loggedin_user_id(), intval($buddydrive_file->group))) {
$can_donwload = true;
} else {
$group = groups_get_group(array('group_id' => $buddydrive_file->group));
if ('hidden' == $group->status) {
$redirect = wp_get_referer();
} else {
$redirect = bp_get_group_permalink($group);
}
bp_core_add_message(__('You must be member of the group to download the file', 'buddydrive'), 'error');
bp_core_redirect($redirect);
$can_donwload = false;
}
break;
default:
/**
* Filter here for custom privacy options
*
* @since 1.3.3
*
* @param bool $can_download True if the file can be downloaded, false otherwise.
* @param object $buddydrive_file The BuddyDrive file object.
*/
$can_donwload = apply_filters('buddydrive_file_downloader_can_download', $can_download, $buddydrive_file);
break;
}
} else {
if ($buddydrive_file->user_id == bp_loggedin_user_id() || is_super_admin()) {
$can_donwload = true;
}
}
// we have a file! let's force download.
if (file_exists($buddydrive_file_path) && !empty($can_donwload)) {
do_action('buddydrive_file_downloaded', $buddydrive_file);
status_header(200);
header('Cache-Control: cache, must-revalidate');
header('Pragma: public');
header('Content-Description: File Transfer');
header('Content-Length: ' . filesize($buddydrive_file_path));
header('Content-Disposition: attachment; filename=' . $buddydrive_file_name);
header('Content-Type: ' . $buddydrive_file_mime);
readfile($buddydrive_file_path);
die;
}
} else {
if (!bp_displayed_user_id() && bp_is_current_component('buddydrive') && 'folder' == bp_current_action()) {
$buddyfolder_name = bp_action_variable(0);
$buddyfolder = buddydrive_get_buddyfile($buddyfolder_name, buddydrive_get_folder_post_type());
if (empty($buddyfolder)) {
bp_core_add_message(__('OOps, we could not find your folder.', 'buddydrive'), 'error');
bp_core_redirect(buddydrive_get_root_url());
}
// in case of the folder, we open it on the user's BuddyDrive or the group one
$buddydrive_root_link = $buddyfolder->check_for == 'groups' ? buddydrive_get_group_buddydrive_url($buddyfolder->group) : buddydrive_get_user_buddydrive_url($buddyfolder->user_id);
$link = $buddydrive_root_link . '?folder-' . $buddyfolder->ID;
bp_core_redirect($link);
}
}
}
/**
* Gets the action link of the BuddyDrive item
*
* @global object $buddydrive_template
* @uses buddydrive_is_buddyfile() to check for a file
* @return string the action link of the item
*/
function buddydrive_get_action_link()
{
global $buddydrive_template;
$buddyslug = 'folder';
if (buddydrive_is_buddyfile()) {
$buddyslug = 'file';
}
$slug = trailingslashit($buddyslug . '/' . $buddydrive_template->query->post->post_name);
$link = buddydrive_get_root_url() . '/' . $slug;
return apply_filters('buddydrive_get_action_link', esc_url($link));
}
function can_download($can_download, $buddydrive_file)
{
$user_id = get_current_user_id();
if ($buddydrive_file->check_for == 'course') {
$course_id = get_post_meta($buddydrive_file->ID, 'course', true);
}
if ($buddydrive_file->user_id == bp_loggedin_user_id() || is_super_admin()) {
$can_download = true;
} elseif (!bp_is_active('course')) {
bp_core_add_message(__('Course component is deactivated, please contact the administrator.', 'vibe'), 'error');
bp_core_redirect(buddydrive_get_root_url());
$can_download = false;
} elseif (bp_course_is_member($course_id, bp_loggedin_user_id())) {
$can_download = true;
} else {
$redirect = get_permalink($course_id);
bp_core_add_message(__('You must be member of the course to download the file', 'vibe'), 'error');
bp_core_redirect($redirect);
$can_download = false;
}
return $can_download;
}
/**
* Waits before checking if a 404 was a BuddyDrive file.
*
* @since version 1.1
*
* @uses is_404() to check it's a 404
* @uses bp_get_root_domain() to get the blog's url where BuddyPress is running
* @uses esc_url() to sanitize url
* @uses buddydrive() to get the BuddyDrive globals
* @uses buddydrive_get_root_url() to get the plugin's root url
* @uses bp_core_redirect() to redirect to the BuddyDrive item
*/
function buddydrive_maybe_redirect_oldlink()
{
if (!is_404()) {
return;
}
$root_domain_url = bp_get_root_domain();
$maybe_buddydrive = trailingslashit($root_domain_url . esc_url($_SERVER['REQUEST_URI']));
$buddydrive_slug = buddydrive()->buddydrive_slug;
$buddydrive_old_root_url = trailingslashit($root_domain_url) . $buddydrive_slug;
if (strpos($maybe_buddydrive, $buddydrive_old_root_url) === 0) {
$buddydrive_new_url = str_replace($buddydrive_old_root_url, buddydrive_get_root_url(), $maybe_buddydrive);
bp_core_redirect($buddydrive_new_url);
}
}
/**
* Name column, and "quick admin" rollover actions.
*
* Called "comment" in the CSS so we can re-use some WP core CSS.
*
* @param array $item A singular item (one full row)
* @uses bp_get_admin_url() to build the admin url
* @uses wp_nonce_url() for security reasons
* @uses buddydrive_get_root_url() to get the BuddyDrive root url
* @uses buddydrive_get_folder_post_type() to get the BuddyFolder post type
* @uses esc_url() to sanitize url
* @see WP_List_Table::single_row_columns()
* @since BuddyDrive (1.0)
*/
function column_comment($item = array())
{
// Preorder items: download | Edit | Delete
$actions = array('download' => '', 'edit' => '', 'delete' => '');
// Build actions URLs
$base_url = bp_get_admin_url('admin.php?page=buddydrive-files&bid=' . $item['ID']);
$delete_url = wp_nonce_url($base_url . "&action=delete", 'buddydrive-delete');
$edit_url = $base_url . '&action=edit';
$download = trailingslashit('file/' . $item['post_name']);
$visit_url = buddydrive_get_root_url() . '/' . $download;
// Download
if ($item['post_type'] != buddydrive_get_folder_post_type()) {
$actions['download'] = sprintf('<a href="%s">%s</a>', esc_url($visit_url), __('Download', 'buddydrive'));
}
// Edit
$actions['edit'] = sprintf('<a href="%s">%s</a>', esc_url($edit_url), __('Edit', 'buddydrive'));
// Delete
$actions['delete'] = sprintf('<a href="%s">%s</a>', esc_url($delete_url), __('Delete', 'buddydrive'));
// Other plugins can filter which actions are shown
$actions = apply_filters('buddydrive_admin_comment_row_actions', array_filter($actions), $item);
$content = apply_filters('buddydrive_get_item_title', $item['post_title']);
$icon = $item['post_type'] != buddydrive_get_folder_post_type() ? '<i class="icon bd-icon-file"></i>' : '<i class="icon bd-icon-folder"></i>';
echo $icon . ' ' . $content . ' ' . $this->row_actions($actions);
}
/**
* Gets a single BuddyDrive items
*
* @param string|int $name the post name or the id of the item to get
* @param string $type the BuddyDrive post type
* @uses buddydrive_get_file_post_type() to default to the BuddyFile post type
* @uses BuddyDrive_Item::get() to get the BuddyDrive item
* @uses buddydrive_get_root_url() to get BuddyDrive root url
* @uses get_post_meta() to get item's privacy options
* @return object the BuddyDrive item
*/
function buddydrive_get_buddyfile($name = false, $type = false)
{
if (empty($name)) {
return false;
}
if (empty($type)) {
$type = buddydrive_get_file_post_type();
}
$buddydrive_file = new BuddyDrive_Item();
if (is_numeric($name)) {
$args = array('id' => $name, 'type' => $type);
} else {
$args = array('name' => $name, 'type' => $type);
}
$buddydrive_file->get($args);
if (empty($buddydrive_file->query->post->ID)) {
return false;
}
$buddyfile = new stdClass();
$buddyfile->ID = $buddydrive_file->query->post->ID;
$buddyfile->user_id = $buddydrive_file->query->post->post_author;
$buddyfile->title = $buddydrive_file->query->post->post_title;
$buddyfile->content = $buddydrive_file->query->post->post_content;
$buddyfile->post_parent = $buddydrive_file->query->post->post_parent;
$buddyfile->post_type = $buddydrive_file->query->post->post_type;
$buddyfile->guid = $buddydrive_file->query->post->guid;
// let's default to a folder
$buddyitem_slug = $buddyfile->mime_type = 'folder';
// do we have a file ?
if ($buddyfile->post_type == buddydrive_get_file_post_type()) {
$buddyitem_slug = 'file';
$buddyfile->file = basename($buddydrive_file->query->post->guid);
$buddyfile->path = buddydrive()->upload_dir . '/' . $buddyfile->file;
$buddyfile->mime_type = $buddydrive_file->query->post->post_mime_type;
}
$slug = trailingslashit($buddyitem_slug . '/' . $buddydrive_file->query->post->post_name);
$link = buddydrive_get_root_url() . '/' . $slug;
$buddyfile->link = $link;
/* privacy */
$privacy = get_post_meta($buddyfile->ID, '_buddydrive_sharing_option', true);
// by default check for user_id
$buddyfile->check_for = 'private';
if (!empty($privacy)) {
switch ($privacy) {
case 'private':
$buddyfile->check_for = 'private';
break;
case 'password':
$buddyfile->check_for = 'password';
$buddyfile->password = !empty($buddydrive_file->query->post->post_password) ? $buddydrive_file->query->post->post_password : false;
break;
case 'public':
$buddyfile->check_for = 'public';
break;
case 'friends':
$buddyfile->check_for = 'friends';
break;
case 'groups':
$buddyfile->check_for = 'groups';
$buddyfile->group = get_post_meta($buddyfile->ID, '_buddydrive_sharing_groups', true);
break;
default:
$buddyfile->check_for = apply_filters('buddydrive_default_check_for', 'private', $buddyfile);
break;
}
}
return $buddyfile;
}
/**
* Registers BuddyDrive embed code
*
* We need to wait for buddypress()->pages to be set
*
* @since BuddyDrive 1.1
*
* @uses wp_embed_register_handler() registers the embed code for BuddyDrive
*/
public function register_embed_code()
{
wp_embed_register_handler('buddydrive', '#' . buddydrive_get_root_url() . '\\/(.+?)\\/(.+?)\\/#i', 'wp_embed_handler_buddydrive');
}