public static function generateStaticUrl($obj, $params = array(), $app = false) { if (!$app) { global $CFG; $app = $CFG->current_app; } if (!isset($params[self::FILE_GET_PARAMETER])) { $params[self::FILE_GET_PARAMETER] = $obj; } $signed_request = new GcrSignedRequest($params, $app); $signed_request->signParameters(); $separator = '?'; $query_string = ''; foreach ($signed_request->getParameters() as $key => $value) { $query_string .= $separator . urlencode($key) . '=' . urlencode($value); $separator = '&'; } return $app->getUrl() . '/institution/getUserStorageFile' . $query_string; }
public function executeGetUserStorageFile(sfWebRequest $request) { global $CFG; $get_params = $request->getGetParameters(); $signed_request = new GcrSignedRequest($get_params); if (!$signed_request->validateSignature()) { $CFG->current_app->gcError('Signature Invalid', 'gcpageaccessdenied'); } $file = $get_params[GcrStorageAccessS3::FILE_GET_PARAMETER]; if ($file) { if (!isset($get_params['app'])) { $app = $CFG->current_app->getInstitution(); } else { $app = GcrInstitutionTable::getApp($get_params['app']); } $s3_storage = new GcrStorageAccessS3($app); if (!$s3_storage->isPublicObject($file)) { $CFG->current_app->requireLogin(); $current_user = $CFG->current_app->getCurrentUser(); $role_manager = $current_user->getRoleManager(); if (isset($get_params['course_id']) && !$role_manager->hasPrivilege('EschoolAdmin')) { // make sure the current user has access to this course $flag = false; $mdl_course = $CFG->current_app->getCourse($get_params['course_id']); if ($mdl_course) { // For new course instances, we want to maintain access to // Cloud Storage URLs with course id signed to parent course. $course_collection = $mdl_course->getCourseCollection(); if ($course_collection) { foreach ($course_collection->getCourses() as $course_instance) { if ($role_manager->hasCourseAccess($course_instance)) { $flag = true; break; } } } else { $flag = $role_manager->hasCourseAccess($mdl_course); } } else { $CFG->current_app->gcError('course_id parameter ' . $get_params['course_id'] . 'does not exist', 'gcdatabaseerror'); } if (!$flag) { $CFG->current_app->gcError('User Does Not Have Course Access', 'gcpageaccessdenied'); } } } $url = $s3_storage->getObjectUrl($file); } else { $url = $CFG->current_app->getUrl(); } $this->redirect($url); }