/** * Check permissions required by command before it's executed * * @throws \Exception if access is restricted */ public function checkPermissions() { if (!empty($this->requires)) { $workingFolder = $this->app->getWorkingFolder(); $aclMask = $workingFolder->getAclMask(); $requiredPermissionsMask = array_sum($this->requires); if (($aclMask & $requiredPermissionsMask) !== $requiredPermissionsMask) { throw new UnauthorizedException(); } } }
/** * Returns acl mask computed for current user and current working folder * * @return int */ public function getAclMask() { if (null === $this->aclMask) { $this->aclMask = $this->app->getAcl()->getComputedMask($this->getResourceTypeName(), $this->getClientCurrentFolder()); } return $this->aclMask; }
/** * Adds information about aborting to long running request response */ public function addInfoToResponse() { $this->app->on(KernelEvents::RESPONSE, function (FilterResponseEvent $event) { $response = $event->getResponse(); if ($response instanceof JsonResponse) { $responseData = (array) $response->getData(); $responseData = array('aborted' => $this->isAborted()) + $responseData; $response->setData($responseData); } }, 512); }
/** * This method looks for a 'command' request attribute. An appropriate class * is then instantiated and used to build a callable. * * @param Request $request current Request instance * * @return callable Callable built to execute the command. * * @throws InvalidCommandException if a valid command cannot be found. * @throws MethodNotAllowedException if a command was called using an invalid HTTP method. */ public function getController(Request $request) { $commandName = ucfirst((string) $request->get('command')); /* @var Command\CommandAbstract $commandObject */ $commandObject = null; // First check for regular command class $commandClassName = $this->commandsNamespace . $commandName; if (class_exists($commandClassName)) { $reflectedClass = new \ReflectionClass($commandClassName); if (!$reflectedClass->isInstantiable()) { throw new InvalidCommandException(sprintf('CKFinder command class %s is not instantiable', $commandClassName)); } $commandObject = new $commandClassName($this->app); } // If not found - check if command plugin with given name exists if (null === $commandObject) { $plugin = $this->app->getPlugin($commandName); if ($plugin instanceof CommandAbstract) { $commandObject = $plugin; } } if (null === $commandObject) { throw new InvalidCommandException(sprintf('CKFinder command %s not found', $commandName)); } if (!$commandObject instanceof CommandAbstract) { throw new InvalidCommandException(sprintf("CKFinder command must be a subclass of CommandAbstract (%s given)", get_class($commandObject))); } if (!method_exists($commandObject, self::COMMAND_EXECUTE_METHOD)) { throw new InvalidCommandException(sprintf("CKFinder command class %s doesn't contain required 'execute' method", $commandClassName)); } if ($commandObject->getRequestMethod() !== $request->getMethod()) { throw new MethodNotAllowedException(sprintf('CKFinder command %s expects to be called with %s HTTP request. Actual method: %s', $commandName, $commandObject->getRequestMethod(), $request->getMethod())); } /* @var $dispatcher \Symfony\Component\EventDispatcher\EventDispatcher */ $dispatcher = $this->app['dispatcher']; $beforeCommandEvent = new BeforeCommandEvent($this->app, $commandName, $commandObject); $eventName = CKFinderEvent::BEFORE_COMMAND_PREFIX . lcfirst($commandName); $dispatcher->dispatch($eventName, $beforeCommandEvent); $commandObject = $beforeCommandEvent->getCommandObject(); $commandObject->checkPermissions(); return array($commandObject, self::COMMAND_EXECUTE_METHOD); }
/** * Returns a URL to a file. * * If the useProxyCommand option is set for a backend, the returned * URL will point to the CKFinder connector Proxy command. * * @param ResourceType $resourceType the file resource type * @param string $folderPath the resource-type relative folder path * @param string $fileName the file name * @param string|null $thumbnailFileName the thumbnail file name - if the file is a thumbnail * * @return string|null URL to a file or `null` if the backend does not support it. */ public function getFileUrl(ResourceType $resourceType, $folderPath, $fileName, $thumbnailFileName = null) { if (isset($this->backendConfig['useProxyCommand'])) { $connectorUrl = $this->app->getConnectorUrl(); $queryParameters = array('command' => 'Proxy', 'type' => $resourceType->getName(), 'currentFolder' => $folderPath, 'fileName' => $fileName); if ($thumbnailFileName) { $queryParameters['thumbnail'] = $thumbnailFileName; } $proxyCacheLifetime = (int) $this->ckConfig->get('cache.proxyCommand'); if ($proxyCacheLifetime > 0) { $queryParameters['cache'] = $proxyCacheLifetime; } return $connectorUrl . '?' . http_build_query($queryParameters, '', '&'); } $path = $thumbnailFileName ? Path::combine($resourceType->getDirectory(), $folderPath, ResizedImage::DIR, $fileName, $thumbnailFileName) : Path::combine($resourceType->getDirectory(), $folderPath, $fileName); if (isset($this->backendConfig['baseUrl'])) { return Path::combine($this->backendConfig['baseUrl'], Utils::encodeURLParts($path)); } $baseAdapter = $this->getBaseAdapter(); if (method_exists($baseAdapter, 'getFileUrl')) { return $baseAdapter->getFileUrl($path); } return null; }
<?php /* * CKFinder * ======== * http://cksource.com/ckfinder * Copyright (c) 2007-2016, CKSource - Frederico Knabben. All rights reserved. * * The software, this file and its contents are subject to the CKFinder * License. Please read the license.txt file before using, installing, copying, * modifying or distribute this file or part of its contents. The contents of * this file is part of the Source Code of CKFinder. */ require_once __DIR__ . '/vendor/autoload.php'; use CKSource\CKFinder\CKFinder; $ckfinder = new CKFinder(__DIR__ . '/../../../config.php'); $ckfinder->run();