/**
* Checks whether the user may access a file or a bunch of files if you
* pass an array.
*
* @param mixed $files Either a single directory entry id or an array of those
* (DirectoryEntry or File object(s) are also valid)
* @param mixed $user_id Id of the user or null for current user (default)
* @param bool $throw_exception Throw an AccessDeniedException instead of
* returning false
* @return bool indicating whether the user may access this file/these files
* @throws AccessDeniedException if $throw_exception is true and the user
* may not access the file(s)
*/
public static function CheckAccess($files, $user_id = null, $throw_exception = true)
{
if (!is_array($files)) {
$files = array($files);
}
$user_id = $user_id ?: $GLOBALS['user']->id;
foreach ($files as $file) {
try {
if (!is_object($file)) {
$file = DirectoryEntry::find($file);
}
if ($file instanceof DirectoryEntry) {
$file = $file->file;
}
if (!$file instanceof File || !$file->checkAccess()) {
throw new Exception();
}
} catch (Exception $e) {
if (!is_object($file) && ($file === $GLOBALS['user']->id || $GLOBALS['perm']->have_perm('root'))) {
continue;
}
if ($throw_exception) {
throw new AccessDeniedException(_('Sie dürfen auf dieses Objekt nicht zugreifen.'));
}
return false;
}
}
return true;
}
/**
* Converts URLs in images so that the webserver can access them without proxy.
* @param string $url of an image
* @return string " src=\"".$converted_url."\""
*/
protected function convertURL($url)
{
$convurl = $url;
$url_elements = @parse_url($url);
$url = $url_elements['path'] . '?' . $url_elements['query'];
if (strpos(implode('#', $this->domains), $url_elements['host']) !== false) {
if (strpos($url, 'dispatch.php/media_proxy?url=') !== false) {
$targeturl = urldecode(substr($url, 4));
try {
// is file in cache?
if (!($metadata = $this->media_proxy->getMetaData($targeturl))) {
$convurl = $targeturl;
} else {
$convurl = $this->config->getValue('MEDIA_CACHE_PATH') . '/' . md5($targeturl);
}
} catch (Exception $e) {
$convurl = '';
}
} else {
if (stripos($url, 'dispatch.php/document/download') !== false) {
if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
$convurl = DirectoryEntry::find($matches[1])->file->getStorageObject()->getPath();
}
} else {
if (stripos($url, 'download') !== false || stripos($url, 'sendfile.php') !== false) {
//// get file id
if (preg_match('#([a-f0-9]{32})#', $url, $matches)) {
$document = new StudipDocument($matches[1]);
if ($document->checkAccess($GLOBALS['user']->id)) {
$convurl = get_upload_file_path($matches[1]);
} else {
$convurl = Assets::image_path('messagebox/exception.png');
}
}
}
}
}
}
return 'src="' . $convurl . '"';
}
/**
* Deletes a file.
*
* @param String $id Directory entry id of the file to delete
*/
public function delete_action($id)
{
if (!$this->full_access) {
throw new AccessDeniedException();
}
$entry = DirectoryEntry::find($id);
$parent_id = FileHelper::getParentId($id) ?: $this->context_id;
$entry->checkAccess();
if (!Request::isPost()) {
$question = createQuestion2(_('Soll die Datei wirklich gelöscht werden?'), array(), array(), $this->url_for('document/files/delete/' . $id));
$this->flash['question'] = $question;
} elseif (Request::isPost() && Request::submitted('yes')) {
File::get($entry->directory->id)->unlink($entry->name);
PageLayout::postMessage(MessageBox::success(_('Die Datei wurde gelöscht.')));
}
$this->redirect('document/files/index/' . $parent_id);
}
/**
* Deletes a folder.
*
* @param String $folder_id Directory entry id of the folder
*/
public function delete_action($folder_id)
{
if (!$this->full_access) {
throw new AccessDeniedException();
}
FileHelper::checkAccess($folder_id);
$parent_id = FileHelper::getParentId($folder_id) ?: $this->context_id;
if (!Request::isPost()) {
$message = $folder_id === 'all' ? _('Soll der gesamte Dateibereich inklusive aller Order und Dateien wirklich gelöscht werden?') : _('Soll der Ordner inklusive aller darin enthaltenen Dateien wirklich gelöscht werden?');
$question = createQuestion2($message, array(), array(), $this->url_for('document/folder/delete/' . $folder_id));
$this->flash['question'] = $question;
} elseif (Request::isPost() && Request::submitted('yes')) {
if ($folder_id === 'all') {
$entry = RootDirectory::find($this->context_id);
foreach ($entry->listFiles() as $file) {
$entry->unlink($file->name);
}
PageLayout::postMessage(MessageBox::success(_('Der Dateibereich wurde geleert.')));
} else {
$entry = DirectoryEntry::find($folder_id);
$entry->directory->unlink($entry->name);
PageLayout::postMessage(MessageBox::success(_('Der Ordner wurde gelöscht.')));
}
}
$this->redirect('document/files/index/' . $parent_id);
}
