/**
* Process all incoming requests passed to this controller, checking
* that the file exists and passing the file through if possible.
*/
public function handleRequest(SS_HTTPRequest $request, DataModel $model)
{
$response = new SS_HTTPResponse();
$filename = $request->getURL();
if (strpos($filename, 'cdnassets') === 0) {
$filename = 'assets/' . substr($filename, strlen('cdnassets/'));
}
$file = null;
if (strpos($filename, '_resampled') !== false) {
$file = ContentServiceAsset::get()->filter('Filename', $filename)->first();
} else {
if (strpos($filename, '/_versions/') !== false) {
$file = FileVersion::get()->filter('Filename', "/" . $filename)->first();
} else {
$file = File::get()->filter('filename', $filename)->first();
}
}
if ($file && $file->canView()) {
if (!$file->CDNFile && !$file->FilePointer) {
return $this->httpError(404);
}
// Permission passed redirect to file
$redirectLink = '';
if ($file->getViewType() != CDNFile::ANYONE_PERM) {
if ($file->hasMethod('getSecureURL')) {
$redirectLink = $file->getSecureURL(180);
}
if (!strlen($redirectLink)) {
// can we stream it?
return $this->sendFile($file);
}
} else {
$redirectLink = $file->getURL();
}
if ($redirectLink && trim($redirectLink, '/') != $request->getURL()) {
$response->redirect($redirectLink);
} else {
return $this->httpError(404);
}
} else {
if (class_exists('SecureFileController')) {
$handoff = SecureFileController::create();
return $handoff->handleRequest($request, $model);
} elseif ($file instanceof File) {
// Permission failure
Security::permissionFailure($this, 'You are not authorised to access this resource. Please log in.');
} else {
// File doesn't exist
$response = new SS_HTTPResponse('File Not Found', 404);
}
}
return $response;
}
/**
* For folders, will need to add or remove the htaccess rules
* Assumptions:
* - the folder exists (after write!)
* - no one else is trying to put htaccess rules here
* - (follows from above) existing htaccess file was put there by this module
* @todo Add better support for existing htaccess files
*/
function onAfterWrite()
{
parent::onAfterWrite();
if ($this->owner instanceof Folder) {
$htaccess = $this->owner->getFullPath() . SecureFileController::get_access_filename();
if ($this->owner->Secured && !file_exists($htaccess)) {
file_put_contents($htaccess, $this->htaccessContent());
} elseif (!$this->owner->Secured && file_exists($htaccess)) {
unlink($htaccess);
}
}
}
function checkHasHtaccess($folder)
{
$htaccess_path = BASE_PATH . "/{$folder->Filename}" . SecureFileController::get_access_filename();
if (!file_exists($htaccess_path)) {
return false;
}
$content = file_get_contents($htaccess_path);
return $content == singleton('File')->htaccessContent();
}
/**
* Set a 'not found' message to replace the standard string
* @param $message HTML body of 404 Not Found response
* @param $i18n Reference to i18n path
*/
static function set_not_found_text($message = "Not Found", $i18n = "SecureFiles.NOTFOUND")
{
self::$i18n_not_found = array($i18n, $message);
}
