protected function actionDownload($params) { \GO::session()->closeWriting(); \GO::setMaxExecutionTime(0); if (isset($params['path'])) { $folder = \GO\Files\Model\Folder::model()->findByPath(dirname($params['path'])); $file = $folder->hasFile(\GO\Base\Fs\File::utf8Basename($params['path'])); } else { $file = \GO\Files\Model\File::model()->findByPk($params['id'], false, true); } if (!$file) { throw new \GO\Base\Exception\NotFound(); } if (!empty($params['random_code'])) { if ($file->random_code != $params['random_code']) { throw new \GO\Base\Exception\NotFound(); } if (time() > $file->expire_time) { throw new \Exception(\GO::t('downloadLinkExpired', 'files')); } } else { $public = substr($file->path, 0, 6) == 'public'; if (!$public) { if (!\GO::user()) { \GO\Base\Util\Http::basicAuth(); } if (!$file->checkPermissionLevel(\GO\Base\Model\Acl::READ_PERMISSION)) { throw new \GO\Base\Exception\AccessDenied(); } } } // Show the file inside the browser or give it as a download $inline = true; // Defaults to show inside the browser if (isset($params['inline']) && $params['inline'] == "false") { $inline = false; } \GO\Base\Util\Http::outputDownloadHeaders($file->fsFile, $inline, !empty($params['cache'])); $file->open(); $this->fireEvent('beforedownload', array(&$this, &$params, &$file)); $file->fsFile->output(); }
/** * Checks if a user is logged in, if the user has permission to the module and if the user has access to a specific action. * * @param string $action * @return boolean boolean */ protected function _checkPermission($action) { $allowGuests = $this->allowGuests(); if (!in_array($action, $allowGuests) && !in_array('*', $allowGuests)) { //check for logged in user if (!GO::user()) { \GO\Base\Util\Http::basicAuth(); return false; } $this->checkSecurityToken(); //check module permission $allowWithoutModuleAccess = $this->allowWithoutModuleAccess(); if (!in_array($action, $allowWithoutModuleAccess) && !in_array('*', $allowWithoutModuleAccess)) { $module = $this->getModule(); if ($module && !$module->permissionLevel) { return false; } } } return $this->_checkRequiredPermissionLevels($action); }