示例#1
0
 protected function actionDownload($params)
 {
     \GO::session()->closeWriting();
     \GO::setMaxExecutionTime(0);
     if (isset($params['path'])) {
         $folder = \GO\Files\Model\Folder::model()->findByPath(dirname($params['path']));
         $file = $folder->hasFile(\GO\Base\Fs\File::utf8Basename($params['path']));
     } else {
         $file = \GO\Files\Model\File::model()->findByPk($params['id'], false, true);
     }
     if (!$file) {
         throw new \GO\Base\Exception\NotFound();
     }
     if (!empty($params['random_code'])) {
         if ($file->random_code != $params['random_code']) {
             throw new \GO\Base\Exception\NotFound();
         }
         if (time() > $file->expire_time) {
             throw new \Exception(\GO::t('downloadLinkExpired', 'files'));
         }
     } else {
         $public = substr($file->path, 0, 6) == 'public';
         if (!$public) {
             if (!\GO::user()) {
                 \GO\Base\Util\Http::basicAuth();
             }
             if (!$file->checkPermissionLevel(\GO\Base\Model\Acl::READ_PERMISSION)) {
                 throw new \GO\Base\Exception\AccessDenied();
             }
         }
     }
     // Show the file inside the browser or give it as a download
     $inline = true;
     // Defaults to show inside the browser
     if (isset($params['inline']) && $params['inline'] == "false") {
         $inline = false;
     }
     \GO\Base\Util\Http::outputDownloadHeaders($file->fsFile, $inline, !empty($params['cache']));
     $file->open();
     $this->fireEvent('beforedownload', array(&$this, &$params, &$file));
     $file->fsFile->output();
 }
示例#2
0
 /**
  * Checks if a user is logged in, if the user has permission to the module and if the user has access to a specific action.
  * 
  * @param string $action
  * @return boolean boolean
  */
 protected function _checkPermission($action)
 {
     $allowGuests = $this->allowGuests();
     if (!in_array($action, $allowGuests) && !in_array('*', $allowGuests)) {
         //check for logged in user
         if (!GO::user()) {
             \GO\Base\Util\Http::basicAuth();
             return false;
         }
         $this->checkSecurityToken();
         //check module permission
         $allowWithoutModuleAccess = $this->allowWithoutModuleAccess();
         if (!in_array($action, $allowWithoutModuleAccess) && !in_array('*', $allowWithoutModuleAccess)) {
             $module = $this->getModule();
             if ($module && !$module->permissionLevel) {
                 return false;
             }
         }
     }
     return $this->_checkRequiredPermissionLevels($action);
 }