correct UploadsAgent for Seminary uploads

This commit is contained in:
coderkun 2014-04-23 12:44:07 +02:00
commit 458da91a8b
5 changed files with 53 additions and 70 deletions

View file

@ -60,12 +60,13 @@
* @var array * @var array
*/ */
public static $dirs = array( public static $dirs = array(
'locale' => 'locale', 'locale' => 'locale',
'media' => 'media', 'media' => 'media',
'seminarymedia' => 'seminarymedia', 'seminarymedia' => 'seminarymedia',
'questtypes' => 'questtypes', 'questtypes' => 'questtypes',
'temporary' => 'tmp', 'temporary' => 'tmp',
'uploads' => 'uploads' 'uploads' => 'uploads',
'seminaryuploads' => 'seminaryuploads'
); );
@ -159,7 +160,7 @@
array('charactergroupsquests/(?!(quest))', 'charactergroupsquests/quest/$1', true), array('charactergroupsquests/(?!(quest))', 'charactergroupsquests/quest/$1', true),
array('media/(.*)', 'media/$1?layout=binary', false), array('media/(.*)', 'media/$1?layout=binary', false),
array('uploads/(.*)', 'uploads/$1?layout=binary', false), array('uploads/(.*)', 'uploads/$1?layout=binary', false),
array('uploads/(?!(index))', 'uploads/index/$1', true) array('uploads/(?!(index|seminary))', 'uploads/index/$1', true)
); );

View file

@ -24,7 +24,7 @@
* *
* @var array * @var array
*/ */
public $models = array('uploads', 'users', 'userroles'); public $models = array('uploads', 'users', 'userroles', 'seminaries');
/** /**
* User permissions * User permissions
* *
@ -56,51 +56,40 @@
/** /**
* Action: index. * Action: seminary.
* *
* Display an upload. * Display a Seminary upload.
* *
* @throws AccessDeniedException * @throws AccessDeniedException
* @throws IdNotFoundException * @throws IdNotFoundException
* @param string $seminaryUrl URL-title of Seminary
* @param string $uploadUrl URL-name of the upload * @param string $uploadUrl URL-name of the upload
*/ */
public function index($uploadUrl) public function seminary($seminaryUrl, $uploadUrl)
{ {
// Get Seminary
$seminary = $this->Seminaries->getSeminaryByUrl($seminaryUrl);
// Get Upload // Get Upload
$upload = $this->Uploads->getUploadByUrl($uploadUrl); $upload = $this->Uploads->getSeminaryuploadByUrl($seminary['id'], $uploadUrl);
// Check permissions // Check permissions
$user = $this->Users->getUserById($this->Auth->getUserId());
$user['roles'] = array();
foreach($this->Userroles->getUserrolesForUserById($user['id']) as $role) {
$user['roles'][] = $role['name'];
}
if(!$upload['public']) if(!$upload['public'])
{ {
$user = $this->Users->getUserById($this->Auth->getUserId());
$user['roles'] = array_map(function($r) { return $r['name']; }, $this->Userroles->getUserrolesForUserById($user['id']));
// System roles // System roles
if(count(array_intersect(array('admin', 'moderator'), $user['roles'])) == 0) if(count(array_intersect(array('admin', 'moderator'), $user['roles'])) == 0)
{ {
// Owner of file // Owner of file
if($upload['created_user_id'] != $user['id']) if($upload['created_user_id'] != $user['id'])
{ {
if(!is_null($upload['seminary_id'])) { // Seminary roles
$userSeminaryRoles = array_map(function($r) { return $r['name']; }, $this->Userseminaryroles->getUserseminaryrolesForUserById($user['id'], $seminary['id']));
if(count(array_intersect(array('admin', 'moderator'), $userSeminaryRoles)) == 0) {
throw new \nre\exceptions\AccessDeniedException(); throw new \nre\exceptions\AccessDeniedException();
} }
else
{
// Seminary
$seminary = $this->Seminaries->getSeminaryById($upload['seminary_id']);
// Seminary roles
$userSeminaryRoles = array();
foreach($this->Userseminaryroles->getUserseminaryrolesForUserById($user['id'], $seminary['id']) as $role) {
$userSeminaryRoles[] = $role['name'];
}
if(count(array_intersect(array('admin', 'moderator'), $userSeminaryRoles)) == 0) {
throw new \nre\exceptions\AccessDeniedException();
}
}
} }
} }
} }
@ -109,7 +98,7 @@
$this->response->addHeader("Content-type: ".$upload['mimetype'].""); $this->response->addHeader("Content-type: ".$upload['mimetype']."");
// Set filename // Set filename
$upload['filename'] = ROOT.DS.\nre\configs\AppConfig::$dirs['uploads'].DS.$upload['id']; $upload['filename'] = ROOT.DS.\nre\configs\AppConfig::$dirs['seminaryuploads'].DS.$upload['url'];
if(!file_exists($upload['filename'])) { if(!file_exists($upload['filename'])) {
throw new \nre\exceptions\IdNotFoundException($uploadUrl); throw new \nre\exceptions\IdNotFoundException($uploadUrl);
} }

View file

@ -38,45 +38,36 @@
* Upload a file and create a database record. * Upload a file and create a database record.
* *
* @param int $userId ID of user that uploads the file * @param int $userId ID of user that uploads the file
* @param string $filename Name of file to upload * @param int $seminaryId ID of Seminary
* @param string $name Name of file to upload
* @param string $filename Filename of file to upload
* @param string $tmpFilename Name of temporary uploaded file * @param string $tmpFilename Name of temporary uploaded file
* @param string $mimetype Mimetype of file to upload * @param string $mimetype Mimetype of file to upload
* @param int $seminaryId Optional ID of Seminary if the upload is in the context of one
* @return mixed ID of database record or false * @return mixed ID of database record or false
*/ */
public function uploadFile($userId, $filename, $tmpFilename, $mimetype, $seminaryId=null) public function uploadSeminaryFile($userId, $seminaryId, $name, $filename, $tmpFilename, $mimetype)
{ {
$uploadId = false; $uploadId = false;
$this->db->setAutocommit(false); $this->db->setAutocommit(false);
try { try {
// Create database record // Create database record
if(is_null($seminaryId)) $this->db->query(
{ 'INSERT INTO seminaryuploads '.
$this->db->query( '(created_user_id, seminary_id, name, url, mimetype) '.
'INSERT INTO uploads '. 'VALUES '.
'(created_user_id, name, url, mimetype) '. '(?, ? ,? ,?, ?)',
'VALUES '. 'iisss',
'(?, ? ,? ,?)', $userId,
'isss', $seminaryId,
$userId, $filename, \nre\core\Linker::createLinkParam($filename), $mimetype $name,
); \nre\core\Linker::createLinkParam($filename),
} $mimetype
else );
{
$this->db->query(
'INSERT INTO uploads '.
'(created_user_id, seminary_id, name, url, mimetype) '.
'VALUES '.
'(?, ?, ? ,? ,?)',
'iisss',
$userId, $seminaryId, $filename, \nre\core\Linker::createLinkParam($filename), $mimetype
);
}
$uploadId = $this->db->getInsertId(); $uploadId = $this->db->getInsertId();
// Create filename // Create filename
$filename = ROOT.DS.\nre\configs\AppConfig::$dirs['uploads'].DS.$uploadId; $filename = ROOT.DS.\nre\configs\AppConfig::$dirs['seminaryuploads'].DS.$filename;
if(!move_uploaded_file($tmpFilename, $filename)) if(!move_uploaded_file($tmpFilename, $filename))
{ {
$this->db->rollback(); $this->db->rollback();
@ -101,17 +92,17 @@
* @param int $uploadId ID of the uploaded file * @param int $uploadId ID of the uploaded file
* @return array Upload data * @return array Upload data
*/ */
public function getUploadById($uploadId) public function getSeminaryuploadById($seminaryuploadId)
{ {
$data = $this->db->query( $data = $this->db->query(
'SELECT id, created, created_user_id, seminary_id, name, url, mimetype, public '. 'SELECT id, created, created_user_id, seminary_id, name, url, mimetype, public '.
'FROM uploads '. 'FROM seminaryuploads '.
'WHERE id = ?', 'WHERE id = ?',
'i', 'i',
$uploadId $seminaryuploadId
); );
if(empty($data)) { if(empty($data)) {
throw new \nre\exceptions\IdNotFoundException($uploadId); throw new \nre\exceptions\IdNotFoundException($seminaryuploadId);
} }
@ -123,20 +114,22 @@
* Get an upload by its URL. * Get an upload by its URL.
* *
* @throws IdNotFoundException * @throws IdNotFoundException
* @param int $seminaryId ID of Seminary
* @param int $uploadId ID of the uploaded file * @param int $uploadId ID of the uploaded file
* @return array Upload data * @return array Upload data
*/ */
public function getUploadByUrl($uploadUrl) public function getSeminaryuploadByUrl($seminaryId, $seminaryuploadUrl)
{ {
$data = $this->db->query( $data = $this->db->query(
'SELECT id, created, created_user_id, seminary_id, name, url, mimetype, public '. 'SELECT id, created, created_user_id, seminary_id, name, url, mimetype, public '.
'FROM uploads '. 'FROM seminaryuploads '.
'WHERE url = ?', 'WHERE seminary_id = ? AND url = ?',
's', 'is',
$uploadUrl $seminaryId,
$seminaryuploadUrl
); );
if(empty($data)) { if(empty($data)) {
throw new \nre\exceptions\IdNotFoundException($uploadUrl); throw new \nre\exceptions\IdNotFoundException($seminaryuploadUrl);
} }

0
seminaryuploads/empty Normal file
View file