CHIEFSOFT\ameye
122 lines
3.9 KiB
PHP
122 lines
3.9 KiB
PHP
<?php
|
|
/**
|
|
* @file pages/libraryFiles/LibraryFileHandler.php
|
|
*
|
|
* Copyright (c) 2014-2021 Simon Fraser University
|
|
* Copyright (c) 2000-2021 John Willinsky
|
|
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
|
|
*
|
|
* @class LibraryFileHandler
|
|
*
|
|
* @ingroup pages_libraryFiles
|
|
*
|
|
* @brief Class defining a handler for library file access
|
|
*/
|
|
|
|
namespace PKP\pages\libraryFiles;
|
|
|
|
use APP\core\Application;
|
|
use APP\core\Request;
|
|
use APP\facades\Repo;
|
|
use APP\file\LibraryFileManager;
|
|
use APP\handler\Handler;
|
|
use PKP\context\LibraryFileDAO;
|
|
use PKP\db\DAORegistry;
|
|
use PKP\security\Role;
|
|
|
|
class LibraryFileHandler extends Handler
|
|
{
|
|
/** @var Handler the Handler that calls the LibraryFileHandler functions */
|
|
public $_callingHandler = null;
|
|
|
|
/**
|
|
* Constructor.
|
|
*
|
|
* @param Handler $callingHandler
|
|
*/
|
|
public function __construct($callingHandler)
|
|
{
|
|
$this->_callingHandler = $callingHandler;
|
|
}
|
|
|
|
//
|
|
// Public handler methods
|
|
//
|
|
|
|
/**
|
|
* Download a library public file.
|
|
*
|
|
* @param array $args
|
|
* @param Request $request
|
|
*/
|
|
public function downloadPublic($args, $request)
|
|
{
|
|
$context = $request->getContext();
|
|
$libraryFileManager = new LibraryFileManager($context->getId());
|
|
$libraryFileDao = DAORegistry::getDAO('LibraryFileDAO'); /** @var LibraryFileDAO $libraryFileDao */
|
|
|
|
$publicFileId = $args[0];
|
|
|
|
$libraryFile = $libraryFileDao->getById($publicFileId, $context->getId());
|
|
if ($libraryFile && $libraryFile->getPublicAccess()) {
|
|
$libraryFileManager->downloadByPath($libraryFile->getFilePath(), null, true);
|
|
} else {
|
|
header('HTTP/1.0 403 Forbidden');
|
|
echo '403 Forbidden<br>';
|
|
return;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Download a library file.
|
|
*
|
|
* @param array $args
|
|
* @param Request $request
|
|
*/
|
|
public function downloadLibraryFile($args, $request)
|
|
{
|
|
$context = $request->getContext();
|
|
$libraryFileManager = new LibraryFileManager($context->getId());
|
|
$libraryFileDao = DAORegistry::getDAO('LibraryFileDAO'); /** @var LibraryFileDAO $libraryFileDao */
|
|
$libraryFile = $libraryFileDao->getById($request->getUserVar('libraryFileId'), $context->getId());
|
|
if ($libraryFile) {
|
|
// If this file has a submission ID, ensure that the current
|
|
// user has access to that submission.
|
|
if ($libraryFile->getSubmissionId()) {
|
|
$allowedAccess = false;
|
|
|
|
// Managers are always allowed access.
|
|
if ($this->_callingHandler) {
|
|
$userRoles = $this->_callingHandler->getAuthorizedContextObject(Application::ASSOC_TYPE_USER_ROLES);
|
|
if (array_intersect($userRoles, [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN])) {
|
|
$allowedAccess = true;
|
|
}
|
|
}
|
|
|
|
// Check for specific assignments.
|
|
$assignedUsers = Repo::user()->getCollector()
|
|
->assignedTo($libraryFile->getSubmissionId(), WORKFLOW_STAGE_ID_SUBMISSION)
|
|
->getMany();
|
|
|
|
$user = $request->getUser();
|
|
foreach ($assignedUsers as $assignedUser) {
|
|
if ($assignedUser->getId() == $user->getId()) {
|
|
$allowedAccess = true;
|
|
break;
|
|
}
|
|
}
|
|
} else {
|
|
$allowedAccess = true; // this is a Context submission document, default to access policy.
|
|
}
|
|
|
|
if ($allowedAccess) {
|
|
$libraryFileManager->downloadByPath($libraryFile->getFilePath());
|
|
} else {
|
|
header('HTTP/1.0 403 Forbidden');
|
|
echo '403 Forbidden<br>';
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
}
|