download.php 3.21 KB
Newer Older
Richard Mansfield's avatar
Richard Mansfield committed
1
2
<?php
/**
Francois Marier's avatar
Francois Marier committed
3
4
 * Mahara: Electronic portfolio, weblog, resume builder and social networking
 * Copyright (C) 2006-2007 Catalyst IT Ltd (http://www.catalyst.net.nz)
Richard Mansfield's avatar
Richard Mansfield committed
5
 *
Francois Marier's avatar
Francois Marier committed
6
7
8
9
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
Richard Mansfield's avatar
Richard Mansfield committed
10
 *
Francois Marier's avatar
Francois Marier committed
11
12
13
14
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
Richard Mansfield's avatar
Richard Mansfield committed
15
 *
Francois Marier's avatar
Francois Marier committed
16
17
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
Richard Mansfield's avatar
Richard Mansfield committed
18
19
20
21
22
23
24
25
26
27
 *
 * @package    mahara
 * @subpackage artefact-file
 * @author     Richard Mansfield <richard.mansfield@catalyst.net.nz>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL
 * @copyright  (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
 *
 */

define('INTERNAL', 1);
28
define('PUBLIC', 1);
Richard Mansfield's avatar
Richard Mansfield committed
29
30
require(dirname(dirname(dirname(__FILE__))) . '/init.php');
safe_require('artefact', 'file');
31
require_once('file.php');
Richard Mansfield's avatar
Richard Mansfield committed
32
33

$fileid = param_integer('file');
34
$viewid = param_integer('view', null);
35
$size   = get_imagesize_parameters();
36
37
38
39
40
41
$forcedl = param_boolean('download');

$options = array();
if ($forcedl) {
    $options['forcedownload'] = true;
}
42
43
44
45
46
47
48
49
50
51
52

if ($viewid && $fileid) {
    if (!artefact_in_view($fileid, $viewid)) {
        throw new UserException('Artefact ' . $fileid . ' is not in view ' . $viewid);
    }

    if (!can_view_view($viewid)) {
        throw new AccessDeniedException();
    }

    $file = artefact_instance_from_id($fileid);
53
54
55
56
    if (!($file instanceof ArtefactTypeFile)) {
        throw new NotFoundException();
    }
}
Richard Mansfield's avatar
Richard Mansfield committed
57
58
59
60
61
62
else {
    // We just have a file ID
    $file = artefact_instance_from_id($fileid);
    if (!($file instanceof ArtefactTypeFile)) {
        throw new NotFoundException();
    }
63

Richard Mansfield's avatar
Richard Mansfield committed
64
65
66
67
    // If the file is in the public directory, it's fine to serve
    $fileispublic = $file->get('parent') == ArtefactTypeFolder::admin_public_folder_id();
    $fileispublic &= $file->get('adminfiles');
    $fileispublic &= record_exists('site_menu', 'file', $fileid, 'public', 1);
68

Richard Mansfield's avatar
Richard Mansfield committed
69
70
71
72
73
74
75
    if (!$fileispublic) {
        // If the file is in the logged in menu and the user is logged in then
        // they can view it
        $fileinloggedinmenu = $file->get('adminfiles');
        $fileinloggedinmenu &= $file->get('parent') == null;
        $fileinloggedinmenu &= record_exists('site_menu', 'file', $fileid, 'public', 0);
        $fileinloggedinmenu &= $USER->is_logged_in();
76

Richard Mansfield's avatar
Richard Mansfield committed
77
78
79
        if (!$fileinloggedinmenu) {
            // Alternatively, if you own the file or you are an admin, it should always work
            $fileisavailable = $USER->get('admin') || $file->get('owner') == $USER->get('id');
80

Richard Mansfield's avatar
Richard Mansfield committed
81
82
83
            if (!$fileisavailable) {
                throw new AccessDeniedException();
            }
84
85
86
87
        }
    }
}

88
$path  = $file->get_path(array('size' => $size));
89
$title = $file->download_title();
90
91
92
93
if ($contenttype = $file->override_content_type()) {
    $options['overridecontenttype'] = $contenttype;
}
serve_file($path, $title, $options);
Richard Mansfield's avatar
Richard Mansfield committed
94
95

?>