Commit 1e54fdc4 authored by Cecilia Vela Gurovic's avatar Cecilia Vela Gurovic Committed by Robert Lyon

Bug 1185188: not logged in user can download public personal portfolios

Allow page/collection download in leap2A format
through the Copy button of a page.
When copy option is allowed, the page/collection
is public, or shared via secret url, and is not
institution/group/site owned

behatnotneeded
Change-Id: I545b5d70450fb27b0011814fb55a9827bf4c1ff1
parent 111fba57
......@@ -4261,6 +4261,14 @@ class View {
if (!empty($results->count)) {
return true;
}
// Check if view has a secret url and is also a template
if (count_records_sql("SELECT COUNT(*) FROM {view} v
JOIN {view_access} va ON va.view = v.id
WHERE (va.token IS NOT null AND va.token !='')
AND v.template = ?
AND v.id = ?", array(self::USER_TEMPLATE, $this->id))) {
return true;
}
return false;
}
......
......@@ -35,7 +35,11 @@
{/strip}{/if}
{if $copyurl}{strip}
<a id="copyview-button" title="{str tag=copythisview section=view}" href="{$copyurl}" class="btn btn-default">
{if $downloadurl}
<a id="downloadview-button" title="{str tag=copythisview section=view}" href="{$downloadurl}" class="btn btn-default">
{else}
<a id="copyview-button" title="{str tag=copythisview section=view}" href="{$copyurl}" class="btn btn-default">
{/if}
<span class="icon icon-files-o icon-lg left" role="presentation" aria-hidden="true"></span>
{str tag=copy section=mahara}
</a>
......
......@@ -24,7 +24,9 @@ $collection = param_integer('collection', null);
$groupid = param_integer('group', null);
$view = new View($viewid);
if (!can_view_view($view)) {
throw new AccessDeniedException(get_string('thisviewmaynotbecopied', 'view'));
}
if (!$view->is_copyable()) {
throw new AccessDeniedException(get_string('thisviewmaynotbecopied', 'view'));
}
......
<?php
/**
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'view');
define('SECTION_PAGE', 'download');
require(dirname(dirname(__FILE__)) . '/init.php');
require_once(get_config('libroot') . 'view.php');
$viewid = param_integer('id');
$collection = param_integer('collection', null);
$view = new View($viewid);
if (!can_view_view($view)) {
throw new AccessDeniedException(get_string('thisviewmaynotbecopied', 'view'));
}
if (!$view->is_copyable()) {
throw new AccessDeniedException(get_string('thisviewmaynotbecopied', 'view'));
}
safe_require('export', 'leap');
$user = new User();
$user->find_by_id($view->get('owner'));
if (isset($collection)) {
//get all views in collection
require_once(get_config('libroot') . 'collection.php');
$colltemplate = new Collection($collection);
$views = $colltemplate->views();
$views = array_column($views['views'], 'view');
$artefacts = PluginExport::EXPORT_LIST_OF_COLLECTIONS;
}
else {
$views = array($view->get('id'));
$artefacts = PluginExport::EXPORT_ARTEFACTS_FOR_VIEWS;
}
$exporter = new PluginExportLeap($user, $views, $artefacts);
$exporter->includefeedback = false; // currently only doing leap2a exports and they can't handle feedback
try {
$zipfile = $exporter->export();
}
catch (SystemException $e) {
$errors[] = get_string('exportzipfileerror', 'export', $e->getMessage());
log_warn($e->getMessage());
}
require_once('file.php');
serve_file($exporter->get('exportdir') . $zipfile, $zipfile, 'application/x-zip', array('lifetime' => 0, 'forcedownload' => true));
......@@ -273,7 +273,7 @@ if (get_config_plugin('blocktype', 'gallery', 'useslimbox2')) {
}
$can_edit = $USER->can_edit_view($view) && !$submittedgroup && !$view->is_submitted();
$can_copy = $view->is_copyable($view);
$can_copy = $view->is_copyable();
$viewgroupform = false;
if ($owner && $owner == $USER->get('id')) {
......@@ -386,6 +386,10 @@ if ($can_edit) {
}
if ($can_copy) {
$smarty->assign('copyurl', get_config('wwwroot') . 'view/copy.php?id=' . $viewid . (!empty($collection) ? '&collection=' . $collection->get('id') : ''));
if (!$USER->is_logged_in() && $view->get('owner')) {
// if no user is loggedin and the personal profile is public, the Copy button should download the portfolio
$smarty->assign('downloadurl', get_config('wwwroot') . 'view/download.php?id=' . $viewid . (!empty($collection) ? '&collection=' . $collection->get('id') : ''));
}
}
$title = hsc(TITLE);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment