Subversion Repositories xrowsecuredfiles

[/] [trunk/] [extension/] [xrowsecuredfiles/] [modules/] [files/] [view.php] - Blame information for rev 3

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 1 xrow
<?php
2
 
3
$Module = $Params['Module'];
4
 
5
$directory = $Params['directory'];
6
if ( empty( $directory ) )
7
{
8
        return $Module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
9
}
10
 
11
$user = eZUser::currentUser();
12
$access =  $user->hasAccessTo( 'files', 'read' );
13
 
14
if ( $access['accessWord'] == 'no' )
15
{
16
        return $Module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
17
}
18
 
19
if ( $access['accessWord'] == 'limited' )
20
{
21
        $hasAccess = false;
22
        foreach( $access['policies'] as $policy )
23
        {
24
                if( isset( $policy['Directory'] ) and in_array( $directory, $policy['Directory'] ) )
25
                {
26
                        $hasAccess = true;
27
                        break;
28
                }
29
        }
30
        if ( !$hasAccess )
31
        {
32
                return $Module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel', array( 'AccessList' => $access['policies'] ) );
33
        }
34
}
35
 
36
$urlCfg = new ezcUrlConfiguration();
37
$urlCfg->basedir = '';
38
$urlCfg->script = 'index.php';
39
 
40
$fullurl = $_SERVER['REQUEST_URI'];
41
 
42
$url = new ezcUrl( $fullurl, $urlCfg );
43
 
44
# extract "files/view"
45
$url->params = array_slice( $url->getParams(), 3 );
46
 
47 3 xrow
$url->setQuery( array() );
48 1 xrow
 
49
$uri = $url->buildUrl();
50 3 xrow
 
51 1 xrow
if ( empty( $uri ) or $uri == '/' )
52
{
53
        return $Module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
54
}
55
 
56 3 xrow
//@TODO fix for siteaccess prepended urls
57
$file = xrowSecuredFilesTool::directory() . '/' . $directory  .  $uri;
58 1 xrow
 
59
//End with file download
60
eZFile::download($file, false );
61
 
62
//Else return 404
63
return $Module->handleError( eZError::KERNEL_NOT_FOUND, 'kernel' );