Open Journal Systems  3.0.0
 All Classes Namespaces Functions Variables Groups Pages
FileApiHandler.inc.php
1 <?php
19 // Import the base handler.
20 import('classes.handler.Handler');
21 import('lib.pkp.classes.core.JSONMessage');
22 import('lib.pkp.classes.file.SubmissionFileManager');
23 import('classes.security.authorization.SubmissionFileAccessPolicy');
24 
25 class FileApiHandler extends Handler {
26 
30  function FileApiHandler() {
31  parent::Handler();
32  $this->addRoleAssignment(
33  array(ROLE_ID_MANAGER, ROLE_ID_SUB_EDITOR, ROLE_ID_ASSISTANT, ROLE_ID_REVIEWER, ROLE_ID_AUTHOR),
34  array('downloadFile', 'downloadLibraryFile', 'viewFile', 'downloadAllFiles', 'recordDownload', 'enableLinkAction')
35  );
36  }
37 
43  function recordView($submissionFile) {
44  SubmissionFileManager::recordView($submissionFile);
45  }
46 
47  //
48  // Implement methods from PKPHandler
49  //
50  function authorize($request, &$args, $roleAssignments) {
51  $fileIds = $request->getUserVar('filesIdsAndRevisions');
52  $libraryFileId = $request->getUserVar('libraryFileId');
53 
54  if (is_string($fileIds)) {
55  $fileIdsArray = explode(';', $fileIds);
56  // Remove empty entries (a trailing ";" will cause these)
57  $fileIdsArray = array_filter($fileIdsArray, create_function('$a', 'return !empty($a);'));
58  }
59  if (!empty($fileIdsArray)) {
60  $multipleSubmissionFileAccessPolicy = new PolicySet(COMBINING_DENY_OVERRIDES);
61  foreach ($fileIdsArray as $fileIdAndRevision) {
62  $multipleSubmissionFileAccessPolicy->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments, $fileIdAndRevision));
63  }
64  $this->addPolicy($multipleSubmissionFileAccessPolicy);
65  } else if (is_numeric($libraryFileId)) {
66  import('lib.pkp.classes.security.authorization.PkpContextAccessPolicy');
67  $this->addPolicy(new PkpContextAccessPolicy($request, $roleAssignments));
68  } else {
69  // IDs will be specified using the default parameters.
70  $this->addPolicy($this->_getAccessPolicy($request, $args, $roleAssignments));
71  }
72 
73  return parent::authorize($request, $args, $roleAssignments);
74  }
75 
76  //
77  // Public handler methods
78  //
84  function downloadFile($args, $request) {
85  $submissionFile = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION_FILE);
86  assert($submissionFile); // Should have been validated already
87  $context = $request->getContext();
88  $fileManager = $this->_getFileManager($context->getId(), $submissionFile->getSubmissionId());
89  $fileManager->downloadFile($submissionFile->getFileId(), $submissionFile->getRevision(), false, $submissionFile->getClientFileName());
90  }
91 
97  function downloadLibraryFile($args, $request) {
98  import('classes.file.LibraryFileManager');
99  $context = $request->getContext();
100  $libraryFileManager = new LibraryFileManager($context->getId());
101  $libraryFileDao = DAORegistry::getDAO('LibraryFileDAO');
102  $libraryFile = $libraryFileDao->getById($request->getUserVar('libraryFileId'));
103  if ($libraryFile) {
104 
105  // If this file has a submission ID, ensure that the current
106  // user is assigned to that submission.
107  if ($libraryFile->getSubmissionId()) {
108  $user = $request->getUser();
109  $allowedAccess = false;
110  $userStageAssignmentDao = DAORegistry::getDAO('UserStageAssignmentDAO');
111  $assignedUsers = $userStageAssignmentDao->getUsersBySubmissionAndStageId($libraryFile->getSubmissionId(), WORKFLOW_STAGE_ID_SUBMISSION);
112  if (!$assignedUsers->wasEmpty()) {
113  while ($assignedUser = $assignedUsers->next()) {
114  if ($assignedUser->getId() == $user->getId()) {
115  $allowedAccess = true;
116  break;
117  }
118  }
119  }
120  } else {
121  $allowedAccess = true; // this is a Context submission document, default to access policy.
122  }
123 
124  if ($allowedAccess) {
125  $filePath = $libraryFileManager->getBasePath() . $libraryFile->getOriginalFileName();
126  $libraryFileManager->downloadFile($filePath);
127  } else {
128  fatalError('Unauthorized access to library file.');
129  }
130  }
131  }
132 
138  function viewFile($args, $request) {
139  $submissionFile = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION_FILE);
140  assert($submissionFile); // Should have been validated already
141  $context = $request->getContext();
142  $fileManager = $this->_getFileManager($context->getId(), $submissionFile->getSubmissionId());
143  $fileManager->downloadFile($submissionFile->getFileId(), $submissionFile->getRevision(), true);
144  }
145 
151  function downloadAllFiles($args, $request) {
152  // Retrieve the authorized objects.
153  $submissionFiles = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION_FILES);
154  $submission = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION);
155 
156  // Find out the paths of all files in this grid.
157  $context = $request->getContext();
158  $filePaths = array();
159  $fileManager = $this->_getFileManager($context->getId(), $submission->getId());
160  $filesDir = $fileManager->getBasePath();
161  foreach ($submissionFiles as $submissionFile) {
162  // Remove absolute path so the archive doesn't include it (otherwise all files are organized by absolute path)
163  $filePaths[str_replace($filesDir, '', $submissionFile->getFilePath())] = $submissionFile->getClientFileName();
164 
165  }
166 
167  import('lib.pkp.classes.file.FileArchive');
168  $fileArchive = new FileArchive();
169  $archivePath = $fileArchive->create($filePaths, $filesDir);
170  if (file_exists($archivePath)) {
171  $fileManager = new FileManager();
172  if ($fileArchive->zipFunctional()) {
173  $fileManager->downloadFile($archivePath, 'application/x-zip', false, 'files.zip');
174  } else {
175  $fileManager->downloadFile($archivePath, 'application/x-gtar', false, 'files.tar.gz');
176  }
177  $fileManager->deleteFile($archivePath);
178  } else {
179  fatalError('Creating archive with submission files failed!');
180  }
181  }
182 
189  function recordDownload($args, $request) {
190  $submissionFiles = $this->getAuthorizedContextObject(ASSOC_TYPE_SUBMISSION_FILES);
191  $fileId = null;
192 
193  foreach ($submissionFiles as $submissionFile) {
194  $this->recordView($submissionFile);
195  $fileId = $submissionFile->getFileId();
196  unset($submissionFile);
197  }
198 
199  if (count($submissionFiles) > 1) {
200  $fileId = null;
201  }
202 
203  return $this->enableLinkAction($args, $request);
204  }
205 
214  function enableLinkAction($args, $request) {
215  return DAO::getDataChangedEvent();
216  }
217 
224  function _getFileManager($contextId, $submissionId) {
225  return new SubmissionFileManager($contextId, $submissionId);
226  }
227 
236  function _getAccessPolicy($request, $args, $roleAssignments, $fileIdAndRevision = null) {
237  return new SubmissionFileAccessPolicy($request, $args, $roleAssignments, SUBMISSION_FILE_ACCESS_READ, $fileIdAndRevision);
238  }
239 }
240 
241 ?>
An ordered list of policies. Policy sets can be added to decision managers like policies. The decision manager will evaluate the contained policies in the order they were added.
viewFile($args, $request)
static & getDAO($name, $dbconn=null)
addPolicy($authorizationPolicy, $addToTop=false)
downloadLibraryFile($args, $request)
downloadFile($args, $request)
Class to control (write) access to submissions and (read) access to submission details in OJS...
Wrapper class for uploading files to a site/context&#39; library directory.
Class to control access to PKP applications&#39; setup components.
addRoleAssignment($roleIds, $operations)
enableLinkAction($args, $request)
Class defining basic operations for file management.
recordView($submissionFile)
_getAccessPolicy($request, $args, $roleAssignments, $fileIdAndRevision=null)
_getFileManager($contextId, $submissionId)
Base request handler application class.
Definition: Handler.inc.php:19
recordDownload($args, $request)
Class provides functionality for creating an archive of files.
downloadAllFiles($args, $request)
Class defining an AJAX API for supplying file information.
static getDataChangedEvent($elementId=null, $parentElementId=null, $content= '')
Definition: DAO.inc.php:632
& getAuthorizedContextObject($assocType)