Open Journal Systems  3.3.0
LibraryFileHandler.inc.php
1 <?php
15 // Import the base handler.
16 import('classes.handler.Handler');
17 
18 class LibraryFileHandler extends Handler {
19 
21  var $_callingHandler = null;
22 
27  function __construct($callingHandler) {
28  $this->_callingHandler = $callingHandler;
29  }
30 
31  //
32  // Public handler methods
33  //
34 
40  function downloadPublic($args, $request) {
41  import('classes.file.LibraryFileManager');
42  $context = $request->getContext();
43  $libraryFileManager = new LibraryFileManager($context->getId());
44  $libraryFileDao = DAORegistry::getDAO('LibraryFileDAO'); /* @var $libraryFileDao LibraryFileDAO */
45 
46  $publicFileId = $args[0];
47 
48  $libraryFile = $libraryFileDao->getById($publicFileId, $context->getId());
49  if ($libraryFile && $libraryFile->getPublicAccess()) {
50  $libraryFileManager->downloadByPath($libraryFile->getFilePath());
51  } else {
52  header('HTTP/1.0 403 Forbidden');
53  echo '403 Forbidden<br>';
54  return;
55  }
56  }
57 
63  function downloadLibraryFile($args, $request) {
64  import('classes.file.LibraryFileManager');
65  $context = $request->getContext();
66  $libraryFileManager = new LibraryFileManager($context->getId());
67  $libraryFileDao = DAORegistry::getDAO('LibraryFileDAO'); /* @var $libraryFileDao LibraryFileDAO */
68  $libraryFile = $libraryFileDao->getById($request->getUserVar('libraryFileId'), $context->getId());
69  if ($libraryFile) {
70 
71  // If this file has a submission ID, ensure that the current
72  // user has access to that submission.
73  if ($libraryFile->getSubmissionId()) {
74  $allowedAccess = false;
75 
76  // Managers are always allowed access.
77  if ($this->_callingHandler) {
78  $userRoles = $this->_callingHandler->getAuthorizedContextObject(ASSOC_TYPE_USER_ROLES);
79  if (array_intersect($userRoles, array(ROLE_ID_MANAGER))) $allowedAccess = true;
80  }
81 
82  // Check for specific assignments.
83  $user = $request->getUser();
84  $userStageAssignmentDao = DAORegistry::getDAO('UserStageAssignmentDAO'); /* @var $userStageAssignmentDao UserStageAssignmentDAO */
85  $assignedUsers = $userStageAssignmentDao->getUsersBySubmissionAndStageId($libraryFile->getSubmissionId(), WORKFLOW_STAGE_ID_SUBMISSION);
86  if (!$assignedUsers->wasEmpty()) {
87  while ($assignedUser = $assignedUsers->next()) {
88  if ($assignedUser->getId() == $user->getId()) {
89  $allowedAccess = true;
90  break;
91  }
92  }
93  }
94  } else {
95  $allowedAccess = true; // this is a Context submission document, default to access policy.
96  }
97 
98  if ($allowedAccess) {
99  $libraryFileManager->downloadByPath($libraryFile->getFilePath());
100  } else {
101  header('HTTP/1.0 403 Forbidden');
102  echo '403 Forbidden<br>';
103  return;
104  }
105  }
106  }
107 }
LibraryFileHandler\downloadLibraryFile
downloadLibraryFile($args, $request)
Definition: LibraryFileHandler.inc.php:66
PKPHandler\__construct
__construct()
Definition: PKPHandler.inc.php:85
LibraryFileHandler\$_callingHandler
$_callingHandler
Definition: LibraryFileHandler.inc.php:24
DAORegistry\getDAO
static & getDAO($name, $dbconn=null)
Definition: DAORegistry.inc.php:57
LibraryFileHandler\__construct
__construct($callingHandler)
Definition: LibraryFileHandler.inc.php:30
LibraryFileHandler\downloadPublic
downloadPublic($args, $request)
Definition: LibraryFileHandler.inc.php:43
LibraryFileManager
Wrapper class for uploading files to a site/context' library directory.
Definition: LibraryFileManager.inc.php:18
LibraryFileHandler
Class defining a handler for library file access.
Definition: LibraryFileHandler.inc.php:18
Handler
Base request handler application class.
Definition: Handler.inc.php:18