MDL-17457 migrated all modules to new db/install.php; added upgrade.txt file for...
[moodle.git] / pluginfile.php
1 <?php  // $Id$
3     require_once('config.php');
4     require_once('lib/filelib.php');
6     // disable moodle specific debug messages
7     disable_debugging();
9     $relativepath = get_file_argument();
10     $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL);
12     // relative path must start with '/'
13     if (!$relativepath) {
14         print_error('invalidargorconf');
15     } else if ($relativepath{0} != '/') {
16         print_error('pathdoesnotstartslash');
17     }
19     // extract relative path components
20     $args = explode('/', ltrim($relativepath, '/'));
22     if (count($args) == 0) { // always at least user id
23         print_error('invalidarguments');
24     }
26     $contextid = (int)array_shift($args);
27     $filearea = array_shift($args);
29     $context = get_context_instance_by_id($contextid);
30     $fs = get_file_storage();
33     if ($context->contextlevel == CONTEXT_SYSTEM) {
34         if ($filearea === 'blog') {
36             if (empty($CFG->bloglevel)) {
37                 print_error('siteblogdisable', 'blog');
38             }
39             if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) {
40                 require_login();
41                 if (isguestuser()) {
42                     print_error('noguest');
43                 }
44                 if ($CFG->bloglevel == BLOG_USER_LEVEL) {
45                     if ($USER->id != $entry->userid) {
46                         send_file_not_found();
47                     }
48                 }
49             }
50             $entryid = (int)array_shift($args);
51             if (!$entry = $DB->get_record('post', array('module'=>'blog', 'id'=>$entryid))) {
52                 send_file_not_found();
53             }
54             if ('publishstate' === 'public') {
55                 if ($CFG->forcelogin) {
56                     require_login();
57                 }
59             } else if ('publishstate' === 'site') {
60                 require_login();
61                 //ok
62             } else if ('publishstate' === 'draft') {
63                 require_login();
64                 if ($USER->id != $entry->userid) {
65                     send_file_not_found();
66                 }
67             }
69             //TODO: implement shared course and shared group access
71             $relativepath = '/'.implode('/', $args);
72             $fullpath = $context->id.'blog'.$entryid.$relativepath;
74             if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
75                 send_file_not_found();
76             }
78             send_stored_file($file, 10*60, 0, true); // download MUST be forced - security!
80         } else {
81             send_file_not_found();
82         }
85     } else if ($context->contextlevel == CONTEXT_USER) {
86         send_file_not_found();
89     } else if ($context->contextlevel == CONTEXT_COURSECAT) {
90         if ($filearea !== 'coursecat_intro') {
91             send_file_not_found();
92         }
94         if ($CFG->forcelogin) {
95             // no login necessary - unless login forced everywhere
96             require_login();
97         }
99         $relativepath = '/'.implode('/', $args);
100         $fullpath = $context->id.'coursecat_intro0'.$relativepath;
102         if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') {
103             send_file_not_found();
104         }
106         session_write_close(); // unlock session during fileserving
107         send_stored_file($file, 60*60, 0, $forcedownload);
110     } else if ($context->contextlevel == CONTEXT_COURSE) {
111         if (!$course = $DB->get_record('course', array('id'=>$context->instanceid))) {
112             print_error('invalidcourseid');
113         }
115         if ($filearea === 'course_backup') {
116             require_login($course);
117             require_capability('moodle/site:backupdownload', $context);
119             $relativepath = '/'.implode('/', $args);
120             $fullpath = $context->id.'course_backup0'.$relativepath;
122             if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
123                 send_file_not_found();
124             }
126             session_write_close(); // unlock session during fileserving
127             send_stored_file($file, 0, 0, true);
129         } else if ($filearea === 'course_intro') {
130             if ($CFG->forcelogin) {
131                 require_login();
132             }
134             $relativepath = '/'.implode('/', $args);
135             $fullpath = $context->id.'course_intro0'.$relativepath;
137             if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
138                 send_file_not_found();
139             }
141             session_write_close(); // unlock session during fileserving
142             send_stored_file($file, 60*60, 0, false); // TODO: change timeout?
144         } else if ($filearea === 'user_profile') {
145             $userid = (int)array_shift($args);
146             $usercontext = get_context_instance(CONTEXT_USER, $userid);
148             if (!empty($CFG->forceloginforprofiles)) {
149                 require_login();
150                 if (isguestuser()) {
151                     print_error('noguest');
152                 }
154                 if (!isteacherinanycourse()
155                     and !isteacherinanycourse($userid)
156                     and !has_capability('moodle/user:viewdetails', $usercontext)) {
157                     print_error('usernotavailable');
158                 }
159                 if (!has_capability('moodle/user:viewdetails', $context) &&
160                     !has_capability('moodle/user:viewdetails', $usercontext)) {
161                     print_error('cannotviewprofile');
162                 }
163                 if (!has_capability('moodle/course:view', $context, $userid, false)) {
164                     print_error('notenrolledprofile');
165                 }
166                 if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) {
167                     print_error('groupnotamember');
168                 }
169             }
171             $relativepath = '/'.implode('/', $args);
172             $fullpath = $usercontext->id.'user_profile0'.$relativepath;
174             if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) {
175                 send_file_not_found();
176             }
178             session_write_close(); // unlock session during fileserving
179             send_stored_file($file, 0, 0, true); // must force download - security!
181         } else {
182             send_file_not_found();
183         }
185     } else if ($context->contextlevel == CONTEXT_MODULE) {
187         if (!$coursecontext = get_context_instance_by_id(get_parent_contextid($context))) {
188             send_file_not_found();
189         }
191         if (!$course = $DB->get_record('course', array('id'=>$coursecontext->instanceid))) {
192             send_file_not_found();
193         }
194         $modinfo = get_fast_modinfo($course);
195         if (empty($modinfo->cms[$context->instanceid])) {
196             send_file_not_found();
197         }
199         $cminfo = $modinfo->cms[$context->instanceid];
200         $modname = $cminfo->modname;
201         $libfile = "$CFG->dirroot/mod/$modname/lib.php";
202         if (file_exists($libfile)) {
203             require_once($libfile);
204             $filefunction = $modname.'_pluginfile';
205             if (function_exists($filefunction)) {
206                 if ($filefunction($course, $cminfo, $context, $filearea, $args) !== false) {
207                     die;
208                 }
209             }
210         }
211         send_file_not_found();
213     } else if ($context->contextlevel == CONTEXT_BLOCK) {
214         //not supported yet
215         send_file_not_found();
218     } else {
219         send_file_not_found();
220     }