From 7e897e67ab4a9f0432e2ea608a12603804b00467 Mon Sep 17 00:00:00 2001 From: Marina Glancy Date: Thu, 28 Jun 2012 11:34:31 +0800 Subject: [PATCH 1/1] MDL-33473,MDL-33950,MDL-33837 Allow non-js filepicker to pick files from moodle repositories - MDL-33473 actually make non-js filepicker to work with local repositories - MDL-33950 validate that file is accessible - MDL-33837 when picking a server file marked as main, do not make it main in current filearea --- repository/filepicker.php | 87 +++++++++++++++++++++++++-------------- 1 file changed, 56 insertions(+), 31 deletions(-) diff --git a/repository/filepicker.php b/repository/filepicker.php index 20b67ca72c5..cfa26671525 100644 --- a/repository/filepicker.php +++ b/repository/filepicker.php @@ -285,40 +285,65 @@ case 'sign': break; case 'download': - $thefile = $repo->get_file($fileurl, $filename); - $filesize = filesize($thefile['path']); - if (($maxbytes!=-1) && ($filesize>$maxbytes)) { - print_error('maxbytes'); + // Check that user has permission to access this file + if (!$repo->file_is_accessible($fileurl)) { + print_error('storedfilecannotread'); } - if (!empty($thefile)) { - $record = new stdClass(); - $record->filepath = $savepath; - $record->filename = $filename; - $record->component = 'user'; - $record->filearea = 'draft'; - $record->itemid = $itemid; - $record->license = ''; - $record->author = ''; - - $now = time(); - $record->timecreated = $now; - $record->timemodified = $now; - $record->userid = $USER->id; - $record->contextid = $user_context->id; - - $sourcefield = $repo->get_file_source_info($thefile['url']); - $record->source = repository::build_source_field($sourcefield); - try { - $info = repository::move_to_filepool($thefile['path'], $record); - redirect($home_url, get_string('downloadsucc', 'repository')); - } catch (moodle_exception $e) { - // inject target URL - $e->link = $PAGE->url->out(); - echo $OUTPUT->header(); // hack: we need the embedded header here, standard error printing would not use it - throw $e; + + // If file is already a reference, set $fileurl = file source, $repo = file repository + // note that in this case user may not have permission to access the source file directly + // so no file_browser/file_info can be used below + if ($repo->has_moodle_files()) { + $file = repository::get_moodle_file($fileurl); + if ($file && $file->is_external_file()) { + $fileurl = $file->get_reference(); + $repo_id = $file->get_repository_id(); + $repo = repository::get_repository_by_id($repo_id, $contextid, $repooptions); } + } + + $record = new stdClass(); + $record->filepath = $savepath; + $record->filename = $filename; + $record->component = 'user'; + $record->filearea = 'draft'; + $record->itemid = $itemid; + $record->license = ''; + $record->author = ''; + + $now = time(); + $record->timecreated = $now; + $record->timemodified = $now; + $record->userid = $USER->id; + $record->contextid = $user_context->id; + $record->sortorder = 0; + + $sourcefield = $repo->get_file_source_info($fileurl); + $record->source = repository::build_source_field($sourcefield); + + if ($repo->has_moodle_files()) { + $fileinfo = $repo->copy_to_area($fileurl, $record, $maxbytes); + redirect($home_url, get_string('downloadsucc', 'repository')); } else { - print_error('cannotdownload', 'repository'); + $thefile = $repo->get_file($fileurl, $filename); + if (!empty($thefile['path'])) { + $filesize = filesize($thefile['path']); + if ($maxbytes != -1 && $filesize>$maxbytes) { + unlink($thefile['path']); + print_error('maxbytes'); + } + try { + $info = repository::move_to_filepool($thefile['path'], $record); + redirect($home_url, get_string('downloadsucc', 'repository')); + } catch (moodle_exception $e) { + // inject target URL + $e->link = $PAGE->url->out(); + echo $OUTPUT->header(); // hack: we need the embedded header here, standard error printing would not use it + throw $e; + } + } else { + print_error('cannotdownload', 'repository'); + } } break; -- 2.43.0