From d92e7c4d8e822a54a4a8a443287898a11bc5c6e9 Mon Sep 17 00:00:00 2001 From: skodak Date: Thu, 21 May 2009 09:50:04 +0000 Subject: [PATCH] MDL-18111 improving file api comments and docs, fixing license header --- draftfile.php | 144 ++++++++++------- pluginfile.php | 424 ++++++++++++++++++++++++++----------------------- userfile.php | 182 ++++++++++++--------- 3 files changed, 411 insertions(+), 339 deletions(-) diff --git a/draftfile.php b/draftfile.php index 91b5f5ec60..8970a6bbe7 100644 --- a/draftfile.php +++ b/draftfile.php @@ -1,66 +1,90 @@ -contextlevel != CONTEXT_USER) { - print_error('invalidarguments'); - } - - $userid = $context->instanceid; - if ($USER->id != $userid) { - print_error('invaliduserid'); - } - - switch ($filearea) { - case 'user_draft': - $itemid = (int)array_shift($args); - break; - default: - send_file_not_found(); - } +. + +/** + * This script delegates file serving to individual plugins + * + * @package moodlecore + * @subpackage file + * @copyright 2008 Petr Skoda (http://skodak.org) + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +require_once('config.php'); +require_once('lib/filelib.php'); + +require_login(); +if (isguestuser()) { + print_error('noguest'); +} + +// disable moodle specific debug messages +disable_debugging(); + +$relativepath = get_file_argument(); + +// relative path must start with '/' +if (!$relativepath) { + print_error('invalidargorconf'); +} else if ($relativepath{0} != '/') { + print_error('pathdoesnotstartslash'); +} + +// extract relative path components +$args = explode('/', ltrim($relativepath, '/')); + +if (count($args) == 0) { // always at least user id + print_error('invalidarguments'); +} + +$contextid = (int)array_shift($args); +$filearea = array_shift($args); + +$context = get_context_instance_by_id($contextid); +if ($context->contextlevel != CONTEXT_USER) { + print_error('invalidarguments'); +} + +$userid = $context->instanceid; +if ($USER->id != $userid) { + print_error('invaliduserid'); +} + +switch ($filearea) { + case 'user_draft': + $itemid = (int)array_shift($args); + break; + default: + send_file_not_found(); +} - $relativepath = '/'.implode('/', $args); +$relativepath = '/'.implode('/', $args); - $fs = get_file_storage(); +$fs = get_file_storage(); - $fullpath = $context->id.$filearea.$itemid.$relativepath; +$fullpath = $context->id.$filearea.$itemid.$relativepath; - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { - send_file_not_found(); - } +if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { + send_file_not_found(); +} - // ======================================== - // finally send the file - // ======================================== - session_get_instance()->write_close(); // unlock session during fileserving - send_stored_file($file, 0, false, true); // force download - security first! +// ======================================== +// finally send the file +// ======================================== +session_get_instance()->write_close(); // unlock session during fileserving +send_stored_file($file, 0, false, true); // force download - security first! diff --git a/pluginfile.php b/pluginfile.php index dc7f278338..6bc351ec96 100644 --- a/pluginfile.php +++ b/pluginfile.php @@ -1,270 +1,294 @@ -. + +/** + * This script delegates file serving to individual plugins + * + * @package moodlecore + * @subpackage file + * @copyright 2008 Petr Skoda (http://skodak.org) + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +require_once('config.php'); +require_once('lib/filelib.php'); + +// disable moodle specific debug messages +disable_debugging(); + +$relativepath = get_file_argument(); +$forcedownload = optional_param('forcedownload', 0, PARAM_BOOL); + +// relative path must start with '/' +if (!$relativepath) { + print_error('invalidargorconf'); +} else if ($relativepath{0} != '/') { + print_error('pathdoesnotstartslash'); +} + +// extract relative path components +$args = explode('/', ltrim($relativepath, '/')); + +if (count($args) == 0) { // always at least user id + print_error('invalidarguments'); +} + +$contextid = (int)array_shift($args); +$filearea = array_shift($args); + +$context = get_context_instance_by_id($contextid); +$fs = get_file_storage(); + + +if ($context->contextlevel == CONTEXT_SYSTEM) { + if ($filearea === 'blog') { + + if (empty($CFG->bloglevel)) { + print_error('siteblogdisable', 'blog'); + } + if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { + require_login(); + if (isguestuser()) { + print_error('noguest'); + } + if ($CFG->bloglevel == BLOG_USER_LEVEL) { + if ($USER->id != $entry->userid) { + send_file_not_found(); + } + } + } + $entryid = (int)array_shift($args); + if (!$entry = $DB->get_record('post', array('module'=>'blog', 'id'=>$entryid))) { + send_file_not_found(); + } + if ('publishstate' === 'public') { + if ($CFG->forcelogin) { + require_login(); + } - require_once('config.php'); - require_once('lib/filelib.php'); + } else if ('publishstate' === 'site') { + require_login(); + //ok + } else if ('publishstate' === 'draft') { + require_login(); + if ($USER->id != $entry->userid) { + send_file_not_found(); + } + } - // disable moodle specific debug messages - disable_debugging(); + //TODO: implement shared course and shared group access - $relativepath = get_file_argument(); - $forcedownload = optional_param('forcedownload', 0, PARAM_BOOL); + $relativepath = '/'.implode('/', $args); + $fullpath = $context->id.'blog'.$entryid.$relativepath; - // relative path must start with '/' - if (!$relativepath) { - print_error('invalidargorconf'); - } else if ($relativepath{0} != '/') { - print_error('pathdoesnotstartslash'); - } + if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { + send_file_not_found(); + } - // extract relative path components - $args = explode('/', ltrim($relativepath, '/')); + send_stored_file($file, 10*60, 0, true); // download MUST be forced - security! - if (count($args) == 0) { // always at least user id - print_error('invalidarguments'); + } else { + send_file_not_found(); } - $contextid = (int)array_shift($args); - $filearea = array_shift($args); - $context = get_context_instance_by_id($contextid); - $fs = get_file_storage(); +} else if ($context->contextlevel == CONTEXT_USER) { + send_file_not_found(); - if ($context->contextlevel == CONTEXT_SYSTEM) { - if ($filearea === 'blog') { - - if (empty($CFG->bloglevel)) { - print_error('siteblogdisable', 'blog'); - } - if ($CFG->bloglevel < BLOG_GLOBAL_LEVEL) { - require_login(); - if (isguestuser()) { - print_error('noguest'); - } - if ($CFG->bloglevel == BLOG_USER_LEVEL) { - if ($USER->id != $entry->userid) { - send_file_not_found(); - } - } - } - $entryid = (int)array_shift($args); - if (!$entry = $DB->get_record('post', array('module'=>'blog', 'id'=>$entryid))) { - send_file_not_found(); - } - if ('publishstate' === 'public') { - if ($CFG->forcelogin) { - require_login(); - } - - } else if ('publishstate' === 'site') { - require_login(); - //ok - } else if ('publishstate' === 'draft') { - require_login(); - if ($USER->id != $entry->userid) { - send_file_not_found(); - } - } +} else if ($context->contextlevel == CONTEXT_COURSECAT) { + if ($filearea !== 'coursecat_intro') { + send_file_not_found(); + } - //TODO: implement shared course and shared group access + if ($CFG->forcelogin) { + // no login necessary - unless login forced everywhere + require_login(); + } - $relativepath = '/'.implode('/', $args); - $fullpath = $context->id.'blog'.$entryid.$relativepath; + $relativepath = '/'.implode('/', $args); + $fullpath = $context->id.'coursecat_intro0'.$relativepath; - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { - send_file_not_found(); - } + if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { + send_file_not_found(); + } - send_stored_file($file, 10*60, 0, true); // download MUST be forced - security! + session_get_instance()->write_close(); // unlock session during fileserving + send_stored_file($file, 60*60, 0, $forcedownload); - } else { - send_file_not_found(); - } +} else if ($context->contextlevel == CONTEXT_COURSE) { + if (!$course = $DB->get_record('course', array('id'=>$context->instanceid))) { + print_error('invalidcourseid'); + } - } else if ($context->contextlevel == CONTEXT_USER) { - send_file_not_found(); + if ($filearea === 'course_backup') { + require_login($course); + require_capability('moodle/site:backupdownload', $context); + $relativepath = '/'.implode('/', $args); + $fullpath = $context->id.'course_backup0'.$relativepath; - } else if ($context->contextlevel == CONTEXT_COURSECAT) { - if ($filearea !== 'coursecat_intro') { + if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { send_file_not_found(); } + session_get_instance()->write_close(); // unlock session during fileserving + send_stored_file($file, 0, 0, true); + + } else if ($filearea === 'course_intro') { if ($CFG->forcelogin) { - // no login necessary - unless login forced everywhere require_login(); } $relativepath = '/'.implode('/', $args); - $fullpath = $context->id.'coursecat_intro0'.$relativepath; + $fullpath = $context->id.'course_intro0'.$relativepath; - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { + if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { send_file_not_found(); } session_get_instance()->write_close(); // unlock session during fileserving - send_stored_file($file, 60*60, 0, $forcedownload); - - - } else if ($context->contextlevel == CONTEXT_COURSE) { - if (!$course = $DB->get_record('course', array('id'=>$context->instanceid))) { - print_error('invalidcourseid'); - } + send_stored_file($file, 60*60, 0, false); // TODO: change timeout? - if ($filearea === 'course_backup') { + } else if ($filearea === 'course_section') { + if ($CFG->forcelogin) { require_login($course); - require_capability('moodle/site:backupdownload', $context); + } else if ($course->id !== SITEID) { + require_login($course); + } - $relativepath = '/'.implode('/', $args); - $fullpath = $context->id.'course_backup0'.$relativepath; + $sectionid = (int)array_shift($args); - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { + if ($course->numsections < $sectionid) { + if (!has_capability('moodle/course:update', $context)) { + // disable access to invisible sections if can not edit course + // this is going to break some ugly hacks, but is necessary send_file_not_found(); } + } - session_get_instance()->write_close(); // unlock session during fileserving - send_stored_file($file, 0, 0, true); - - } else if ($filearea === 'course_intro') { - if ($CFG->forcelogin) { - require_login(); - } + $relativepath = '/'.implode('/', $args); + $fullpath = $context->id.'course_section'.$sectionid.$relativepath; - $relativepath = '/'.implode('/', $args); - $fullpath = $context->id.'course_intro0'.$relativepath; + if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { + send_file_not_found(); + } - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { - send_file_not_found(); - } + session_get_instance()->write_close(); // unlock session during fileserving + send_stored_file($file, 60*60, 0, false); // TODO: change timeout? - session_get_instance()->write_close(); // unlock session during fileserving - send_stored_file($file, 60*60, 0, false); // TODO: change timeout? + } else if ($filearea === 'user_profile') { + $userid = (int)array_shift($args); + $usercontext = get_context_instance(CONTEXT_USER, $userid); - } else if ($filearea === 'course_section') { - if ($CFG->forcelogin) { - require_login($course); - } else if ($course->id !== SITEID) { - require_login($course); + if (!empty($CFG->forceloginforprofiles)) { + require_login(); + if (isguestuser()) { + print_error('noguest'); } - $sectionid = (int)array_shift($args); - - if ($course->numsections < $sectionid) { - if (!has_capability('moodle/course:update', $context)) { - // disable access to invisible sections if can not edit course - // this is going to break some ugly hacks, but is necessary - send_file_not_found(); - } + if (!isteacherinanycourse() + and !isteacherinanycourse($userid) + and !has_capability('moodle/user:viewdetails', $usercontext)) { + print_error('usernotavailable'); } - - $relativepath = '/'.implode('/', $args); - $fullpath = $context->id.'course_section'.$sectionid.$relativepath; - - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { - send_file_not_found(); + if (!has_capability('moodle/user:viewdetails', $context) && + !has_capability('moodle/user:viewdetails', $usercontext)) { + print_error('cannotviewprofile'); } - - session_get_instance()->write_close(); // unlock session during fileserving - send_stored_file($file, 60*60, 0, false); // TODO: change timeout? - - } else if ($filearea === 'user_profile') { - $userid = (int)array_shift($args); - $usercontext = get_context_instance(CONTEXT_USER, $userid); - - if (!empty($CFG->forceloginforprofiles)) { - require_login(); - if (isguestuser()) { - print_error('noguest'); - } - - if (!isteacherinanycourse() - and !isteacherinanycourse($userid) - and !has_capability('moodle/user:viewdetails', $usercontext)) { - print_error('usernotavailable'); - } - if (!has_capability('moodle/user:viewdetails', $context) && - !has_capability('moodle/user:viewdetails', $usercontext)) { - print_error('cannotviewprofile'); - } - if (!has_capability('moodle/course:view', $context, $userid, false)) { - print_error('notenrolledprofile'); - } - if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { - print_error('groupnotamember'); - } + if (!has_capability('moodle/course:view', $context, $userid, false)) { + print_error('notenrolledprofile'); } - - $relativepath = '/'.implode('/', $args); - $fullpath = $usercontext->id.'user_profile0'.$relativepath; - - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { - send_file_not_found(); + if (groups_get_course_groupmode($course) == SEPARATEGROUPS and !has_capability('moodle/site:accessallgroups', $context)) { + print_error('groupnotamember'); } + } - session_get_instance()->write_close(); // unlock session during fileserving - send_stored_file($file, 0, 0, true); // must force download - security! + $relativepath = '/'.implode('/', $args); + $fullpath = $usercontext->id.'user_profile0'.$relativepath; - } else { + if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { send_file_not_found(); } - } else if ($context->contextlevel == CONTEXT_MODULE) { + session_get_instance()->write_close(); // unlock session during fileserving + send_stored_file($file, 0, 0, true); // must force download - security! - if (!$coursecontext = get_context_instance_by_id(get_parent_contextid($context))) { - send_file_not_found(); - } + } else { + send_file_not_found(); + } + +} else if ($context->contextlevel == CONTEXT_MODULE) { + + if (!$coursecontext = get_context_instance_by_id(get_parent_contextid($context))) { + send_file_not_found(); + } + + if (!$course = $DB->get_record('course', array('id'=>$coursecontext->instanceid))) { + send_file_not_found(); + } + $modinfo = get_fast_modinfo($course); + if (empty($modinfo->cms[$context->instanceid])) { + send_file_not_found(); + } + + $cminfo = $modinfo->cms[$context->instanceid]; + $modname = $cminfo->modname; + $libfile = "$CFG->dirroot/mod/$modname/lib.php"; + if (!file_exists($libfile)) { + send_file_not_found(); + } - if (!$course = $DB->get_record('course', array('id'=>$coursecontext->instanceid))) { + require_once($libfile); + if ($filearea === $modname.'_intro') { + if (!plugin_supports('mod', $modname, FEATURE_MOD_INTRO, true)) { send_file_not_found(); } - $modinfo = get_fast_modinfo($course); - if (empty($modinfo->cms[$context->instanceid])) { + if (!$cminfo->uservisible) { send_file_not_found(); } + // all users may access it + $relativepath = '/'.implode('/', $args); + $fullpath = $context->id.$filearea.'0'.$relativepath; - $cminfo = $modinfo->cms[$context->instanceid]; - $modname = $cminfo->modname; - $libfile = "$CFG->dirroot/mod/$modname/lib.php"; - if (!file_exists($libfile)) { + $fs = get_file_storage(); + if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { send_file_not_found(); } - require_once($libfile); - if ($filearea === $modname.'_intro') { - if (!plugin_supports('mod', $modname, FEATURE_MOD_INTRO, true)) { - send_file_not_found(); - } - if (!$cminfo->uservisible) { - send_file_not_found(); - } - // all users may access it - $relativepath = '/'.implode('/', $args); - $fullpath = $context->id.$filearea.'0'.$relativepath; - - $fs = get_file_storage(); - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->is_directory()) { - send_file_not_found(); - } - - $lifetime = isset($CFG->filelifetime) ? $CFG->filelifetime : 86400; - - // finally send the file - send_stored_file($file, $lifetime, 0); - } + $lifetime = isset($CFG->filelifetime) ? $CFG->filelifetime : 86400; - $filefunction = $modname.'_pluginfile'; - if (function_exists($filefunction)) { - if ($filefunction($course, $cminfo, $context, $filearea, $args) !== false) { - die; - } + // finally send the file + send_stored_file($file, $lifetime, 0); + } + + $filefunction = $modname.'_pluginfile'; + if (function_exists($filefunction)) { + if ($filefunction($course, $cminfo, $context, $filearea, $args) !== false) { + die; } + } - } else if ($context->contextlevel == CONTEXT_BLOCK) { - //not supported yet - send_file_not_found(); +} else if ($context->contextlevel == CONTEXT_BLOCK) { + //not supported yet + send_file_not_found(); - } else { - send_file_not_found(); - } +} else { + send_file_not_found(); +} diff --git a/userfile.php b/userfile.php index c7096cf1a8..04784ae4dd 100644 --- a/userfile.php +++ b/userfile.php @@ -1,87 +1,111 @@ -contextlevel != CONTEXT_USER) { - print_error('invalidarguments'); - } - - $userid = $context->instanceid; - - switch ($filearea) { - case 'user_profile': - require_login(); - if (isguestuser()) { - print_error('noguest'); - } - - // access controll here must match user edit forms - if ($userid == $USER->id) { - if (!has_capability('moodle/user:editownprofile', get_context_instance(CONTEXT_SYSTEM))) { - send_file_not_found(); - } - } else { - if (!has_capability('moodle/user:editprofile', $context) and !has_capability('moodle/user:update', $context)) { - send_file_not_found(); - } - } - $itemid = 0; - $forcedownload = true; - break; - - case 'user_private': - require_login(); - if (isguestuser()) { +. + +/** + * This script serves user's private files + * + * @package moodlecore + * @subpackage file + * @copyright 2008 Petr Skoda (http://skodak.org) + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + */ + +require_once('config.php'); +require_once('lib/filelib.php'); + +// disable moodle specific debug messages +disable_debugging(); + +$relativepath = get_file_argument(); +$forcedownload = optional_param('forcedownload', 0, PARAM_BOOL); + +// relative path must start with '/' +if (!$relativepath) { + print_error('invalidargorconf'); +} else if ($relativepath{0} != '/') { + print_error('pathdoesnotstartslash'); +} + +// extract relative path components +$args = explode('/', ltrim($relativepath, '/')); + +if (count($args) == 0) { // always at least user id + print_error('invalidarguments'); +} + +$contextid = (int)array_shift($args); +$filearea = array_shift($args); + +$context = get_context_instance_by_id($contextid); +if ($context->contextlevel != CONTEXT_USER) { + print_error('invalidarguments'); +} + +$userid = $context->instanceid; + +switch ($filearea) { + case 'user_profile': + require_login(); + if (isguestuser()) { + print_error('noguest'); + } + + // access controll here must match user edit forms + if ($userid == $USER->id) { + if (!has_capability('moodle/user:editownprofile', get_context_instance(CONTEXT_SYSTEM))) { send_file_not_found(); - } - if ($USER->id != $userid) { + } + } else { + if (!has_capability('moodle/user:editprofile', $context) and !has_capability('moodle/user:update', $context)) { send_file_not_found(); } - $itemid = 0; - $forcedownload = true; - break; - - default: + } + $itemid = 0; + $forcedownload = true; + break; + + case 'user_private': + require_login(); + if (isguestuser()) { send_file_not_found(); - } - - $relativepath = '/'.implode('/', $args); + } + if ($USER->id != $userid) { + send_file_not_found(); + } + $itemid = 0; + $forcedownload = true; + break; - $fs = get_file_storage(); + default: + send_file_not_found(); +} - $fullpath = $context->id.$filearea.$itemid.$relativepath; +$relativepath = '/'.implode('/', $args); - if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { - send_file_not_found(); - } +$fs = get_file_storage(); + +$fullpath = $context->id.$filearea.$itemid.$relativepath; + +if (!$file = $fs->get_file_by_hash(sha1($fullpath)) or $file->get_filename() == '.') { + send_file_not_found(); +} - // ======================================== - // finally send the file - // ======================================== - session_get_instance()->write_close(); // unlock session during fileserving - send_stored_file($file, 0, false, $forcedownload); +// ======================================== +// finally send the file +// ======================================== +session_get_instance()->write_close(); // unlock session during fileserving +send_stored_file($file, 0, false, $forcedownload); -- 2.39.5