[ Mini Kiebo ]
Server: Windows NT DESKTOP-5B8S0D4 6.2 build 9200 (Windows 8 Professional Edition) i586
Path:
D:
/
Backup
/
05122024
/
htdocs
/
jurnal-kesmas
/
baru
/
lib
/
pkp
/
pages
/
libraryFiles
/
[
Home
]
File: LibraryFileHandler.php
<?php /** * @file pages/libraryFiles/LibraryFileHandler.php * * Copyright (c) 2014-2021 Simon Fraser University * Copyright (c) 2000-2021 John Willinsky * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING. * * @class LibraryFileHandler * * @ingroup pages_libraryFiles * * @brief Class defining a handler for library file access */ namespace PKP\pages\libraryFiles; use APP\core\Application; use APP\core\Request; use APP\facades\Repo; use APP\file\LibraryFileManager; use APP\handler\Handler; use PKP\context\LibraryFileDAO; use PKP\db\DAORegistry; use PKP\security\Role; class LibraryFileHandler extends Handler { /** @var Handler the Handler that calls the LibraryFileHandler functions */ public $_callingHandler = null; /** * Constructor. * * @param Handler $callingHandler */ public function __construct($callingHandler) { $this->_callingHandler = $callingHandler; } // // Public handler methods // /** * Download a library public file. * * @param array $args * @param Request $request */ public function downloadPublic($args, $request) { $context = $request->getContext(); $libraryFileManager = new LibraryFileManager($context->getId()); $libraryFileDao = DAORegistry::getDAO('LibraryFileDAO'); /** @var LibraryFileDAO $libraryFileDao */ $publicFileId = $args[0]; $libraryFile = $libraryFileDao->getById($publicFileId, $context->getId()); if ($libraryFile && $libraryFile->getPublicAccess()) { $libraryFileManager->downloadByPath($libraryFile->getFilePath(), null, true); } else { header('HTTP/1.0 403 Forbidden'); echo '403 Forbidden<br>'; return; } } /** * Download a library file. * * @param array $args * @param Request $request */ public function downloadLibraryFile($args, $request) { $context = $request->getContext(); $libraryFileManager = new LibraryFileManager($context->getId()); $libraryFileDao = DAORegistry::getDAO('LibraryFileDAO'); /** @var LibraryFileDAO $libraryFileDao */ $libraryFile = $libraryFileDao->getById($request->getUserVar('libraryFileId'), $context->getId()); if ($libraryFile) { // If this file has a submission ID, ensure that the current // user has access to that submission. if ($libraryFile->getSubmissionId()) { $allowedAccess = false; // Managers are always allowed access. if ($this->_callingHandler) { $userRoles = $this->_callingHandler->getAuthorizedContextObject(Application::ASSOC_TYPE_USER_ROLES); if (array_intersect($userRoles, [Role::ROLE_ID_MANAGER, Role::ROLE_ID_SITE_ADMIN])) { $allowedAccess = true; } } // Check for specific assignments. $assignedUsers = Repo::user()->getCollector() ->assignedTo($libraryFile->getSubmissionId(), WORKFLOW_STAGE_ID_SUBMISSION) ->getMany(); $user = $request->getUser(); foreach ($assignedUsers as $assignedUser) { if ($assignedUser->getId() == $user->getId()) { $allowedAccess = true; break; } } } else { $allowedAccess = true; // this is a Context submission document, default to access policy. } if ($allowedAccess) { $libraryFileManager->downloadByPath($libraryFile->getFilePath()); } else { header('HTTP/1.0 403 Forbidden'); echo '403 Forbidden<br>'; return; } } } }