module;
}
protected function isAccessAllowed($thisInstance, $module) {
$system = System::getInstance();
$usrSvc = $system->getUserSvc();
$usr = $usrSvc->getUser();
if(!is_null($usr) && $usrSvc->userHasPriv($usr, $system->getSiteId(), false, false))
$allowed = true;
else {
$allowed = false;
/* switch ($info->visible) {
case 'all':
$allowed = true;
break;
case 'user':
if (is_null($usr))
break;
$allowed = true;
break;
case 'acl':
if (is_null($usr))
break;
if ($system->getDB()->table('moduleinstanceacl')->getObject(
array(
'instance' => $instanceName,
'site_id' => $system->getSiteId(),
'account_id' => $usr->getId(),
)
)
) {
$allowed = true;
}
// TODO: add group support
// TODO: add timing support
break;
case 'none':
default:
$response->addError(403,'Access denied','http');
break;
} */
}
return $allowed;
}
public function handleRequest(Request $request, Response &$response, $context) {
$system = System::getInstance();
$params = $request->getParam();
if(empty($params['target'])) {
$response->setContent('Missing target');
return;
}
$target = $params['target'];
$info = NULL;
if($system->cacheExists($system->getSiteId(), '$p:mcms.mmpimaincontent:modinstinfo', $target)) {
$info = $system->cacheFetch($system->getSiteId(), '$p:mcms.mmpimaincontent:modinstinfo', $target);
}
if(empty($info)) {
$info = $system->getDB()->table('moduleinstances')->getObject(array(
'instance' => $target,'site_id' => $system->getSiteId()));
$system->cacheStore($system->getSiteId(), '$p:mcms.mmpimaincontent:modinstinfo', $target, $info, 60);
}
// if (is_null($info) || $info === false)
// throw new RuntimeException('no module found for ident '+$target);
$usrSvc = $system->getUserSvc();
$usr = $usrSvc->getUser();
$realName = $this->getRealName($info);
if(!$this->isAccessAllowed($target, $realName)) {
$classname = loadModule($realName);
if(class_exists($classname)) {
$obj = new $classname();
if($obj instanceof \MCMS\Module\iModule) {
$activeInstance = &$obj;
if(!method_exists($activeInstance, 'hasFilePriv') || !$activeInstance->hasFilePriv($usr, $params)) {
$response->setContent('Not found or access denied');
return;
}
}
else
throw new \Mammut\Exception\IllegalStateException('class does not define the module interface: ' . $classname);
}
else {
$response->setContent('Not found or access denied');
return;
}
}
$type = isset($params['part']) ? $params['part'] : 'base';
$dir = isset($params['dir']) ? $params['dir'] : '';
$st = 'invalid request';
$basedir = dirname($_SERVER['SCRIPT_FILENAME']) . '/datax/media/' . $system->getSiteId();
$dirParts = preg_split('#(/|\\\\)#', $dir);
foreach($dirParts as $id=>$part) {
$part = trim($part);
if($part == '' || preg_match('#^\.+$#', $part))
unset($dirParts[$id]);
}
$dir = implode(__DS__, $dirParts);
$realDir = $basedir . __DS__ . $dir;
$mode = 'file';
if(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'image')
$mode = 'image';
if(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'flash')
$mode = 'flash';
if(isset($_REQUEST['mode']) && $_REQUEST['mode'] == 'video')
$mode = 'video';
$id = 0;
switch($type) {
case 'base':
$st = '';
$st .= '';
$st .= '';
$st .= 'MCMS MediaManager';
$st .= '';
$handler = System::getInstance()->getFormDatatypeHandlers('html');
$targetClass = loadComponent('editor', 'html.' . $handler['editor']);
$st .= call_user_func(array($targetClass,'generateSelectCallBack'), isset($_REQUEST['id']) ? $_REQUEST['id'] : false);
$st .= '';
$st .= '';
$st .= '<![CDATA[<body>Needs a frame-able browser</body>]]>';
$st .= '';
break;
case 'dirlist':
$st = $this->doDirListPart($dir, $realDir, $target, $mode, $id, $dirParts, $params);
break;
case 'filelist':
$st = $this->doFileListPart($dir, $realDir, $target, $mode, $id, $dirParts, $params);
break;
case 'actions':
$st = $this->doActionPart($dir, $realDir, $target, $mode, $id, $dirParts, $params);
break;
}
$response->setContent($st);
}
protected function doDirListPart($dir, $realDir, $target, $mode, $id, $dirParts, $params) {
$text = $this->getLocaleStrings();
$st = '';
$st .= '';
$st .= '';
$st .= '' . $text['currentdir'] . '
';
$st .= '/' . str_replace(__DS__, '/', $dir) . '
';
$st .= '';
$files = scandir($realDir);
foreach($files as $file) {
$fullpath = $realDir . __DS__ . $file;
if(is_dir($fullpath)) {
$dir = str_replace(__DS__, '/', $dir);
if($file == '.')
continue;
elseif($file == '..') {
$parts = explode('/', $dir);
unset($parts[count($parts) - 1]);
$targetDir = implode('/', $parts);
}
else
$targetDir = $dir . '/' . $file;
$st .= '- ..
';
else
$st .= '>
' . $file . '';
}
}
$st .= '
';
$st .= '';
return $st;
}
protected function doFileListPart($dir, $realDir, $target, $mode, $id, $dirParts, $params) {
$text = $this->getLocaleStrings();
$st = '';
$st .= '';
$st .= "";
$st .= '';
$actionDone = '';
if(isset($params['dodelete'])) {
$filename = basename($params['dodelete']);
unlink($realDir . __DS__ . $filename);
$actionDone = 'file deleted:' . $filename . '
';
}
$st .= '';
$files = scandir($realDir);
$st .= '';
$st .= '| | ';
$st .= '' . $text['th']['filename'] . ' | ';
$st .= '' . $text['th']['filesize'] . ' | ';
$st .= ' | ';
$st .= '
';
foreach($files as $file) {
$fullpath = $realDir . __DS__ . $file;
if(!is_dir($fullpath)) {
if($mode == 'image' && !preg_match('#.*\.(png|jpg|jpeg|bmp|gif|xpm|svg)$#i', $file))
continue;
$subdir = implode('/', $dirParts);
if($subdir != '')
$subdir = '/' . $subdir;
$url = _DATAURLX_ . '/media/' . System::getInstance()->getSiteId() . $subdir . '/' . $file;
$fsize = filesize($fullpath);
$fsunit = 'B';
if($fsize > 1024 * 1024) {
$fsize = round($fsize / 1024 / 1024, 2);
$fsunit = 'MB';
}
elseif($fsize > 1024) {
$fsize = round($fsize / 1024, 2);
$fsunit = 'KB';
}
$st .= '';
$st .= '| | ';
$st .= '' . $file . ' | ';
$st .= '' . $fsize . ' ' . $fsunit . ' | ';
$st .= '';
$st .= '' . $text['lnk']['usefile'] . '
';
$st .= '' . $text['lnk']['delfile'] . '';
$st .= ' | ';
$st .= '
';
}
}
$st .= '
' . $actionDone . '';
$st .= '';
return $st;
}
protected function doActionPart($dir, $realDir, $target, $mode, $id, $dirParts, $params) {
$text = $this->getLocaleStrings();
$st = '';
$st .= '';
$st .= '';
$st .= '';
$st .= '';
$st .= '';
$st .= '';
return $st;
}
}