1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
<?php
/**
* wysiwyg.php - Provide web services for the WYSIWYG editor.
*
**
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* @category Stud.IP
* @copyright (c) 2014 Stud.IP e.V.
* @license http://www.gnu.org/licenses/gpl-2.0.html GPL version 2
* @since File available since Release 3.0
* @author Robert Costa <rcosta@uos.de>
*/
class WysiwygController extends AuthenticatedController
{
const FOLDER_NAME = 'Wysiwyg Uploads';
const FOLDER_DESCRIPTION = 'Vom WYSIWYG Editor hochgeladene Dateien.';
/**
* Handle the WYSIWYG editor's file uploads.
*
* Files must be posted as an HTML array named "files":
* <input type="file" name="files[]" multiple />
*
* Files will be stored in a folder named "Wysiwyg Uploads". If the
* folder doesn't exist, it will be created.
*
* Results are returned as JSON-encoded array:
*
* [{"name": filename, "type": mime-type, "url": download-link},
* {"name": filename, "type": mime-type, "error": error-message},
* ...]
*
* Each array-entry corresponds to a single file, each file that was
* sent with the post request has exactly one entry.
*
* Entries with the property "url" correspond to successful uploads.
* Entries with the property "error" correspond to failed uploads.
*/
public function upload_action()
{
try {
CSRFProtection::verifyUnsafeRequest();
$user = User::findCurrent();
//try to find an already existing WYSIWYG folder inside the
//user's personal file area:
$wysiwyg_folder = Folder::findOneBySql(
"range_id = :user_id
AND folder_type = 'PublicFolder'
AND name = :wysiwyg_name ",
[
'user_id' => $user->id,
'wysiwyg_name' => self::FOLDER_NAME
]
);
if (!$wysiwyg_folder) {
//get the top folder of the user's personal file area and its FolderType:
$top_folder = Folder::findTopFolder($user->id)->getTypedFolder();
$wysiwyg_folder = new PublicFolder(Folder::build([
'user_id' => $user->id,
'name' => self::FOLDER_NAME,
'description' => self::FOLDER_DESCRIPTION
]));
if (!$top_folder->createSubfolder($wysiwyg_folder)) {
$this->render_json(_('WYSIWYG-Ordner für hochgeladene Dateien konnte nicht erstellt werden!'));
return;
}
} else {
$wysiwyg_folder = $wysiwyg_folder->getTypedFolder();
}
//Ok, we have our folder where we can store the uploaded files in:
$response = [];
if (!$wysiwyg_folder->isWritable($user->id)) {
throw new AccessDeniedException();
}
if (Request::isPost() && is_array($_FILES['files'])) {
$validatedFiles = FileManager::handleFileUpload(
$_FILES['files'],
$wysiwyg_folder,
$GLOBALS['user']->id
);
if (count($validatedFiles['error']) > 0) {
// error during upload: display error message:
$this->render_json(_('Beim Hochladen ist ein Fehler aufgetreten ') . "\n" .
join("\n", $validatedFiles['error'])
);
return;
}
//all files were uploaded successfully:
$storedFiles = [];
foreach ($validatedFiles['files'] as $file) {
$fileref = $file->getFileRef();
$response['files'][] = [
'name' => $fileref->name,
'type' => $fileref->mime_type,
'url' => $fileref->getDownloadURL()
];
}
}
} catch (AccessDeniedException $e) {
$response = $e->getMessage();
}
$this->render_json($response); // send HTTP response to client
}
}
|
