diff --git a/administrator/controller.php b/administrator/controller.php index ce1434f8..41c436a4 100755 --- a/administrator/controller.php +++ b/administrator/controller.php @@ -9,7 +9,10 @@ // No direct access defined('_JEXEC') or die; - +use Joomla\CMS\Table\Table; +use Joomla\CMS\Factory; +use Joomla\CMS\MVC\Model\BaseDatabaseModel; +use Joomla\CMS\Language\Text; /** * TJ Fields Controller * @@ -38,4 +41,88 @@ public function display($cachable = false, $urlparams = false) return $this; } + + /** + * Fuction to get download media file + * + * @return object + */ + public function getMediaFile() + { + JLoader::import("/techjoomla/media/storage/local", JPATH_LIBRARIES); + $app = Factory::getApplication(); + $jinput = $app->input; + $mediaLocal = TJMediaStorageLocal::getInstance(); + + // Here, fpht means file encoded name + $encodedFileName = $jinput->get('fpht', '', 'STRING'); + $decodedFileName = base64_decode($encodedFileName); + + // Subform File field Id for checking autherization for specific field under subform + $subformFileFieldId = $jinput->get('subFormFileFieldId', '', 'INT'); + + // Get media storage path + JLoader::import('components.com_tjfields.models.fields', JPATH_SITE); + $fieldsModel = BaseDatabaseModel::getInstance('Fields', 'TjfieldsModel', array('ignore_request' => true)); + $data = $fieldsModel->getMediaStoragePath($jinput->get('id', '', 'INT'), $subformFileFieldId); + + if ($data->tjFieldFieldTable->type == "file") + { + $extraFieldParams = json_decode($data->tjFieldFieldTable->params); + $storagePath = $extraFieldParams->uploadpath; + $decodedPath = $storagePath . '/' . $decodedFileName; + } + else + { + $fieldType = $data->tjFieldFieldTable->type; + $decodedPath = JPATH_SITE . '/' . $fieldType . 's/tjmedia/' . str_replace(".", "/", $data->tjFieldFieldTable->client) . '/' . $decodedFileName; + } + + if ($data->tjFieldFieldTable->fieldValueId) + { + $user = Factory::getUser(); + + if ($subformFileFieldId) + { + $canView = $user->authorise('core.field.viewfieldvalue', 'com_tjfields.field.' . $subformFileFieldId); + } + else + { + $canView = $user->authorise('core.field.viewfieldvalue', 'com_tjfields.field.' . $data->tjFieldFieldTable->field_id); + } + + $canDownload = 0; + + // Allow to view own data + if ($data->tjFieldFieldTable->user_id != null && ($user->id == $data->tjFieldFieldTable->user_id)) + { + $canDownload = true; + } + + if ($canView || $canDownload) + { + $down_status = $mediaLocal->downloadMedia($decodedPath, '', '', 0); + + if ($down_status === 2) + { + $app->enqueueMessage(Text::_('COM_TJFIELDS_FILE_NOT_FOUND'), 'error'); + $app->redirect($this->returnURL); + } + + return; + } + else + { + $app->enqueueMessage(Text::_('JERROR_ALERTNOAUTHOR'), 'error'); + $app->redirect($this->returnURL); + } + } + else + { + $app->enqueueMessage(Text::_('JERROR_ALERTNOAUTHOR'), 'error'); + $app->redirect($this->returnURL); + } + + jexit(); + } } diff --git a/site/helpers/tjfields.php b/site/helpers/tjfields.php index 1cdddcab..00c1ed74 100644 --- a/site/helpers/tjfields.php +++ b/site/helpers/tjfields.php @@ -1919,7 +1919,7 @@ public function getMediaUrl($fileName, $extraUrlParamsArray = '') // Here, fpht means file encoded path $encodedFileName = base64_encode($fileName); $basePathLink = 'index.php?option=com_tjfields&task=getMediaFile&fpht='; - $mediaURLlink = JUri::root() . substr(JRoute::_($basePathLink . $encodedFileName . $extraUrlParams), strlen(JUri::base(true)) + 1); + $mediaURLlink = JUri::base() . substr(JRoute::_($basePathLink . $encodedFileName . $extraUrlParams), strlen(JUri::base(true)) + 1); return $mediaURLlink; }