Fix adding a document from ckeditor.

src/CoreBundle/Controller/EditorController.php

@@ -105,8 +105,10 @@ class EditorController extends BaseController
 
         $routeParams = ['cidReq' => $courseIdentifier, 'id'];
 
+        $removePath = $course->getResourceNode()->getPath();
+
         $grid->getColumn('title')->manipulateRenderCell(
-            function ($value, Row $row, $router) use ($course, $routeParams) {
+            function ($value, Row $row, $router) use ($course, $routeParams, $removePath) {
                 /** @var CDocument $entity */
                 $entity = $row->getEntity();
                 $resourceNode = $entity->getResourceNode();
@@ -121,7 +123,7 @@ class EditorController extends BaseController
                 if ($resourceNode->hasResourceFile()) {
                     $documentParams = [
                         'course' => $course->getCode(),
-                        'file' => $resourceNode->getPathForDisplay()
+                        'file' => $resourceNode->getPathForDisplayRemoveBase($removePath)
                     ];
                     $url = $router->generate(
                         'resources_document_get_file',

src/CoreBundle/Controller/ResourceController.php

@@ -550,25 +550,33 @@ class ResourceController extends AbstractResourceController implements CourseCon
      * @return Response
      * @throws \League\Flysystem\FileNotFoundException
      */
-    public function getDocumentAction(Request $request, CDocumentRepository $documentRepo, Glide $glide): Response
+    public function getDocumentAction(Request $request, Glide $glide): Response
     {
         $file = $request->get('file');
         $mode = $request->get('mode');
+
         // see list of filters in config/services.yaml
         $filter = $request->get('filter');
         $mode = !empty($mode) ? $mode : 'show';
-        $criteria = [
-            'path' => "/$file",
-            'course' => $this->getCourse(),
-        ];
 
-        $document = $documentRepo->findOneBy($criteria);
+        $repository = $this->getRepository('document', 'files');
+        $nodeRepository = $repository->getResourceNodeRepository();
+
+        $title = basename($file);
+        // @todo improve criteria to avoid giving the wrong file.
+        $criteria = ['slug' => $title];
 
-        if (null === $document) {
+        $resourceNode = $nodeRepository->findOneBy($criteria);
+
+        if (null === $resourceNode) {
             throw new NotFoundHttpException();
         }
-        /** @var ResourceNode $resourceNode */
-        $resourceNode = $document->getResourceNode();
+
+        $this->denyAccessUnlessGranted(
+            ResourceNodeVoter::VIEW,
+            $resourceNode,
+            'Unauthorised access to resource'
+        );
 
         return $this->showFile($request, $resourceNode, $glide, $mode, $filter);
     }

src/CoreBundle/Entity/Resource/ResourceNode.php

@@ -237,6 +237,18 @@ class ResourceNode
         return self::convertPathForDisplay($this->path);
     }
 
+    /**
+     * @param string $base
+     *
+     * @return string
+     */
+    public function getPathForDisplayRemoveBase(string $base)
+    {
+        $path = str_replace($base, '', $this->path);
+
+        return self::convertPathForDisplay($path);
+    }
+
     /**
      * @return mixed
      */

src/CoreBundle/Repository/ResourceRepository.php

@@ -18,14 +18,12 @@ use Chamilo\CoreBundle\Entity\Usergroup;
 use Chamilo\CoreBundle\Security\Authorization\Voter\ResourceNodeVoter;
 use Chamilo\CourseBundle\Entity\CGroupInfo;
 use Chamilo\UserBundle\Entity\User;
-use Cocur\Slugify\Slugify;
 use Cocur\Slugify\SlugifyInterface;
 use Doctrine\ORM\EntityManager;
 use Doctrine\ORM\Query\Expr\Join;
 use Doctrine\ORM\QueryBuilder;
 use League\Flysystem\FilesystemInterface;
 use League\Flysystem\MountManager;
-use mysql_xdevapi\Exception;
 use Sylius\Bundle\ResourceBundle\Doctrine\ORM\EntityRepository;
 use Symfony\Component\Filesystem\Exception\FileNotFoundException;
 use Symfony\Component\Form\FormFactory;