prevent download for students into main directory and into main shared folder directory. Also, into shared folder, a student only can download his shared folder directory

16 years ago · 42ae966ca7
parent f7f6ee6c51
commit 42ae966ca7
2 changed files with 59 additions and 11 deletions
--- a/main/document/document.inc.php
+++ b/main/document/document.inc.php
@ -162,7 +162,20 @@ function create_document_link($www, $title, $path, $filetype, $size, $visibility
 	if (!$show_as_icon) {
 		if ($filetype == 'folder') {
 			if (api_is_allowed_to_edit() || api_is_platform_admin() || api_get_setting('students_download_folders') == 'true') {
-				$force_download_html = ($size == 0) ? '' : '<a href="'.$forcedownload_link.'" style="float:right"'.$prevent_multiple_click.'>'.Display::return_icon($forcedownload_icon, get_lang('Download'), array('height'=>'16', 'width' => '16')).'</a>';
+				
+				//filter when I am into shared folder, I can show for donwload only my shared folder
+				if(is_shared_folder($_GET['curdirpath']))
+				{							
+					$my_preg_folder="/shared_folder\/sf_user_".api_get_user_id()."/";
+					if (preg_match($my_preg_folder, urldecode($forcedownload_link))|| api_is_allowed_to_edit() || api_is_platform_admin())
+					{			
+					  $force_download_html = ($size == 0) ? '' : '<a href="'.$forcedownload_link.'" style="float:right"'.$prevent_multiple_click.'>'.Display::return_icon($forcedownload_icon, get_lang('Download'), array('height'=>'16', 'width' => '16')).'</a>';
+					}
+				}
+				elseif(!preg_match('/shared_folder/', urldecode($forcedownload_link)) || api_is_allowed_to_edit() || api_is_platform_admin())
+				{
+					$force_download_html = ($size == 0) ? '' : '<a href="'.$forcedownload_link.'" style="float:right"'.$prevent_multiple_click.'>'.Display::return_icon($forcedownload_icon, get_lang('Download'), array('height'=>'16', 'width' => '16')).'</a>';
+				}
 			}
 		} else {
 			$force_download_html = ($size==0)?'':'<a href="'.$forcedownload_link.'" style="float:right"'.$prevent_multiple_click.'>'.Display::return_icon($forcedownload_icon, get_lang('Download'), array('height'=>'16', 'width' => '16')).'</a>';
@ -468,10 +481,27 @@ function create_dir_form() {
 	return $new_folder_text;
 }

+
+/**
+ * Checks whether the user is in shared folder
+ * @return return bool Return true when user is in shared folder
+ */
+function is_shared_folder($curdirpath) {
+	return Security::remove_XSS($curdirpath) == '/shared_folder';
+}
+
+/**
+ * Checks whether the user is in any user shared folder
+ * @return return bool Return true when user is in any user shared folder
+ */
+function is_any_user_shared_folder($path) {
+	return preg_match('/shared_folder\/sf_user_/', Security::remove_XSS($path));	
+}	
+
 /**
 * Checks whether the user is in his/her shared folder
- * @return return bool Return true when user is in his shared folder
+ * @return return bool Return true when user is in his user shared folder
 */
 function is_my_shared_folder($user_id, $path) {
 	return Security::remove_XSS($path) == '/shared_folder/sf_user_'.$user_id;
-}
+}
--- a/main/document/document.php
+++ b/main/document/document.php
@ -275,9 +275,24 @@ if (isset($_GET['action']) && $_GET['action'] == 'download') {
 	exit;
 }

-// Download of an completed folder
-if (isset($_GET['action']) && $_GET['action'] == 'downloadfolder' && (api_get_setting('students_download_folders') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin())) {
-	require 'downloadfolder.inc.php';
+
+// Download a folder
+if (isset($_GET['action']) && $_GET['action'] == 'downloadfolder' && $curdirpath!='/' && (api_get_setting('students_download_folders') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin())) {
+	
+	//filter when I am into shared folder, I can donwload only my shared folder
+	
+	if(is_any_user_shared_folder($_GET['path']))
+	{
+		if(is_my_shared_folder($_user['user_id'], $_GET['path']) || api_is_allowed_to_edit() || api_is_platform_admin())
+		{
+		  require 'downloadfolder.inc.php';
+		}
+	}
+	else
+	{
+		require 'downloadfolder.inc.php';
+	}
+	
 }

 // Slideshow inititalisation
@ -772,13 +787,16 @@ if ($is_allowed_to_edit || $group_member_with_upload_rights || is_my_shared_fold

 if (!is_null($docs_and_folders)) {

-	// Download zipped folder
+	// Show download zipped folder icon
 	global $total_size;
 	if (!$is_certificate_mode && $total_size != 0 && (api_get_setting('students_download_folders') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin())) {
-?>
-	<a href="<?php echo api_get_self(); ?>?<?php echo api_get_cidreq(); ?>&action=downloadfolder&path=<?php echo $curdirpathurl; ?>">
-		<?php Display::display_icon('zip_save.gif', get_lang('Save').' (ZIP)'); echo get_lang('Save').' (ZIP)'; ?></a>&nbsp;
-<?php
+		
+		//don't show icon into shared folder, and don´t show into main path (root)
+		if (!is_shared_folder($curdirpath) && $curdirpath!='/' || api_is_allowed_to_edit() || api_is_platform_admin())
+		{
+	    	echo '<a href="'.api_get_self().'?'.api_get_cidreq().'&action=downloadfolder&path='.$curdirpathurl.'">'.Display::display_icon('zip_save.gif', get_lang('Save').' (ZIP)'). get_lang('Save').' (ZIP)</a>&nbsp';
+		}
+
 	}
 }