Skip to content

Commit

Permalink
Image element should not output a broken thumbnail if not shared. fixes
Browse files Browse the repository at this point in the history 
xibosignage/xibo#3291

Module images shouldn't be accessible to all (fixed a pending TODO).
  • Loading branch information
@dasgarner
dasgarner committed Jan 23, 2024
1 parent 730a41b commit f037240
Show file tree
Hide file tree
Showing 5 changed files with 53 additions and 22 deletions.
16 changes: 10 additions & 6 deletions lib/Controller/Layout.php
View file
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -2599,11 +2599,15 @@ public function downloadBackground(Request $request, Response $response, $id)
$this->getConfig()->getSetting('SENDFILE_MODE')
);
$downloader->useLogger($this->getLog()->getLoggerInterface());
$response = $downloader->imagePreview($this->getSanitizer([
'width' => $layout->width,
'height' => $layout->height,
'proportional' => 0
]), $media->storedAs, $response);
$response = $downloader->imagePreview(
$this->getSanitizer([
'width' => $layout->width,
'height' => $layout->height,
'proportional' => 0,
]),
$media->storedAs,
$response,
);

$this->setNoOutput(true);
return $this->render($request, $response);
Expand Down
34 changes: 22 additions & 12 deletions lib/Controller/Library.php
View file
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -1585,23 +1585,19 @@ public function getLibraryCacheUri()
*/
public function download(Request $request, Response $response, $id)
{
$this->setNoOutput();

// We can download by mediaId or by mediaName.
if (is_numeric($id)) {
$media = $this->mediaFactory->getById($id);
} else {
$media = $this->mediaFactory->getByName($id);
}

$this->getLog()->debug('Download request for mediaId ' . $id
$this->getLog()->debug('download: Download request for mediaId ' . $id
. '. Media is a ' . $media->mediaType . ', is system file:' . $media->moduleSystemFile);

// TODO: Permissions check
// decide how we grant permissions to module files.
if ($media->mediaType !== 'module' && !$this->getUser()->checkViewable($media)) {
throw new AccessDeniedException();
}

// Make a module
// Create the appropriate module
if ($media->mediaType === 'module') {
$module = $this->moduleFactory->getByType('image');
} else {
Expand All @@ -1622,29 +1618,43 @@ public function download(Request $request, Response $response, $id)

$params = $this->getSanitizer($request->getParams());
if ($params->getCheckbox('preview') == 1) {
$this->getLog()->debug('download: preview mode, seeing if we can output an image/video');

// Output a 1px image if we're not allowed to see the media.
if (!$this->getUser()->checkViewable($media)) {
echo Img::make($this->getConfig()->uri('img/1x1.png', true))->encode();
return $this->render($request, $response);
}

// Various different behaviours for the different types of file.
if ($module->type === 'image') {
$response = $downloader->imagePreview(
$params,
$media->storedAs,
$response,
$this->getConfig()->uri('img/error.png', true)
$this->getUser()->checkViewable($media),
);
} else if ($module->type === 'video') {
$response = $downloader->imagePreview(
$params,
$media->mediaId . '_videocover.png',
$response,
$this->getConfig()->uri('img/1x1.png', true)
$this->getUser()->checkViewable($media),
);
} else {
$response = $downloader->download($media, $response, $media->getMimeType());
}
} else {
$this->getLog()->debug('download: not preview mode, expect a full download');

// We are not a preview, and therefore we ought to check sharing before we download
if (!$this->getUser()->checkViewable($media)) {
throw new AccessDeniedException();
}

$response = $downloader->download($media, $response, null, $params->getString('attachment'));
}

$this->setNoOutput(true);
return $this->render($request, $response);
}

Expand Down
16 changes: 16 additions & 0 deletions lib/Controller/Widget.php
View file
Expand Up @@ -1212,6 +1212,22 @@ public function getData(Request $request, Response $response, $regionId, $id)
$this->getLog()->debug('getData: Returning cache');
}

// Add permissions needed to see linked media
$media = $widgetDataProviderCache->getCachedMediaIds();
$this->getLog()->debug('getData: linking ' . count($media) . ' images');

foreach ($media as $mediaId) {
// We link these module images to the user.
foreach ($this->permissionFactory->getAllByObjectId(
$this->getUser(),
'Xibo\Entity\Media',
$mediaId,
) as $permission) {
$permission->view = 1;
$permission->save();
}
}

// Decorate for output.
$data = $widgetDataProviderCache->decorateForPreview(
$dataProvider->getData(),
Expand Down
4 changes: 2 additions & 2 deletions lib/Widget/Provider/DataProvider.php
View file
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -364,7 +364,7 @@ public function getImages(): array
}

/**
* @return \Xibo\Entity\Media[]
* @return int[]
*/
public function getImageIds(): array
{
Expand Down
5 changes: 3 additions & 2 deletions ui/src/layout-editor/viewer.js
View file
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -1884,7 +1884,8 @@ Viewer.prototype.renderElementContent = function(
hbsHtml.match(mediaURLRegex)?.forEach((match) => {
const mediaId = match.split('[[mediaId=')[1].split(']]')[0];
const mediaUrl =
urlsForApi.library.download.url.replace(':id', mediaId);
urlsForApi.library.download.url.replace(':id', mediaId) +
'?preview=1';

// Replace asset id with asset url
hbsHtml = hbsHtml.replace(match, mediaUrl);
Expand Down

0 comments on commit f037240

Please sign in to comment.