Skip to content

Commit

Permalink
Misc fixes related to sharing in 4.0 (#2325)
Browse files Browse the repository at this point in the history 
* Image element should not output a broken thumbnail if not shared. fixes xibosignage/xibo#3291
* Module images shouldn't be accessible to all (fixed a pending TODO).
* Region sharing should automatically share its region playlist xibosignage/xibo#3290
  • Loading branch information
@dasgarner
dasgarner committed Jan 24, 2024
1 parent 730a41b commit 134ea3a
Show file tree
Hide file tree
Showing 6 changed files with 68 additions and 24 deletions.
16 changes: 10 additions & 6 deletions lib/Controller/Layout.php
View file
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -2599,11 +2599,15 @@ public function downloadBackground(Request $request, Response $response, $id)
$this->getConfig()->getSetting('SENDFILE_MODE')
);
$downloader->useLogger($this->getLog()->getLoggerInterface());
$response = $downloader->imagePreview($this->getSanitizer([
'width' => $layout->width,
'height' => $layout->height,
'proportional' => 0
]), $media->storedAs, $response);
$response = $downloader->imagePreview(
$this->getSanitizer([
'width' => $layout->width,
'height' => $layout->height,
'proportional' => 0,
]),
$media->storedAs,
$response,
);

$this->setNoOutput(true);
return $this->render($request, $response);
Expand Down
34 changes: 22 additions & 12 deletions lib/Controller/Library.php
View file
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -1585,23 +1585,19 @@ public function getLibraryCacheUri()
*/
public function download(Request $request, Response $response, $id)
{
$this->setNoOutput();

// We can download by mediaId or by mediaName.
if (is_numeric($id)) {
$media = $this->mediaFactory->getById($id);
} else {
$media = $this->mediaFactory->getByName($id);
}

$this->getLog()->debug('Download request for mediaId ' . $id
$this->getLog()->debug('download: Download request for mediaId ' . $id
. '. Media is a ' . $media->mediaType . ', is system file:' . $media->moduleSystemFile);

// TODO: Permissions check
// decide how we grant permissions to module files.
if ($media->mediaType !== 'module' && !$this->getUser()->checkViewable($media)) {
throw new AccessDeniedException();
}

// Make a module
// Create the appropriate module
if ($media->mediaType === 'module') {
$module = $this->moduleFactory->getByType('image');
} else {
Expand All @@ -1622,29 +1618,43 @@ public function download(Request $request, Response $response, $id)

$params = $this->getSanitizer($request->getParams());
if ($params->getCheckbox('preview') == 1) {
$this->getLog()->debug('download: preview mode, seeing if we can output an image/video');

// Output a 1px image if we're not allowed to see the media.
if (!$this->getUser()->checkViewable($media)) {
echo Img::make($this->getConfig()->uri('img/1x1.png', true))->encode();
return $this->render($request, $response);
}

// Various different behaviours for the different types of file.
if ($module->type === 'image') {
$response = $downloader->imagePreview(
$params,
$media->storedAs,
$response,
$this->getConfig()->uri('img/error.png', true)
$this->getUser()->checkViewable($media),
);
} else if ($module->type === 'video') {
$response = $downloader->imagePreview(
$params,
$media->mediaId . '_videocover.png',
$response,
$this->getConfig()->uri('img/1x1.png', true)
$this->getUser()->checkViewable($media),
);
} else {
$response = $downloader->download($media, $response, $media->getMimeType());
}
} else {
$this->getLog()->debug('download: not preview mode, expect a full download');

// We are not a preview, and therefore we ought to check sharing before we download
if (!$this->getUser()->checkViewable($media)) {
throw new AccessDeniedException();
}

$response = $downloader->download($media, $response, null, $params->getString('attachment'));
}

$this->setNoOutput(true);
return $this->render($request, $response);
}

Expand Down
17 changes: 15 additions & 2 deletions lib/Controller/User.php
View file
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -1908,13 +1908,26 @@ public function permissions(Request $request, Response $response, $entity, $id)
if ($object->permissionsClass() == 'Xibo\Entity\Campaign') {
$this->getLog()->debug('Changing owner on child Layout');

$this->getDispatcher()->dispatch(LayoutOwnerChangeEvent::$NAME, new LayoutOwnerChangeEvent($object->getId(), $ownerId));
$this->getDispatcher()->dispatch(
new LayoutOwnerChangeEvent($object->getId(), $ownerId),
LayoutOwnerChangeEvent::$NAME,
);
}
}

if ($object->permissionsClass() === 'Xibo\Entity\Folder') {
/** @var $object \Xibo\Entity\Folder */
$object->managePermissions();
} else if ($object->permissionsClass() === 'Xibo\Entity\Region') {
/** @var $object \Xibo\Entity\Region */
// The regions own playlist should always have the same permissions.
$permissions = $this->permissionFactory->getAllByObjectId(
$this->getUser(),
'Xibo\Entity\Playlist',
$object->getPlaylist()->playlistId
);

$this->updatePermissions($permissions, $groupIds);
}

// Return
Expand Down
16 changes: 16 additions & 0 deletions lib/Controller/Widget.php
View file
Expand Up @@ -1212,6 +1212,22 @@ public function getData(Request $request, Response $response, $regionId, $id)
$this->getLog()->debug('getData: Returning cache');
}

// Add permissions needed to see linked media
$media = $widgetDataProviderCache->getCachedMediaIds();
$this->getLog()->debug('getData: linking ' . count($media) . ' images');

foreach ($media as $mediaId) {
// We link these module images to the user.
foreach ($this->permissionFactory->getAllByObjectId(
$this->getUser(),
'Xibo\Entity\Media',
$mediaId,
) as $permission) {
$permission->view = 1;
$permission->save();
}
}

// Decorate for output.
$data = $widgetDataProviderCache->decorateForPreview(
$dataProvider->getData(),
Expand Down
4 changes: 2 additions & 2 deletions lib/Widget/Provider/DataProvider.php
View file
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -364,7 +364,7 @@ public function getImages(): array
}

/**
* @return \Xibo\Entity\Media[]
* @return int[]
*/
public function getImageIds(): array
{
Expand Down
5 changes: 3 additions & 2 deletions ui/src/layout-editor/viewer.js
View file
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2023 Xibo Signage Ltd
* Copyright (C) 2024 Xibo Signage Ltd
*
* Xibo - Digital Signage - https://xibosignage.com
*
Expand Down Expand Up @@ -1884,7 +1884,8 @@ Viewer.prototype.renderElementContent = function(
hbsHtml.match(mediaURLRegex)?.forEach((match) => {
const mediaId = match.split('[[mediaId=')[1].split(']]')[0];
const mediaUrl =
urlsForApi.library.download.url.replace(':id', mediaId);
urlsForApi.library.download.url.replace(':id', mediaId) +
'?preview=1';

// Replace asset id with asset url
hbsHtml = hbsHtml.replace(match, mediaUrl);
Expand Down

0 comments on commit 134ea3a

Please sign in to comment.