/download ask for credentials if visitor close #385

+ add download button in home view when possible.
vincent-peugnet · Jan 19, 2024 · 2e8e73f · 2e8e73f
1 parent 0d66967
commit 2e8e73f
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 26 deletions.
diff --git a/app/class/Controllerpage.php b/app/class/Controllerpage.php
@@ -63,6 +63,7 @@ public function importpage(): bool
     public function pageconnect(string $route)
     {
         if ($this->user->isvisitor()) {
+            http_response_code(401);
             $this->showtemplate('connect', ['route' => $route, 'id' => $this->page->id()]);
             exit;
         }
@@ -302,23 +303,31 @@ public function download($page)
     {
         $this->setpage($page, 'pagedownload');
 
-        if ($this->importpage() && $this->canedit($this->page)) {
-            $file = Model::PAGES_DIR . Config::pagetable() . DIRECTORY_SEPARATOR . $page . '.json';
-
-            if (file_exists($file)) {
-                header('Content-Description: File Transfer');
-                header('Content-Type: application/json; charset=utf-8');
-                header('Content-Disposition: attachment; filename="' . basename($file) . '"');
-                header('Expires: 0');
-                header('Cache-Control: must-revalidate');
-                header('Pragma: public');
-                header('Content-Length: ' . filesize($file));
-                readfile($file);
-                exit;
-            }
-        } else {
+        if (!$this->importpage()) {
             $this->routedirect('pageread', ['page' => $page]);
         }
+
+        $this->pageconnect('pagedownload');
+
+        if (!$this->canedit($this->page)) {
+            http_response_code(403);
+            $this->showtemplate('forbidden', ['id' => $this->page->id(), 'route' => 'pagedownload']);
+            exit;
+        }
+
+        $file = Model::PAGES_DIR . Config::pagetable() . DIRECTORY_SEPARATOR . $page . '.json';
+
+        if (file_exists($file)) {
+            header('Content-Description: File Transfer');
+            header('Content-Type: application/json; charset=utf-8');
+            header('Content-Disposition: attachment; filename="' . basename($file) . '"');
+            header('Expires: 0');
+            header('Cache-Control: must-revalidate');
+            header('Pragma: public');
+            header('Content-Length: ' . filesize($file));
+            readfile($file);
+            exit;
+        }
     }
 
     /**

diff --git a/app/view/templates/forbidden.php b/app/view/templates/forbidden.php
@@ -11,17 +11,17 @@
 <h1>Forbidden</h1>
 
 <span>
-<?= $user->level() ?>
+<?= $this->e($user->level()) ?>
 </span>
 
 <?php if($user->isinvite()) { ?>
     <p>
-        Sorry <?= $user->name() ?>, you are not allowed to do this.
+        Sorry <?= $this->e($user->name()) ?>, you are not allowed to do this.
     </p>
 <?php } ?>
 
 <?php
-if(in_array($route, ['pageedit', 'pageread', 'pageadd'])) {
+if(in_array($route, ['pageedit', 'pageread', 'pageadd', 'pagedownload'])) {
     echo '<p><a href="' . $this->upage('pageread', $id) . '">back to page read view</a></p>';
 } else {
     echo '<p><a href="' . $this->url('home') . '">Go back to home</a>';

diff --git a/app/view/templates/home.php b/app/view/templates/home.php
@@ -161,16 +161,13 @@
                             <th class="edit"></th>
                             <th class="read"></th>
                             <th class="delete" title="delete page"></th>
-                            <?php if ($user->issupereditor()) { ?>
                             <th class="download" title="download page as json"></th>
-                            <?php }
-                                if ($columns['tag']) { ?>
+                            <?php if ($columns['tag']) { ?>
                             <th class="tag">
                                 <a href="<?= $opt->sortbyorder('tag') ?>">tag</a>
                                 <?= $this->insert('macro_tablesort', ['opt' => $opt, 'th' => 'tag']) ?>
                             </th>
-                            <?php }
-                                if ($columns['title']) { ?>
+                            <?php } if ($columns['title']) { ?>
                             <th class="title">
                                 <a href="<?= $opt->sortbyorder('title') ?>">title</a>
                                 <?= $this->insert('macro_tablesort', ['opt' => $opt, 'th' => 'title']) ?>
@@ -296,14 +293,14 @@
                                     </a>
                                 <?php } ?>
                             </td>
-                            <?php if ($user->issupereditor()) { ?>
                             <td class="download">
+                                <?php if ($this->caneditpage($item)) { ?>
                                 <a href="<?= $this->upage('pagedownload', $item->id()) ?>" download>
                                     <i class="fa fa-download"></i>
                                 </a>
+                                <?php } ?>
                             </td>
-                            <?php }
-                                    if ($columns['tag']) { ?>
+                            <?php if ($columns['tag']) { ?>
                             <td class="tag"><?= $opt->taglinks($item->tag('array')) ?></td>
                             <?php }
                                     if ($columns['title']) { ?>