Limit album/tag downloading on a user basis.

This removes the limit of downloading albums only; tags are fine, too.

Now using UserFacingException for certain exceptions, as these are
displayed to the user.

Removing the inheritance of HTMLController, as we intend to output binary
data only.
This commit is contained in:
Aaron van Geffen 2020-03-01 17:00:18 +01:00
parent 17859b70e9
commit 354e54a0af

View File

@ -6,7 +6,7 @@
* Kabuki CMS (C) 2013-2019, Aaron van Geffen
*****************************************************************************/
class Download extends HTMLController
class Download
{
public function __construct()
{
@ -15,38 +15,18 @@ class Download extends HTMLController
if (!$user->isLoggedIn())
throw new NotAllowedException();
if(!isset($_GET['tag']))
throw new UnexpectedValueException('Must specify an album to download');
if (!isset($_GET['tag']))
throw new UserFacingException('No album or tag has been specified for download.');
$tag = (int)$_GET['tag'];
$album = Tag::fromId($tag);
if($album->kind !== 'Album')
throw new UnexpectedValueException('Specified tag does not correspond to an album');
if (isset($_SESSION['current_export']))
throw new UserFacingException('An export of "' . $tag->tag . '" is ongoing. Please try again later.');
//Yes TOCTOU but it does not need to be perfect.
$lock_file = join('/', [sys_get_temp_dir(), 'pics-export.lock']);
if(!file_exists($lock_file))
{
try
{
$fp = fopen($lock_file, 'x');
if(!$fp)
throw new UnexpectedValueException('Could not open lock-file');
$this->exportAlbum($album);
}
finally
{
fclose($fp);
unlink($lock_file);
}
}
else
throw new UnexpectedValueException('Another export is busy, please try again later');
exit();
// So far so good?
$this->exportAlbum($album);
exit;
}
private function exportAlbum($album)