diff --git a/data/config.ini b/data/config.ini
index 842193ea..b2c198f0 100644
--- a/data/config.ini
+++ b/data/config.ini
@@ -4,8 +4,8 @@ dbLocation = "./data/db.sqlite"
dbUser = "test"
dbPass = "test"
cachePath = "./cache/"
-filesPath = "./data/files/"
logsPath = "./data/logs/{yyyy}-{mm}.log"
+filesPath = "./public_html/files/"
mediaPath = "./public_html/media/"
thumbnailsPath = "./public_html/thumbs/"
avatarsPath = "./public_html/avatars/"
@@ -104,17 +104,6 @@ viewPost.sketchy=registered
viewPost.unsafe=registered
viewPost.hidden=moderator
-;privilege to download post file, e.g. example.com/8ca21cb48aaf6ba5d361e6bebebc8cfe/retrieve
-;note that the hash cannot be guessed with basic url manipulation. giving
-;anonymous access in this case is reasonable - it allows privileged users to
-;share permalinks with unprivileged folks, also it allows to properly feature
-;posts otherwise unavailable to unregistered people.
-downloadPost=anonymous
-downloadPost.safe=anonymous
-downloadPost.sketchy=anonymous
-downloadPost.unsafe=anonymous
-downloadPost.hidden=moderator
-
retrievePost=anonymous
favoritePost=registered
diff --git a/public_html/.htaccess b/public_html/.htaccess
index 11d570cf..f1e2f7c3 100644
--- a/public_html/.htaccess
+++ b/public_html/.htaccess
@@ -10,6 +10,10 @@ RewriteCond %{DOCUMENT_ROOT}/thumbs/$1.thumb -f
RewriteRule ^/?post/(.*)/thumb/?$ /thumbs/$1.thumb
RewriteRule ^/?thumbs/(.*).thumb - [L,T=image/jpeg]
+RewriteCond %{DOCUMENT_ROOT}/files/$1 -f
+RewriteRule ^/?post/(.*)/retrieve/?$ /files/$1
+RewriteRule ^/?files/(.*) - [L]
+
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /dispatch.php
diff --git a/data/files/.gitignore b/public_html/files/.gitignore
similarity index 100%
rename from data/files/.gitignore
rename to public_html/files/.gitignore
diff --git a/src/Api/Jobs/PostJobs/GetPostContentJob.php b/src/Api/Jobs/PostJobs/GetPostContentJob.php
index e75bfaca..47ec14cb 100644
--- a/src/Api/Jobs/PostJobs/GetPostContentJob.php
+++ b/src/Api/Jobs/PostJobs/GetPostContentJob.php
@@ -36,20 +36,12 @@ class GetPostContentJob extends AbstractJob
public function getRequiredMainPrivilege()
{
- return Privilege::DownloadPost;
+ return null;
}
public function getRequiredSubPrivileges()
{
- $post = $this->postRetriever->retrieve();
- $privileges = [];
-
- if ($post->isHidden())
- $privileges []= 'hidden';
-
- $privileges []= $post->getSafety()->toString();
-
- return $privileges;
+ return null;
}
public function isAuthenticationRequired()
diff --git a/src/Controllers/PostController.php b/src/Controllers/PostController.php
index 255b2a86..3c8568b9 100644
--- a/src/Controllers/PostController.php
+++ b/src/Controllers/PostController.php
@@ -320,6 +320,7 @@ class PostController extends AbstractController
public function fileView($name)
{
+ die;
$ret = Api::run(new GetPostContentJob(), [JobArgs::ARG_POST_NAME => $name]);
$options = new FileRendererOptions();
diff --git a/src/Enums/Privilege.php b/src/Enums/Privilege.php
index 7a7efd99..4ed2c405 100644
--- a/src/Enums/Privilege.php
+++ b/src/Enums/Privilege.php
@@ -3,7 +3,6 @@ class Privilege extends AbstractEnum implements IEnum
{
const ListPosts = 'listPosts';
const ViewPost = 'viewPost';
- const DownloadPost = 'downloadPost';
const RetrievePost = 'retrievePost';
const FavoritePost = 'favoritePost';
const HidePost = 'hidePost';
diff --git a/src/Models/Entities/PostEntity.php b/src/Models/Entities/PostEntity.php
index 96451c39..d5d5b6e4 100644
--- a/src/Models/Entities/PostEntity.php
+++ b/src/Models/Entities/PostEntity.php
@@ -360,6 +360,11 @@ final class PostEntity extends AbstractEntity implements IValidatable, ISerializ
}
+ public function getContentUrl()
+ {
+ return Core::getRouter()->linkTo(['PostController', 'fileView'], ['name' => $this->getName()]);
+ }
+
public function getThumbnailUrl()
{
return Core::getRouter()->linkTo(['PostController', 'thumbnailView'], ['name' => $this->getName()]);
diff --git a/src/Router.php b/src/Router.php
index 9f645802..d1d382ba 100644
--- a/src/Router.php
+++ b/src/Router.php
@@ -63,9 +63,9 @@ class Router extends \Chibi\Routing\Router
$this->get('/{source}/{query}/{additionalInfo}/{page}', ['PostController', 'listView'], $postValidation);
$this->post('/{source}-redirect', ['PostController', 'listRedirectAction'], $postValidation);
- $this->get('/post/{name}/retrieve', ['PostController', 'fileView'], $postValidation);
$this->get('/post/{identifier}', ['PostController', 'genericView'], $postValidation);
$this->get('/post/{identifier}/search={query}', ['PostController', 'genericView'], $postValidation);
+ $this->get('/post/{name}/retrieve', ['PostController', 'fileView'], $postValidation);
$this->get('/post/{name}/thumb', ['PostController', 'thumbnailView'], $postValidation);
$this->any('/post/{identifier}/toggle-tag/{tag}/{enable}', ['PostController', 'toggleTagAction'], $postValidation);
diff --git a/src/Views/post/post-file-render.phtml b/src/Views/post/post-file-render.phtml
index 660f0d89..c5315781 100644
--- a/src/Views/post/post-file-render.phtml
+++ b/src/Views/post/post-file-render.phtml
@@ -1,16 +1,11 @@
assets->setPageThumbnail(Core::getRouter()->linkTo(
- ['PostController', 'thumbnailView'],
- ['name' => $this->context->transport->post->getName()]));
$post = $this->context->transport->post;
+$this->assets->setPageThumbnail($post->getThumbnailUrl());
?>
getType()->toInteger() == PostType::Image): ?>
- ->linkTo(
- ['PostController', 'fileView'],
- ['name' => $post->getName()]) ?>)
+  ?>)
getType()->toInteger() == PostType::Flash): ?>
@@ -18,14 +13,10 @@ $post = $this->context->transport->post;
type="getMimeType() ?>"
width="getImageWidth() ?>"
height="getImageHeight() ?>"
- data="linkTo(
- ['PostController', 'fileView'],
- ['name' => $post->getName()]) ?>">
+ data="getContentUrl() ?>">
-
+
@@ -39,9 +30,7 @@ $post = $this->context->transport->post;
diff --git a/src/Views/post/post-view.phtml b/src/Views/post/post-view.phtml
index 13902d03..2f738561 100644
--- a/src/Views/post/post-view.phtml
+++ b/src/Views/post/post-view.phtml
@@ -199,9 +199,7 @@ $canEditAnything = count(array_filter($editPostPrivileges)) > 0;
getType()->toInteger() != PostType::Youtube): ?>
-
+
setArgument(JobArgs::ARG_POST_ID, $post->getId());
$job->setArgument(JobArgs::ARG_POST_NAME, $post->getName());
$job->prepare();
- $this->assert->areEqual(Privilege::DownloadPost, $job->getRequiredMainPrivilege());
- $sub = $job->getRequiredSubPrivileges();
- natcasesort($sub);
- $this->assert->areEquivalent(['hidden', 'safe'], $sub);
+ $this->assert->isNull($job->getRequiredMainPrivilege());
+ $this->assert->isNull($job->getRequiredSubPrivileges());
}
public function testDynamicPostThumbnailPrivileges()
@@ -131,6 +129,7 @@ class ApiPrivilegeTest extends AbstractFullApiTest
$job = new GetPostThumbnailJob();
$this->testedJobs []= $job;
$this->assert->isNull($job->getRequiredMainPrivilege());
+ $this->assert->isNull($job->getRequiredSubPrivileges());
}
public function testDynamicUserPrivileges()
diff --git a/tests/Tests/JobTests/GetPostContentJobTest.php b/tests/Tests/JobTests/GetPostContentJobTest.php
index eefdb6e6..f891b2a2 100644
--- a/tests/Tests/JobTests/GetPostContentJobTest.php
+++ b/tests/Tests/JobTests/GetPostContentJobTest.php
@@ -3,7 +3,6 @@ class GetPostContentJobTest extends AbstractTest
{
public function testPostRetrieval()
{
- $this->grantAccess('downloadPost');
$post = $this->postMocker->mockSingle();
$output = $this->assert->doesNotThrow(function() use ($post)
@@ -24,8 +23,6 @@ class GetPostContentJobTest extends AbstractTest
public function testIdFail()
{
- $this->grantAccess('downloadPost');
-
$this->assert->throws(function()
{
Api::run(
@@ -38,8 +35,6 @@ class GetPostContentJobTest extends AbstractTest
public function testInvalidName()
{
- $this->grantAccess('downloadPost');
-
$this->assert->throws(function()
{
Api::run(