vendor/pimcore/pimcore/bundles/AdminBundle/Controller/Admin/Asset/AssetController.php line 1278

Open in your IDE?
  1. <?php
  3. /**
  4. * Pimcore
  5. *
  6. * This source file is available under two different licenses:
  7. * - GNU General Public License version 3 (GPLv3)
  8. * - Pimcore Commercial License (PCL)
  9. * Full copyright and license information is available in
  10. * LICENSE.md which is distributed with this source code.
  11. *
  12. * @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13. * @license http://www.pimcore.org/license GPLv3 and PCL
  14. */
  16. namespace Pimcore\Bundle\AdminBundle\Controller\Admin\Asset;
  18. use Pimcore\Bundle\AdminBundle\Controller\Admin\ElementControllerBase;
  19. use Pimcore\Bundle\AdminBundle\Controller\Traits\AdminStyleTrait;
  20. use Pimcore\Bundle\AdminBundle\Controller\Traits\ApplySchedulerDataTrait;
  21. use Pimcore\Bundle\AdminBundle\Helper\GridHelperService;
  22. use Pimcore\Bundle\AdminBundle\Security\CsrfProtectionHandler;
  23. use Pimcore\Config;
  24. use Pimcore\Controller\KernelControllerEventInterface;
  25. use Pimcore\Controller\Traits\ElementEditLockHelperTrait;
  26. use Pimcore\Event\Admin\ElementAdminStyleEvent;
  27. use Pimcore\Event\AdminEvents;
  28. use Pimcore\Event\AssetEvents;
  29. use Pimcore\File;
  30. use Pimcore\Loader\ImplementationLoader\Exception\UnsupportedException;
  31. use Pimcore\Logger;
  32. use Pimcore\Model;
  33. use Pimcore\Model\Asset;
  34. use Pimcore\Model\Element;
  35. use Pimcore\Model\Metadata;
  36. use Pimcore\Model\Schedule\Task;
  37. use Pimcore\Tool;
  38. use Symfony\Component\EventDispatcher\GenericEvent;
  39. use Symfony\Component\HttpFoundation\BinaryFileResponse;
  40. use Symfony\Component\HttpFoundation\JsonResponse;
  41. use Symfony\Component\HttpFoundation\Request;
  42. use Symfony\Component\HttpFoundation\Response;
  43. use Symfony\Component\HttpFoundation\ResponseHeaderBag;
  44. use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBagInterface;
  45. use Symfony\Component\HttpFoundation\StreamedResponse;
  46. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  47. use Symfony\Component\Mime\MimeTypes;
  48. use Symfony\Component\Process\Process;
  49. use Symfony\Component\Routing\Annotation\Route;
  50. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  52. /**
  53. * @Route("/asset")
  54. *
  55. * @internal
  56. */
  57. class AssetController extends ElementControllerBase implements KernelControllerEventInterface
  58. {
  59. use AdminStyleTrait;
  60. use ElementEditLockHelperTrait;
  61. use ApplySchedulerDataTrait;
  63. /**
  64. * @var Asset\Service
  65. */
  66. protected $_assetService;
  68. /**
  69. * @Route("/tree-get-root", name="pimcore_admin_asset_treegetroot", methods={"GET"})
  70. *
  71. * @param Request $request
  72. *
  73. * @return JsonResponse
  74. */
  75. public function treeGetRootAction(Request $request)
  76. {
  77. return parent::treeGetRootAction($request);
  78. }
  80. /**
  81. * @Route("/delete-info", name="pimcore_admin_asset_deleteinfo", methods={"GET"})
  82. *
  83. * @param Request $request
  84. * @param EventDispatcherInterface $eventDispatcher
  85. *
  86. * @return JsonResponse
  87. */
  88. public function deleteInfoAction(Request $request, EventDispatcherInterface $eventDispatcher)
  89. {
  90. return parent::deleteInfoAction($request, $eventDispatcher);
  91. }
  93. /**
  94. * @Route("/get-data-by-id", name="pimcore_admin_asset_getdatabyid", methods={"GET"})
  95. *
  96. * @param Request $request
  97. *
  98. * @return JsonResponse
  99. */
  100. public function getDataByIdAction(Request $request, EventDispatcherInterface $eventDispatcher)
  101. {
  102. $asset = Asset::getById((int)$request->get('id'));
  103. if (!$asset instanceof Asset) {
  104. return $this->adminJson(['success' => false, 'message' => "asset doesn't exist"]);
  105. }
  107. // check for lock
  108. if ($asset->isAllowed('publish') || $asset->isAllowed('delete')) {
  109. if (Element\Editlock::isLocked($request->get('id'), 'asset')) {
  110. return $this->getEditLockResponse($request->get('id'), 'asset');
  111. }
  113. Element\Editlock::lock($request->get('id'), 'asset');
  114. }
  116. $asset = clone $asset;
  117. $asset->setLocked($asset->isLocked());
  118. $asset->setParent(null);
  120. $asset->setStream(null);
  121. $data = $asset->getObjectVars();
  123. if ($asset instanceof Asset\Text) {
  124. if ($asset->getFileSize() < 2000000) {
  125. // it doesn't make sense to show a preview for files bigger than 2MB
  126. $data['data'] = \ForceUTF8\Encoding::toUTF8($asset->getData());
  127. } else {
  128. $data['data'] = false;
  129. }
  130. } elseif ($asset instanceof Asset\Document) {
  131. $data['pdfPreviewAvailable'] = (bool)$this->getDocumentPreviewPdf($asset);
  132. } elseif ($asset instanceof Asset\Video) {
  133. $videoInfo = [];
  135. if (\Pimcore\Video::isAvailable()) {
  136. $config = Asset\Video\Thumbnail\Config::getPreviewConfig();
  137. $thumbnail = $asset->getThumbnail($config, ['mp4']);
  138. if ($thumbnail) {
  139. if ($thumbnail['status'] == 'finished') {
  140. $videoInfo['previewUrl'] = $thumbnail['formats']['mp4'];
  141. $videoInfo['width'] = $asset->getWidth();
  142. $videoInfo['height'] = $asset->getHeight();
  144. $metaData = $asset->getSphericalMetaData();
  145. if (isset($metaData['ProjectionType']) && strtolower($metaData['ProjectionType']) == 'equirectangular') {
  146. $videoInfo['isVrVideo'] = true;
  147. }
  148. }
  149. }
  150. }
  152. $data['videoInfo'] = $videoInfo;
  153. } elseif ($asset instanceof Asset\Image) {
  154. $imageInfo = [];
  156. $previewUrl = $this->generateUrl('pimcore_admin_asset_getimagethumbnail', [
  157. 'id' => $asset->getId(),
  158. 'treepreview' => true,
  159. 'hdpi' => true,
  160. '_dc' => time(),
  161. ]);
  163. if ($asset->isAnimated()) {
  164. $previewUrl = $this->generateUrl('pimcore_admin_asset_getasset', [
  165. 'id' => $asset->getId(),
  166. '_dc' => time(),
  167. ]);
  168. }
  170. $imageInfo['previewUrl'] = $previewUrl;
  172. if ($asset->getWidth() && $asset->getHeight()) {
  173. $imageInfo['dimensions'] = [];
  174. $imageInfo['dimensions']['width'] = $asset->getWidth();
  175. $imageInfo['dimensions']['height'] = $asset->getHeight();
  176. }
  178. $imageInfo['exiftoolAvailable'] = (bool)\Pimcore\Tool\Console::getExecutable('exiftool');
  180. if (!$asset->getEmbeddedMetaData(false)) {
  181. $asset->getEmbeddedMetaData(true, false); // read Exif, IPTC and XPM like in the old days ...
  182. }
  184. $data['imageInfo'] = $imageInfo;
  185. }
  187. $predefinedMetaData = Metadata\Predefined\Listing::getByTargetType('asset', [$asset->getType()]);
  188. $predefinedMetaDataGroups = [];
  189. /** @var Metadata\Predefined $item */
  190. foreach ($predefinedMetaData as $item) {
  191. if ($item->getGroup()) {
  192. $predefinedMetaDataGroups[$item->getGroup()] = true;
  193. }
  194. }
  195. $data['predefinedMetaDataGroups'] = array_keys($predefinedMetaDataGroups);
  196. $data['properties'] = Element\Service::minimizePropertiesForEditmode($asset->getProperties());
  197. $data['metadata'] = Asset\Service::expandMetadataForEditmode($asset->getMetadata());
  198. $data['versionDate'] = $asset->getModificationDate();
  199. $data['filesizeFormatted'] = $asset->getFileSize(true);
  200. $data['filesize'] = $asset->getFileSize();
  201. $data['fileExtension'] = File::getFileExtension($asset->getFilename());
  202. $data['idPath'] = Element\Service::getIdPath($asset);
  203. $data['userPermissions'] = $asset->getUserPermissions();
  204. $frontendPath = $asset->getFrontendFullPath();
  205. $data['url'] = preg_match('/^http(s)?:\\/\\/.+/', $frontendPath) ?
  206. $frontendPath :
  207. $request->getSchemeAndHttpHost() . $frontendPath;
  209. $data['scheduledTasks'] = array_map(
  210. static function (Task $task) {
  211. return $task->getObjectVars();
  212. },
  213. $asset->getScheduledTasks()
  214. );
  216. $this->addAdminStyle($asset, ElementAdminStyleEvent::CONTEXT_EDITOR, $data);
  218. $data['php'] = [
  219. 'classes' => array_merge([get_class($asset)], array_values(class_parents($asset))),
  220. 'interfaces' => array_values(class_implements($asset)),
  221. ];
  223. $event = new GenericEvent($this, [
  224. 'data' => $data,
  225. 'asset' => $asset,
  226. ]);
  227. $eventDispatcher->dispatch($event, AdminEvents::ASSET_GET_PRE_SEND_DATA);
  228. $data = $event->getArgument('data');
  230. if ($asset->isAllowed('view')) {
  231. return $this->adminJson($data);
  232. }
  234. throw $this->createAccessDeniedHttpException();
  235. }
  237. /**
  238. * @Route("/tree-get-childs-by-id", name="pimcore_admin_asset_treegetchildsbyid", methods={"GET"})
  239. *
  240. * @param Request $request
  241. *
  242. * @return JsonResponse
  243. */
  244. public function treeGetChildsByIdAction(Request $request, EventDispatcherInterface $eventDispatcher)
  245. {
  246. $allParams = array_merge($request->request->all(), $request->query->all());
  248. $assets = [];
  249. $cv = false;
  250. $asset = Asset::getById($allParams['node']);
  252. $filter = $request->get('filter');
  253. $limit = (int)$allParams['limit'];
  254. if (!is_null($filter)) {
  255. if (substr($filter, -1) != '*') {
  256. $filter .= '*';
  257. }
  258. $filter = str_replace('*', '%', $filter);
  260. $limit = 100;
  261. $offset = 0;
  262. } elseif (!$allParams['limit']) {
  263. $limit = 100000000;
  264. }
  266. $offset = isset($allParams['start']) ? (int)$allParams['start'] : 0;
  268. $filteredTotalCount = 0;
  270. if ($asset->hasChildren()) {
  271. if ($allParams['view']) {
  272. $cv = \Pimcore\Model\Element\Service::getCustomViewById($allParams['view']);
  273. }
  275. // get assets
  276. $childsList = new Asset\Listing();
  277. $childsList->addConditionParam('parentId = ?', [$asset->getId()]);
  278. $childsList->filterAccessibleByUser($this->getAdminUser());
  280. if (!is_null($filter)) {
  281. $childsList->addConditionParam('CAST(assets.filename AS CHAR CHARACTER SET utf8) COLLATE utf8_general_ci LIKE ?', [$filter]);
  282. }
  284. $childsList->setLimit($limit);
  285. $childsList->setOffset($offset);
  286. $childsList->setOrderKey("FIELD(assets.type, 'folder') DESC, CAST(assets.filename AS CHAR CHARACTER SET utf8) COLLATE utf8_general_ci ASC", false);
  288. \Pimcore\Model\Element\Service::addTreeFilterJoins($cv, $childsList);
  290. $beforeListLoadEvent = new GenericEvent($this, [
  291. 'list' => $childsList,
  292. 'context' => $allParams,
  293. ]);
  294. $eventDispatcher->dispatch($beforeListLoadEvent, AdminEvents::ASSET_LIST_BEFORE_LIST_LOAD);
  295. /** @var Asset\Listing $childsList */
  296. $childsList = $beforeListLoadEvent->getArgument('list');
  298. $childs = $childsList->load();
  300. $filteredTotalCount = $childsList->getTotalCount();
  302. foreach ($childs as $childAsset) {
  303. if ($childAsset->isAllowed('list')) {
  304. $assets[] = $this->getTreeNodeConfig($childAsset);
  305. }
  306. }
  307. }
  309. //Hook for modifying return value - e.g. for changing permissions based on asset data
  310. $event = new GenericEvent($this, [
  311. 'assets' => $assets,
  312. ]);
  313. $eventDispatcher->dispatch($event, AdminEvents::ASSET_TREE_GET_CHILDREN_BY_ID_PRE_SEND_DATA);
  314. $assets = $event->getArgument('assets');
  316. if ($allParams['limit']) {
  317. return $this->adminJson([
  318. 'offset' => $offset,
  319. 'limit' => $limit,
  320. 'total' => $asset->getChildAmount($this->getAdminUser()),
  321. 'overflow' => !is_null($filter) && ($filteredTotalCount > $limit),
  322. 'nodes' => $assets,
  323. 'filter' => $request->get('filter') ? $request->get('filter') : '',
  324. 'inSearch' => (int)$request->get('inSearch'),
  325. ]);
  326. } else {
  327. return $this->adminJson($assets);
  328. }
  329. }
  331. /**
  332. * @Route("/add-asset", name="pimcore_admin_asset_addasset", methods={"POST"})
  333. *
  334. * @param Request $request
  335. * @param Config $config
  336. *
  337. * @return JsonResponse
  338. */
  339. public function addAssetAction(Request $request, Config $config)
  340. {
  341. try {
  342. $res = $this->addAsset($request, $config);
  344. $response = [
  345. 'success' => $res['success'],
  346. ];
  348. if ($res['success']) {
  349. $response['asset'] = [
  350. 'id' => $res['asset']->getId(),
  351. 'path' => $res['asset']->getFullPath(),
  352. 'type' => $res['asset']->getType(),
  353. ];
  354. }
  356. return $this->adminJson($response);
  357. } catch (\Exception $e) {
  358. return $this->adminJson([
  359. 'success' => false,
  360. 'message' => $e->getMessage(),
  361. ]);
  362. }
  363. }
  365. /**
  366. * @Route("/add-asset-compatibility", name="pimcore_admin_asset_addassetcompatibility", methods={"POST"})
  367. *
  368. * @param Request $request
  369. * @param Config $config
  370. *
  371. * @return JsonResponse
  372. */
  373. public function addAssetCompatibilityAction(Request $request, Config $config)
  374. {
  375. try {
  376. // this is a special action for the compatibility mode upload (without flash)
  377. $res = $this->addAsset($request, $config);
  379. $response = $this->adminJson([
  380. 'success' => $res['success'],
  381. 'msg' => $res['success'] ? 'Success' : 'Error',
  382. 'id' => $res['asset'] ? $res['asset']->getId() : null,
  383. 'fullpath' => $res['asset'] ? $res['asset']->getRealFullPath() : null,
  384. 'type' => $res['asset'] ? $res['asset']->getType() : null,
  385. ]);
  386. $response->headers->set('Content-Type', 'text/html');
  388. return $response;
  389. } catch (\Exception $e) {
  390. return $this->adminJson([
  391. 'success' => false,
  392. 'message' => $e->getMessage(),
  393. ]);
  394. }
  395. }
  397. /**
  398. * @param Request $request
  399. * @param Config $config
  400. *
  401. * @return array
  402. *
  403. * @throws \Exception
  404. */
  405. protected function addAsset(Request $request, Config $config)
  406. {
  407. $defaultUploadPath = $config['assets']['default_upload_path'] ?? '/';
  409. if (array_key_exists('Filedata', $_FILES)) {
  410. $filename = $_FILES['Filedata']['name'];
  411. $sourcePath = $_FILES['Filedata']['tmp_name'];
  412. } elseif ($request->get('type') == 'base64') {
  413. $filename = $request->get('filename');
  414. $sourcePath = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/upload-base64' . uniqid() . '.tmp';
  415. $data = preg_replace('@^data:[^,]+;base64,@', '', $request->get('data'));
  416. File::put($sourcePath, base64_decode($data));
  417. } else {
  418. throw new \Exception('The filename of the asset is empty');
  419. }
  421. $parentId = $request->get('parentId');
  422. $parentPath = $request->get('parentPath');
  424. if ($request->get('dir') && $request->get('parentId')) {
  425. // this is for uploading folders with Drag&Drop
  426. // param "dir" contains the relative path of the file
  427. $parent = Asset::getById($request->get('parentId'));
  428. $dir = $request->get('dir');
  429. if (strpos($dir, '..') !== false) {
  430. throw new \Exception('not allowed');
  431. }
  433. $newPath = $parent->getRealFullPath() . '/' . trim($dir, '/ ');
  435. $maxRetries = 5;
  436. $newParent = null;
  437. for ($retries = 0; $retries < $maxRetries; $retries++) {
  438. try {
  439. $newParent = Asset\Service::createFolderByPath($newPath);
  441. break;
  442. } catch (\Exception $e) {
  443. if ($retries < ($maxRetries - 1)) {
  444. $waitTime = rand(100000, 900000); // microseconds
  445. usleep($waitTime); // wait specified time until we restart the transaction
  446. } else {
  447. // if the transaction still fail after $maxRetries retries, we throw out the exception
  448. throw $e;
  449. }
  450. }
  451. }
  452. if ($newParent) {
  453. $parentId = $newParent->getId();
  454. }
  455. } elseif (!$request->get('parentId') && $parentPath) {
  456. $parent = Asset::getByPath($parentPath);
  457. if ($parent instanceof Asset\Folder) {
  458. $parentId = $parent->getId();
  459. }
  460. }
  462. $filename = Element\Service::getValidKey($filename, 'asset');
  463. if (empty($filename)) {
  464. throw new \Exception('The filename of the asset is empty');
  465. }
  467. $context = $request->get('context');
  468. if ($context) {
  469. $context = json_decode($context, true);
  470. $context = $context ? $context : [];
  471. $event = new \Pimcore\Event\Model\Asset\ResolveUploadTargetEvent($parentId, $filename, $context);
  472. \Pimcore::getEventDispatcher()->dispatch($event, AssetEvents::RESOLVE_UPLOAD_TARGET);
  473. $filename = Element\Service::getValidKey($event->getFilename(), 'asset');
  474. $parentId = $event->getParentId();
  475. }
  477. if (!$parentId) {
  478. $parentId = Asset\Service::createFolderByPath($defaultUploadPath)->getId();
  479. }
  481. $parentAsset = Asset::getById((int)$parentId);
  483. // check for duplicate filename
  484. $filename = $this->getSafeFilename($parentAsset->getRealFullPath(), $filename);
  485. $asset = null;
  487. if (!$parentAsset->isAllowed('create')) {
  488. throw $this->createAccessDeniedHttpException(
  489. 'Missing the permission to create new assets in the folder: ' . $parentAsset->getRealFullPath()
  490. );
  491. }
  493. if (is_file($sourcePath) && filesize($sourcePath) < 1) {
  494. throw new \Exception('File is empty!');
  495. } elseif (!is_file($sourcePath)) {
  496. throw new \Exception('Something went wrong, please check upload_max_filesize and post_max_size in your php.ini as well as the write permissions of your temporary directories.');
  497. }
  499. $asset = Asset::create($parentId, [
  500. 'filename' => $filename,
  501. 'sourcePath' => $sourcePath,
  502. 'userOwner' => $this->getAdminUser()->getId(),
  503. 'userModification' => $this->getAdminUser()->getId(),
  504. ]);
  506. @unlink($sourcePath);
  508. return [
  509. 'success' => true,
  510. 'asset' => $asset,
  511. ];
  512. }
  514. /**
  515. * @param string $targetPath
  516. * @param string $filename
  517. *
  518. * @return string
  519. */
  520. protected function getSafeFilename($targetPath, $filename)
  521. {
  522. $pathinfo = pathinfo($filename);
  523. $originalFilename = $pathinfo['filename'];
  524. $originalFileextension = empty($pathinfo['extension']) ? '' : '.' . $pathinfo['extension'];
  525. $count = 1;
  527. if ($targetPath == '/') {
  528. $targetPath = '';
  529. }
  531. while (true) {
  532. if (Asset\Service::pathExists($targetPath . '/' . $filename)) {
  533. $filename = $originalFilename . '_' . $count . $originalFileextension;
  534. $count++;
  535. } else {
  536. return $filename;
  537. }
  538. }
  539. }
  541. /**
  542. * @Route("/replace-asset", name="pimcore_admin_asset_replaceasset", methods={"POST", "PUT"})
  543. *
  544. * @param Request $request
  545. *
  546. * @return JsonResponse
  547. *
  548. * @throws \Exception
  549. */
  550. public function replaceAssetAction(Request $request)
  551. {
  552. $asset = Asset::getById($request->get('id'));
  554. $newFilename = Element\Service::getValidKey($_FILES['Filedata']['name'], 'asset');
  555. $mimetype = MimeTypes::getDefault()->guessMimeType($_FILES['Filedata']['tmp_name']);
  556. $newType = Asset::getTypeFromMimeMapping($mimetype, $newFilename);
  558. if ($newType != $asset->getType()) {
  559. return $this->adminJson([
  560. 'success' => false,
  561. 'message' => sprintf($this->trans('asset_type_change_not_allowed', [], 'admin'), $asset->getType(), $newType),
  562. ]);
  563. }
  565. $stream = fopen($_FILES['Filedata']['tmp_name'], 'r+');
  566. $asset->setStream($stream);
  567. $asset->setCustomSetting('thumbnails', null);
  568. $asset->setUserModification($this->getAdminUser()->getId());
  570. $newFileExt = File::getFileExtension($newFilename);
  571. $currentFileExt = File::getFileExtension($asset->getFilename());
  572. if ($newFileExt != $currentFileExt) {
  573. $newFilename = preg_replace('/\.' . $currentFileExt . '$/i', '.' . $newFileExt, $asset->getFilename());
  574. $newFilename = Element\Service::getSafeCopyName($newFilename, $asset->getParent());
  575. $asset->setFilename($newFilename);
  576. }
  578. if ($asset->isAllowed('publish')) {
  579. $asset->save();
  581. $response = $this->adminJson([
  582. 'id' => $asset->getId(),
  583. 'path' => $asset->getRealFullPath(),
  584. 'success' => true,
  585. ]);
  587. // set content-type to text/html, otherwise (when application/json is sent) chrome will complain in
  588. // Ext.form.Action.Submit and mark the submission as failed
  589. $response->headers->set('Content-Type', 'text/html');
  591. return $response;
  592. } else {
  593. throw new \Exception('missing permission');
  594. }
  595. }
  597. /**
  598. * @Route("/add-folder", name="pimcore_admin_asset_addfolder", methods={"POST"})
  599. *
  600. * @param Request $request
  601. *
  602. * @return JsonResponse
  603. */
  604. public function addFolderAction(Request $request)
  605. {
  606. $success = false;
  607. $parentAsset = Asset::getById((int)$request->get('parentId'));
  608. $equalAsset = Asset::getByPath($parentAsset->getRealFullPath() . '/' . $request->get('name'));
  610. if ($parentAsset->isAllowed('create')) {
  611. if (!$equalAsset) {
  612. $asset = Asset::create($request->get('parentId'), [
  613. 'filename' => $request->get('name'),
  614. 'type' => 'folder',
  615. 'userOwner' => $this->getAdminUser()->getId(),
  616. 'userModification' => $this->getAdminUser()->getId(),
  617. ]);
  618. $success = true;
  619. }
  620. } else {
  621. Logger::debug('prevented creating asset because of missing permissions');
  622. }
  624. return $this->adminJson(['success' => $success]);
  625. }
  627. /**
  628. * @Route("/delete", name="pimcore_admin_asset_delete", methods={"DELETE"})
  629. *
  630. * @param Request $request
  631. *
  632. * @return JsonResponse
  633. */
  634. public function deleteAction(Request $request)
  635. {
  636. if ($request->get('type') == 'childs') {
  637. $parentAsset = Asset::getById($request->get('id'));
  639. $list = new Asset\Listing();
  640. $list->setCondition('path LIKE ?', [$list->escapeLike($parentAsset->getRealFullPath()) . '/%']);
  641. $list->setLimit((int)$request->get('amount'));
  642. $list->setOrderKey('LENGTH(path)', false);
  643. $list->setOrder('DESC');
  645. $deletedItems = [];
  646. foreach ($list as $asset) {
  647. $deletedItems[$asset->getId()] = $asset->getRealFullPath();
  648. if ($asset->isAllowed('delete') && !$asset->isLocked()) {
  649. $asset->delete();
  650. }
  651. }
  653. return $this->adminJson(['success' => true, 'deleted' => $deletedItems]);
  654. } elseif ($request->get('id')) {
  655. $asset = Asset::getById($request->get('id'));
  656. if ($asset && $asset->isAllowed('delete')) {
  657. if ($asset->isLocked()) {
  658. return $this->adminJson([
  659. 'success' => false,
  660. 'message' => 'prevented deleting asset, because it is locked: ID: ' . $asset->getId(),
  661. ]);
  662. } else {
  663. $asset->delete();
  665. return $this->adminJson(['success' => true]);
  666. }
  667. }
  668. }
  670. throw $this->createAccessDeniedHttpException();
  671. }
  673. /**
  674. * @param Asset $element
  675. *
  676. * @return array
  677. */
  678. protected function getTreeNodeConfig($element)
  679. {
  680. $asset = $element;
  682. $tmpAsset = [
  683. 'id' => $asset->getId(),
  684. 'text' => htmlspecialchars($asset->getFilename()),
  685. 'type' => $asset->getType(),
  686. 'path' => $asset->getRealFullPath(),
  687. 'basePath' => $asset->getRealPath(),
  688. 'locked' => $asset->isLocked(),
  689. 'lockOwner' => $asset->getLocked() ? true : false,
  690. 'elementType' => 'asset',
  691. 'permissions' => [
  692. 'remove' => $asset->isAllowed('delete'),
  693. 'settings' => $asset->isAllowed('settings'),
  694. 'rename' => $asset->isAllowed('rename'),
  695. 'publish' => $asset->isAllowed('publish'),
  696. 'view' => $asset->isAllowed('view'),
  697. ],
  698. ];
  700. // set type specific settings
  701. if ($asset instanceof Asset\Folder) {
  702. $tmpAsset['leaf'] = false;
  703. $tmpAsset['expanded'] = !$asset->hasChildren();
  704. $tmpAsset['loaded'] = !$asset->hasChildren();
  705. $tmpAsset['permissions']['create'] = $asset->isAllowed('create');
  706. $tmpAsset['thumbnail'] = $this->getThumbnailUrl($asset);
  707. } else {
  708. $tmpAsset['leaf'] = true;
  709. $tmpAsset['expandable'] = false;
  710. $tmpAsset['expanded'] = false;
  711. }
  713. $this->addAdminStyle($asset, ElementAdminStyleEvent::CONTEXT_TREE, $tmpAsset);
  715. if ($asset->getType() == 'image') {
  716. try {
  717. $tmpAsset['thumbnail'] = $this->getThumbnailUrl($asset);
  718. $tmpAsset['thumbnailHdpi'] = $this->getThumbnailUrl($asset, true);
  720. // we need the dimensions for the wysiwyg editors, so that they can resize the image immediately
  721. if ($asset->getCustomSetting('imageWidth') && $asset->getCustomSetting('imageHeight')) {
  722. $tmpAsset['imageWidth'] = $asset->getCustomSetting('imageWidth');
  723. $tmpAsset['imageHeight'] = $asset->getCustomSetting('imageHeight');
  724. }
  725. } catch (\Exception $e) {
  726. Logger::debug('Cannot get dimensions of image, seems to be broken.');
  727. }
  728. } elseif ($asset->getType() == 'video') {
  729. try {
  730. if (\Pimcore\Video::isAvailable()) {
  731. $tmpAsset['thumbnail'] = $this->getThumbnailUrl($asset);
  732. $tmpAsset['thumbnailHdpi'] = $this->getThumbnailUrl($asset, true);
  733. }
  734. } catch (\Exception $e) {
  735. Logger::debug('Cannot get dimensions of video, seems to be broken.');
  736. }
  737. } elseif ($asset->getType() == 'document') {
  738. try {
  739. // add the PDF check here, otherwise the preview layer in admin is shown without content
  740. if (\Pimcore\Document::isAvailable() && \Pimcore\Document::isFileTypeSupported($asset->getFilename())) {
  741. $tmpAsset['thumbnail'] = $this->getThumbnailUrl($asset);
  742. $tmpAsset['thumbnailHdpi'] = $this->getThumbnailUrl($asset, true);
  743. }
  744. } catch (\Exception $e) {
  745. Logger::debug('Cannot get dimensions of video, seems to be broken.');
  746. }
  747. }
  749. $tmpAsset['cls'] = '';
  750. if ($asset->isLocked()) {
  751. $tmpAsset['cls'] .= 'pimcore_treenode_locked ';
  752. }
  753. if ($asset->getLocked()) {
  754. $tmpAsset['cls'] .= 'pimcore_treenode_lockOwner ';
  755. }
  757. return $tmpAsset;
  758. }
  760. /**
  761. * @param Asset $asset
  762. * @param bool $hdpi
  763. * @param bool $grid
  764. *
  765. * @return null|string
  766. */
  767. protected function getThumbnailUrl(Asset $asset, $hdpi = false, $grid = false)
  768. {
  769. $params = [
  770. 'id' => $asset->getId(),
  771. 'treepreview' => true,
  772. ];
  774. if ($hdpi) {
  775. $params['hdpi'] = true;
  776. }
  778. if ($grid) {
  779. $params['grid'] = true;
  780. }
  782. if ($asset instanceof Asset\Image) {
  783. return $this->generateUrl('pimcore_admin_asset_getimagethumbnail', $params);
  784. }
  786. if ($asset instanceof Asset\Folder) {
  787. return $this->generateUrl('pimcore_admin_asset_getfolderthumbnail', $params);
  788. }
  790. if ($asset instanceof Asset\Video && \Pimcore\Video::isAvailable()) {
  791. return $this->generateUrl('pimcore_admin_asset_getvideothumbnail', $params);
  792. }
  794. if ($asset instanceof Asset\Document && \Pimcore\Document::isAvailable() && $asset->getPageCount()) {
  795. return $this->generateUrl('pimcore_admin_asset_getdocumentthumbnail', $params);
  796. }
  798. return null;
  799. }
  801. /**
  802. * @Route("/update", name="pimcore_admin_asset_update", methods={"PUT"})
  803. *
  804. * @param Request $request
  805. *
  806. * @return JsonResponse
  807. *
  808. * @throws \Exception
  809. */
  810. public function updateAction(Request $request)
  811. {
  812. $success = false;
  813. $allowUpdate = true;
  815. $updateData = array_merge($request->request->all(), $request->query->all());
  817. $asset = Asset::getById($request->get('id'));
  818. if ($asset->isAllowed('settings')) {
  819. $asset->setUserModification($this->getAdminUser()->getId());
  821. // if the position is changed the path must be changed || also from the children
  822. if ($request->get('parentId')) {
  823. $parentAsset = Asset::getById($request->get('parentId'));
  825. //check if parent is changed i.e. asset is moved
  826. if ($asset->getParentId() != $parentAsset->getId()) {
  827. if (!$parentAsset->isAllowed('create')) {
  828. throw new \Exception('Prevented moving asset - no create permission on new parent ');
  829. }
  831. $intendedPath = $parentAsset->getRealPath();
  832. $pKey = $parentAsset->getKey();
  833. if (!empty($pKey)) {
  834. $intendedPath .= $parentAsset->getKey() . '/';
  835. }
  837. $assetWithSamePath = Asset::getByPath($intendedPath . $asset->getKey());
  839. if ($assetWithSamePath != null) {
  840. $allowUpdate = false;
  841. }
  843. if ($asset->isLocked()) {
  844. $allowUpdate = false;
  845. }
  846. }
  847. }
  849. if ($allowUpdate) {
  850. if ($request->get('filename') != $asset->getFilename() && !$asset->isAllowed('rename')) {
  851. unset($updateData['filename']);
  852. Logger::debug('prevented renaming asset because of missing permissions ');
  853. }
  855. $asset->setValues($updateData);
  857. try {
  858. $asset->save();
  859. $success = true;
  860. } catch (\Exception $e) {
  861. return $this->adminJson(['success' => false, 'message' => $e->getMessage()]);
  862. }
  863. } else {
  864. $msg = 'prevented moving asset, asset with same path+key already exists at target location or the asset is locked. ID: ' . $asset->getId();
  865. Logger::debug($msg);
  867. return $this->adminJson(['success' => $success, 'message' => $msg]);
  868. }
  869. } elseif ($asset->isAllowed('rename') && $request->get('filename')) {
  870. //just rename
  871. try {
  872. $asset->setFilename($request->get('filename'));
  873. $asset->save();
  874. $success = true;
  875. } catch (\Exception $e) {
  876. return $this->adminJson(['success' => false, 'message' => $e->getMessage()]);
  877. }
  878. } else {
  879. Logger::debug('prevented update asset because of missing permissions ');
  880. }
  882. return $this->adminJson(['success' => $success]);
  883. }
  885. /**
  886. * @Route("/webdav{path}", name="pimcore_admin_webdav", requirements={"path"=".*"})
  887. *
  888. * @param Request $request
  889. */
  890. public function webdavAction(Request $request)
  891. {
  892. $homeDir = Asset::getById(1);
  894. try {
  895. $publicDir = new Asset\WebDAV\Folder($homeDir);
  896. $objectTree = new Asset\WebDAV\Tree($publicDir);
  897. $server = new \Sabre\DAV\Server($objectTree);
  898. $server->setBaseUri($this->generateUrl('pimcore_admin_webdav', ['path' => '/']));
  900. // lock plugin
  901. $lockBackend = new \Sabre\DAV\Locks\Backend\PDO(\Pimcore\Db::get()->getWrappedConnection());
  902. $lockBackend->tableName = 'webdav_locks';
  904. $lockPlugin = new \Sabre\DAV\Locks\Plugin($lockBackend);
  905. $server->addPlugin($lockPlugin);
  907. // browser plugin
  908. $server->addPlugin(new \Sabre\DAV\Browser\Plugin());
  910. $server->exec();
  911. } catch (\Exception $e) {
  912. Logger::error($e);
  913. }
  915. exit;
  916. }
  918. /**
  919. * @Route("/save", name="pimcore_admin_asset_save", methods={"PUT","POST"})
  920. *
  921. * @param Request $request
  922. * @param EventDispatcherInterface $eventDispatcher
  923. *
  924. * @return JsonResponse
  925. *
  926. * @throws \Exception
  927. */
  928. public function saveAction(Request $request, EventDispatcherInterface $eventDispatcher)
  929. {
  930. $asset = Asset::getById($request->get('id'));
  932. if (!$asset) {
  933. throw $this->createNotFoundException('Asset not found');
  934. }
  936. if ($asset->isAllowed('publish')) {
  937. // metadata
  938. if ($request->get('metadata')) {
  939. $metadata = $this->decodeJson($request->get('metadata'));
  941. $metadataEvent = new GenericEvent($this, [
  942. 'id' => $asset->getId(),
  943. 'metadata' => $metadata,
  944. ]);
  945. $eventDispatcher->dispatch($metadataEvent, AdminEvents::ASSET_METADATA_PRE_SET);
  947. $metadata = $metadataEvent->getArgument('metadata');
  948. $metadataValues = $metadata['values'];
  950. $metadataValues = Asset\Service::minimizeMetadata($metadataValues, 'editor');
  951. $asset->setMetadataRaw($metadataValues);
  952. }
  954. // properties
  955. if ($request->get('properties')) {
  956. $properties = [];
  957. $propertiesData = $this->decodeJson($request->get('properties'));
  959. if (is_array($propertiesData)) {
  960. foreach ($propertiesData as $propertyName => $propertyData) {
  961. $value = $propertyData['data'];
  963. try {
  964. $property = new Model\Property();
  965. $property->setType($propertyData['type']);
  966. $property->setName($propertyName);
  967. $property->setCtype('asset');
  968. $property->setDataFromEditmode($value);
  969. $property->setInheritable($propertyData['inheritable']);
  971. $properties[$propertyName] = $property;
  972. } catch (\Exception $e) {
  973. Logger::err("Can't add " . $propertyName . ' to asset ' . $asset->getRealFullPath());
  974. }
  975. }
  977. $asset->setProperties($properties);
  978. }
  979. }
  981. $this->applySchedulerDataToElement($request, $asset);
  983. if ($request->get('data')) {
  984. $asset->setData($request->get('data'));
  985. }
  987. // image specific data
  988. if ($asset instanceof Asset\Image) {
  989. if ($request->get('image')) {
  990. $imageData = $this->decodeJson($request->get('image'));
  991. if (isset($imageData['focalPoint'])) {
  992. $asset->setCustomSetting('focalPointX', $imageData['focalPoint']['x']);
  993. $asset->setCustomSetting('focalPointY', $imageData['focalPoint']['y']);
  994. $asset->removeCustomSetting('disableFocalPointDetection');
  995. }
  996. } else {
  997. // wipe all data
  998. $asset->removeCustomSetting('focalPointX');
  999. $asset->removeCustomSetting('focalPointY');
  1000. $asset->setCustomSetting('disableFocalPointDetection', true);
  1001. }
  1002. }
  1004. $asset->setUserModification($this->getAdminUser()->getId());
  1005. if ($request->get('task') === 'session') {
  1006. // save to session only
  1007. Asset\Service::saveElementToSession($asset);
  1008. } else {
  1009. $asset->save();
  1010. }
  1012. $treeData = $this->getTreeNodeConfig($asset);
  1014. return $this->adminJson([
  1015. 'success' => true,
  1016. 'data' => [
  1017. 'versionDate' => $asset->getModificationDate(),
  1018. 'versionCount' => $asset->getVersionCount(),
  1019. ],
  1020. 'treeData' => $treeData,
  1021. ]);
  1022. } else {
  1023. throw $this->createAccessDeniedHttpException();
  1024. }
  1025. }
  1027. /**
  1028. * @Route("/publish-version", name="pimcore_admin_asset_publishversion", methods={"POST"})
  1029. *
  1030. * @param Request $request
  1031. *
  1032. * @return JsonResponse
  1033. */
  1034. public function publishVersionAction(Request $request)
  1035. {
  1036. $version = Model\Version::getById($request->get('id'));
  1037. $asset = $version->loadData();
  1039. $currentAsset = Asset::getById($asset->getId());
  1040. if ($currentAsset->isAllowed('publish')) {
  1041. try {
  1042. $asset->setUserModification($this->getAdminUser()->getId());
  1043. $asset->save();
  1045. $treeData = $this->getTreeNodeConfig($asset);
  1047. return $this->adminJson(['success' => true, 'treeData' => $treeData]);
  1048. } catch (\Exception $e) {
  1049. return $this->adminJson(['success' => false, 'message' => $e->getMessage()]);
  1050. }
  1051. }
  1053. throw $this->createAccessDeniedHttpException();
  1054. }
  1056. /**
  1057. * @Route("/show-version", name="pimcore_admin_asset_showversion", methods={"GET"})
  1058. *
  1059. * @param Request $request
  1060. *
  1061. * @return Response
  1062. */
  1063. public function showVersionAction(Request $request)
  1064. {
  1065. $id = (int)$request->get('id');
  1066. $version = Model\Version::getById($id);
  1067. if (!$version) {
  1068. throw $this->createNotFoundException('Version not found');
  1069. }
  1070. $asset = $version->loadData();
  1072. if (!$asset->isAllowed('versions')) {
  1073. throw $this->createAccessDeniedHttpException('Permission denied, version id [' . $id . ']');
  1074. }
  1076. $loader = \Pimcore::getContainer()->get('pimcore.implementation_loader.asset.metadata.data');
  1078. return $this->render(
  1079. '@PimcoreAdmin/Admin/Asset/showVersion' . ucfirst($asset->getType()) . '.html.twig',
  1080. [
  1081. 'asset' => $asset,
  1082. 'loader' => $loader,
  1083. ]
  1084. );
  1085. }
  1087. /**
  1088. * @Route("/download", name="pimcore_admin_asset_download", methods={"GET"})
  1089. *
  1090. * @param Request $request
  1091. *
  1092. * @return StreamedResponse
  1093. */
  1094. public function downloadAction(Request $request)
  1095. {
  1096. $asset = Asset::getById($request->get('id'));
  1098. if (!$asset) {
  1099. throw $this->createNotFoundException('Asset not found');
  1100. }
  1102. if (!$asset->isAllowed('view')) {
  1103. throw $this->createAccessDeniedException('not allowed to view asset');
  1104. }
  1106. $stream = $asset->getStream();
  1108. return new StreamedResponse(function () use ($stream) {
  1109. fpassthru($stream);
  1110. }, 200, [
  1111. 'Content-Type' => $asset->getMimeType(),
  1112. 'Content-Disposition' => sprintf('attachment; filename="%s"', $asset->getFilename()),
  1113. 'Content-Length' => $asset->getFileSize(),
  1114. ]);
  1115. }
  1117. /**
  1118. * @Route("/download-image-thumbnail", name="pimcore_admin_asset_downloadimagethumbnail", methods={"GET"})
  1119. *
  1120. * @param Request $request
  1121. *
  1122. * @return BinaryFileResponse
  1123. */
  1124. public function downloadImageThumbnailAction(Request $request)
  1125. {
  1126. $image = Asset\Image::getById($request->get('id'));
  1128. if (!$image) {
  1129. throw $this->createNotFoundException('Asset not found');
  1130. }
  1132. if (!$image->isAllowed('view')) {
  1133. throw $this->createAccessDeniedException('not allowed to view thumbnail');
  1134. }
  1136. $config = null;
  1137. $thumbnail = null;
  1138. $thumbnailName = $request->get('thumbnail');
  1139. $thumbnailFile = null;
  1140. $deleteThumbnail = true;
  1142. if ($request->get('config')) {
  1143. $config = $this->decodeJson($request->get('config'));
  1144. } elseif ($request->get('type')) {
  1145. $predefined = [
  1146. 'web' => [
  1147. 'resize_mode' => 'scaleByWidth',
  1148. 'width' => 3500,
  1149. 'dpi' => 72,
  1150. 'format' => 'JPEG',
  1151. 'quality' => 85,
  1152. ],
  1153. 'print' => [
  1154. 'resize_mode' => 'scaleByWidth',
  1155. 'width' => 6000,
  1156. 'dpi' => 300,
  1157. 'format' => 'JPEG',
  1158. 'quality' => 95,
  1159. ],
  1160. 'office' => [
  1161. 'resize_mode' => 'scaleByWidth',
  1162. 'width' => 1190,
  1163. 'dpi' => 144,
  1164. 'format' => 'JPEG',
  1165. 'quality' => 90,
  1166. ],
  1167. ];
  1169. $config = $predefined[$request->get('type')];
  1170. } elseif ($thumbnailName) {
  1171. $thumbnail = $image->getThumbnail($thumbnailName);
  1172. $deleteThumbnail = false;
  1173. }
  1175. if ($config) {
  1176. $thumbnailConfig = new Asset\Image\Thumbnail\Config();
  1177. $thumbnailConfig->setName('pimcore-download-' . $image->getId() . '-' . md5($request->get('config')));
  1179. if ($config['resize_mode'] == 'scaleByWidth') {
  1180. $thumbnailConfig->addItem('scaleByWidth', [
  1181. 'width' => $config['width'],
  1182. ]);
  1183. } elseif ($config['resize_mode'] == 'scaleByHeight') {
  1184. $thumbnailConfig->addItem('scaleByHeight', [
  1185. 'height' => $config['height'],
  1186. ]);
  1187. } else {
  1188. $thumbnailConfig->addItem('resize', [
  1189. 'width' => $config['width'],
  1190. 'height' => $config['height'],
  1191. ]);
  1192. }
  1194. $thumbnailConfig->setQuality($config['quality']);
  1195. $thumbnailConfig->setFormat($config['format']);
  1196. $thumbnailConfig->setRasterizeSVG(true);
  1198. if ($thumbnailConfig->getFormat() == 'JPEG') {
  1199. $thumbnailConfig->setPreserveMetaData(true);
  1201. if (empty($config['quality'])) {
  1202. $thumbnailConfig->setPreserveColor(true);
  1203. }
  1204. }
  1206. $thumbnail = $image->getThumbnail($thumbnailConfig);
  1207. $thumbnailFile = $thumbnail->getLocalFile();
  1209. $exiftool = \Pimcore\Tool\Console::getExecutable('exiftool');
  1210. if ($thumbnailConfig->getFormat() == 'JPEG' && $exiftool && isset($config['dpi']) && $config['dpi']) {
  1211. $process = new Process([$exiftool, '-overwrite_original', '-xresolution=' . (int)$config['dpi'], '-yresolution=' . (int)$config['dpi'], '-resolutionunit=inches', $thumbnailFile]);
  1212. $process->run();
  1213. }
  1214. }
  1216. if ($thumbnail) {
  1217. $thumbnailFile = $thumbnailFile ?: $thumbnail->getLocalFile();
  1219. $downloadFilename = preg_replace(
  1220. '/\.' . preg_quote(File::getFileExtension($image->getFilename())) . '$/i',
  1221. '.' . $thumbnail->getFileExtension(),
  1222. $image->getFilename()
  1223. );
  1224. $downloadFilename = strtolower($downloadFilename);
  1226. clearstatcache();
  1228. $response = new BinaryFileResponse($thumbnailFile);
  1229. $response->headers->set('Content-Type', $thumbnail->getMimeType());
  1230. $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $downloadFilename);
  1231. $this->addThumbnailCacheHeaders($response);
  1232. $response->deleteFileAfterSend($deleteThumbnail);
  1234. return $response;
  1235. }
  1237. throw $this->createNotFoundException('Thumbnail not found');
  1238. }
  1240. /**
  1241. * @Route("/get-asset", name="pimcore_admin_asset_getasset", methods={"GET"})
  1242. *
  1243. * @param Request $request
  1244. *
  1245. * @return StreamedResponse
  1246. */
  1247. public function getAssetAction(Request $request)
  1248. {
  1249. $image = Asset::getById((int)$request->get('id'));
  1251. if (!$image) {
  1252. throw $this->createNotFoundException('Asset not found');
  1253. }
  1255. if (!$image->isAllowed('view')) {
  1256. throw $this->createAccessDeniedException('not allowed to view asset');
  1257. }
  1259. $stream = $image->getStream();
  1260. $response = new StreamedResponse(function () use ($stream) {
  1261. fpassthru($stream);
  1262. }, 200, [
  1263. 'Content-Type' => $image->getMimeType(),
  1264. 'Access-Control-Allow-Origin' => '*',
  1265. ]);
  1266. $this->addThumbnailCacheHeaders($response);
  1268. return $response;
  1269. }
  1271. /**
  1272. * @Route("/get-image-thumbnail", name="pimcore_admin_asset_getimagethumbnail", methods={"GET"})
  1273. *
  1274. * @param Request $request
  1275. *
  1276. * @return StreamedResponse|JsonResponse
  1277. */
  1278. public function getImageThumbnailAction(Request $request)
  1279. {
  1280. $fileinfo = $request->get('fileinfo');
  1281. $image = Asset\Image::getById((int)$request->get('id'));
  1283. if (!$image) {
  1284. throw $this->createNotFoundException('Asset not found');
  1285. }
  1287. if (!$image->isAllowed('view')) {
  1288. throw $this->createAccessDeniedException('not allowed to view thumbnail');
  1289. }
  1291. $thumbnailConfig = null;
  1293. if ($request->get('thumbnail')) {
  1294. $thumbnailConfig = $image->getThumbnailConfig($request->get('thumbnail'));
  1295. }
  1296. if (!$thumbnailConfig) {
  1297. if ($request->get('config')) {
  1298. $thumbnailConfig = $image->getThumbnailConfig($this->decodeJson($request->get('config')));
  1299. } else {
  1300. $thumbnailConfig = $image->getThumbnailConfig(array_merge($request->request->all(), $request->query->all()));
  1301. }
  1302. } else {
  1303. // no high-res images in admin mode (editmode)
  1304. // this is mostly because of the document's image editable, which doesn't know anything about the thumbnail
  1305. // configuration, so the dimensions would be incorrect (double the size)
  1306. $thumbnailConfig->setHighResolution(1);
  1307. }
  1309. $format = strtolower($thumbnailConfig->getFormat());
  1310. if ($format == 'source' || $format == 'print') {
  1311. $thumbnailConfig->setFormat('PNG');
  1312. $thumbnailConfig->setRasterizeSVG(true);
  1313. }
  1315. if ($request->get('treepreview')) {
  1316. $thumbnailConfig = Asset\Image\Thumbnail\Config::getPreviewConfig((bool)$request->get('hdpi'));
  1317. }
  1319. $cropPercent = $request->get('cropPercent');
  1320. if ($cropPercent && filter_var($cropPercent, FILTER_VALIDATE_BOOLEAN)) {
  1321. $thumbnailConfig->addItemAt(0, 'cropPercent', [
  1322. 'width' => $request->get('cropWidth'),
  1323. 'height' => $request->get('cropHeight'),
  1324. 'y' => $request->get('cropTop'),
  1325. 'x' => $request->get('cropLeft'),
  1326. ]);
  1328. $hash = md5(Tool\Serialize::serialize(array_merge($request->request->all(), $request->query->all())));
  1329. $thumbnailConfig->setName($thumbnailConfig->getName() . '_auto_' . $hash);
  1330. }
  1332. $thumbnail = $image->getThumbnail($thumbnailConfig);
  1334. if ($fileinfo) {
  1335. return $this->adminJson([
  1336. 'width' => $thumbnail->getWidth(),
  1337. 'height' => $thumbnail->getHeight(), ]);
  1338. }
  1340. $stream = $thumbnail->getStream();
  1341. $response = new StreamedResponse(function () use ($stream) {
  1342. fpassthru($stream);
  1343. }, 200, [
  1344. 'Content-Type' => $thumbnail->getMimeType(),
  1345. 'Access-Control-Allow-Origin', '*',
  1346. ]);
  1348. $this->addThumbnailCacheHeaders($response);
  1350. return $response;
  1351. }
  1353. /**
  1354. * @Route("/get-folder-thumbnail", name="pimcore_admin_asset_getfolderthumbnail", methods={"GET"})
  1355. *
  1356. * @param Request $request
  1357. *
  1358. * @return BinaryFileResponse|StreamedResponse
  1359. */
  1360. public function getFolderThumbnailAction(Request $request)
  1361. {
  1362. $folder = null;
  1364. if ($request->get('id')) {
  1365. $folder = Asset\Folder::getById((int)$request->get('id'));
  1366. if ($folder instanceof Asset\Folder) {
  1367. if (!$folder->isAllowed('view')) {
  1368. throw $this->createAccessDeniedException('not allowed to view thumbnail');
  1369. }
  1371. $stream = $folder->getPreviewImage((bool)$request->get('hdpi'));
  1372. if (!$stream) {
  1373. $response = new BinaryFileResponse(PIMCORE_PATH . '/bundles/AdminBundle/Resources/public/img/blank.png');
  1374. } else {
  1375. $response = new StreamedResponse(function () use ($stream) {
  1376. fpassthru($stream);
  1377. }, 200, [
  1378. 'Content-Type' => 'image/jpg',
  1379. ]);
  1380. }
  1382. $this->addThumbnailCacheHeaders($response);
  1384. return $response;
  1385. }
  1386. }
  1388. throw $this->createNotFoundException('could not load asset folder');
  1389. }
  1391. /**
  1392. * @Route("/get-video-thumbnail", name="pimcore_admin_asset_getvideothumbnail", methods={"GET"})
  1393. *
  1394. * @param Request $request
  1395. *
  1396. * @return StreamedResponse
  1397. */
  1398. public function getVideoThumbnailAction(Request $request)
  1399. {
  1400. $video = null;
  1402. if ($request->get('id')) {
  1403. $video = Asset\Video::getById((int)$request->get('id'));
  1404. } elseif ($request->get('path')) {
  1405. $video = Asset\Video::getByPath($request->get('path'));
  1406. }
  1408. if (!$video) {
  1409. throw $this->createNotFoundException('could not load video asset');
  1410. }
  1412. if (!$video->isAllowed('view')) {
  1413. throw $this->createAccessDeniedException('not allowed to view thumbnail');
  1414. }
  1416. $thumbnail = array_merge($request->request->all(), $request->query->all());
  1418. if ($request->get('treepreview')) {
  1419. $thumbnail = Asset\Image\Thumbnail\Config::getPreviewConfig((bool)$request->get('hdpi'));
  1420. }
  1422. $time = null;
  1423. if ($request->get('time')) {
  1424. $time = (int)$request->get('time');
  1425. }
  1427. if ($request->get('settime')) {
  1428. $video->removeCustomSetting('image_thumbnail_asset');
  1429. $video->setCustomSetting('image_thumbnail_time', $time);
  1430. $video->save();
  1431. }
  1433. $image = null;
  1434. if ($request->get('image')) {
  1435. $image = Asset\Image::getById((int)$request->get('image'));
  1436. }
  1438. if ($request->get('setimage') && $image) {
  1439. $video->removeCustomSetting('image_thumbnail_time');
  1440. $video->setCustomSetting('image_thumbnail_asset', $image->getId());
  1441. $video->save();
  1442. }
  1444. $thumb = $video->getImageThumbnail($thumbnail, $time, $image);
  1446. $stream = $thumb->getStream();
  1447. $response = new StreamedResponse(function () use ($stream) {
  1448. fpassthru($stream);
  1449. }, 200, [
  1450. 'Content-Type' => 'image/' . $thumb->getFileExtension(),
  1451. ]);
  1453. $this->addThumbnailCacheHeaders($response);
  1455. return $response;
  1456. }
  1458. /**
  1459. * @Route("/get-document-thumbnail", name="pimcore_admin_asset_getdocumentthumbnail", methods={"GET"})
  1460. *
  1461. * @param Request $request
  1462. *
  1463. * @return StreamedResponse|BinaryFileResponse
  1464. */
  1465. public function getDocumentThumbnailAction(Request $request)
  1466. {
  1467. $document = Asset\Document::getById((int)$request->get('id'));
  1469. if (!$document) {
  1470. throw $this->createNotFoundException('could not load document asset');
  1471. }
  1473. if (!$document->isAllowed('view')) {
  1474. throw $this->createAccessDeniedException('not allowed to view thumbnail');
  1475. }
  1477. $thumbnail = Asset\Image\Thumbnail\Config::getByAutoDetect(array_merge($request->request->all(), $request->query->all()));
  1479. $format = strtolower($thumbnail->getFormat());
  1480. if ($format == 'source') {
  1481. $thumbnail->setFormat('jpeg'); // default format for documents is JPEG not PNG (=too big)
  1482. }
  1484. if ($request->get('treepreview')) {
  1485. $thumbnail = Asset\Image\Thumbnail\Config::getPreviewConfig((bool)$request->get('hdpi'));
  1486. }
  1488. $page = 1;
  1489. if (is_numeric($request->get('page'))) {
  1490. $page = (int)$request->get('page');
  1491. }
  1493. $thumb = $document->getImageThumbnail($thumbnail, $page);
  1495. $stream = $thumb->getStream();
  1496. if ($stream) {
  1497. $response = new StreamedResponse(function () use ($stream) {
  1498. fpassthru($stream);
  1499. }, 200, [
  1500. 'Content-Type' => 'image/' . $thumb->getFileExtension(),
  1501. ]);
  1502. } else {
  1503. $response = new BinaryFileResponse(PIMCORE_PATH . '/bundles/AdminBundle/Resources/public/img/filetype-not-supported.svg');
  1504. }
  1506. $this->addThumbnailCacheHeaders($response);
  1508. return $response;
  1509. }
  1511. /**
  1512. * @param Response $response
  1513. */
  1514. protected function addThumbnailCacheHeaders(Response $response)
  1515. {
  1516. $lifetime = 300;
  1517. $date = new \DateTime('now');
  1518. $date->add(new \DateInterval('PT' . $lifetime . 'S'));
  1520. $response->setMaxAge($lifetime);
  1521. $response->setPublic();
  1522. $response->setExpires($date);
  1523. $response->headers->set('Pragma', '');
  1524. }
  1526. /**
  1527. * @Route("/get-preview-document", name="pimcore_admin_asset_getpreviewdocument", methods={"GET"})
  1528. *
  1529. * @param Request $request
  1530. *
  1531. * @return StreamedResponse
  1532. */
  1533. public function getPreviewDocumentAction(Request $request)
  1534. {
  1535. $asset = Asset\Document::getById($request->get('id'));
  1537. if (!$asset) {
  1538. throw $this->createNotFoundException('could not load document asset');
  1539. }
  1541. if ($asset->isAllowed('view')) {
  1542. $stream = $this->getDocumentPreviewPdf($asset);
  1543. if ($stream) {
  1544. return new StreamedResponse(function () use ($stream) {
  1545. fpassthru($stream);
  1546. }, 200, [
  1547. 'Content-Type' => 'application/pdf',
  1548. ]);
  1549. } else {
  1550. throw $this->createNotFoundException('Unable to get preview for asset ' . $asset->getId());
  1551. }
  1552. } else {
  1553. throw $this->createAccessDeniedException('Access to asset ' . $asset->getId() . ' denied');
  1554. }
  1555. }
  1557. /**
  1558. * @param Asset\Document $asset
  1559. *
  1560. * @return resource|null
  1561. */
  1562. protected function getDocumentPreviewPdf(Asset\Document $asset)
  1563. {
  1564. $stream = null;
  1566. if ($asset->getMimeType() == 'application/pdf') {
  1567. $stream = $asset->getStream();
  1568. }
  1570. if (!$stream && $asset->getPageCount() && \Pimcore\Document::isAvailable() && \Pimcore\Document::isFileTypeSupported($asset->getFilename())) {
  1571. try {
  1572. $document = \Pimcore\Document::getInstance();
  1573. $stream = $document->getPdf($asset);
  1574. } catch (\Exception $e) {
  1575. // nothing to do
  1576. }
  1577. }
  1579. return $stream;
  1580. }
  1582. /**
  1583. * @Route("/get-preview-video", name="pimcore_admin_asset_getpreviewvideo", methods={"GET"})
  1584. *
  1585. * @param Request $request
  1586. *
  1587. * @return Response
  1588. */
  1589. public function getPreviewVideoAction(Request $request)
  1590. {
  1591. $asset = Asset\Video::getById($request->get('id'));
  1593. if (!$asset) {
  1594. throw $this->createNotFoundException('could not load video asset');
  1595. }
  1597. if (!$asset->isAllowed('view')) {
  1598. throw $this->createAccessDeniedException('not allowed to preview');
  1599. }
  1601. $previewData = ['asset' => $asset];
  1602. $config = Asset\Video\Thumbnail\Config::getPreviewConfig();
  1603. $thumbnail = $asset->getThumbnail($config, ['mp4']);
  1605. if ($thumbnail) {
  1606. $previewData['asset'] = $asset;
  1607. $previewData['thumbnail'] = $thumbnail;
  1609. if ($thumbnail['status'] == 'finished') {
  1610. return $this->render(
  1611. '@PimcoreAdmin/Admin/Asset/getPreviewVideoDisplay.html.twig',
  1612. $previewData
  1613. );
  1614. } else {
  1615. return $this->render(
  1616. '@PimcoreAdmin/Admin/Asset/getPreviewVideoError.html.twig',
  1617. $previewData
  1618. );
  1619. }
  1620. } else {
  1621. return $this->render(
  1622. '@PimcoreAdmin/Admin/Asset/getPreviewVideoError.html.twig',
  1623. $previewData
  1624. );
  1625. }
  1626. }
  1628. /**
  1629. * @Route("/serve-video-preview", name="pimcore_admin_asset_servevideopreview", methods={"GET"})
  1630. *
  1631. * @param Request $request
  1632. *
  1633. * @return StreamedResponse
  1634. */
  1635. public function serveVideoPreviewAction(Request $request)
  1636. {
  1637. $asset = Asset\Video::getById($request->get('id'));
  1639. if (!$asset) {
  1640. throw $this->createNotFoundException('could not load video asset');
  1641. }
  1643. if (!$asset->isAllowed('view')) {
  1644. throw $this->createAccessDeniedException('not allowed to preview');
  1645. }
  1647. $config = Asset\Video\Thumbnail\Config::getPreviewConfig();
  1648. $thumbnail = $asset->getThumbnail($config, ['mp4']);
  1649. $storagePath = $asset->getRealPath() . '/' . preg_replace('@^' . preg_quote($asset->getPath(), '@') . '@', '', urldecode($thumbnail['formats']['mp4']));
  1651. $storage = Tool\Storage::get('thumbnail');
  1652. if ($storage->fileExists($storagePath)) {
  1653. $fs = $storage->fileSize($storagePath);
  1654. $stream = $storage->readStream($storagePath);
  1656. return new StreamedResponse(function () use ($stream) {
  1657. fpassthru($stream);
  1658. }, 200, [
  1659. 'Content-Type' => 'video/mp4',
  1660. 'Content-Length' => $fs,
  1661. 'Accept-Ranges' => 'bytes',
  1662. ]);
  1663. } else {
  1664. throw $this->createNotFoundException('Video thumbnail not found');
  1665. }
  1666. }
  1668. /**
  1669. * @Route("/image-editor", name="pimcore_admin_asset_imageeditor", methods={"GET"})
  1670. *
  1671. * @param Request $request
  1672. *
  1673. * @return Response
  1674. */
  1675. public function imageEditorAction(Request $request)
  1676. {
  1677. $asset = Asset::getById($request->get('id'));
  1679. if (!$asset->isAllowed('view')) {
  1680. throw new \Exception('not allowed to preview');
  1681. }
  1683. return $this->render(
  1684. '@PimcoreAdmin/Admin/Asset/imageEditor.html.twig',
  1685. ['asset' => $asset]
  1686. );
  1687. }
  1689. /**
  1690. * @Route("/image-editor-save", name="pimcore_admin_asset_imageeditorsave", methods={"PUT"})
  1691. *
  1692. * @param Request $request
  1693. *
  1694. * @return JsonResponse
  1695. */
  1696. public function imageEditorSaveAction(Request $request)
  1697. {
  1698. $asset = Asset::getById($request->get('id'));
  1700. if (!$asset) {
  1701. throw $this->createNotFoundException('Asset not found');
  1702. }
  1704. if (!$asset->isAllowed('publish')) {
  1705. throw $this->createAccessDeniedException('not allowed to publish');
  1706. }
  1708. $data = $request->get('dataUri');
  1709. $data = substr($data, strpos($data, ','));
  1710. $data = base64_decode($data);
  1711. $asset->setData($data);
  1712. $asset->setUserModification($this->getAdminUser()->getId());
  1713. $asset->save();
  1715. return $this->adminJson(['success' => true]);
  1716. }
  1718. /**
  1719. * @Route("/get-folder-content-preview", name="pimcore_admin_asset_getfoldercontentpreview", methods={"GET"})
  1720. *
  1721. * @param Request $request
  1722. *
  1723. * @return JsonResponse
  1724. */
  1725. public function getFolderContentPreviewAction(Request $request, EventDispatcherInterface $eventDispatcher)
  1726. {
  1727. $allParams = array_merge($request->request->all(), $request->query->all());
  1729. $filterPrepareEvent = new GenericEvent($this, [
  1730. 'requestParams' => $allParams,
  1731. ]);
  1732. $eventDispatcher->dispatch($filterPrepareEvent, AdminEvents::ASSET_LIST_BEFORE_FILTER_PREPARE);
  1734. $allParams = $filterPrepareEvent->getArgument('requestParams');
  1736. $folder = Asset::getById($allParams['id']);
  1738. $start = 0;
  1739. $limit = 10;
  1741. if ($allParams['limit']) {
  1742. $limit = $allParams['limit'];
  1743. }
  1744. if ($allParams['start']) {
  1745. $start = $allParams['start'];
  1746. }
  1748. $conditionFilters = [];
  1749. $list = new Asset\Listing();
  1750. $conditionFilters[] = 'path LIKE ' . ($folder->getRealFullPath() == '/' ? "'/%'" : $list->quote($list->escapeLike($folder->getRealFullPath()) . '/%')) . " AND type != 'folder'";
  1752. if (!$this->getAdminUser()->isAdmin()) {
  1753. $userIds = $this->getAdminUser()->getRoles();
  1754. $userIds[] = $this->getAdminUser()->getId();
  1755. $conditionFilters[] = ' (
  1756. (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
  1757. OR
  1758. (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
  1759. )';
  1760. }
  1762. $condition = implode(' AND ', $conditionFilters);
  1764. $list->setCondition($condition);
  1765. $list->setLimit($limit);
  1766. $list->setOffset($start);
  1767. $list->setOrderKey('CAST(filename AS CHAR CHARACTER SET utf8) COLLATE utf8_general_ci ASC', false);
  1769. $beforeListLoadEvent = new GenericEvent($this, [
  1770. 'list' => $list,
  1771. 'context' => $allParams,
  1772. ]);
  1773. $eventDispatcher->dispatch($beforeListLoadEvent, AdminEvents::ASSET_LIST_BEFORE_LIST_LOAD);
  1774. /** @var Asset\Listing $list */
  1775. $list = $beforeListLoadEvent->getArgument('list');
  1777. $list->load();
  1779. $assets = [];
  1781. foreach ($list as $asset) {
  1782. $thumbnailMethod = Asset\Service::getPreviewThumbnail($asset, [], true);
  1784. if (!empty($thumbnailMethod)) {
  1785. $filenameDisplay = $asset->getFilename();
  1786. if (strlen($filenameDisplay) > 32) {
  1787. $filenameDisplay = substr($filenameDisplay, 0, 25) . '...' . \Pimcore\File::getFileExtension($filenameDisplay);
  1788. }
  1790. // Like for treeGetChildsByIdAction, so we respect isAllowed method which can be extended (object DI) for custom permissions, so relying only users_workspaces_asset is insufficient and could lead security breach
  1791. if ($asset->isAllowed('list')) {
  1792. $assets[] = [
  1793. 'id' => $asset->getId(),
  1794. 'type' => $asset->getType(),
  1795. 'filename' => $asset->getFilename(),
  1796. 'filenameDisplay' => htmlspecialchars($filenameDisplay),
  1797. 'url' => $this->getThumbnailUrl($asset, true, true),
  1798. 'idPath' => $data['idPath'] = Element\Service::getIdPath($asset),
  1799. ];
  1800. }
  1801. }
  1802. }
  1804. // We need to temporary use data key to be compatible with the ASSET_LIST_AFTER_LIST_LOAD global event
  1805. $result = ['data' => $assets, 'success' => true, 'total' => $list->getTotalCount()];
  1807. $afterListLoadEvent = new GenericEvent($this, [
  1808. 'list' => $result,
  1809. 'context' => $allParams,
  1810. ]);
  1811. $eventDispatcher->dispatch($afterListLoadEvent, AdminEvents::ASSET_LIST_AFTER_LIST_LOAD);
  1812. $result = $afterListLoadEvent->getArgument('list');
  1814. // Here we revert to assets key
  1815. return $this->adminJson(['assets' => $result['data'], 'success' => $result['success'], 'total' => $result['total']]);
  1816. }
  1818. /**
  1819. * @Route("/copy-info", name="pimcore_admin_asset_copyinfo", methods={"GET"})
  1820. *
  1821. * @param Request $request
  1822. *
  1823. * @return JsonResponse
  1824. */
  1825. public function copyInfoAction(Request $request)
  1826. {
  1827. $transactionId = time();
  1828. $pasteJobs = [];
  1830. Tool\Session::useSession(function (AttributeBagInterface $session) use ($transactionId) {
  1831. $session->set($transactionId, []);
  1832. }, 'pimcore_copy');
  1834. if ($request->get('type') == 'recursive') {
  1835. $asset = Asset::getById($request->get('sourceId'));
  1837. if (!$asset) {
  1838. throw $this->createNotFoundException('Source not found');
  1839. }
  1841. // first of all the new parent
  1842. $pasteJobs[] = [[
  1843. 'url' => $this->generateUrl('pimcore_admin_asset_copy'),
  1844. 'method' => 'POST',
  1845. 'params' => [
  1846. 'sourceId' => $request->get('sourceId'),
  1847. 'targetId' => $request->get('targetId'),
  1848. 'type' => 'child',
  1849. 'transactionId' => $transactionId,
  1850. 'saveParentId' => true,
  1851. ],
  1852. ]];
  1854. if ($asset->hasChildren()) {
  1855. // get amount of children
  1856. $list = new Asset\Listing();
  1857. $list->setCondition('path LIKE ?', [$list->escapeLike($asset->getRealFullPath()) . '/%']);
  1858. $list->setOrderKey('LENGTH(path)', false);
  1859. $list->setOrder('ASC');
  1860. $childIds = $list->loadIdList();
  1862. if (count($childIds) > 0) {
  1863. foreach ($childIds as $id) {
  1864. $pasteJobs[] = [[
  1865. 'url' => $this->generateUrl('pimcore_admin_asset_copy'),
  1866. 'method' => 'POST',
  1867. 'params' => [
  1868. 'sourceId' => $id,
  1869. 'targetParentId' => $request->get('targetId'),
  1870. 'sourceParentId' => $request->get('sourceId'),
  1871. 'type' => 'child',
  1872. 'transactionId' => $transactionId,
  1873. ],
  1874. ]];
  1875. }
  1876. }
  1877. }
  1878. } elseif ($request->get('type') == 'child' || $request->get('type') == 'replace') {
  1879. // the object itself is the last one
  1880. $pasteJobs[] = [[
  1881. 'url' => $this->generateUrl('pimcore_admin_asset_copy'),
  1882. 'method' => 'POST',
  1883. 'params' => [
  1884. 'sourceId' => $request->get('sourceId'),
  1885. 'targetId' => $request->get('targetId'),
  1886. 'type' => $request->get('type'),
  1887. 'transactionId' => $transactionId,
  1888. ],
  1889. ]];
  1890. }
  1892. return $this->adminJson([
  1893. 'pastejobs' => $pasteJobs,
  1894. ]);
  1895. }
  1897. /**
  1898. * @Route("/copy", name="pimcore_admin_asset_copy", methods={"POST"})
  1899. *
  1900. * @param Request $request
  1901. *
  1902. * @return JsonResponse
  1903. */
  1904. public function copyAction(Request $request)
  1905. {
  1906. $success = false;
  1907. $sourceId = (int)$request->get('sourceId');
  1908. $source = Asset::getById($sourceId);
  1910. $session = Tool\Session::get('pimcore_copy');
  1911. $sessionBag = $session->get($request->get('transactionId'));
  1913. $targetId = (int)$request->get('targetId');
  1914. if ($request->get('targetParentId')) {
  1915. $sourceParent = Asset::getById($request->get('sourceParentId'));
  1917. // this is because the key can get the prefix "_copy" if the target does already exists
  1918. if ($sessionBag['parentId']) {
  1919. $targetParent = Asset::getById($sessionBag['parentId']);
  1920. } else {
  1921. $targetParent = Asset::getById($request->get('targetParentId'));
  1922. }
  1924. $targetPath = preg_replace('@^' . $sourceParent->getRealFullPath() . '@', $targetParent . '/', $source->getRealPath());
  1925. $target = Asset::getByPath($targetPath);
  1926. } else {
  1927. $target = Asset::getById($targetId);
  1928. }
  1930. if (!$target) {
  1931. throw $this->createNotFoundException('Target not found');
  1932. }
  1934. if ($target->isAllowed('create')) {
  1935. $source = Asset::getById($sourceId);
  1936. if ($source != null) {
  1937. if ($request->get('type') == 'child') {
  1938. $newAsset = $this->_assetService->copyAsChild($target, $source);
  1940. // this is because the key can get the prefix "_copy" if the target does already exists
  1941. if ($request->get('saveParentId')) {
  1942. $sessionBag['parentId'] = $newAsset->getId();
  1943. }
  1944. } elseif ($request->get('type') == 'replace') {
  1945. $this->_assetService->copyContents($target, $source);
  1946. }
  1948. $session->set($request->get('transactionId'), $sessionBag);
  1949. Tool\Session::writeClose();
  1951. $success = true;
  1952. } else {
  1953. Logger::debug('prevended copy/paste because asset with same path+key already exists in this location');
  1954. }
  1955. } else {
  1956. Logger::error('could not execute copy/paste because of missing permissions on target [ ' . $targetId . ' ]');
  1958. throw $this->createAccessDeniedHttpException();
  1959. }
  1961. Tool\Session::writeClose();
  1963. return $this->adminJson(['success' => $success]);
  1964. }
  1966. /**
  1967. * @Route("/download-as-zip-jobs", name="pimcore_admin_asset_downloadaszipjobs", methods={"GET"})
  1968. *
  1969. * @param Request $request
  1970. *
  1971. * @return JsonResponse
  1972. */
  1973. public function downloadAsZipJobsAction(Request $request)
  1974. {
  1975. $jobId = uniqid();
  1976. $filesPerJob = 5;
  1977. $jobs = [];
  1978. $asset = Asset::getById($request->get('id'));
  1980. if (!$asset) {
  1981. throw $this->createNotFoundException('Asset not found');
  1982. }
  1984. if ($asset->isAllowed('view')) {
  1985. $parentPath = $asset->getRealFullPath();
  1986. if ($asset->getId() == 1) {
  1987. $parentPath = '';
  1988. }
  1990. $db = \Pimcore\Db::get();
  1991. $conditionFilters = [];
  1992. $selectedIds = explode(',', $request->get('selectedIds', ''));
  1993. $quotedSelectedIds = [];
  1994. foreach ($selectedIds as $selectedId) {
  1995. if ($selectedId) {
  1996. $quotedSelectedIds[] = $db->quote($selectedId);
  1997. }
  1998. }
  1999. if (!empty($quotedSelectedIds)) {
  2000. //add a condition if id numbers are specified
  2001. $conditionFilters[] = 'id IN (' . implode(',', $quotedSelectedIds) . ')';
  2002. }
  2003. $conditionFilters[] = 'path LIKE ' . $db->quote($db->escapeLike($parentPath) . '/%') . ' AND type != ' . $db->quote('folder');
  2004. if (!$this->getAdminUser()->isAdmin()) {
  2005. $userIds = $this->getAdminUser()->getRoles();
  2006. $userIds[] = $this->getAdminUser()->getId();
  2007. $conditionFilters[] = ' (
  2008. (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
  2009. OR
  2010. (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
  2011. )';
  2012. }
  2014. $condition = implode(' AND ', $conditionFilters);
  2016. $assetList = new Asset\Listing();
  2017. $assetList->setCondition($condition);
  2018. $assetList->setOrderKey('LENGTH(path)', false);
  2019. $assetList->setOrder('ASC');
  2021. for ($i = 0; $i < ceil($assetList->getTotalCount() / $filesPerJob); $i++) {
  2022. $jobs[] = [[
  2023. 'url' => $this->generateUrl('pimcore_admin_asset_downloadaszipaddfiles'),
  2024. 'method' => 'GET',
  2025. 'params' => [
  2026. 'id' => $asset->getId(),
  2027. 'selectedIds' => implode(',', $selectedIds),
  2028. 'offset' => $i * $filesPerJob,
  2029. 'limit' => $filesPerJob,
  2030. 'jobId' => $jobId,
  2031. ],
  2032. ]];
  2033. }
  2034. }
  2036. return $this->adminJson([
  2037. 'success' => true,
  2038. 'jobs' => $jobs,
  2039. 'jobId' => $jobId,
  2040. ]);
  2041. }
  2043. /**
  2044. * @Route("/download-as-zip-add-files", name="pimcore_admin_asset_downloadaszipaddfiles", methods={"GET"})
  2045. *
  2046. * @param Request $request
  2047. *
  2048. * @return JsonResponse
  2049. */
  2050. public function downloadAsZipAddFilesAction(Request $request)
  2051. {
  2052. $zipFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/download-zip-' . $request->get('jobId') . '.zip';
  2053. $asset = Asset::getById($request->get('id'));
  2054. $success = false;
  2056. if (!$asset) {
  2057. throw $this->createNotFoundException('Asset not found');
  2058. }
  2060. if ($asset->isAllowed('view')) {
  2061. $zip = new \ZipArchive();
  2062. if (!is_file($zipFile)) {
  2063. $zipState = $zip->open($zipFile, \ZipArchive::CREATE);
  2064. } else {
  2065. $zipState = $zip->open($zipFile);
  2066. }
  2068. if ($zipState === true) {
  2069. $parentPath = $asset->getRealFullPath();
  2070. if ($asset->getId() == 1) {
  2071. $parentPath = '';
  2072. }
  2074. $db = \Pimcore\Db::get();
  2075. $conditionFilters = [];
  2077. $selectedIds = $request->get('selectedIds', []);
  2079. if (!empty($selectedIds)) {
  2080. $selectedIds = explode(',', $selectedIds);
  2081. //add a condition if id numbers are specified
  2082. $conditionFilters[] = 'id IN (' . implode(',', $selectedIds) . ')';
  2083. }
  2084. $conditionFilters[] = "type != 'folder' AND path LIKE " . $db->quote($db->escapeLike($parentPath) . '/%');
  2085. if (!$this->getAdminUser()->isAdmin()) {
  2086. $userIds = $this->getAdminUser()->getRoles();
  2087. $userIds[] = $this->getAdminUser()->getId();
  2088. $conditionFilters[] = ' (
  2089. (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(CONCAT(path, filename),cpath)=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
  2090. OR
  2091. (select list from users_workspaces_asset where userId in (' . implode(',', $userIds) . ') and LOCATE(cpath,CONCAT(path, filename))=1 ORDER BY LENGTH(cpath) DESC LIMIT 1)=1
  2092. )';
  2093. }
  2095. $condition = implode(' AND ', $conditionFilters);
  2097. $assetList = new Asset\Listing();
  2098. $assetList->setCondition($condition);
  2099. $assetList->setOrderKey('LENGTH(path) ASC, id ASC', false);
  2100. $assetList->setOffset((int)$request->get('offset'));
  2101. $assetList->setLimit((int)$request->get('limit'));
  2103. foreach ($assetList as $a) {
  2104. if ($a->isAllowed('view')) {
  2105. if (!$a instanceof Asset\Folder) {
  2106. // add the file with the relative path to the parent directory
  2107. $zip->addFile($a->getLocalFile(), preg_replace('@^' . preg_quote($asset->getRealPath(), '@') . '@i', '', $a->getRealFullPath()));
  2108. }
  2109. }
  2110. }
  2112. $zip->close();
  2113. $success = true;
  2114. }
  2115. }
  2117. return $this->adminJson([
  2118. 'success' => $success,
  2119. ]);
  2120. }
  2122. /**
  2123. * @Route("/download-as-zip", name="pimcore_admin_asset_downloadaszip", methods={"GET"})
  2124. *
  2125. * @param Request $request
  2126. *
  2127. * @return BinaryFileResponse
  2128. * Download all assets contained in the folder with parameter id as ZIP file.
  2129. * The suggested filename is either [folder name].zip or assets.zip for the root folder.
  2130. */
  2131. public function downloadAsZipAction(Request $request)
  2132. {
  2133. $asset = Asset::getById($request->get('id'));
  2134. if (!$asset) {
  2135. throw $this->createNotFoundException('Asset not found');
  2136. }
  2137. $zipFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/download-zip-' . $request->get('jobId') . '.zip';
  2138. $suggestedFilename = $asset->getFilename();
  2139. if (empty($suggestedFilename)) {
  2140. $suggestedFilename = 'assets';
  2141. }
  2143. $response = new BinaryFileResponse($zipFile);
  2144. $response->headers->set('Content-Type', 'application/zip');
  2145. $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $suggestedFilename . '.zip');
  2146. $response->deleteFileAfterSend(true);
  2148. return $response;
  2149. }
  2151. /**
  2152. * @Route("/import-zip", name="pimcore_admin_asset_importzip", methods={"POST"})
  2153. *
  2154. * @param Request $request
  2155. *
  2156. * @return Response
  2157. */
  2158. public function importZipAction(Request $request)
  2159. {
  2160. $jobId = uniqid();
  2161. $filesPerJob = 5;
  2162. $jobs = [];
  2163. $asset = Asset::getById($request->get('parentId'));
  2165. if (!is_file($_FILES['Filedata']['tmp_name'])) {
  2166. return $this->adminJson([
  2167. 'success' => false,
  2168. 'message' => 'Something went wrong, please check upload_max_filesize and post_max_size in your php.ini as well as the write permissions on the file system',
  2169. ]);
  2170. }
  2172. if (!$asset) {
  2173. throw $this->createNotFoundException('Parent asset not found');
  2174. }
  2176. if (!$asset->isAllowed('create')) {
  2177. throw $this->createAccessDeniedException('not allowed to create');
  2178. }
  2180. $zipFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/' . $jobId . '.zip';
  2182. copy($_FILES['Filedata']['tmp_name'], $zipFile);
  2184. $zip = new \ZipArchive;
  2185. if ($zip->open($zipFile) === true) {
  2186. $jobAmount = ceil($zip->numFiles / $filesPerJob);
  2187. for ($i = 0; $i < $jobAmount; $i++) {
  2188. $jobs[] = [[
  2189. 'url' => $this->generateUrl('pimcore_admin_asset_importzipfiles'),
  2190. 'method' => 'POST',
  2191. 'params' => [
  2192. 'parentId' => $asset->getId(),
  2193. 'offset' => $i * $filesPerJob,
  2194. 'limit' => $filesPerJob,
  2195. 'jobId' => $jobId,
  2196. 'last' => (($i + 1) >= $jobAmount) ? 'true' : '',
  2197. ],
  2198. ]];
  2199. }
  2200. $zip->close();
  2201. }
  2203. // here we have to use this method and not the JSON action helper ($this->_helper->json()) because this will add
  2204. // Content-Type: application/json which fires a download window in most browsers, because this is a normal POST
  2205. // request and not XHR where the content-type doesn't matter
  2206. $responseJson = $this->encodeJson([
  2207. 'success' => true,
  2208. 'jobs' => $jobs,
  2209. 'jobId' => $jobId,
  2210. ]);
  2212. return new Response($responseJson);
  2213. }
  2215. /**
  2216. * @Route("/import-zip-files", name="pimcore_admin_asset_importzipfiles", methods={"POST"})
  2217. *
  2218. * @param Request $request
  2219. *
  2220. * @return JsonResponse
  2221. */
  2222. public function importZipFilesAction(Request $request)
  2223. {
  2224. $jobId = $request->get('jobId');
  2225. $limit = (int)$request->get('limit');
  2226. $offset = (int)$request->get('offset');
  2227. $importAsset = Asset::getById($request->get('parentId'));
  2228. $zipFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/' . $jobId . '.zip';
  2229. $tmpDir = PIMCORE_SYSTEM_TEMP_DIRECTORY . '/zip-import';
  2231. if (!is_dir($tmpDir)) {
  2232. File::mkdir($tmpDir, 0777, true);
  2233. }
  2235. $zip = new \ZipArchive;
  2236. if ($zip->open($zipFile) === true) {
  2237. for ($i = $offset; $i < ($offset + $limit); $i++) {
  2238. $path = $zip->getNameIndex($i);
  2240. if ($path !== false) {
  2241. if ($zip->extractTo($tmpDir . '/', $path)) {
  2242. $tmpFile = $tmpDir . '/' . preg_replace('@^/@', '', $path);
  2244. $filename = Element\Service::getValidKey(basename($path), 'asset');
  2246. $relativePath = '';
  2247. if (dirname($path) != '.') {
  2248. $relativePath = dirname($path);
  2249. }
  2251. $parentPath = $importAsset->getRealFullPath() . '/' . preg_replace('@^/@', '', $relativePath);
  2252. $parent = Asset\Service::createFolderByPath($parentPath);
  2254. // check for duplicate filename
  2255. $filename = $this->getSafeFilename($parent->getRealFullPath(), $filename);
  2257. if ($parent->isAllowed('create')) {
  2258. $asset = Asset::create($parent->getId(), [
  2259. 'filename' => $filename,
  2260. 'sourcePath' => $tmpFile,
  2261. 'userOwner' => $this->getAdminUser()->getId(),
  2262. 'userModification' => $this->getAdminUser()->getId(),
  2263. ]);
  2265. @unlink($tmpFile);
  2266. } else {
  2267. Logger::debug('prevented creating asset because of missing permissions');
  2268. }
  2269. }
  2270. }
  2271. }
  2272. $zip->close();
  2273. }
  2275. if ($request->get('last')) {
  2276. unlink($zipFile);
  2277. }
  2279. return $this->adminJson([
  2280. 'success' => true,
  2281. ]);
  2282. }
  2284. /**
  2285. * @Route("/import-server", name="pimcore_admin_asset_importserver", methods={"POST"})
  2286. *
  2287. * @param Request $request
  2288. *
  2289. * @return JsonResponse
  2290. */
  2291. public function importServerAction(Request $request)
  2292. {
  2293. $success = true;
  2294. $filesPerJob = 5;
  2295. $jobs = [];
  2296. $importDirectory = str_replace('/fileexplorer', PIMCORE_PROJECT_ROOT, $request->get('serverPath'));
  2297. if (preg_match('@^' . preg_quote(PIMCORE_PROJECT_ROOT, '@') . '@', $importDirectory) && is_dir($importDirectory)) {
  2298. $this->checkForPharStreamWrapper($importDirectory);
  2299. $files = rscandir($importDirectory . '/');
  2300. $count = count($files);
  2301. $jobFiles = [];
  2303. for ($i = 0; $i < $count; $i++) {
  2304. if (is_dir($files[$i])) {
  2305. continue;
  2306. }
  2308. $jobFiles[] = preg_replace('@^' . preg_quote($importDirectory, '@') . '@', '', $files[$i]);
  2310. if (count($jobFiles) >= $filesPerJob || $i >= ($count - 1)) {
  2311. $relativeImportDirectory = preg_replace('@^' . preg_quote(PIMCORE_PROJECT_ROOT, '@') . '@', '', $importDirectory);
  2312. $jobs[] = [[
  2313. 'url' => $this->generateUrl('pimcore_admin_asset_importserverfiles'),
  2314. 'method' => 'POST',
  2315. 'params' => [
  2316. 'parentId' => $request->get('parentId'),
  2317. 'serverPath' => $relativeImportDirectory,
  2318. 'files' => implode('::', $jobFiles),
  2319. ],
  2320. ]];
  2321. $jobFiles = [];
  2322. }
  2323. }
  2324. }
  2326. return $this->adminJson([
  2327. 'success' => $success,
  2328. 'jobs' => $jobs,
  2329. ]);
  2330. }
  2332. /**
  2333. * @Route("/import-server-files", name="pimcore_admin_asset_importserverfiles", methods={"POST"})
  2334. *
  2335. * @param Request $request
  2336. *
  2337. * @return JsonResponse
  2338. */
  2339. public function importServerFilesAction(Request $request)
  2340. {
  2341. $assetFolder = Asset::getById($request->get('parentId'));
  2342. if (!$assetFolder) {
  2343. throw $this->createNotFoundException('Parent asset not found');
  2344. }
  2345. $serverPath = PIMCORE_PROJECT_ROOT . $request->get('serverPath');
  2346. $files = explode('::', $request->get('files'));
  2348. foreach ($files as $file) {
  2349. $absolutePath = $serverPath . $file;
  2350. $this->checkForPharStreamWrapper($absolutePath);
  2351. if (is_file($absolutePath)) {
  2352. $relFolderPath = str_replace('\\', '/', dirname($file));
  2353. $folder = Asset\Service::createFolderByPath($assetFolder->getRealFullPath() . $relFolderPath);
  2354. $filename = basename($file);
  2356. // check for duplicate filename
  2357. $filename = Element\Service::getValidKey($filename, 'asset');
  2358. $filename = $this->getSafeFilename($folder->getRealFullPath(), $filename);
  2360. if ($assetFolder->isAllowed('create')) {
  2361. $asset = Asset::create($folder->getId(), [
  2362. 'filename' => $filename,
  2363. 'sourcePath' => $absolutePath,
  2364. 'userOwner' => $this->getAdminUser()->getId(),
  2365. 'userModification' => $this->getAdminUser()->getId(),
  2366. ]);
  2367. } else {
  2368. Logger::debug('prevented creating asset because of missing permissions ');
  2369. }
  2370. }
  2371. }
  2373. return $this->adminJson([
  2374. 'success' => true,
  2375. ]);
  2376. }
  2378. protected function checkForPharStreamWrapper($path)
  2379. {
  2380. if (stripos($path, 'phar://') !== false) {
  2381. throw $this->createAccessDeniedException('Using PHAR files is not allowed!');
  2382. }
  2383. }
  2385. /**
  2386. * @Route("/import-url", name="pimcore_admin_asset_importurl", methods={"POST"})
  2387. *
  2388. * @param Request $request
  2389. *
  2390. * @return JsonResponse
  2391. *
  2392. * @throws \Exception
  2393. */
  2394. public function importUrlAction(Request $request)
  2395. {
  2396. $success = true;
  2398. $data = Tool::getHttpData($request->get('url'));
  2399. $filename = basename($request->get('url'));
  2400. $parentId = $request->get('id');
  2401. $parentAsset = Asset::getById((int)$parentId);
  2403. if (!$parentAsset) {
  2404. throw $this->createNotFoundException('Parent asset not found');
  2405. }
  2407. $filename = Element\Service::getValidKey($filename, 'asset');
  2408. $filename = $this->getSafeFilename($parentAsset->getRealFullPath(), $filename);
  2410. if (empty($filename)) {
  2411. throw new \Exception('The filename of the asset is empty');
  2412. }
  2414. // check for duplicate filename
  2415. $filename = $this->getSafeFilename($parentAsset->getRealFullPath(), $filename);
  2417. if ($parentAsset->isAllowed('create')) {
  2418. $asset = Asset::create($parentId, [
  2419. 'filename' => $filename,
  2420. 'data' => $data,
  2421. 'userOwner' => $this->getAdminUser()->getId(),
  2422. 'userModification' => $this->getAdminUser()->getId(),
  2423. ]);
  2424. $success = true;
  2425. } else {
  2426. Logger::debug('prevented creating asset because of missing permissions');
  2427. }
  2429. return $this->adminJson(['success' => $success]);
  2430. }
  2432. /**
  2433. * @Route("/clear-thumbnail", name="pimcore_admin_asset_clearthumbnail", methods={"POST"})
  2434. *
  2435. * @param Request $request
  2436. *
  2437. * @return JsonResponse
  2438. */
  2439. public function clearThumbnailAction(Request $request)
  2440. {
  2441. $success = false;
  2443. if ($asset = Asset::getById($request->get('id'))) {
  2444. if (method_exists($asset, 'clearThumbnails')) {
  2445. if (!$asset->isAllowed('publish')) {
  2446. throw $this->createAccessDeniedException('not allowed to publish');
  2447. }
  2449. $asset->clearThumbnails(true); // force clear
  2450. $asset->save();
  2452. $success = true;
  2453. }
  2454. }
  2456. return $this->adminJson(['success' => $success]);
  2457. }
  2459. /**
  2460. * @Route("/grid-proxy", name="pimcore_admin_asset_gridproxy", methods={"GET", "POST", "PUT"})
  2461. *
  2462. * @param Request $request
  2463. * @param EventDispatcherInterface $eventDispatcher
  2464. * @param GridHelperService $gridHelperService
  2465. * @param CsrfProtectionHandler $csrfProtection
  2466. *
  2467. * @return JsonResponse
  2468. */
  2469. public function gridProxyAction(Request $request, EventDispatcherInterface $eventDispatcher, GridHelperService $gridHelperService, CsrfProtectionHandler $csrfProtection)
  2470. {
  2471. $allParams = array_merge($request->request->all(), $request->query->all());
  2473. $filterPrepareEvent = new GenericEvent($this, [
  2474. 'requestParams' => $allParams,
  2475. ]);
  2476. $language = $request->get('language') != 'default' ? $request->get('language') : null;
  2478. $eventDispatcher->dispatch($filterPrepareEvent, AdminEvents::ASSET_LIST_BEFORE_FILTER_PREPARE);
  2480. $allParams = $filterPrepareEvent->getArgument('requestParams');
  2482. $loader = \Pimcore::getContainer()->get('pimcore.implementation_loader.asset.metadata.data');
  2484. if (isset($allParams['data']) && $allParams['data']) {
  2485. $csrfProtection->checkCsrfToken($request);
  2486. if ($allParams['xaction'] == 'update') {
  2487. try {
  2488. $data = $this->decodeJson($allParams['data']);
  2490. $updateEvent = new GenericEvent($this, [
  2491. 'data' => $data,
  2492. 'processed' => false,
  2493. ]);
  2495. $eventDispatcher->dispatch($updateEvent, AdminEvents::ASSET_LIST_BEFORE_UPDATE);
  2497. $processed = $updateEvent->getArgument('processed');
  2499. if ($processed) {
  2500. // update already processed by event handler
  2501. return $this->adminJson(['success' => true]);
  2502. }
  2504. $data = $updateEvent->getArgument('data');
  2506. // save
  2507. $asset = Asset::getById($data['id']);
  2509. if (!$asset) {
  2510. throw $this->createNotFoundException('Asset not found');
  2511. }
  2513. if (!$asset->isAllowed('publish')) {
  2514. throw $this->createAccessDeniedException("Permission denied. You don't have the rights to save this asset.");
  2515. }
  2517. $metadata = $asset->getMetadata(null, null, false, true);
  2518. $dirty = false;
  2520. unset($data['id']);
  2521. foreach ($data as $key => $value) {
  2522. $fieldDef = explode('~', $key);
  2523. $key = $fieldDef[0];
  2524. if (isset($fieldDef[1])) {
  2525. $language = ($fieldDef[1] == 'none' ? '' : $fieldDef[1]);
  2526. }
  2528. foreach ($metadata as $idx => &$em) {
  2529. if ($em['name'] == $key && $em['language'] == $language) {
  2530. try {
  2531. $dataImpl = $loader->build($em['type']);
  2532. $value = $dataImpl->getDataFromListfolderGrid($value, $em);
  2533. } catch (UnsupportedException $le) {
  2534. Logger::error('could not resolve metadata implementation for ' . $em['type']);
  2535. }
  2537. $em['data'] = $value;
  2538. $dirty = true;
  2540. break;
  2541. }
  2542. }
  2544. if (!$dirty) {
  2545. $defaulMetadata = ['title', 'alt', 'copyright'];
  2546. if (in_array($key, $defaulMetadata)) {
  2547. $newEm = [
  2548. 'name' => $key,
  2549. 'language' => $language,
  2550. 'type' => 'input',
  2551. 'data' => $value,
  2552. ];
  2554. try {
  2555. $dataImpl = $loader->build($newEm['type']);
  2556. $newEm['data'] = $dataImpl->getDataFromListfolderGrid($value, $newEm);
  2557. } catch (UnsupportedException $le) {
  2558. Logger::error('could not resolve metadata implementation for ' . $newEm['type']);
  2559. }
  2561. $metadata[] = $newEm;
  2563. $dirty = true;
  2564. } else {
  2565. $predefined = Model\Metadata\Predefined::getByName($key);
  2566. if ($predefined && (empty($predefined->getTargetSubtype())
  2567. || $predefined->getTargetSubtype() == $asset->getType())) {
  2568. $newEm = [
  2569. 'name' => $key,
  2570. 'language' => $language,
  2571. 'type' => $predefined->getType(),
  2572. 'data' => $value,
  2573. ];
  2575. try {
  2576. $dataImpl = $loader->build($newEm['type']);
  2577. $newEm['data'] = $dataImpl->getDataFromListfolderGrid($value, $newEm);
  2578. } catch (UnsupportedException $le) {
  2579. Logger::error('could not resolve metadata implementation for ' . $newEm['type']);
  2580. }
  2582. $metadata[] = $newEm;
  2583. $dirty = true;
  2584. }
  2585. }
  2586. }
  2587. }
  2589. if ($dirty) {
  2590. // $metadata = Asset\Service::minimizeMetadata($metadata, "grid");
  2591. $asset->setMetadataRaw($metadata);
  2592. $asset->save();
  2594. return $this->adminJson(['success' => true]);
  2595. }
  2597. return $this->adminJson(['success' => false, 'message' => 'something went wrong.']);
  2598. } catch (\Exception $e) {
  2599. return $this->adminJson(['success' => false, 'message' => $e->getMessage()]);
  2600. }
  2601. }
  2602. } else {
  2603. $list = $gridHelperService->prepareAssetListingForGrid($allParams, $this->getAdminUser());
  2605. $beforeListLoadEvent = new GenericEvent($this, [
  2606. 'list' => $list,
  2607. 'context' => $allParams,
  2608. ]);
  2609. $eventDispatcher->dispatch($beforeListLoadEvent, AdminEvents::ASSET_LIST_BEFORE_LIST_LOAD);
  2610. /** @var Asset\Listing $list */
  2611. $list = $beforeListLoadEvent->getArgument('list');
  2613. $list->load();
  2615. $assets = [];
  2616. foreach ($list->getAssets() as $index => $asset) {
  2618. // Like for treeGetChildsByIdAction, so we respect isAllowed method which can be extended (object DI) for custom permissions, so relying only users_workspaces_asset is insufficient and could lead security breach
  2619. if ($asset->isAllowed('list')) {
  2620. $a = Asset\Service::gridAssetData($asset, $allParams['fields'], $allParams['language'] ?? '');
  2621. $assets[] = $a;
  2622. }
  2623. }
  2625. $result = ['data' => $assets, 'success' => true, 'total' => $list->getTotalCount()];
  2627. $afterListLoadEvent = new GenericEvent($this, [
  2628. 'list' => $result,
  2629. 'context' => $allParams,
  2630. ]);
  2631. $eventDispatcher->dispatch($afterListLoadEvent, AdminEvents::ASSET_LIST_AFTER_LIST_LOAD);
  2632. $result = $afterListLoadEvent->getArgument('list');
  2634. return $this->adminJson($result);
  2635. }
  2637. return $this->adminJson(['success' => false]);
  2638. }
  2640. /**
  2641. * @Route("/get-text", name="pimcore_admin_asset_gettext", methods={"GET"})
  2642. *
  2643. * @param Request $request
  2644. *
  2645. * @return JsonResponse
  2646. */
  2647. public function getTextAction(Request $request)
  2648. {
  2649. $asset = Asset::getById($request->get('id'));
  2651. if (!$asset) {
  2652. throw $this->createNotFoundException('Asset not found');
  2653. }
  2655. if (!$asset->isAllowed('view')) {
  2656. throw $this->createAccessDeniedException('not allowed to view');
  2657. }
  2659. $page = $request->get('page');
  2660. $text = null;
  2661. if ($asset instanceof Asset\Document) {
  2662. $text = $asset->getText($page);
  2663. }
  2665. return $this->adminJson(['success' => 'true', 'text' => $text]);
  2666. }
  2668. /**
  2669. * @Route("/detect-image-features", name="pimcore_admin_asset_detectimagefeatures", methods={"GET"})
  2670. *
  2671. * @param Request $request
  2672. *
  2673. * @return JsonResponse
  2674. */
  2675. public function detectImageFeaturesAction(Request $request)
  2676. {
  2677. $asset = Asset\Image::getById((int)$request->get('id'));
  2678. if (!$asset instanceof Asset) {
  2679. return $this->adminJson(['success' => false, 'message' => "asset doesn't exist"]);
  2680. }
  2682. if ($asset->isAllowed('publish')) {
  2683. $asset->detectFaces();
  2684. $asset->removeCustomSetting('disableImageFeatureAutoDetection');
  2685. $asset->save();
  2687. return $this->adminJson(['success' => true]);
  2688. }
  2690. throw $this->createAccessDeniedHttpException();
  2691. }
  2693. /**
  2694. * @Route("/delete-image-features", name="pimcore_admin_asset_deleteimagefeatures", methods={"GET"})
  2695. *
  2696. * @param Request $request
  2697. *
  2698. * @return JsonResponse
  2699. */
  2700. public function deleteImageFeaturesAction(Request $request)
  2701. {
  2702. $asset = Asset::getById((int)$request->get('id'));
  2703. if (!$asset instanceof Asset) {
  2704. return $this->adminJson(['success' => false, 'message' => "asset doesn't exist"]);
  2705. }
  2707. if ($asset->isAllowed('publish')) {
  2708. $asset->removeCustomSetting('faceCoordinates');
  2709. $asset->setCustomSetting('disableImageFeatureAutoDetection', true);
  2710. $asset->save();
  2712. return $this->adminJson(['success' => true]);
  2713. }
  2715. throw $this->createAccessDeniedHttpException();
  2716. }
  2718. /**
  2719. * @param ControllerEvent $event
  2720. */
  2721. public function onKernelControllerEvent(ControllerEvent $event)
  2722. {
  2723. $isMasterRequest = $event->isMasterRequest();
  2724. if (!$isMasterRequest) {
  2725. return;
  2726. }
  2728. $this->checkActionPermission($event, 'assets', [
  2729. 'getImageThumbnailAction', 'getVideoThumbnailAction', 'getDocumentThumbnailAction',
  2730. ]);
  2732. $this->_assetService = new Asset\Service($this->getAdminUser());
  2733. }
  2734. }