* SAAS-1084 - initial work on publishing API backend

* More work on automatic ingest * Add automatic_ingest_timestamp column to ImportedPodcast
2015-10-20 19:03:34 -04:00 · 2015-10-20 19:03:34 -04:00 · 0b1df6baf3
commit 0b1df6baf3
parent 3a791ef9b5
27 changed files with 490 additions and 106 deletions
--- a/airtime_mvc/application/controllers/plugins/Acl_plugin.php
+++ b/airtime_mvc/application/controllers/plugins/Acl_plugin.php
@ -223,7 +223,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
    }

    private function verifyAuth() {
-        if ($this->verifyAPIKey()) {
+        if ($this->isVerifiedDownload() || $this->verifyAPIKey()) {
            return true;
        }

@ -233,7 +233,32 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract

        return false;
    }
-    
+
+    /**
+     * Check if the requested file can be downloaded.
+     * It should satisfy the following requirements:
+     *  * request path is /rest/media/:id/download
+     *  * download key is correct
+     *  * requested file belongs to the station podcast
+     *
+     * @return bool
+     */
+    private function isVerifiedDownload() {
+        $request = $this->getRequest();
+        $fileId = $request->getParam("id");
+        $key = $request->getParam("download_key");
+        $module = $request->getModuleName();
+        $controller = $request->getControllerName();
+        $action = $request->getActionName();
+        $stationPodcast = StationPodcastQuery::create()
+            ->findOneByDbPodcastId(Application_Model_Preference::getStationPodcastId());
+        return $module == "rest"
+            && $controller == "media"
+            && $action == "download"
+            && $key === Application_Model_Preference::getStationPodcastDownloadKey()
+            && $stationPodcast->hasEpisodeForFile($fileId);
+    }
+
    private function verifyCSRFToken($token) {
        return SecurityHelper::verifyCSRFToken($token);
    }