Interesting problem, created a folder called documents outside the protected folder can upload without issue but when I try to access the file the file permissions are set to 600 or something low like that and I get a 404 Page not found error. The folder permissions are set to 775 event tried 777 but no help, now if I -R when the files are in the folder of course I can access them.
Here is my controller:
<?php
class DocumentsController extends Controller
{
/**
* @var string the default layout for the views. Defaults to '//layouts/column2', meaning
* using two-column layout. See 'protected/views/layouts/column2.php'.
*/
public $layout='//layouts/column2';
/**
* @return array action filters
*/
public function filters()
{
return array(
'accessControl', // perform access control for CRUD operations
);
}
/**
* Specifies the access control rules.
* This method is used by the 'accessControl' filter.
* @return array access control rules
*/
public function accessRules()
{
return array(
array('allow', // allow all users to perform 'index' and 'view' actions
'actions'=>array('index','view'),
'users'=>array('*'),
),
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update'),
'users'=>array('@'),
),
array('allow',
'actions'=>array('admin','delete'),
'users'=>array('@'),
'expression'=>'$user->group_id==="1"'
),
array('deny', // deny all users
'users'=>array('*'),
),
);
}
/**
* Displays a particular model.
* @param integer $id the ID of the model to be displayed
*/
public function actionView($id)
{
$this->render('view',array(
'model'=>$this->loadModel($id),
));
}
/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
*/
/* public function actionCreate()
{
$model=new Documents;
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if(isset($_POST['Documents']))
{
$model->attributes=$_POST['Documents'];
if($model->save())
$this->redirect(array('view','id'=>$model->id));
}
$this->render('create',array(
'model'=>$model,
));
}*/
public function actionCreate()
{
$model=new Documents;
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if(isset($_POST['Documents']))
{
$model->attributes=$_POST['Documents'];
if($model->save())
$model->attributes=$_POST['Documents'];
$model->filename=CUploadedFile::getInstance($model,'filename');
if($model->save())
{
$file= 'documents/'.$model->filename->name;
if($model->filename->name) {
$model->filename->saveAs($file);
}
//model->filename->saveAs(Yii::app()->baseUrl.'/images');
// redirect to success page
$this->redirect(array('view','id'=>$model->id));
}
}
$this->render('create',array(
'model'=>$model,
));
}
/**
* Updates a particular model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id the ID of the model to be updated
*/
/*public function actionUpdate($id)
{
$model=$this->loadModel($id);
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if(isset($_POST['Documents']))
{
$model->attributes=$_POST['Documents'];
if($model->save())
$this->redirect(array('view','id'=>$model->id));
}
$this->render('update',array(
'model'=>$model,
));
}*/
public function actionUpdate($id)
{
$model=$this->loadModel($id);
$old=$this->loadModel($id);
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if(isset($_POST['Documents']))
{
$model->attributes=$_POST['Documents'];
if($model->save())
{
$model->filename=CUploadedFile::getInstance($model,'filename');
if (!empty($_FILES['Documents']['filename']['name'])) {
if ($old->filename != "") {
$file= 'documents/$old->filename->name';
unlink($file);
}
} else {
$model->filename->name;
}
if($model->save())
{
$file= 'documents/'.$model->filename->name;
$model->filename->saveAs($file);
//model->filename->saveAs(Yii::app()->baseUrl.'/images');
// redirect to success page
$this->redirect(array('view','id'=>$model->id));
}
}
}
$this->render('update',array(
'model'=>$model,
));
}
/**
* Deletes a particular model.
* If deletion is successful, the browser will be redirected to the 'admin' page.
* @param integer $id the ID of the model to be deleted
*/
/*public function actionDelete($id)
{
if(Yii::app()->request->isPostRequest)
{
// we only allow deletion via POST request
$this->loadModel($id)->delete();
// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
if(!isset($_GET['ajax']))
$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
}
else
throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');
}*/
public function actionDelete($id)
{
if(Yii::app()->request->isPostRequest)
{
$bUrl=Yii::app()->baseUrl;
$model = $this->loadModel($id);
$filepath= "documents/$model->filename";
if (!empty($model->filename))
unlink($filepath);
$model->delete();
// we only allow deletion via POST request
//$this->loadModel($id)->delete();
// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
if(!isset($_GET['ajax']))
$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));
}
else
throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');
}
/**
* Lists all models.
*/
public function actionIndex()
{
$dataProvider=new CActiveDataProvider('Documents');
$this->render('index',array(
'dataProvider'=>$dataProvider,
));
}
/**
* Manages all models.
*/
public function actionAdmin()
{
$model=new Documents('search');
$model->unsetAttributes(); // clear any default values
if(isset($_GET['Documents']))
$model->attributes=$_GET['Documents'];
$this->render('admin',array(
'model'=>$model,
));
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer the ID of the model to be loaded
*/
public function loadModel($id)
{
$model=Documents::model()->findByPk($id);
if($model===null)
throw new CHttpException(404,'The requested page does not exist.');
return $model;
}
/**
* Performs the AJAX validation.
* @param CModel the model to be validated
*/
protected function performAjaxValidation($model)
{
if(isset($_POST['ajax']) && $_POST['ajax']==='documents-form')
{
echo CActiveForm::validate($model);
Yii::app()->end();
}
}
}