Permissions of Image Upload Problem

Yii 1.1 General Discussion
1

Interesting problem, created a folder called documents outside the protected folder can upload without issue but when I try to access the file the file permissions are set to 600 or something low like that and I get a 404 Page not found error. The folder permissions are set to 775 event tried 777 but no help, now if I -R when the files are in the folder of course I can access them.

Here is my controller:




<?php


class DocumentsController extends Controller

{

	/**

	 * @var string the default layout for the views. Defaults to '//layouts/column2', meaning

	 * using two-column layout. See 'protected/views/layouts/column2.php'.

	 */

	public $layout='//layouts/column2';


	/**

	 * @return array action filters

	 */

	public function filters()

	{

		return array(

			'accessControl', // perform access control for CRUD operations

		);

	}


	/**

	 * Specifies the access control rules.

	 * This method is used by the 'accessControl' filter.

	 * @return array access control rules

	 */

	public function accessRules()

	{

		return array(

			array('allow',  // allow all users to perform 'index' and 'view' actions

				'actions'=>array('index','view'),

				'users'=>array('*'),

			),

			array('allow', // allow authenticated user to perform 'create' and 'update' actions

				'actions'=>array('create','update'),

				'users'=>array('@'),

			),

			 array('allow',

                                'actions'=>array('admin','delete'),

                                'users'=>array('@'),

                                'expression'=>'$user->group_id==="1"'

                                ),

			array('deny',  // deny all users

				'users'=>array('*'),

			),

		);

	}


	/**

	 * Displays a particular model.

	 * @param integer $id the ID of the model to be displayed

	 */

	public function actionView($id)

	{

		$this->render('view',array(

			'model'=>$this->loadModel($id),

		));

	}


	/**

	 * Creates a new model.

	 * If creation is successful, the browser will be redirected to the 'view' page.

	 */

	/* public function actionCreate()

	{

		$model=new Documents;


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['Documents']))

		{

			$model->attributes=$_POST['Documents'];

			if($model->save())

				$this->redirect(array('view','id'=>$model->id));

		}


		$this->render('create',array(

			'model'=>$model,

		));

	}*/

        public function actionCreate()

	{

		$model=new Documents;

		

		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['Documents']))

		{

			$model->attributes=$_POST['Documents'];

			if($model->save())

			 

            $model->attributes=$_POST['Documents'];

            $model->filename=CUploadedFile::getInstance($model,'filename');

            if($model->save())

            {

				

            	$file= 'documents/'.$model->filename->name;

				if($model->filename->name) {

            	$model->filename->saveAs($file);

				}

				//model->filename->saveAs(Yii::app()->baseUrl.'/images');

                // redirect to success page

            	

				$this->redirect(array('view','id'=>$model->id));

			}

		}


		$this->render('create',array(

			'model'=>$model,

		));

	}


	/**

	 * Updates a particular model.

	 * If update is successful, the browser will be redirected to the 'view' page.

	 * @param integer $id the ID of the model to be updated

	 */

	/*public function actionUpdate($id)

	{

		$model=$this->loadModel($id);


		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model);


		if(isset($_POST['Documents']))

		{

			$model->attributes=$_POST['Documents'];

			if($model->save())

				$this->redirect(array('view','id'=>$model->id));

		}


		$this->render('update',array(

			'model'=>$model,

		));

	}*/

        

        public function actionUpdate($id)

	{

		$model=$this->loadModel($id);

                $old=$this->loadModel($id);

		// Uncomment the following line if AJAX validation is needed

		// $this->performAjaxValidation($model); 


		if(isset($_POST['Documents']))

		{

			$model->attributes=$_POST['Documents'];

		if($model->save())

				

		{

		$model->filename=CUploadedFile::getInstance($model,'filename');

              if (!empty($_FILES['Documents']['filename']['name'])) {

                if ($old->filename != "") {

                $file= 'documents/$old->filename->name';

                                        unlink($file);

                }          

                        } else {

                                $model->filename->name;

                        }       

            if($model->save())

            {

            	$file= 'documents/'.$model->filename->name;

				

            	$model->filename->saveAs($file);

                //model->filename->saveAs(Yii::app()->baseUrl.'/images');

                // redirect to success page

            	

				$this->redirect(array('view','id'=>$model->id));

			}

            	

				

			

		}

		}


		$this->render('update',array(

			'model'=>$model,

		));

	}


	/**

	 * Deletes a particular model.

	 * If deletion is successful, the browser will be redirected to the 'admin' page.

	 * @param integer $id the ID of the model to be deleted

	 */

	/*public function actionDelete($id)

	{

		if(Yii::app()->request->isPostRequest)

		{

			// we only allow deletion via POST request

			$this->loadModel($id)->delete();


			// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser

			if(!isset($_GET['ajax']))

				$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));

		}

		else

			throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');

	}*/

        

        public function actionDelete($id)

	{

						 


	

		if(Yii::app()->request->isPostRequest)

		{

			

			 $bUrl=Yii::app()->baseUrl;

                          $model = $this->loadModel($id); 

                          $filepath= "documents/$model->filename";

                          if (!empty($model->filename)) 

                          unlink($filepath); 

 

                          $model->delete();			

			// we only allow deletion via POST request

			//$this->loadModel($id)->delete();


			// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser

			if(!isset($_GET['ajax']))

				$this->redirect(isset($_POST['returnUrl']) ? $_POST['returnUrl'] : array('admin'));

		}

		else

			throw new CHttpException(400,'Invalid request. Please do not repeat this request again.');

	}


	/**

	 * Lists all models.

	 */

	public function actionIndex()

	{

		$dataProvider=new CActiveDataProvider('Documents');

		$this->render('index',array(

			'dataProvider'=>$dataProvider,

		));

	}


	/**

	 * Manages all models.

	 */

	public function actionAdmin()

	{

		$model=new Documents('search');

		$model->unsetAttributes();  // clear any default values

		if(isset($_GET['Documents']))

			$model->attributes=$_GET['Documents'];


		$this->render('admin',array(

			'model'=>$model,

		));

	}


	/**

	 * Returns the data model based on the primary key given in the GET variable.

	 * If the data model is not found, an HTTP exception will be raised.

	 * @param integer the ID of the model to be loaded

	 */

	public function loadModel($id)

	{

		$model=Documents::model()->findByPk($id);

		if($model===null)

			throw new CHttpException(404,'The requested page does not exist.');

		return $model;

	}


	/**

	 * Performs the AJAX validation.

	 * @param CModel the model to be validated

	 */

	protected function performAjaxValidation($model)

	{

		if(isset($_POST['ajax']) && $_POST['ajax']==='documents-form')

		{

			echo CActiveForm::validate($model);

			Yii::app()->end();

		}

	}

}
2

ANY IDEAS?