Fixing inline attachments

remotes/remote_mirror_8/master
Mike Koch 7 years ago
parent 1ed740b7fa
commit a4836f1142

@ -30,6 +30,20 @@ class AttachmentRetriever {
$this->userToTicketChecker = $userToTicketChecker;
}
//-- TODO Test
function getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketByTrackingId($trackingId, $heskSettings);
if ($ticket === null) {
throw new ApiFriendlyException("Ticket {$trackingId} not found!", "Ticket Not Found", 404);
}
$attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
return array('meta' => $attachment,
'contents' => $this->fileReader->readFromFile($attachment->savedName, $heskSettings['attach_dir']));
}
function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);

@ -0,0 +1,39 @@
<?php
namespace Controllers\Attachments;
use BusinessLogic\Attachments\Attachment;
use BusinessLogic\Attachments\AttachmentRetriever;
use BusinessLogic\Exceptions\ApiFriendlyException;
class PublicAttachmentController {
static function getRaw($trackingId, $attachmentId) {
global $hesk_settings, $applicationContext, $userContext;
self::verifyAttachmentsAreEnabled($hesk_settings);
/* @var $attachmentRetriever AttachmentRetriever */
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
$attachment = $attachmentRetriever->getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $hesk_settings);
/* @var $metadata Attachment */
$metadata = $attachment['meta'];
// Send the file as an attachment to prevent malicious code from executing
header("Pragma: "); # To fix a bug in IE when running https
header("Cache-Control: "); # To fix a bug in IE when running https
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . $metadata->fileSize);
header('Content-Disposition: attachment; filename=' . $metadata->displayName);
print $attachment['contents'];
}
private static function verifyAttachmentsAreEnabled($heskSettings) {
if (!$heskSettings['attachments']['use']) {
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
}
}
}

@ -20,6 +20,9 @@ function before() {
if ($internalUse === 'true') {
buildUserContextFromSession();
} elseif (preg_match('/\/v1\/tickets\/.+\/attachments\/\d+/', $_SERVER['PATH_INFO'])) {
//-- TODO Clean this up
return;
} else {
assertApiIsEnabled();
$token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
@ -168,13 +171,14 @@ Link::before('before');
Link::all(array(
// Categories
'/v1/categories' => \Controllers\Categories\CategoryController::class . '::printAllCategories',
'/v1/categories' => [\Controllers\Categories\CategoryController::class . '::printAllCategories'],
'/v1/categories/{i}' => \Controllers\Categories\CategoryController::class,
// Tickets
'/v1/tickets' => \Controllers\Tickets\CustomerTicketController::class,
// Tickets - Staff
'/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class,
// Attachments
'/v1/tickets/{a}/attachments/{i}' => \Controllers\Attachments\PublicAttachmentController::class . '::getRaw',
'/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
'/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
// Statuses

@ -262,13 +262,13 @@ function hesk_load_database_functions()
function hesk_load_api_database_functions()
{
require(__DIR__ . '/../api/core/json_error.php');
require(__DIR__ . '/../api/Core/json_error.php');
// Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) {
require(__DIR__ . '/../api/core/database_mysqli.inc.php');
require(__DIR__ . '/../api/Core/database_mysqli.inc.php');
} // Default to MySQL
else {
require(__DIR__ . '/../api/core/database.inc.php');
require(__DIR__ . '/../api/Core/database.inc.php');
}
} // END hesk_load_database_functions()

Loading…
Cancel
Save