Переглянути джерело

Fixing inline attachments

tags/3.1.0
Mike Koch 2 роки тому
джерело
коміт
a4836f1142

+ 14
- 0
api/BusinessLogic/Attachments/AttachmentRetriever.php Переглянути файл

@@ -30,6 +30,20 @@ class AttachmentRetriever {
$this->userToTicketChecker = $userToTicketChecker;
}

//-- TODO Test
function getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketByTrackingId($trackingId, $heskSettings);

if ($ticket === null) {
throw new ApiFriendlyException("Ticket {$trackingId} not found!", "Ticket Not Found", 404);
}

$attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);

return array('meta' => $attachment,
'contents' => $this->fileReader->readFromFile($attachment->savedName, $heskSettings['attach_dir']));
}

function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);


+ 39
- 0
api/Controllers/Attachments/PublicAttachmentController.php Переглянути файл

@@ -0,0 +1,39 @@
<?php

namespace Controllers\Attachments;


use BusinessLogic\Attachments\Attachment;
use BusinessLogic\Attachments\AttachmentRetriever;
use BusinessLogic\Exceptions\ApiFriendlyException;

class PublicAttachmentController {
static function getRaw($trackingId, $attachmentId) {
global $hesk_settings, $applicationContext, $userContext;

self::verifyAttachmentsAreEnabled($hesk_settings);

/* @var $attachmentRetriever AttachmentRetriever */
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];

$attachment = $attachmentRetriever->getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $hesk_settings);

/* @var $metadata Attachment */
$metadata = $attachment['meta'];

// Send the file as an attachment to prevent malicious code from executing
header("Pragma: "); # To fix a bug in IE when running https
header("Cache-Control: "); # To fix a bug in IE when running https
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . $metadata->fileSize);
header('Content-Disposition: attachment; filename=' . $metadata->displayName);
print $attachment['contents'];
}

private static function verifyAttachmentsAreEnabled($heskSettings) {
if (!$heskSettings['attachments']['use']) {
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
}
}
}

+ 5
- 1
api/index.php Переглянути файл

@@ -20,6 +20,9 @@ function before() {

if ($internalUse === 'true') {
buildUserContextFromSession();
} elseif (preg_match('/\/v1\/tickets\/.+\/attachments\/\d+/', $_SERVER['PATH_INFO'])) {
//-- TODO Clean this up
return;
} else {
assertApiIsEnabled();
$token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
@@ -168,13 +171,14 @@ Link::before('before');

Link::all(array(
// Categories
'/v1/categories' => \Controllers\Categories\CategoryController::class . '::printAllCategories',
'/v1/categories' => [\Controllers\Categories\CategoryController::class . '::printAllCategories'],
'/v1/categories/{i}' => \Controllers\Categories\CategoryController::class,
// Tickets
'/v1/tickets' => \Controllers\Tickets\CustomerTicketController::class,
// Tickets - Staff
'/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class,
// Attachments
'/v1/tickets/{a}/attachments/{i}' => \Controllers\Attachments\PublicAttachmentController::class . '::getRaw',
'/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
'/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
// Statuses

+ 3
- 3
inc/common.inc.php Переглянути файл

@@ -262,13 +262,13 @@ function hesk_load_database_functions()

function hesk_load_api_database_functions()
{
require(__DIR__ . '/../api/core/json_error.php');
require(__DIR__ . '/../api/Core/json_error.php');
// Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) {
require(__DIR__ . '/../api/core/database_mysqli.inc.php');
require(__DIR__ . '/../api/Core/database_mysqli.inc.php');
} // Default to MySQL
else {
require(__DIR__ . '/../api/core/database.inc.php');
require(__DIR__ . '/../api/Core/database.inc.php');
}
} // END hesk_load_database_functions()


Завантаження…
Відмінити
Зберегти