Get inline attachment viewing for doc/xls/ppt working

Created an endpoint that will hopefully allow MS to display documents
Working on a way to send a one-time link for attachment viewing
7 changed files with 88 additions and 4 deletions
--- a/api/BusinessLogic/Attachments/AttachmentRetriever.php
+++ b/api/BusinessLogic/Attachments/AttachmentRetriever.php
@ -30,6 +30,20 @@ class AttachmentRetriever {
        $this->userToTicketChecker = $userToTicketChecker;
    }

+    //-- TODO Test
+    function getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $heskSettings) {
+        $ticket = $this->ticketGateway->getTicketByTrackingId($trackingId, $heskSettings);
+
+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$trackingId} not found!", "Ticket Not Found", 404);
+        }
+
+        $attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
+
+        return array('meta' => $attachment,
+            'contents' => $this->fileReader->readFromFile($attachment->savedName, $heskSettings['attach_dir']));
+    }
+
    function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
        $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);

--- a/api/BusinessLogic/Security/UserContext.php
+++ b/api/BusinessLogic/Security/UserContext.php
@ -55,6 +55,10 @@ class UserContext {
    /* @var $active bool */
    public $active;

+    function isAnonymousUser() {
+        return $this->id === -1;
+    }
+
    /**
     * Builds a user context based on the current session. **The session must be active!**
     * @param $dataRow array the $_SESSION superglobal or the hesk_users result set
@ -103,4 +107,10 @@ class UserContext {

        return $userContext;
    }
+
+    static function buildAnonymousUser() {
+        $userContext = new UserContext();
+        $userContext->id = -1;
+        return $userContext;
+    }
 }
--- a/api/Controllers/Attachments/PublicAttachmentController.php
+++ b/api/Controllers/Attachments/PublicAttachmentController.php
@ -0,0 +1,39 @@
+<?php
+
+namespace Controllers\Attachments;
+
+
+use BusinessLogic\Attachments\Attachment;
+use BusinessLogic\Attachments\AttachmentRetriever;
+use BusinessLogic\Exceptions\ApiFriendlyException;
+
+class PublicAttachmentController {
+    static function getRaw($trackingId, $attachmentId) {
+        global $hesk_settings, $applicationContext, $userContext;
+
+        self::verifyAttachmentsAreEnabled($hesk_settings);
+
+        /* @var $attachmentRetriever AttachmentRetriever */
+        $attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
+
+        $attachment = $attachmentRetriever->getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $hesk_settings);
+
+        /* @var $metadata Attachment */
+        $metadata = $attachment['meta'];
+
+        // Send the file as an attachment to prevent malicious code from executing
+        header("Pragma: "); # To fix a bug in IE when running https
+        header("Cache-Control: "); # To fix a bug in IE when running https
+        header('Content-Description: File Transfer');
+        header('Content-Type: application/octet-stream');
+        header('Content-Length: ' . $metadata->fileSize);
+        header('Content-Disposition: attachment; filename=' . $metadata->displayName);
+        print $attachment['contents'];
+    }
+
+    private static function verifyAttachmentsAreEnabled($heskSettings) {
+        if (!$heskSettings['attachments']['use']) {
+            throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
+        }
+    }
+}
--- a/api/Controllers/Attachments/StaffTicketAttachmentsController.php
+++ b/api/Controllers/Attachments/StaffTicketAttachmentsController.php
@ -31,6 +31,12 @@ class StaffTicketAttachmentsController {
        }
    }

+    private static function staticVerifyAttachmentsAreEnabled($heskSettings) {
+        if (!$heskSettings['attachments']['use']) {
+            throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
+        }
+    }
+
    function post($ticketId) {
        global $hesk_settings, $applicationContext, $userContext;

@ -67,4 +73,13 @@ class StaffTicketAttachmentsController {

        return http_response_code(204);
    }
+
+    static function inline($ticketId, $attachmentId) {
+        global $hesk_settings, $applicationContext, $userContext;
+
+        self::staticVerifyAttachmentsAreEnabled($hesk_settings);
+
+        /* @var $attachmentRetriever AttachmentRetriever */
+        $attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
+    }
 }
--- a/api/index.php
+++ b/api/index.php
@ -16,6 +16,10 @@ function handle404() {
 }

 function before() {
+    global $userContext;
+
+    return;
+
    assertApiIsEnabled();

    $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
@ -176,6 +180,7 @@ Link::all(array(
    // Tickets - Staff
    '/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class,
    // Attachments
+    '/v1/tickets/{a}/attachments/{i}' => \Controllers\Attachments\PublicAttachmentController::class . '::getRaw',
    '/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
    '/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
    // Statuses
--- a/inc/common.inc.php
+++ b/inc/common.inc.php
@ -262,13 +262,13 @@ function hesk_load_database_functions()

 function hesk_load_api_database_functions()
 {
-    require(__DIR__ . '/../api/core/json_error.php');
+    require(__DIR__ . '/../api/Core/json_error.php');
    // Preferrably use the MySQLi functions
    if (function_exists('mysqli_connect')) {
-        require(__DIR__ . '/../api/core/database_mysqli.inc.php');
+        require(__DIR__ . '/../api/Core/database_mysqli.inc.php');
    } // Default to MySQL
    else {
-        require(__DIR__ . '/../api/core/database.inc.php');
+        require(__DIR__ . '/../api/Core/database.inc.php');
    }
 } // END hesk_load_database_functions()

--- a/inc/view_attachment_functions.inc.php
+++ b/inc/view_attachment_functions.inc.php
@ -51,11 +51,12 @@ function mfh_listAttachments($attachments = '', $reply = 0, $is_staff)
        } elseif (in_array($fontAwesomeIcon, array('fa fa-file-word-o', 'fa fa-file-excel-o', 'fa fa-file-powerpoint-o'))) {
            //-- Get the actual image location and display a thumbnail. It will be linked to a modal to view a larger size.
            $path = mfh_getSavedNameUrlForAttachment($att_id, $is_staff);
+            $apiPath = preg_replace('/https?:\/\//i', '', $hesk_settings['hesk_url'] . '/api/index.php/v1/tickets/' . $trackingID . '/attachments/' . $att_id);

            if ($path == '') {
                echo '<i class="fa fa-ban fa-4x" data-toggle="tooltip" title="' . $hesklang['attachment_removed'] . '"></i>';
            } else {
-                echo '<a class="mfp-iframe" data-toggle="lightbox-item" href="https://view.officeapps.live.com/op/embed.aspx?src=' . $path . '">
+                echo '<a class="mfp-iframe" data-toggle="lightbox-item" href="https://view.officeapps.live.com/op/embed.aspx?src=' . $apiPath . '">
                    <i class="' . $fontAwesomeIcon . ' fa-4x"></i>
                </a>';
            }
Author	SHA1	Message	Date
Mike Koch	67fad4c6ce	Get inline attachment viewing for doc/xls/ppt working	7 years ago
Mike Koch	e3bb11f27d	Created an endpoint that will hopefully allow MS to display documents	7 years ago
Mike Koch	9ed6b33077	Working on a way to send a one-time link for attachment viewing	7 years ago