Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Working on a way to send a one-time link for attachment viewing

Browse Source
This commit is contained in:
Mike Koch 2017-05-23 22:33:43 -04:00
parent 3c5722c6d7
commit 9ed6b33077
3 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/BusinessLogic/Security/UserContext.php
View File

@ -55,6 +55,10 @@ class UserContext {
/* @var $active bool */ /* @var $active bool */
public $active; public $active;
function isAnonymousUser() {
return $this->id === -1;
}
/** /**
* Builds a user context based on the current session. **The session must be active!** * Builds a user context based on the current session. **The session must be active!**
* @param $dataRow array the $_SESSION superglobal or the hesk_users result set * @param $dataRow array the $_SESSION superglobal or the hesk_users result set
@ -103,4 +107,10 @@ class UserContext {
return $userContext; return $userContext;
} }
static function buildAnonymousUser() {
$userContext = new UserContext();
$userContext->id = -1;
return $userContext;
}
} }

15
api/Controllers/Attachments/StaffTicketAttachmentsController.php
View File

@ -31,6 +31,12 @@ class StaffTicketAttachmentsController {
} }
} }
private static function staticVerifyAttachmentsAreEnabled($heskSettings) {
if (!$heskSettings['attachments']['use']) {
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
}
}
function post($ticketId) { function post($ticketId) {
global $hesk_settings, $applicationContext, $userContext; global $hesk_settings, $applicationContext, $userContext;
@ -67,4 +73,13 @@ class StaffTicketAttachmentsController {
return http_response_code(204); return http_response_code(204);
} }
static function inline($ticketId, $attachmentId) {
global $hesk_settings, $applicationContext, $userContext;
self::staticVerifyAttachmentsAreEnabled($hesk_settings);
/* @var $attachmentRetriever AttachmentRetriever */
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
}
} }

11
api/index.php
View File

@ -16,8 +16,17 @@ function handle404() {
} }
function before() { function before() {
global $userContext;
assertApiIsEnabled(); assertApiIsEnabled();
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
if (preg_match('/^.*\/v1-public\/staff\/inline-attachment\/\d+$/', $path)) {
$userContext = \BusinessLogic\Security\UserContext::buildAnonymousUser();
return;
}
$internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL'); $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
if ($internalUse === 'true') { if ($internalUse === 'true') {
@ -178,6 +187,8 @@ Link::all(array(
// Attachments // Attachments
'/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class, '/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
'/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class, '/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
'/v1-internal/staff/tickets/{i}/attachments/{i}/inline' => \Controllers\Attachments\StaffTicketAttachmentsController::class . '::buildInline',
'/v1-public/staff/inline-attachment/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class . '::viewInline',
// Statuses // Statuses
'/v1/statuses' => \Controllers\Statuses\StatusController::class, '/v1/statuses' => \Controllers\Statuses\StatusController::class,
// Settings // Settings