Working on a way to send a one-time link for attachment viewing

api/BusinessLogic/Security/UserContext.php

@@ -55,6 +55,10 @@ class UserContext {
     /* @var $active bool */
     public $active;
 
+    function isAnonymousUser() {
+        return $this->id === -1;
+    }
+
     /**
      * Builds a user context based on the current session. **The session must be active!**
      * @param $dataRow array the $_SESSION superglobal or the hesk_users result set
@@ -103,4 +107,10 @@ class UserContext {
 
         return $userContext;
     }
+
+    static function buildAnonymousUser() {
+        $userContext = new UserContext();
+        $userContext->id = -1;
+        return $userContext;
+    }
 }

api/Controllers/Attachments/StaffTicketAttachmentsController.php

@@ -31,6 +31,12 @@ class StaffTicketAttachmentsController {
         }
     }
 
+    private static function staticVerifyAttachmentsAreEnabled($heskSettings) {
+        if (!$heskSettings['attachments']['use']) {
+            throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
+        }
+    }
+
     function post($ticketId) {
         global $hesk_settings, $applicationContext, $userContext;
 
@@ -67,4 +73,13 @@ class StaffTicketAttachmentsController {
 
         return http_response_code(204);
     }
+
+    static function inline($ticketId, $attachmentId) {
+        global $hesk_settings, $applicationContext, $userContext;
+
+        self::staticVerifyAttachmentsAreEnabled($hesk_settings);
+
+        /* @var $attachmentRetriever AttachmentRetriever */
+        $attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
+    }
 }

api/index.php

@@ -16,8 +16,17 @@ function handle404() {
 }
 
 function before() {
+    global $userContext;
+
     assertApiIsEnabled();
 
+    $path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
+
+    if (preg_match('/^.*\/v1-public\/staff\/inline-attachment\/\d+$/', $path)) {
+        $userContext = \BusinessLogic\Security\UserContext::buildAnonymousUser();
+        return;
+    }
+
     $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
 
     if ($internalUse === 'true') {
@@ -178,6 +187,8 @@ Link::all(array(
     // Attachments
     '/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
     '/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
+    '/v1-internal/staff/tickets/{i}/attachments/{i}/inline' => \Controllers\Attachments\StaffTicketAttachmentsController::class . '::buildInline',
+    '/v1-public/staff/inline-attachment/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class . '::viewInline',
     // Statuses
     '/v1/statuses' => \Controllers\Statuses\StatusController::class,
     // Settings