Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fixing inline attachments

Browse Source
This commit is contained in:
Mike Koch 2017-06-26 12:47:01 -04:00
parent 1ed740b7fa
commit a4836f1142
4 changed files with 61 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
api/BusinessLogic/Attachments/AttachmentRetriever.php
View File

@ -30,6 +30,20 @@ class AttachmentRetriever {
$this->userToTicketChecker = $userToTicketChecker; $this->userToTicketChecker = $userToTicketChecker;
} }
//-- TODO Test
function getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketByTrackingId($trackingId, $heskSettings);
if ($ticket === null) {
throw new ApiFriendlyException("Ticket {$trackingId} not found!", "Ticket Not Found", 404);
}
$attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
return array('meta' => $attachment,
'contents' => $this->fileReader->readFromFile($attachment->savedName, $heskSettings['attach_dir']));
}
function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) { function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings); $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);

39
api/Controllers/Attachments/PublicAttachmentController.php Normal file
View File

@ -0,0 +1,39 @@
<?php
namespace Controllers\Attachments;
use BusinessLogic\Attachments\Attachment;
use BusinessLogic\Attachments\AttachmentRetriever;
use BusinessLogic\Exceptions\ApiFriendlyException;
class PublicAttachmentController {
static function getRaw($trackingId, $attachmentId) {
global $hesk_settings, $applicationContext, $userContext;
self::verifyAttachmentsAreEnabled($hesk_settings);
/* @var $attachmentRetriever AttachmentRetriever */
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
$attachment = $attachmentRetriever->getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $hesk_settings);
/* @var $metadata Attachment */
$metadata = $attachment['meta'];
// Send the file as an attachment to prevent malicious code from executing
header("Pragma: "); # To fix a bug in IE when running https
header("Cache-Control: "); # To fix a bug in IE when running https
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Length: ' . $metadata->fileSize);
header('Content-Disposition: attachment; filename=' . $metadata->displayName);
print $attachment['contents'];
}
private static function verifyAttachmentsAreEnabled($heskSettings) {
if (!$heskSettings['attachments']['use']) {
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
}
}
}

6
api/index.php
View File

@ -20,6 +20,9 @@ function before() {
if ($internalUse === 'true') { if ($internalUse === 'true') {
buildUserContextFromSession(); buildUserContextFromSession();
} elseif (preg_match('/\/v1\/tickets\/.+\/attachments\/\d+/', $_SERVER['PATH_INFO'])) {
//-- TODO Clean this up
return;
} else { } else {
assertApiIsEnabled(); assertApiIsEnabled();
$token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN'); $token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
@ -168,13 +171,14 @@ Link::before('before');
Link::all(array( Link::all(array(
// Categories // Categories
'/v1/categories' => \Controllers\Categories\CategoryController::class . '::printAllCategories', '/v1/categories' => [\Controllers\Categories\CategoryController::class . '::printAllCategories'],
'/v1/categories/{i}' => \Controllers\Categories\CategoryController::class, '/v1/categories/{i}' => \Controllers\Categories\CategoryController::class,
// Tickets // Tickets
'/v1/tickets' => \Controllers\Tickets\CustomerTicketController::class, '/v1/tickets' => \Controllers\Tickets\CustomerTicketController::class,
// Tickets - Staff // Tickets - Staff
'/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class, '/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class,
// Attachments // Attachments
'/v1/tickets/{a}/attachments/{i}' => \Controllers\Attachments\PublicAttachmentController::class . '::getRaw',
'/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class, '/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
'/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class, '/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
// Statuses // Statuses

6
inc/common.inc.php
View File

@ -262,13 +262,13 @@ function hesk_load_database_functions()
function hesk_load_api_database_functions() function hesk_load_api_database_functions()
{ {
require(__DIR__ . '/../api/core/json_error.php'); require(__DIR__ . '/../api/Core/json_error.php');
// Preferrably use the MySQLi functions // Preferrably use the MySQLi functions
if (function_exists('mysqli_connect')) { if (function_exists('mysqli_connect')) {
require(__DIR__ . '/../api/core/database_mysqli.inc.php'); require(__DIR__ . '/../api/Core/database_mysqli.inc.php');
} // Default to MySQL } // Default to MySQL
else { else {
require(__DIR__ . '/../api/core/database.inc.php'); require(__DIR__ . '/../api/Core/database.inc.php');
} }
} // END hesk_load_database_functions() } // END hesk_load_database_functions()