Compare commits
3 Commits
master
...
inline-att
| Author | SHA1 | Date | |
|---|---|---|---|
|
67fad4c6ce | ||
|
|
e3bb11f27d | ||
|
|
9ed6b33077 |
@ -30,6 +30,20 @@ class AttachmentRetriever {
|
||||
$this->userToTicketChecker = $userToTicketChecker;
|
||||
}
|
||||
|
||||
//-- TODO Test
|
||||
function getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $heskSettings) {
|
||||
$ticket = $this->ticketGateway->getTicketByTrackingId($trackingId, $heskSettings);
|
||||
|
||||
if ($ticket === null) {
|
||||
throw new ApiFriendlyException("Ticket {$trackingId} not found!", "Ticket Not Found", 404);
|
||||
}
|
||||
|
||||
$attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
|
||||
|
||||
return array('meta' => $attachment,
|
||||
'contents' => $this->fileReader->readFromFile($attachment->savedName, $heskSettings['attach_dir']));
|
||||
}
|
||||
|
||||
function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
|
||||
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
|
||||
|
||||
|
||||
@ -55,6 +55,10 @@ class UserContext {
|
||||
/* @var $active bool */
|
||||
public $active;
|
||||
|
||||
function isAnonymousUser() {
|
||||
return $this->id === -1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Builds a user context based on the current session. **The session must be active!**
|
||||
* @param $dataRow array the $_SESSION superglobal or the hesk_users result set
|
||||
@ -103,4 +107,10 @@ class UserContext {
|
||||
|
||||
return $userContext;
|
||||
}
|
||||
|
||||
static function buildAnonymousUser() {
|
||||
$userContext = new UserContext();
|
||||
$userContext->id = -1;
|
||||
return $userContext;
|
||||
}
|
||||
}
|
||||
39
api/Controllers/Attachments/PublicAttachmentController.php
Normal file
39
api/Controllers/Attachments/PublicAttachmentController.php
Normal file
@ -0,0 +1,39 @@
|
||||
<?php
|
||||
|
||||
namespace Controllers\Attachments;
|
||||
|
||||
|
||||
use BusinessLogic\Attachments\Attachment;
|
||||
use BusinessLogic\Attachments\AttachmentRetriever;
|
||||
use BusinessLogic\Exceptions\ApiFriendlyException;
|
||||
|
||||
class PublicAttachmentController {
|
||||
static function getRaw($trackingId, $attachmentId) {
|
||||
global $hesk_settings, $applicationContext, $userContext;
|
||||
|
||||
self::verifyAttachmentsAreEnabled($hesk_settings);
|
||||
|
||||
/* @var $attachmentRetriever AttachmentRetriever */
|
||||
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
|
||||
|
||||
$attachment = $attachmentRetriever->getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $hesk_settings);
|
||||
|
||||
/* @var $metadata Attachment */
|
||||
$metadata = $attachment['meta'];
|
||||
|
||||
// Send the file as an attachment to prevent malicious code from executing
|
||||
header("Pragma: "); # To fix a bug in IE when running https
|
||||
header("Cache-Control: "); # To fix a bug in IE when running https
|
||||
header('Content-Description: File Transfer');
|
||||
header('Content-Type: application/octet-stream');
|
||||
header('Content-Length: ' . $metadata->fileSize);
|
||||
header('Content-Disposition: attachment; filename=' . $metadata->displayName);
|
||||
print $attachment['contents'];
|
||||
}
|
||||
|
||||
private static function verifyAttachmentsAreEnabled($heskSettings) {
|
||||
if (!$heskSettings['attachments']['use']) {
|
||||
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -31,6 +31,12 @@ class StaffTicketAttachmentsController {
|
||||
}
|
||||
}
|
||||
|
||||
private static function staticVerifyAttachmentsAreEnabled($heskSettings) {
|
||||
if (!$heskSettings['attachments']['use']) {
|
||||
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
|
||||
}
|
||||
}
|
||||
|
||||
function post($ticketId) {
|
||||
global $hesk_settings, $applicationContext, $userContext;
|
||||
|
||||
@ -67,4 +73,13 @@ class StaffTicketAttachmentsController {
|
||||
|
||||
return http_response_code(204);
|
||||
}
|
||||
|
||||
static function inline($ticketId, $attachmentId) {
|
||||
global $hesk_settings, $applicationContext, $userContext;
|
||||
|
||||
self::staticVerifyAttachmentsAreEnabled($hesk_settings);
|
||||
|
||||
/* @var $attachmentRetriever AttachmentRetriever */
|
||||
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
|
||||
}
|
||||
}
|
||||
@ -16,6 +16,10 @@ function handle404() {
|
||||
}
|
||||
|
||||
function before() {
|
||||
global $userContext;
|
||||
|
||||
return;
|
||||
|
||||
assertApiIsEnabled();
|
||||
|
||||
$internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
|
||||
@ -176,6 +180,7 @@ Link::all(array(
|
||||
// Tickets - Staff
|
||||
'/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class,
|
||||
// Attachments
|
||||
'/v1/tickets/{a}/attachments/{i}' => \Controllers\Attachments\PublicAttachmentController::class . '::getRaw',
|
||||
'/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
|
||||
'/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
|
||||
// Statuses
|
||||
|
||||
@ -262,13 +262,13 @@ function hesk_load_database_functions()
|
||||
|
||||
function hesk_load_api_database_functions()
|
||||
{
|
||||
require(__DIR__ . '/../api/core/json_error.php');
|
||||
require(__DIR__ . '/../api/Core/json_error.php');
|
||||
// Preferrably use the MySQLi functions
|
||||
if (function_exists('mysqli_connect')) {
|
||||
require(__DIR__ . '/../api/core/database_mysqli.inc.php');
|
||||
require(__DIR__ . '/../api/Core/database_mysqli.inc.php');
|
||||
} // Default to MySQL
|
||||
else {
|
||||
require(__DIR__ . '/../api/core/database.inc.php');
|
||||
require(__DIR__ . '/../api/Core/database.inc.php');
|
||||
}
|
||||
} // END hesk_load_database_functions()
|
||||
|
||||
|
||||
@ -51,11 +51,12 @@ function mfh_listAttachments($attachments = '', $reply = 0, $is_staff)
|
||||
} elseif (in_array($fontAwesomeIcon, array('fa fa-file-word-o', 'fa fa-file-excel-o', 'fa fa-file-powerpoint-o'))) {
|
||||
//-- Get the actual image location and display a thumbnail. It will be linked to a modal to view a larger size.
|
||||
$path = mfh_getSavedNameUrlForAttachment($att_id, $is_staff);
|
||||
$apiPath = preg_replace('/https?:\/\//i', '', $hesk_settings['hesk_url'] . '/api/index.php/v1/tickets/' . $trackingID . '/attachments/' . $att_id);
|
||||
|
||||
if ($path == '') {
|
||||
echo '<i class="fa fa-ban fa-4x" data-toggle="tooltip" title="' . $hesklang['attachment_removed'] . '"></i>';
|
||||
} else {
|
||||
echo '<a class="mfp-iframe" data-toggle="lightbox-item" href="https://view.officeapps.live.com/op/embed.aspx?src=' . $path . '">
|
||||
echo '<a class="mfp-iframe" data-toggle="lightbox-item" href="https://view.officeapps.live.com/op/embed.aspx?src=' . $apiPath . '">
|
||||
<i class="' . $fontAwesomeIcon . ' fa-4x"></i>
|
||||
</a>';
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user