Compare commits
3 Commits
master
...
inline-att
| Author | SHA1 | Date | |
|---|---|---|---|
|
67fad4c6ce | ||
|
|
e3bb11f27d | ||
|
|
9ed6b33077 |
@ -30,6 +30,20 @@ class AttachmentRetriever {
|
|||||||
$this->userToTicketChecker = $userToTicketChecker;
|
$this->userToTicketChecker = $userToTicketChecker;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//-- TODO Test
|
||||||
|
function getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $heskSettings) {
|
||||||
|
$ticket = $this->ticketGateway->getTicketByTrackingId($trackingId, $heskSettings);
|
||||||
|
|
||||||
|
if ($ticket === null) {
|
||||||
|
throw new ApiFriendlyException("Ticket {$trackingId} not found!", "Ticket Not Found", 404);
|
||||||
|
}
|
||||||
|
|
||||||
|
$attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
|
||||||
|
|
||||||
|
return array('meta' => $attachment,
|
||||||
|
'contents' => $this->fileReader->readFromFile($attachment->savedName, $heskSettings['attach_dir']));
|
||||||
|
}
|
||||||
|
|
||||||
function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
|
function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
|
||||||
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
|
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
|
||||||
|
|
||||||
|
|||||||
@ -55,6 +55,10 @@ class UserContext {
|
|||||||
/* @var $active bool */
|
/* @var $active bool */
|
||||||
public $active;
|
public $active;
|
||||||
|
|
||||||
|
function isAnonymousUser() {
|
||||||
|
return $this->id === -1;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Builds a user context based on the current session. **The session must be active!**
|
* Builds a user context based on the current session. **The session must be active!**
|
||||||
* @param $dataRow array the $_SESSION superglobal or the hesk_users result set
|
* @param $dataRow array the $_SESSION superglobal or the hesk_users result set
|
||||||
@ -103,4 +107,10 @@ class UserContext {
|
|||||||
|
|
||||||
return $userContext;
|
return $userContext;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static function buildAnonymousUser() {
|
||||||
|
$userContext = new UserContext();
|
||||||
|
$userContext->id = -1;
|
||||||
|
return $userContext;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
39
api/Controllers/Attachments/PublicAttachmentController.php
Normal file
39
api/Controllers/Attachments/PublicAttachmentController.php
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Controllers\Attachments;
|
||||||
|
|
||||||
|
|
||||||
|
use BusinessLogic\Attachments\Attachment;
|
||||||
|
use BusinessLogic\Attachments\AttachmentRetriever;
|
||||||
|
use BusinessLogic\Exceptions\ApiFriendlyException;
|
||||||
|
|
||||||
|
class PublicAttachmentController {
|
||||||
|
static function getRaw($trackingId, $attachmentId) {
|
||||||
|
global $hesk_settings, $applicationContext, $userContext;
|
||||||
|
|
||||||
|
self::verifyAttachmentsAreEnabled($hesk_settings);
|
||||||
|
|
||||||
|
/* @var $attachmentRetriever AttachmentRetriever */
|
||||||
|
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
|
||||||
|
|
||||||
|
$attachment = $attachmentRetriever->getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $hesk_settings);
|
||||||
|
|
||||||
|
/* @var $metadata Attachment */
|
||||||
|
$metadata = $attachment['meta'];
|
||||||
|
|
||||||
|
// Send the file as an attachment to prevent malicious code from executing
|
||||||
|
header("Pragma: "); # To fix a bug in IE when running https
|
||||||
|
header("Cache-Control: "); # To fix a bug in IE when running https
|
||||||
|
header('Content-Description: File Transfer');
|
||||||
|
header('Content-Type: application/octet-stream');
|
||||||
|
header('Content-Length: ' . $metadata->fileSize);
|
||||||
|
header('Content-Disposition: attachment; filename=' . $metadata->displayName);
|
||||||
|
print $attachment['contents'];
|
||||||
|
}
|
||||||
|
|
||||||
|
private static function verifyAttachmentsAreEnabled($heskSettings) {
|
||||||
|
if (!$heskSettings['attachments']['use']) {
|
||||||
|
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -31,6 +31,12 @@ class StaffTicketAttachmentsController {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static function staticVerifyAttachmentsAreEnabled($heskSettings) {
|
||||||
|
if (!$heskSettings['attachments']['use']) {
|
||||||
|
throw new ApiFriendlyException('Attachments are disabled on this server', 'Attachments Disabled', 404);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function post($ticketId) {
|
function post($ticketId) {
|
||||||
global $hesk_settings, $applicationContext, $userContext;
|
global $hesk_settings, $applicationContext, $userContext;
|
||||||
|
|
||||||
@ -67,4 +73,13 @@ class StaffTicketAttachmentsController {
|
|||||||
|
|
||||||
return http_response_code(204);
|
return http_response_code(204);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static function inline($ticketId, $attachmentId) {
|
||||||
|
global $hesk_settings, $applicationContext, $userContext;
|
||||||
|
|
||||||
|
self::staticVerifyAttachmentsAreEnabled($hesk_settings);
|
||||||
|
|
||||||
|
/* @var $attachmentRetriever AttachmentRetriever */
|
||||||
|
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
@ -16,6 +16,10 @@ function handle404() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function before() {
|
function before() {
|
||||||
|
global $userContext;
|
||||||
|
|
||||||
|
return;
|
||||||
|
|
||||||
assertApiIsEnabled();
|
assertApiIsEnabled();
|
||||||
|
|
||||||
$internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
|
$internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
|
||||||
@ -176,6 +180,7 @@ Link::all(array(
|
|||||||
// Tickets - Staff
|
// Tickets - Staff
|
||||||
'/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class,
|
'/v1/staff/tickets/{i}' => \Controllers\Tickets\StaffTicketController::class,
|
||||||
// Attachments
|
// Attachments
|
||||||
|
'/v1/tickets/{a}/attachments/{i}' => \Controllers\Attachments\PublicAttachmentController::class . '::getRaw',
|
||||||
'/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
|
'/v1/staff/tickets/{i}/attachments' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
|
||||||
'/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
|
'/v1/staff/tickets/{i}/attachments/{i}' => \Controllers\Attachments\StaffTicketAttachmentsController::class,
|
||||||
// Statuses
|
// Statuses
|
||||||
|
|||||||
@ -262,13 +262,13 @@ function hesk_load_database_functions()
|
|||||||
|
|
||||||
function hesk_load_api_database_functions()
|
function hesk_load_api_database_functions()
|
||||||
{
|
{
|
||||||
require(__DIR__ . '/../api/core/json_error.php');
|
require(__DIR__ . '/../api/Core/json_error.php');
|
||||||
// Preferrably use the MySQLi functions
|
// Preferrably use the MySQLi functions
|
||||||
if (function_exists('mysqli_connect')) {
|
if (function_exists('mysqli_connect')) {
|
||||||
require(__DIR__ . '/../api/core/database_mysqli.inc.php');
|
require(__DIR__ . '/../api/Core/database_mysqli.inc.php');
|
||||||
} // Default to MySQL
|
} // Default to MySQL
|
||||||
else {
|
else {
|
||||||
require(__DIR__ . '/../api/core/database.inc.php');
|
require(__DIR__ . '/../api/Core/database.inc.php');
|
||||||
}
|
}
|
||||||
} // END hesk_load_database_functions()
|
} // END hesk_load_database_functions()
|
||||||
|
|
||||||
|
|||||||
@ -51,11 +51,12 @@ function mfh_listAttachments($attachments = '', $reply = 0, $is_staff)
|
|||||||
} elseif (in_array($fontAwesomeIcon, array('fa fa-file-word-o', 'fa fa-file-excel-o', 'fa fa-file-powerpoint-o'))) {
|
} elseif (in_array($fontAwesomeIcon, array('fa fa-file-word-o', 'fa fa-file-excel-o', 'fa fa-file-powerpoint-o'))) {
|
||||||
//-- Get the actual image location and display a thumbnail. It will be linked to a modal to view a larger size.
|
//-- Get the actual image location and display a thumbnail. It will be linked to a modal to view a larger size.
|
||||||
$path = mfh_getSavedNameUrlForAttachment($att_id, $is_staff);
|
$path = mfh_getSavedNameUrlForAttachment($att_id, $is_staff);
|
||||||
|
$apiPath = preg_replace('/https?:\/\//i', '', $hesk_settings['hesk_url'] . '/api/index.php/v1/tickets/' . $trackingID . '/attachments/' . $att_id);
|
||||||
|
|
||||||
if ($path == '') {
|
if ($path == '') {
|
||||||
echo '<i class="fa fa-ban fa-4x" data-toggle="tooltip" title="' . $hesklang['attachment_removed'] . '"></i>';
|
echo '<i class="fa fa-ban fa-4x" data-toggle="tooltip" title="' . $hesklang['attachment_removed'] . '"></i>';
|
||||||
} else {
|
} else {
|
||||||
echo '<a class="mfp-iframe" data-toggle="lightbox-item" href="https://view.officeapps.live.com/op/embed.aspx?src=' . $path . '">
|
echo '<a class="mfp-iframe" data-toggle="lightbox-item" href="https://view.officeapps.live.com/op/embed.aspx?src=' . $apiPath . '">
|
||||||
<i class="' . $fontAwesomeIcon . ' fa-4x"></i>
|
<i class="' . $fontAwesomeIcon . ' fa-4x"></i>
|
||||||
</a>';
|
</a>';
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user