2017-01-12 20:45:01 +01:00
|
|
|
<?php
|
|
|
|
|
use Ifsnop\Mysqldump as IMysqldump;
|
|
|
|
|
use Respect\Validation\Validator as DataValidator;
|
|
|
|
|
|
2017-05-12 06:58:40 +02:00
|
|
|
/**
|
|
|
|
|
* @api {get} /system/download Download file
|
2021-01-08 20:27:24 +01:00
|
|
|
* @apiVersion 4.9.0
|
2017-05-12 06:58:40 +02:00
|
|
|
*
|
|
|
|
|
* @apiName Download file
|
|
|
|
|
*
|
|
|
|
|
* @apiGroup System
|
|
|
|
|
*
|
|
|
|
|
* @apiDescription This path downloads a file.
|
|
|
|
|
*
|
|
|
|
|
* @apiPermission any
|
|
|
|
|
*
|
|
|
|
|
* @apiParam {String} file The filename to be downloaded.
|
|
|
|
|
*
|
2017-06-28 15:02:54 +02:00
|
|
|
* @apiError 403 You have no permission to access the file.
|
2017-05-12 06:58:40 +02:00
|
|
|
*
|
|
|
|
|
* @apiSuccess {Object} file File content
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
2017-01-12 20:45:01 +01:00
|
|
|
class DownloadController extends Controller {
|
|
|
|
|
const PATH = '/download';
|
2017-02-08 19:09:15 +01:00
|
|
|
const METHOD = 'GET';
|
2017-01-12 20:45:01 +01:00
|
|
|
|
|
|
|
|
public function validations() {
|
|
|
|
|
return [
|
2017-02-18 19:28:23 +01:00
|
|
|
'permission' => 'any',
|
2017-01-12 20:45:01 +01:00
|
|
|
'requestData' => [
|
|
|
|
|
'file' => [
|
2017-01-15 01:44:20 +01:00
|
|
|
'validation' => DataValidator::alnum('_.-')->noWhitespace(),
|
2017-01-13 00:30:44 +01:00
|
|
|
'error' => ERRORS::INVALID_FILE
|
2017-01-12 20:45:01 +01:00
|
|
|
]
|
|
|
|
|
]
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function handler() {
|
2017-01-13 00:30:44 +01:00
|
|
|
$fileName = Controller::request('file');
|
2017-06-26 00:03:56 +02:00
|
|
|
$isStaffProfilePic = !Staff::getDataStore($fileName, 'profilePic')->isNull();
|
2017-01-13 00:30:44 +01:00
|
|
|
|
2018-09-14 06:14:15 +02:00
|
|
|
$fileDownloader = FileDownloader::getInstance();
|
|
|
|
|
$fileDownloader->setFileName($fileName);
|
2017-02-18 19:28:23 +01:00
|
|
|
|
2018-09-14 06:14:15 +02:00
|
|
|
$session = Session::getInstance();
|
2017-02-18 19:28:23 +01:00
|
|
|
|
2018-09-14 06:14:15 +02:00
|
|
|
if(!$session->isStaffLogged()) {
|
|
|
|
|
switch($fileDownloader->getFilePermission()) {
|
|
|
|
|
case FileManager::PERMISSION_TICKET:
|
|
|
|
|
$ticketNumber = $fileDownloader->getTicketNumber();
|
|
|
|
|
$ticket = Ticket::getByTicketNumber($ticketNumber);
|
|
|
|
|
if($this->isNotAuthor($ticket, Controller::getLoggedUser())) {
|
|
|
|
|
return Response::respond403();
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case FileManager::PERMISSION_ARTICLE:
|
2020-05-13 00:22:51 +02:00
|
|
|
if(!$session->sessionExists()) {
|
2018-09-14 06:14:15 +02:00
|
|
|
return Response::respond403();
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case FileManager::PERMISSION_PROFILE:
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return Response::respond403();
|
2017-01-13 00:30:44 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-12 20:45:01 +01:00
|
|
|
$fileDownloader->download();
|
2018-07-03 04:31:47 +02:00
|
|
|
exit();
|
2017-01-12 20:45:01 +01:00
|
|
|
}
|
2017-01-13 00:30:44 +01:00
|
|
|
|
|
|
|
|
private function isNotAuthor($ticket, $loggedUser) {
|
2017-03-29 23:53:00 +02:00
|
|
|
$session = Session::getInstance();
|
|
|
|
|
|
|
|
|
|
if($session->getTicketNumber()) {
|
|
|
|
|
return $session->getTicketNumber() !== $ticket->ticketNumber;
|
|
|
|
|
} else {
|
2018-09-14 06:14:15 +02:00
|
|
|
return $ticket->author->id !== $loggedUser->id || ($loggedUser instanceof Staff) !== $ticket->authorToArray()['staff'];
|
2017-03-29 23:53:00 +02:00
|
|
|
}
|
2017-01-13 00:30:44 +01:00
|
|
|
}
|
|
|
|
|
|
2017-06-26 00:03:56 +02:00
|
|
|
private function isNotDepartmentOwner($ticket, $loggedUser) {
|
2017-03-29 23:53:00 +02:00
|
|
|
$session = Session::getInstance();
|
|
|
|
|
|
|
|
|
|
if($session->getTicketNumber()) {
|
|
|
|
|
return $session->getTicketNumber() !== $ticket->ticketNumber;
|
|
|
|
|
} else {
|
2017-06-26 00:03:56 +02:00
|
|
|
return !($loggedUser->level >= 1) || !$loggedUser->sharedDepartmentList->includesId($ticket->department->id);
|
2017-03-29 23:53:00 +02:00
|
|
|
}
|
2017-01-13 00:30:44 +01:00
|
|
|
}
|
2018-07-03 04:31:47 +02:00
|
|
|
}
|
