Ivan - Add validations before download and upload on comment [skip ci]

2017-01-12 20:30:44 -03:00 · 2017-01-12 20:30:44 -03:00 · 71984384cc
parent f2401dcec7
commit 71984384cc
4 changed files with 56 additions and 25 deletions
--- a/server/controllers/system/download.php
+++ b/server/controllers/system/download.php
@ -7,18 +7,48 @@ class DownloadController extends Controller {

    public function validations() {
        return [
-            'permission' => 'staff_1',
+            'permission' => 'user',
            'requestData' => [
                'file' => [
-                    'validation' => DataValidator::alnum('_.')->noWhitespace()
+                    'validation' => DataValidator::alnum('_.')->noWhitespace(),
+                    'error' => ERRORS::INVALID_FILE
                ]
            ]
        ];
    }

    public function handler() {
+        $fileName = Controller::request('file');
+
+        $loggedUser = Controller::getLoggedUser();
+        $ticket = Ticket::getTicket($fileName, 'file');
+
+        if($ticket->isNull() || ($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser))) {
+            $ticketEvent = Ticketevent::getDataStore($fileName, 'file');
+
+            if($ticketEvent->isNull()) {
+                print '';
+                return;
+            }
+
+            $ticket = $ticketEvent->ticket;
+
+            if($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser)) {
+                print '';
+                return;
+            }
+        }
+
        $fileDownloader = FileDownloader::getInstance();
-        $fileDownloader->setFileName(Controller::request('file'));
+        $fileDownloader->setFileName($fileName);
        $fileDownloader->download();
    }
+
+    private function isNotAuthor($ticket, $loggedUser) {
+        return Controller::isStaffLogged() || $ticket->author->id !== $loggedUser->id;
+    }
+
+    private function isNotOwner($ticket, $loggedUser) {
+        return !Controller::isStaffLogged() || !$ticket->owner || $ticket->owner->id !== $loggedUser->id;
+    }
 }
--- a/server/controllers/ticket/comment.php
+++ b/server/controllers/ticket/comment.php
@ -50,6 +50,7 @@ class CommentController extends Controller {
        $comment = Ticketevent::getEvent(Ticketevent::COMMENT);
        $comment->setProperties(array(
            'content' => $this->content,
+            'file' => $this->uploadFile(),
            'date' => Date::getCurrentDate()
        ));

--- a/server/controllers/ticket/create.php
+++ b/server/controllers/ticket/create.php
@ -75,26 +75,4 @@ class CreateController extends Controller {
        
        $this->ticketNumber = $ticket->ticketNumber;
    }
-    
-    private function uploadFile() {
-        if(!isset($_FILES['file'])) return '';
-        
-        $maxSize = Setting::getSetting('max-size')->getValue();
-        $fileGap = Setting::getSetting('file-gap')->getValue();
-        $fileFirst = Setting::getSetting('file-first-number')->getValue();
-        $fileQuantity = Setting::getSetting('file-quantity');
-        
-        $fileUploader = FileUploader::getInstance();
-        $fileUploader->setMaxSize($maxSize);
-        $fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue());
-
-        if($fileUploader->upload($_FILES['file'])) {
-            $fileQuantity->value++;
-            $fileQuantity->store();
-
-            return $fileUploader->getFileName();
-        } else {
-            throw new Exception(ERRORS::INVALID_FILE);
-        }
-    }
 }
--- a/server/libs/Controller.php
+++ b/server/libs/Controller.php
@ -60,4 +60,26 @@ abstract class Controller {
    public static function getAppInstance() {
        return \Slim\Slim::getInstance();
    }
+    
+    public function uploadFile() {
+        if(!isset($_FILES['file'])) return '';
+
+        $maxSize = Setting::getSetting('max-size')->getValue();
+        $fileGap = Setting::getSetting('file-gap')->getValue();
+        $fileFirst = Setting::getSetting('file-first-number')->getValue();
+        $fileQuantity = Setting::getSetting('file-quantity');
+
+        $fileUploader = FileUploader::getInstance();
+        $fileUploader->setMaxSize($maxSize);
+        $fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue());
+
+        if($fileUploader->upload($_FILES['file'])) {
+            $fileQuantity->value++;
+            $fileQuantity->store();
+
+            return $fileUploader->getFileName();
+        } else {
+            throw new Exception(ERRORS::INVALID_FILE);
+        }
+    }
 }