diff --git a/server/controllers/system/download.php b/server/controllers/system/download.php index 0b481bf8..8c6699b3 100644 --- a/server/controllers/system/download.php +++ b/server/controllers/system/download.php @@ -7,18 +7,48 @@ class DownloadController extends Controller { public function validations() { return [ - 'permission' => 'staff_1', + 'permission' => 'user', 'requestData' => [ 'file' => [ - 'validation' => DataValidator::alnum('_.')->noWhitespace() + 'validation' => DataValidator::alnum('_.')->noWhitespace(), + 'error' => ERRORS::INVALID_FILE ] ] ]; } public function handler() { + $fileName = Controller::request('file'); + + $loggedUser = Controller::getLoggedUser(); + $ticket = Ticket::getTicket($fileName, 'file'); + + if($ticket->isNull() || ($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser))) { + $ticketEvent = Ticketevent::getDataStore($fileName, 'file'); + + if($ticketEvent->isNull()) { + print ''; + return; + } + + $ticket = $ticketEvent->ticket; + + if($this->isNotAuthor($ticket, $loggedUser) && $this->isNotOwner($ticket, $loggedUser)) { + print ''; + return; + } + } + $fileDownloader = FileDownloader::getInstance(); - $fileDownloader->setFileName(Controller::request('file')); + $fileDownloader->setFileName($fileName); $fileDownloader->download(); } + + private function isNotAuthor($ticket, $loggedUser) { + return Controller::isStaffLogged() || $ticket->author->id !== $loggedUser->id; + } + + private function isNotOwner($ticket, $loggedUser) { + return !Controller::isStaffLogged() || !$ticket->owner || $ticket->owner->id !== $loggedUser->id; + } } \ No newline at end of file diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php index b51414c2..6a043757 100644 --- a/server/controllers/ticket/comment.php +++ b/server/controllers/ticket/comment.php @@ -50,6 +50,7 @@ class CommentController extends Controller { $comment = Ticketevent::getEvent(Ticketevent::COMMENT); $comment->setProperties(array( 'content' => $this->content, + 'file' => $this->uploadFile(), 'date' => Date::getCurrentDate() )); diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index b9409361..fbcd9203 100644 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -75,26 +75,4 @@ class CreateController extends Controller { $this->ticketNumber = $ticket->ticketNumber; } - - private function uploadFile() { - if(!isset($_FILES['file'])) return ''; - - $maxSize = Setting::getSetting('max-size')->getValue(); - $fileGap = Setting::getSetting('file-gap')->getValue(); - $fileFirst = Setting::getSetting('file-first-number')->getValue(); - $fileQuantity = Setting::getSetting('file-quantity'); - - $fileUploader = FileUploader::getInstance(); - $fileUploader->setMaxSize($maxSize); - $fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue()); - - if($fileUploader->upload($_FILES['file'])) { - $fileQuantity->value++; - $fileQuantity->store(); - - return $fileUploader->getFileName(); - } else { - throw new Exception(ERRORS::INVALID_FILE); - } - } } diff --git a/server/libs/Controller.php b/server/libs/Controller.php index 3c8a3ca9..b82bdb0f 100644 --- a/server/libs/Controller.php +++ b/server/libs/Controller.php @@ -60,4 +60,26 @@ abstract class Controller { public static function getAppInstance() { return \Slim\Slim::getInstance(); } + + public function uploadFile() { + if(!isset($_FILES['file'])) return ''; + + $maxSize = Setting::getSetting('max-size')->getValue(); + $fileGap = Setting::getSetting('file-gap')->getValue(); + $fileFirst = Setting::getSetting('file-first-number')->getValue(); + $fileQuantity = Setting::getSetting('file-quantity'); + + $fileUploader = FileUploader::getInstance(); + $fileUploader->setMaxSize($maxSize); + $fileUploader->setGeneratorValues($fileGap, $fileFirst, $fileQuantity->getValue()); + + if($fileUploader->upload($_FILES['file'])) { + $fileQuantity->value++; + $fileQuantity->store(); + + return $fileUploader->getFileName(); + } else { + throw new Exception(ERRORS::INVALID_FILE); + } + } } \ No newline at end of file