WebServices: download forum attachment

4 years ago · 396ded295c
parent ff516d16ce
commit 396ded295c
3 changed files with 39 additions and 0 deletions
--- a/main/forum/forumfunction.inc.php
+++ b/main/forum/forumfunction.inc.php
@ -6420,6 +6420,8 @@ function getAttachedFiles(
    if ($result !== false && Database::num_rows($result) > 0) {
        while ($row = Database::fetch_array($result, 'ASSOC')) {
            // name contains an URL to download attachment file and its filename
+            $json['filename'] = $row['filename'];
+            $json['path'] = $row['path'];
            $json['name'] = Display::url(
                api_htmlentities($row['filename']),
                api_get_path(WEB_CODE_PATH).'forum/download.php?file='.$row['path'].'&'.api_get_cidreq(),
--- a/main/inc/lib/webservices/Rest.php
+++ b/main/inc/lib/webservices/Rest.php
@ -60,6 +60,7 @@ class Rest extends WebService
    const SAVE_FORUM_POST = 'save_forum_post';
    const SAVE_FORUM_THREAD = 'save_forum_thread';
    const SET_THREAD_NOTIFY = 'set_thread_notify';
+    const DOWNLOAD_FORUM_ATTACHMENT= 'download_forum_attachment';

    const GET_WORK_LIST = 'get_work_list';
    const GET_WORK_STUDENTS_WITHOUT_PUBLICATIONS = 'get_work_students_without_publications';
@ -879,6 +880,13 @@ class Rest extends WebService
                'author' => api_get_person_name($postInfo['firstname'], $postInfo['lastname']),
                'date' => api_convert_and_format_date($postInfo['post_date'], DATE_TIME_FORMAT_LONG_24H),
                'parentId' => $postInfo['post_parent_id'],
+                'attachments' => getAttachedFiles(
+                    $forumId,
+                    $threadId,
+                    $postInfo['iid'],
+                    0,
+                    $this->course->getId()
+                )
            ];
        }

@ -2934,6 +2942,28 @@ class Rest extends WebService
        exit;
    }

+    public function downloadForumPostAttachment(string $path)
+    {
+
+        $courseCode = $this->course->getCode();
+        $sessionId = $this->session ? $this->session->getId() : 0;
+
+        $url = api_get_path(WEB_CODE_PATH).'forum/download.php?'
+            .http_build_query(
+                [
+                    'cidReq' => $courseCode,
+                    'id_session' => $sessionId,
+                    'gidReq' => 0,
+                    'gradebook' => 0,
+                    'origin' => self::SERVICE_NAME,
+                    'file' => Security::remove_XSS($path),
+                ]
+            );
+
+        header("Location: $url");
+        exit;
+    }
+
    public static function isAllowedByRequest(bool $inpersonate = false): bool
    {
        $username = $_GET['username'] ?? null;
--- a/main/webservices/api/v2.php
+++ b/main/webservices/api/v2.php
@ -300,6 +300,13 @@ try {
                ]
            );
            break;
+        case Rest::DOWNLOAD_FORUM_ATTACHMENT:
+            if (empty($_GET['path'])) {
+                throw new Exception(get_lang('ActionNotAllowed'));
+            }
+
+            $restApi->downloadForumPostAttachment($_GET['path']);
+            break;

        case Rest::GET_WORK_LIST:
            if (!isset($_GET['work'])) {