Allow download ticket message attachments

3 years ago · c5cc589a6b
parent 620957d222
commit c5cc589a6b
3 changed files with 16 additions and 64 deletions
--- a/public/main/inc/lib/TicketManager.php
+++ b/public/main/inc/lib/TicketManager.php
@ -1171,13 +1171,14 @@ class TicketManager
     */
    public static function get_ticket_detail_by_id($ticketId)
    {
+        $attachmentRepo = Container::getTicketMessageAttachmentRepository();
+
        $ticketId = (int) $ticketId;
        $table_support_category = Database::get_main_table(TABLE_TICKET_CATEGORY);
        $table_support_tickets = Database::get_main_table(TABLE_TICKET_TICKET);
        $table_support_priority = Database::get_main_table(TABLE_TICKET_PRIORITY);
        $table_support_status = Database::get_main_table(TABLE_TICKET_STATUS);
        $table_support_messages = Database::get_main_table(TABLE_TICKET_MESSAGE);
-        $table_support_message_attachments = Database::get_main_table(TABLE_TICKET_MESSAGE_ATTACHMENTS);
        $table_main_user = Database::get_main_table(TABLE_MAIN_USER);

        $sql = "SELECT
@ -1279,23 +1280,23 @@ class TicketManager
            $result = Database::query($sql);
            $ticket['messages'] = [];
            $attach_icon = Display::return_icon('attachment.gif', '');
-            $webPath = api_get_path(WEB_CODE_PATH);
+
            while ($row = Database::fetch_assoc($result)) {
                $message = $row;
                $message['admin'] = UserManager::is_admin($message['user_id']);
                $message['user_info'] = api_get_user_info($message['user_id']);
-                $sql = "SELECT *
-                        FROM $table_support_message_attachments
-                        WHERE
-                            message_id = ".$row['message_id']." AND
-                            ticket_id = $ticketId";
-
-                $result_attach = Database::query($sql);
-                while ($row2 = Database::fetch_assoc($result_attach)) {
-                    $archiveURL = $webPath.'ticket/download.php?ticket_id='.$ticketId.'&id='.$row2['id'];
-                    $row2['attachment_link'] = $attach_icon.
-                        '&nbsp;<a href="'.$archiveURL.'">'.$row2['filename'].'</a>&nbsp;('.$row2['size'].')';
-                    $message['attachments'][] = $row2;
+
+                $messageAttachments = $attachmentRepo->findBy(['ticket' => $ticketId, 'message' => $row['message_id']]);
+
+                /** @var TicketMessageAttachment $messageAttachment */
+                foreach ($messageAttachments as $messageAttachment) {
+                    $archiveURL = $attachmentRepo->getResourceFileDownloadUrl($messageAttachment);
+                    $link = Display::url(
+                        sprintf("%s (%d)", $messageAttachment->getFilename(), $messageAttachment->getSize()),
+                        $archiveURL
+                    );
+
+                    $message['attachments'][] = $attach_icon.PHP_EOL.$link;
                }
                $ticket['messages'][] = $message;
            }
--- a/public/main/ticket/download.php
+++ b/public/main/ticket/download.php
@ -1,49 +0,0 @@
-<?php
-
-/* For licensing terms, see /license.txt */
-
-require_once __DIR__.'/../inc/global.inc.php';
-
-api_block_anonymous_users();
-$user_id = api_get_user_id();
-
-if (!isset($_GET['id']) || !isset($_GET['ticket_id'])) {
-    api_not_allowed(true);
-}
-
-$ticket_id = (int) $_GET['ticket_id'];
-$ticketInfo = TicketManager::get_ticket_detail_by_id($ticket_id);
-if (empty($ticketInfo)) {
-    api_not_allowed(true);
-}
-$messageAttachment = TicketManager::getTicketMessageAttachment($_GET['id']);
-if (empty($messageAttachment)) {
-    api_not_allowed(true);
-}
-
-if (!api_is_platform_admin()) {
-    $table_support_messages = Database::get_main_table(TABLE_TICKET_MESSAGE);
-    $table_support_tickets = Database::get_main_table(TABLE_TICKET_TICKET);
-    $table_support_message_attachments = Database::get_main_table(TABLE_TICKET_MESSAGE_ATTACHMENTS);
-    $sql = "SELECT DISTINCT  ticket.request_user
-            FROM $table_support_tickets ticket,
-                $table_support_messages message,
-                $table_support_message_attachments attch
-            WHERE ticket.ticket_id = message.ticket_id
-            AND attch.message_id = message.message_id
-            AND ticket.ticket_id = $ticket_id";
-    $rs = Database::query($sql);
-    $row_users = Database::fetch_array($rs, 'ASSOC');
-    $user_request_id = $row_users['request_user'];
-    if ((int) $user_request_id != $user_id) {
-        api_not_allowed(true);
-    }
-}
-/*
-api_download_uploaded_file(
-    'ticket_attachment',
-    $ticket_id,
-    $messageAttachment->getPath(),
-    $messageAttachment->getFilename()
-);*/
-exit;
--- a/public/main/ticket/ticket_details.php
+++ b/public/main/ticket/ticket_details.php
@ -178,7 +178,7 @@ foreach ($messages as $message) {
            'class' => 'attachment-link',
        ];
        foreach ($message['attachments'] as $attach) {
-            $attachmentLinks .= Display::tag('div', $attach['attachment_link'], $attributeClass);
+            $attachmentLinks .= Display::tag('div', $attach, $attributeClass);
        }
    }