Beispiel #1
0
<?php

define("NOT_CHECK_PERMISSIONS", true);
define("EXTRANET_NO_REDIRECT", true);
define("STOP_STATISTICS", true);
define("PUBLIC_AJAX_MODE", true);
define("NO_KEEP_STATISTIC", "Y");
define("NO_AGENT_STATISTIC", "Y");
define("DisableEventsCheck", true);
if (isset($_GET['action']) && ($_GET['action'] === 'showFile' || $_GET['action'] === 'downloadFile')) {
    define('BX_SECURITY_SESSION_READONLY', true);
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php";
if (!\Bitrix\Main\Loader::includeModule('disk')) {
    die;
}
$httpRequest = \Bitrix\Main\Context::getCurrent()->getRequest();
if (!$httpRequest->getQuery('action')) {
    die;
}
$oauthToken = $httpRequest->getQuery('auth');
if ($oauthToken && \Bitrix\Main\Loader::includeModule('rest')) {
    $authResult = null;
    if (\CrestUtil::checkAuth($oauthToken, array(\Bitrix\Disk\Driver::INTERNAL_MODULE_ID), $authResult)) {
        \CRestUtil::makeAuth($authResult);
    }
}
$controller = new \Bitrix\Disk\DownloadController();
$controller->setActionName($httpRequest->getQuery('action'))->exec();
Beispiel #2
0
 public static function WriteDiskFileToResponse($ownerTypeID, $ownerID, $fileID, &$errors, $options = array())
 {
     $ownerTypeID = (int) $ownerTypeID;
     $ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID);
     $ownerID = (int) $ownerID;
     $fileID = (int) $fileID;
     $options = is_array($options) ? $options : array();
     if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fileID <= 0) {
         $errors[] = 'Invalid data ownerTypeID = ' . $ownerTypeID . ', ownerID = ' . $ownerID . ', fileID = ' . $fileID;
         return false;
     }
     if ($ownerTypeID !== CCrmOwnerType::Activity) {
         $errors[] = "The owner type '{$ownerTypeName}' is not supported in current context";
         return false;
     }
     $authToken = isset($options['oauth_token']) ? $options['oauth_token'] : '';
     if ($authToken !== '') {
         $authData = array();
         if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) {
             $errors[] = 'Access denied.';
             return false;
         }
     }
     if (!CCrmActivity::CheckStorageElementExists($ownerID, CCrmActivityStorageType::Disk, $fileID)) {
         $errors[] = 'File not found';
         return false;
     }
     $isPermitted = false;
     if (CCrmPerms::IsAdmin()) {
         $isPermitted = true;
     } else {
         $userPermissions = CCrmPerms::GetCurrentUserPermissions();
         $bindings = CCrmActivity::GetBindings($ownerID);
         foreach ($bindings as $binding) {
             if (CCrmAuthorizationHelper::CheckReadPermission($binding['OWNER_TYPE_ID'], $binding['OWNER_ID'], $userPermissions)) {
                 $isPermitted = true;
                 break;
             }
         }
     }
     if (!$isPermitted) {
         $errors[] = 'Access denied.';
         return false;
     }
     Bitrix\Crm\Integration\DiskManager::writeFileToResponse($fileID);
     return true;
 }
Beispiel #3
0
    require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php";
} else {
    $oAuthMode = false;
}
if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) {
    die;
}
$arResult = array("MESSAGE" => array(), "FILE" => null);
$isUserAuthorized = false;
if (!$oAuthMode) {
    if (isset($USER) && is_object($USER) && method_exists($USER, 'getId') && $USER->getId() > 0) {
        $isUserAuthorized = true;
    }
} else {
    // Try to authorize throughs oAuth
    if (isset($_GET['auth']) && CModule::IncludeModule('rest') && class_exists('CRestUtil') && method_exists('CRestUtil', 'checkAuth') && CRestUtil::checkAuth($_GET['auth'], CTaskRestService::SCOPE_NAME, $res = array()) && CRestUtil::makeAuth($res)) {
        $isUserAuthorized = true;
    }
}
if ($isUserAuthorized) {
    CModule::IncludeModule("tasks");
    $arParams = array('FILE_ID' => false, 'TEMPLATE_ID' => false, 'TASK_ID' => false);
    if (isset($_GET['fid'])) {
        $arParams['FILE_ID'] = (int) $_GET['fid'];
    }
    if (isset($_GET['tid'])) {
        $arParams['TEMPLATE_ID'] = (int) $_GET['tid'];
    }
    if (isset($_GET['TASK_ID'])) {
        $arParams['TASK_ID'] = (int) $_GET['TASK_ID'];
    }
Beispiel #4
0
 public static function WriteFileToResponse($ownerTypeID, $ownerID, $fieldName, $fileID, &$errors, $options = array())
 {
     $ownerTypeID = intval($ownerTypeID);
     $ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID);
     $ownerID = intval($ownerID);
     $fieldName = strval($fieldName);
     $fileID = intval($fileID);
     $options = is_array($options) ? $options : array();
     if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fieldName === '' || $fileID <= 0) {
         $errors[] = 'File not found';
         return false;
     }
     $authToken = isset($options['oauth_token']) ? strval($options['oauth_token']) : '';
     if ($authToken !== '') {
         $authData = array();
         if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) {
             $errors[] = 'Access denied.';
             return false;
         }
     }
     if (!CCrmPerms::IsAdmin()) {
         $userPermissions = CCrmPerms::GetCurrentUserPermissions();
         $attrs = $userPermissions->GetEntityAttr($ownerTypeName, $ownerID);
         if ($userPermissions->HavePerm($ownerTypeName, BX_CRM_PERM_NONE, 'READ') || !$userPermissions->CheckEnityAccess($ownerTypeName, 'READ', isset($attrs[$ownerID]) ? $attrs[$ownerID] : array())) {
             $errors[] = 'Access denied.';
             return false;
         }
     }
     $isDynamic = isset($options['is_dynamic']) ? (bool) $options['is_dynamic'] : true;
     if ($isDynamic) {
         $userFields = $GLOBALS['USER_FIELD_MANAGER']->GetUserFields(CCrmOwnerType::ResolveUserFieldEntityID($ownerTypeID), $ownerID, LANGUAGE_ID);
         $field = is_array($userFields) && isset($userFields[$fieldName]) ? $userFields[$fieldName] : null;
         if (!(is_array($field) && $field['USER_TYPE_ID'] === 'file')) {
             $errors[] = 'File not found';
             return false;
         }
         $fileIDs = isset($field['VALUE']) ? is_array($field['VALUE']) ? $field['VALUE'] : array($field['VALUE']) : array();
         //The 'strict' flag must be 'false'. In MULTIPLE mode value is an array of integers. In SIGLE mode value is a string.
         if (!in_array($fileID, $fileIDs, false)) {
             $errors[] = 'File not found';
             return false;
         }
         return self::InnerWriteFileToResponse($fileID, $errors, $options);
     } else {
         $fieldsInfo = isset($options['fields_info']) ? $options['fields_info'] : null;
         if (!is_array($fieldsInfo)) {
             $fieldsInfo = CCrmOwnerType::GetFieldsInfo($ownerTypeID);
         }
         $fieldInfo = is_array($fieldsInfo) && isset($fieldsInfo[$fieldName]) ? $fieldsInfo[$fieldName] : array();
         $fieldInfoType = isset($fieldInfo['TYPE']) ? $fieldInfo['TYPE'] : '';
         if ($fieldInfoType !== 'file') {
             $errors[] = 'File not found';
             return false;
         }
         if ($fileID !== CCrmOwnerType::GetFieldIntValue($ownerTypeID, $ownerID, $fieldName)) {
             $errors[] = 'File not found';
             return false;
         }
         return self::InnerWriteFileToResponse($fileID, $errors, $options);
     }
 }