define("DisableEventsCheck", true);
$siteId = isset($_REQUEST['SITE_ID']) && is_string($_REQUEST['SITE_ID']) ? $_REQUEST['SITE_ID'] : '';
$siteId = substr(preg_replace('/[^a-z0-9_]/i', '', $siteId), 0, 2);
if (!empty($siteId) && is_string($siteId)) {
define('SITE_ID', $siteId);
}
if (isset($_GET['action']) && ($_GET['action'] == 'show' || $_GET['action'] == 'downloadFile')) {
define('BX_SECURITY_SESSION_READONLY', true);
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php";
if (!\Bitrix\Main\Loader::includeModule('disk')) {
die;
}
if (!empty($_GET['document_action']) && !empty($_GET['service'])) {
if (LocalDocumentController::isLocalService($_GET['service'])) {
$docController = new LocalDocumentController();
$docController->setActionName(empty($_GET['primaryAction']) ? $_GET['document_action'] : $_GET['primaryAction'])->exec();
} else {
$docController = new \Bitrix\Disk\Uf\DocumentController();
$docController->setActionName($_GET['document_action'])->setDocumentHandlerName($_GET['service'])->exec();
}
}
$oauthToken = $_GET['auth'];
if ($oauthToken && \Bitrix\Main\Loader::includeModule('rest')) {
$authResult = null;
if (\CRestUtil::checkAuth($oauthToken, array(\Bitrix\Disk\Driver::INTERNAL_MODULE_ID), $authResult)) {
\CRestUtil::makeAuth($authResult);
}
}
$ufController = new Bitrix\Disk\Uf\Controller();
$ufController->setActionName($_GET['action'])->exec();
public static function WriteDiskFileToResponse($ownerTypeID, $ownerID, $fileID, &$errors, $options = array())
{
$ownerTypeID = (int) $ownerTypeID;
$ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID);
$ownerID = (int) $ownerID;
$fileID = (int) $fileID;
$options = is_array($options) ? $options : array();
if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fileID <= 0) {
$errors[] = 'Invalid data ownerTypeID = ' . $ownerTypeID . ', ownerID = ' . $ownerID . ', fileID = ' . $fileID;
return false;
}
if ($ownerTypeID !== CCrmOwnerType::Activity) {
$errors[] = "The owner type '{$ownerTypeName}' is not supported in current context";
return false;
}
$authToken = isset($options['oauth_token']) ? $options['oauth_token'] : '';
if ($authToken !== '') {
$authData = array();
if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) {
$errors[] = 'Access denied.';
return false;
}
}
if (!CCrmActivity::CheckStorageElementExists($ownerID, CCrmActivityStorageType::Disk, $fileID)) {
$errors[] = 'File not found';
return false;
}
$isPermitted = false;
if (CCrmPerms::IsAdmin()) {
$isPermitted = true;
} else {
$userPermissions = CCrmPerms::GetCurrentUserPermissions();
$bindings = CCrmActivity::GetBindings($ownerID);
foreach ($bindings as $binding) {
if (CCrmAuthorizationHelper::CheckReadPermission($binding['OWNER_TYPE_ID'], $binding['OWNER_ID'], $userPermissions)) {
$isPermitted = true;
break;
}
}
}
if (!$isPermitted) {
$errors[] = 'Access denied.';
return false;
}
Bitrix\Crm\Integration\DiskManager::writeFileToResponse($fileID);
return true;
}
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php";
} else {
$oAuthMode = false;
}
if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) {
die;
}
$arResult = array("MESSAGE" => array(), "FILE" => null);
$isUserAuthorized = false;
if (!$oAuthMode) {
if (isset($USER) && is_object($USER) && method_exists($USER, 'getId') && $USER->getId() > 0) {
$isUserAuthorized = true;
}
} else {
// Try to authorize throughs oAuth
if (isset($_GET['auth']) && CModule::IncludeModule('rest') && class_exists('CRestUtil') && method_exists('CRestUtil', 'checkAuth') && CRestUtil::checkAuth($_GET['auth'], CTaskRestService::SCOPE_NAME, $res = array()) && CRestUtil::makeAuth($res)) {
$isUserAuthorized = true;
}
}
if ($isUserAuthorized) {
CModule::IncludeModule("tasks");
$arParams = array('FILE_ID' => false, 'TEMPLATE_ID' => false, 'TASK_ID' => false);
if (isset($_GET['fid'])) {
$arParams['FILE_ID'] = (int) $_GET['fid'];
}
if (isset($_GET['tid'])) {
$arParams['TEMPLATE_ID'] = (int) $_GET['tid'];
}
if (isset($_GET['TASK_ID'])) {
$arParams['TASK_ID'] = (int) $_GET['TASK_ID'];
}
public static function WriteFileToResponse($ownerTypeID, $ownerID, $fieldName, $fileID, &$errors, $options = array())
{
$ownerTypeID = intval($ownerTypeID);
$ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID);
$ownerID = intval($ownerID);
$fieldName = strval($fieldName);
$fileID = intval($fileID);
$options = is_array($options) ? $options : array();
if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fieldName === '' || $fileID <= 0) {
$errors[] = 'File not found';
return false;
}
$authToken = isset($options['oauth_token']) ? strval($options['oauth_token']) : '';
if ($authToken !== '') {
$authData = array();
if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) {
$errors[] = 'Access denied.';
return false;
}
}
if (!CCrmPerms::IsAdmin()) {
$userPermissions = CCrmPerms::GetCurrentUserPermissions();
$attrs = $userPermissions->GetEntityAttr($ownerTypeName, $ownerID);
if ($userPermissions->HavePerm($ownerTypeName, BX_CRM_PERM_NONE, 'READ') || !$userPermissions->CheckEnityAccess($ownerTypeName, 'READ', isset($attrs[$ownerID]) ? $attrs[$ownerID] : array())) {
$errors[] = 'Access denied.';
return false;
}
}
$isDynamic = isset($options['is_dynamic']) ? (bool) $options['is_dynamic'] : true;
if ($isDynamic) {
$userFields = $GLOBALS['USER_FIELD_MANAGER']->GetUserFields(CCrmOwnerType::ResolveUserFieldEntityID($ownerTypeID), $ownerID, LANGUAGE_ID);
$field = is_array($userFields) && isset($userFields[$fieldName]) ? $userFields[$fieldName] : null;
if (!(is_array($field) && $field['USER_TYPE_ID'] === 'file')) {
$errors[] = 'File not found';
return false;
}
$fileIDs = isset($field['VALUE']) ? is_array($field['VALUE']) ? $field['VALUE'] : array($field['VALUE']) : array();
//The 'strict' flag must be 'false'. In MULTIPLE mode value is an array of integers. In SIGLE mode value is a string.
if (!in_array($fileID, $fileIDs, false)) {
$errors[] = 'File not found';
return false;
}
return self::InnerWriteFileToResponse($fileID, $errors, $options);
} else {
$fieldsInfo = isset($options['fields_info']) ? $options['fields_info'] : null;
if (!is_array($fieldsInfo)) {
$fieldsInfo = CCrmOwnerType::GetFieldsInfo($ownerTypeID);
}
$fieldInfo = is_array($fieldsInfo) && isset($fieldsInfo[$fieldName]) ? $fieldsInfo[$fieldName] : array();
$fieldInfoType = isset($fieldInfo['TYPE']) ? $fieldInfo['TYPE'] : '';
if ($fieldInfoType !== 'file') {
$errors[] = 'File not found';
return false;
}
if ($fileID !== CCrmOwnerType::GetFieldIntValue($ownerTypeID, $ownerID, $fieldName)) {
$errors[] = 'File not found';
return false;
}
return self::InnerWriteFileToResponse($fileID, $errors, $options);
}
}
