<?php define("NOT_CHECK_PERMISSIONS", true); define("EXTRANET_NO_REDIRECT", true); define("STOP_STATISTICS", true); define("PUBLIC_AJAX_MODE", true); define("NO_KEEP_STATISTIC", "Y"); define("NO_AGENT_STATISTIC", "Y"); define("DisableEventsCheck", true); if (isset($_GET['action']) && ($_GET['action'] === 'showFile' || $_GET['action'] === 'downloadFile')) { define('BX_SECURITY_SESSION_READONLY', true); } require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php"; if (!\Bitrix\Main\Loader::includeModule('disk')) { die; } $httpRequest = \Bitrix\Main\Context::getCurrent()->getRequest(); if (!$httpRequest->getQuery('action')) { die; } $oauthToken = $httpRequest->getQuery('auth'); if ($oauthToken && \Bitrix\Main\Loader::includeModule('rest')) { $authResult = null; if (\CrestUtil::checkAuth($oauthToken, array(\Bitrix\Disk\Driver::INTERNAL_MODULE_ID), $authResult)) { \CRestUtil::makeAuth($authResult); } } $controller = new \Bitrix\Disk\DownloadController(); $controller->setActionName($httpRequest->getQuery('action'))->exec();
public static function WriteDiskFileToResponse($ownerTypeID, $ownerID, $fileID, &$errors, $options = array()) { $ownerTypeID = (int) $ownerTypeID; $ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID); $ownerID = (int) $ownerID; $fileID = (int) $fileID; $options = is_array($options) ? $options : array(); if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fileID <= 0) { $errors[] = 'Invalid data ownerTypeID = ' . $ownerTypeID . ', ownerID = ' . $ownerID . ', fileID = ' . $fileID; return false; } if ($ownerTypeID !== CCrmOwnerType::Activity) { $errors[] = "The owner type '{$ownerTypeName}' is not supported in current context"; return false; } $authToken = isset($options['oauth_token']) ? $options['oauth_token'] : ''; if ($authToken !== '') { $authData = array(); if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) { $errors[] = 'Access denied.'; return false; } } if (!CCrmActivity::CheckStorageElementExists($ownerID, CCrmActivityStorageType::Disk, $fileID)) { $errors[] = 'File not found'; return false; } $isPermitted = false; if (CCrmPerms::IsAdmin()) { $isPermitted = true; } else { $userPermissions = CCrmPerms::GetCurrentUserPermissions(); $bindings = CCrmActivity::GetBindings($ownerID); foreach ($bindings as $binding) { if (CCrmAuthorizationHelper::CheckReadPermission($binding['OWNER_TYPE_ID'], $binding['OWNER_ID'], $userPermissions)) { $isPermitted = true; break; } } } if (!$isPermitted) { $errors[] = 'Access denied.'; return false; } Bitrix\Crm\Integration\DiskManager::writeFileToResponse($fileID); return true; }
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php"; } else { $oAuthMode = false; } if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) { die; } $arResult = array("MESSAGE" => array(), "FILE" => null); $isUserAuthorized = false; if (!$oAuthMode) { if (isset($USER) && is_object($USER) && method_exists($USER, 'getId') && $USER->getId() > 0) { $isUserAuthorized = true; } } else { // Try to authorize throughs oAuth if (isset($_GET['auth']) && CModule::IncludeModule('rest') && class_exists('CRestUtil') && method_exists('CRestUtil', 'checkAuth') && CRestUtil::checkAuth($_GET['auth'], CTaskRestService::SCOPE_NAME, $res = array()) && CRestUtil::makeAuth($res)) { $isUserAuthorized = true; } } if ($isUserAuthorized) { CModule::IncludeModule("tasks"); $arParams = array('FILE_ID' => false, 'TEMPLATE_ID' => false, 'TASK_ID' => false); if (isset($_GET['fid'])) { $arParams['FILE_ID'] = (int) $_GET['fid']; } if (isset($_GET['tid'])) { $arParams['TEMPLATE_ID'] = (int) $_GET['tid']; } if (isset($_GET['TASK_ID'])) { $arParams['TASK_ID'] = (int) $_GET['TASK_ID']; }
public static function WriteFileToResponse($ownerTypeID, $ownerID, $fieldName, $fileID, &$errors, $options = array()) { $ownerTypeID = intval($ownerTypeID); $ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID); $ownerID = intval($ownerID); $fieldName = strval($fieldName); $fileID = intval($fileID); $options = is_array($options) ? $options : array(); if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fieldName === '' || $fileID <= 0) { $errors[] = 'File not found'; return false; } $authToken = isset($options['oauth_token']) ? strval($options['oauth_token']) : ''; if ($authToken !== '') { $authData = array(); if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) { $errors[] = 'Access denied.'; return false; } } if (!CCrmPerms::IsAdmin()) { $userPermissions = CCrmPerms::GetCurrentUserPermissions(); $attrs = $userPermissions->GetEntityAttr($ownerTypeName, $ownerID); if ($userPermissions->HavePerm($ownerTypeName, BX_CRM_PERM_NONE, 'READ') || !$userPermissions->CheckEnityAccess($ownerTypeName, 'READ', isset($attrs[$ownerID]) ? $attrs[$ownerID] : array())) { $errors[] = 'Access denied.'; return false; } } $isDynamic = isset($options['is_dynamic']) ? (bool) $options['is_dynamic'] : true; if ($isDynamic) { $userFields = $GLOBALS['USER_FIELD_MANAGER']->GetUserFields(CCrmOwnerType::ResolveUserFieldEntityID($ownerTypeID), $ownerID, LANGUAGE_ID); $field = is_array($userFields) && isset($userFields[$fieldName]) ? $userFields[$fieldName] : null; if (!(is_array($field) && $field['USER_TYPE_ID'] === 'file')) { $errors[] = 'File not found'; return false; } $fileIDs = isset($field['VALUE']) ? is_array($field['VALUE']) ? $field['VALUE'] : array($field['VALUE']) : array(); //The 'strict' flag must be 'false'. In MULTIPLE mode value is an array of integers. In SIGLE mode value is a string. if (!in_array($fileID, $fileIDs, false)) { $errors[] = 'File not found'; return false; } return self::InnerWriteFileToResponse($fileID, $errors, $options); } else { $fieldsInfo = isset($options['fields_info']) ? $options['fields_info'] : null; if (!is_array($fieldsInfo)) { $fieldsInfo = CCrmOwnerType::GetFieldsInfo($ownerTypeID); } $fieldInfo = is_array($fieldsInfo) && isset($fieldsInfo[$fieldName]) ? $fieldsInfo[$fieldName] : array(); $fieldInfoType = isset($fieldInfo['TYPE']) ? $fieldInfo['TYPE'] : ''; if ($fieldInfoType !== 'file') { $errors[] = 'File not found'; return false; } if ($fileID !== CCrmOwnerType::GetFieldIntValue($ownerTypeID, $ownerID, $fieldName)) { $errors[] = 'File not found'; return false; } return self::InnerWriteFileToResponse($fileID, $errors, $options); } }