public function doData($attachment)
{
if (!$this->_getAttachmentModel()->canViewAttachment($attachment)) {
return $this->_controller->responseNoPermission();
}
$filePath = $this->_getAttachmentModel()->getAttachmentDataFilePath($attachment);
if (!file_exists($filePath) || !is_readable($filePath)) {
// TODO: add support for alternative attachment storage
return $this->_controller->responseError(new XenForo_Phrase('attachment_cannot_be_shown_at_this_time'));
}
$resize = $this->_controller->getInput()->filter(array('max_width' => XenForo_Input::UINT, 'max_height' => XenForo_Input::UINT, 'keep_ratio' => XenForo_Input::UINT));
$this->_controller->getRouteMatch()->setResponseType('raw');
$viewParams = array('attachment' => $attachment, 'attachmentFile' => $filePath, 'resize' => $resize, 'skipFileOutput' => $this->_controller->getRequest()->getMethod() === 'HEAD');
return $this->_controller->responseData('bdApi_ViewApi_Helper_Attachment_Data', $viewParams);
}
public function responseNoPermission()
{
if ($this->_redirectAsNoPermission) {
// this "hack" is required because other pre dispatch jobs may throw no permission response around
// and we want to redirect them all, not just from our actions
$redirectUri = $this->_input->filterSingle('redirect_uri', XenForo_Input::STRING);
if (!empty($redirectUri)) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, $redirectUri);
}
}
return parent::responseNoPermission();
}