Exemplo n.º 1
0
 public static function WriteFileToResponse($ownerTypeID, $ownerID, $fieldName, $fileID, &$errors, $options = array())
 {
     $ownerTypeID = intval($ownerTypeID);
     $ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID);
     $ownerID = intval($ownerID);
     $fieldName = strval($fieldName);
     $fileID = intval($fileID);
     $options = is_array($options) ? $options : array();
     if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fieldName === '' || $fileID <= 0) {
         $errors[] = 'File not found';
         return false;
     }
     $authToken = isset($options['oauth_token']) ? strval($options['oauth_token']) : '';
     if ($authToken !== '') {
         $authData = array();
         if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) {
             $errors[] = 'Access denied.';
             return false;
         }
     }
     if (!CCrmPerms::IsAdmin()) {
         $userPermissions = CCrmPerms::GetCurrentUserPermissions();
         $attrs = $userPermissions->GetEntityAttr($ownerTypeName, $ownerID);
         if ($userPermissions->HavePerm($ownerTypeName, BX_CRM_PERM_NONE, 'READ') || !$userPermissions->CheckEnityAccess($ownerTypeName, 'READ', isset($attrs[$ownerID]) ? $attrs[$ownerID] : array())) {
             $errors[] = 'Access denied.';
             return false;
         }
     }
     $isDynamic = isset($options['is_dynamic']) ? (bool) $options['is_dynamic'] : true;
     if ($isDynamic) {
         $userFields = $GLOBALS['USER_FIELD_MANAGER']->GetUserFields(CCrmOwnerType::ResolveUserFieldEntityID($ownerTypeID), $ownerID, LANGUAGE_ID);
         $field = is_array($userFields) && isset($userFields[$fieldName]) ? $userFields[$fieldName] : null;
         if (!(is_array($field) && $field['USER_TYPE_ID'] === 'file')) {
             $errors[] = 'File not found';
             return false;
         }
         $fileIDs = isset($field['VALUE']) ? is_array($field['VALUE']) ? $field['VALUE'] : array($field['VALUE']) : array();
         //The 'strict' flag must be 'false'. In MULTIPLE mode value is an array of integers. In SIGLE mode value is a string.
         if (!in_array($fileID, $fileIDs, false)) {
             $errors[] = 'File not found';
             return false;
         }
         return self::InnerWriteFileToResponse($fileID, $errors, $options);
     } else {
         $fieldsInfo = isset($options['fields_info']) ? $options['fields_info'] : null;
         if (!is_array($fieldsInfo)) {
             $fieldsInfo = CCrmOwnerType::GetFieldsInfo($ownerTypeID);
         }
         $fieldInfo = is_array($fieldsInfo) && isset($fieldsInfo[$fieldName]) ? $fieldsInfo[$fieldName] : array();
         $fieldInfoType = isset($fieldInfo['TYPE']) ? $fieldInfo['TYPE'] : '';
         if ($fieldInfoType !== 'file') {
             $errors[] = 'File not found';
             return false;
         }
         if ($fileID !== CCrmOwnerType::GetFieldIntValue($ownerTypeID, $ownerID, $fieldName)) {
             $errors[] = 'File not found';
             return false;
         }
         return self::InnerWriteFileToResponse($fileID, $errors, $options);
     }
 }