Check is the curent user is allowed to see the file
public canViewFile ( $options ) : boolean | ||
$options | array of options (only 'tickets_id' used) | |
return | boolean |
*/ include '../inc/includes.php'; if (!$CFG_GLPI["use_public_faq"]) { Session::checkLoginUser(); } $doc = new Document(); if (isset($_GET['docid'])) { // docid for document if (!$doc->getFromDB($_GET['docid'])) { Html::displayErrorAndDie(__('Unknown file'), true); } if (!file_exists(GLPI_DOC_DIR . "/" . $doc->fields['filepath'])) { Html::displayErrorAndDie(__('File not found'), true); // Not found } else { if ($doc->canViewFile($_GET)) { if ($doc->fields['sha1sum'] && $doc->fields['sha1sum'] != sha1_file(GLPI_DOC_DIR . "/" . $doc->fields['filepath'])) { Html::displayErrorAndDie(__('File is altered (bad checksum)'), true); // Doc alterated } else { $doc->send(); } } else { Html::displayErrorAndDie(__('Unauthorized access to this file'), true); // No right } } } else { if (isset($_GET["file"])) { // for other file $splitter = explode("/", $_GET["file"]);
/** * Get a Document the authenticated user can view or anonymous (for public FAQ) * * @param $params array of options (document, ticket) * @param $protocol the commonication protocol used * * @return a hashtable **/ static function methodGetDocument($params, $protocol) { if (isset($params['help'])) { return array('document' => 'integer,mandatory', 'ticket' => 'interger,optional', 'id2name' => 'bool,optional', 'help' => 'bool,optional'); } // Allowed for anonymous user for public FAQ (right check in canViewFile) $doc = new Document(); // Option parameter ticket if (isset($params['ticket']) && !is_numeric($params['ticket'])) { return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'ticket=' . $params['ticket']); } $options = array(); if (isset($params['ticket'])) { $options['tickets_id'] = $params['ticket']; } // Mandatory parameter document if (!isset($params['document'])) { return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'document'); } if (!is_numeric($params['document'])) { return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'document=' . $params['document']); } if (!$doc->getFromDB($params['document'])) { return self::Error($protocol, WEBSERVICES_ERROR_NOTFOUND); } if (!$doc->canViewFile($options)) { return self::Error($protocol, WEBSERVICES_ERROR_NOTALLOWED); } $resp = $doc->fields; $resp['base64'] = base64_encode(file_get_contents(GLPI_DOC_DIR . "/" . $doc->fields['filepath'])); if (isset($params['id2name'])) { $resp['users_name'] = Html::clean(getUserName($doc->fields['users_id'])); $resp['documentcategories_name'] = Html::clean(Dropdown::getDropdownName('glpi_documentcategories', $doc->fields['documentcategories_id'])); } return $resp; }