public static function WriteFileToResponse($ownerTypeID, $ownerID, $fieldName, $fileID, &$errors, $options = array())
{
$ownerTypeID = intval($ownerTypeID);
$ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID);
$ownerID = intval($ownerID);
$fieldName = strval($fieldName);
$fileID = intval($fileID);
$options = is_array($options) ? $options : array();
if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fieldName === '' || $fileID <= 0) {
$errors[] = 'File not found';
return false;
}
$authToken = isset($options['oauth_token']) ? strval($options['oauth_token']) : '';
if ($authToken !== '') {
$authData = array();
if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) {
$errors[] = 'Access denied.';
return false;
}
}
if (!CCrmPerms::IsAdmin()) {
$userPermissions = CCrmPerms::GetCurrentUserPermissions();
$attrs = $userPermissions->GetEntityAttr($ownerTypeName, $ownerID);
if ($userPermissions->HavePerm($ownerTypeName, BX_CRM_PERM_NONE, 'READ') || !$userPermissions->CheckEnityAccess($ownerTypeName, 'READ', isset($attrs[$ownerID]) ? $attrs[$ownerID] : array())) {
$errors[] = 'Access denied.';
return false;
}
}
$isDynamic = isset($options['is_dynamic']) ? (bool) $options['is_dynamic'] : true;
if ($isDynamic) {
$userFields = $GLOBALS['USER_FIELD_MANAGER']->GetUserFields(CCrmOwnerType::ResolveUserFieldEntityID($ownerTypeID), $ownerID, LANGUAGE_ID);
$field = is_array($userFields) && isset($userFields[$fieldName]) ? $userFields[$fieldName] : null;
if (!(is_array($field) && $field['USER_TYPE_ID'] === 'file')) {
$errors[] = 'File not found';
return false;
}
$fileIDs = isset($field['VALUE']) ? is_array($field['VALUE']) ? $field['VALUE'] : array($field['VALUE']) : array();
//The 'strict' flag must be 'false'. In MULTIPLE mode value is an array of integers. In SIGLE mode value is a string.
if (!in_array($fileID, $fileIDs, false)) {
$errors[] = 'File not found';
return false;
}
return self::InnerWriteFileToResponse($fileID, $errors, $options);
} else {
$fieldsInfo = isset($options['fields_info']) ? $options['fields_info'] : null;
if (!is_array($fieldsInfo)) {
$fieldsInfo = CCrmOwnerType::GetFieldsInfo($ownerTypeID);
}
$fieldInfo = is_array($fieldsInfo) && isset($fieldsInfo[$fieldName]) ? $fieldsInfo[$fieldName] : array();
$fieldInfoType = isset($fieldInfo['TYPE']) ? $fieldInfo['TYPE'] : '';
if ($fieldInfoType !== 'file') {
$errors[] = 'File not found';
return false;
}
if ($fileID !== CCrmOwnerType::GetFieldIntValue($ownerTypeID, $ownerID, $fieldName)) {
$errors[] = 'File not found';
return false;
}
return self::InnerWriteFileToResponse($fileID, $errors, $options);
}
}
