public static function WriteFileToResponse($ownerTypeID, $ownerID, $fieldName, $fileID, &$errors, $options = array()) { $ownerTypeID = intval($ownerTypeID); $ownerTypeName = CCrmOwnerType::ResolveName($ownerTypeID); $ownerID = intval($ownerID); $fieldName = strval($fieldName); $fileID = intval($fileID); $options = is_array($options) ? $options : array(); if (!CCrmOwnerType::IsDefined($ownerTypeID) || $ownerID <= 0 || $fieldName === '' || $fileID <= 0) { $errors[] = 'File not found'; return false; } $authToken = isset($options['oauth_token']) ? strval($options['oauth_token']) : ''; if ($authToken !== '') { $authData = array(); if (!(CModule::IncludeModule('rest') && CRestUtil::checkAuth($authToken, CCrmRestService::SCOPE_NAME, $authData) && CRestUtil::makeAuth($authData))) { $errors[] = 'Access denied.'; return false; } } if (!CCrmPerms::IsAdmin()) { $userPermissions = CCrmPerms::GetCurrentUserPermissions(); $attrs = $userPermissions->GetEntityAttr($ownerTypeName, $ownerID); if ($userPermissions->HavePerm($ownerTypeName, BX_CRM_PERM_NONE, 'READ') || !$userPermissions->CheckEnityAccess($ownerTypeName, 'READ', isset($attrs[$ownerID]) ? $attrs[$ownerID] : array())) { $errors[] = 'Access denied.'; return false; } } $isDynamic = isset($options['is_dynamic']) ? (bool) $options['is_dynamic'] : true; if ($isDynamic) { $userFields = $GLOBALS['USER_FIELD_MANAGER']->GetUserFields(CCrmOwnerType::ResolveUserFieldEntityID($ownerTypeID), $ownerID, LANGUAGE_ID); $field = is_array($userFields) && isset($userFields[$fieldName]) ? $userFields[$fieldName] : null; if (!(is_array($field) && $field['USER_TYPE_ID'] === 'file')) { $errors[] = 'File not found'; return false; } $fileIDs = isset($field['VALUE']) ? is_array($field['VALUE']) ? $field['VALUE'] : array($field['VALUE']) : array(); //The 'strict' flag must be 'false'. In MULTIPLE mode value is an array of integers. In SIGLE mode value is a string. if (!in_array($fileID, $fileIDs, false)) { $errors[] = 'File not found'; return false; } return self::InnerWriteFileToResponse($fileID, $errors, $options); } else { $fieldsInfo = isset($options['fields_info']) ? $options['fields_info'] : null; if (!is_array($fieldsInfo)) { $fieldsInfo = CCrmOwnerType::GetFieldsInfo($ownerTypeID); } $fieldInfo = is_array($fieldsInfo) && isset($fieldsInfo[$fieldName]) ? $fieldsInfo[$fieldName] : array(); $fieldInfoType = isset($fieldInfo['TYPE']) ? $fieldInfo['TYPE'] : ''; if ($fieldInfoType !== 'file') { $errors[] = 'File not found'; return false; } if ($fileID !== CCrmOwnerType::GetFieldIntValue($ownerTypeID, $ownerID, $fieldName)) { $errors[] = 'File not found'; return false; } return self::InnerWriteFileToResponse($fileID, $errors, $options); } }