139 lines
4.2 KiB
Perl
139 lines
4.2 KiB
Perl
# --
|
|
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
|
|
# --
|
|
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
|
|
# the enclosed file COPYING for license information (GPL). If you
|
|
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
|
|
# --
|
|
|
|
package Kernel::Modules::CustomerTicketAttachment;
|
|
|
|
use strict;
|
|
use warnings;
|
|
|
|
use Kernel::System::VariableCheck qw(:all);
|
|
use Kernel::Language qw(Translatable);
|
|
|
|
our $ObjectManagerDisabled = 1;
|
|
|
|
sub new {
|
|
my ( $Type, %Param ) = @_;
|
|
|
|
# allocate new hash for object
|
|
my $Self = {%Param};
|
|
bless( $Self, $Type );
|
|
|
|
return $Self;
|
|
}
|
|
|
|
sub Run {
|
|
my ( $Self, %Param ) = @_;
|
|
|
|
my $ParamObject = $Kernel::OM->Get('Kernel::System::Web::Request');
|
|
my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
|
|
my $LogObject = $Kernel::OM->Get('Kernel::System::Log');
|
|
|
|
my $TicketID = $ParamObject->GetParam( Param => 'TicketID' );
|
|
my $ArticleID = $ParamObject->GetParam( Param => 'ArticleID' );
|
|
my $FileID = $ParamObject->GetParam( Param => 'FileID' );
|
|
|
|
# check params
|
|
if ( !$FileID || !$ArticleID ) {
|
|
my $Output = $LayoutObject->CustomerHeader(
|
|
Title => Translatable('Error'),
|
|
);
|
|
$Output .= $LayoutObject->CustomerError(
|
|
Message => Translatable('FileID and ArticleID are needed!'),
|
|
Comment => Translatable('Please contact the administrator.'),
|
|
);
|
|
$LogObject->Log(
|
|
Message => 'FileID and ArticleID are needed!',
|
|
Priority => 'error',
|
|
);
|
|
$Output .= $LayoutObject->CustomerFooter();
|
|
return $Output;
|
|
}
|
|
|
|
if ( !$TicketID ) {
|
|
my $Output = $LayoutObject->CustomerHeader(
|
|
Title => Translatable('Error'),
|
|
);
|
|
$Output .= $LayoutObject->CustomerError(
|
|
Message => $LayoutObject->{LanguageObject}->Translate( 'No TicketID for ArticleID (%s)!', $ArticleID ),
|
|
Comment => Translatable('Please contact the administrator.'),
|
|
);
|
|
$LogObject->Log(
|
|
Message => "No TicketID for ArticleID ($ArticleID)!",
|
|
Priority => 'error',
|
|
);
|
|
$Output .= $LayoutObject->CustomerFooter();
|
|
return $Output;
|
|
}
|
|
|
|
my $ArticleObject = $Kernel::OM->Get('Kernel::System::Ticket::Article');
|
|
|
|
my @ArticleList = $ArticleObject->ArticleList(
|
|
TicketID => $TicketID,
|
|
ArticleID => $ArticleID,
|
|
IsVisibleForCustomer => 1,
|
|
);
|
|
|
|
my $ArticleBackendObject;
|
|
my %Article;
|
|
|
|
ARTICLEMETADATA:
|
|
for my $ArticleMetaData (@ArticleList) {
|
|
|
|
next ARTICLEMETADATA if !$ArticleMetaData;
|
|
next ARTICLEMETADATA if !IsHashRefWithData($ArticleMetaData);
|
|
|
|
$ArticleBackendObject = $ArticleObject->BackendForArticle( %{$ArticleMetaData} );
|
|
|
|
%Article = $ArticleBackendObject->ArticleGet(
|
|
TicketID => $TicketID,
|
|
ArticleID => $ArticleMetaData->{ArticleID},
|
|
DynamicFields => 0,
|
|
);
|
|
}
|
|
|
|
# check permission
|
|
my $Access = $Kernel::OM->Get('Kernel::System::Ticket')->TicketCustomerPermission(
|
|
Type => 'ro',
|
|
TicketID => $TicketID,
|
|
UserID => $Self->{UserID}
|
|
);
|
|
if ( !$Access ) {
|
|
return $LayoutObject->CustomerNoPermission( WithHeader => 'yes' );
|
|
}
|
|
|
|
# get attachment
|
|
my %Data = $ArticleBackendObject->ArticleAttachment(
|
|
ArticleID => $ArticleID,
|
|
FileID => $FileID,
|
|
);
|
|
|
|
if ( !%Data ) {
|
|
my $Output = $LayoutObject->CustomerHeader(
|
|
Title => Translatable('Error'),
|
|
);
|
|
$Output .= $LayoutObject->CustomerError(
|
|
Message => $LayoutObject->{LanguageObject}->Translate( 'No such attachment (%s)!', $FileID ),
|
|
Comment => Translatable('Please contact the administrator.'),
|
|
);
|
|
$LogObject->Log(
|
|
Message => "No such attachment ($FileID)! May be an attack!!!",
|
|
Priority => 'error',
|
|
);
|
|
$Output .= $LayoutObject->CustomerFooter();
|
|
return $Output;
|
|
}
|
|
|
|
# download it AttachmentDownloadType is configured
|
|
return $LayoutObject->Attachment(
|
|
%Data,
|
|
Sandbox => 1,
|
|
);
|
|
}
|
|
|
|
1;
|