1# -- 2# Copyright (C) 2001-2020 OTRS AG, https://otrs.com/ 3# -- 4# This software comes with ABSOLUTELY NO WARRANTY. For details, see 5# the enclosed file COPYING for license information (GPL). If you 6# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt. 7# -- 8 9package Kernel::Modules::CustomerTicketAttachment; 10 11use strict; 12use warnings; 13 14use Kernel::System::VariableCheck qw(:all); 15use Kernel::Language qw(Translatable); 16 17our $ObjectManagerDisabled = 1; 18 19sub new { 20 my ( $Type, %Param ) = @_; 21 22 # allocate new hash for object 23 my $Self = {%Param}; 24 bless( $Self, $Type ); 25 26 return $Self; 27} 28 29sub Run { 30 my ( $Self, %Param ) = @_; 31 32 my $ParamObject = $Kernel::OM->Get('Kernel::System::Web::Request'); 33 my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout'); 34 my $LogObject = $Kernel::OM->Get('Kernel::System::Log'); 35 36 my $TicketID = $ParamObject->GetParam( Param => 'TicketID' ); 37 my $ArticleID = $ParamObject->GetParam( Param => 'ArticleID' ); 38 my $FileID = $ParamObject->GetParam( Param => 'FileID' ); 39 40 # check params 41 if ( !$FileID || !$ArticleID ) { 42 my $Output = $LayoutObject->CustomerHeader( 43 Title => Translatable('Error'), 44 ); 45 $Output .= $LayoutObject->CustomerError( 46 Message => Translatable('FileID and ArticleID are needed!'), 47 Comment => Translatable('Please contact the administrator.'), 48 ); 49 $LogObject->Log( 50 Message => 'FileID and ArticleID are needed!', 51 Priority => 'error', 52 ); 53 $Output .= $LayoutObject->CustomerFooter(); 54 return $Output; 55 } 56 57 if ( !$TicketID ) { 58 my $Output = $LayoutObject->CustomerHeader( 59 Title => Translatable('Error'), 60 ); 61 $Output .= $LayoutObject->CustomerError( 62 Message => $LayoutObject->{LanguageObject}->Translate( 'No TicketID for ArticleID (%s)!', $ArticleID ), 63 Comment => Translatable('Please contact the administrator.'), 64 ); 65 $LogObject->Log( 66 Message => "No TicketID for ArticleID ($ArticleID)!", 67 Priority => 'error', 68 ); 69 $Output .= $LayoutObject->CustomerFooter(); 70 return $Output; 71 } 72 73 my $ArticleObject = $Kernel::OM->Get('Kernel::System::Ticket::Article'); 74 75 my @ArticleList = $ArticleObject->ArticleList( 76 TicketID => $TicketID, 77 ArticleID => $ArticleID, 78 IsVisibleForCustomer => 1, 79 ); 80 81 my $ArticleBackendObject; 82 my %Article; 83 84 ARTICLEMETADATA: 85 for my $ArticleMetaData (@ArticleList) { 86 87 next ARTICLEMETADATA if !$ArticleMetaData; 88 next ARTICLEMETADATA if !IsHashRefWithData($ArticleMetaData); 89 90 $ArticleBackendObject = $ArticleObject->BackendForArticle( %{$ArticleMetaData} ); 91 92 %Article = $ArticleBackendObject->ArticleGet( 93 TicketID => $TicketID, 94 ArticleID => $ArticleMetaData->{ArticleID}, 95 DynamicFields => 0, 96 ); 97 } 98 99 # check permission 100 my $Access = $Kernel::OM->Get('Kernel::System::Ticket')->TicketCustomerPermission( 101 Type => 'ro', 102 TicketID => $TicketID, 103 UserID => $Self->{UserID} 104 ); 105 if ( !$Access ) { 106 return $LayoutObject->CustomerNoPermission( WithHeader => 'yes' ); 107 } 108 109 # get attachment 110 my %Data = $ArticleBackendObject->ArticleAttachment( 111 ArticleID => $ArticleID, 112 FileID => $FileID, 113 ); 114 115 if ( !%Data ) { 116 my $Output = $LayoutObject->CustomerHeader( 117 Title => Translatable('Error'), 118 ); 119 $Output .= $LayoutObject->CustomerError( 120 Message => $LayoutObject->{LanguageObject}->Translate( 'No such attachment (%s)!', $FileID ), 121 Comment => Translatable('Please contact the administrator.'), 122 ); 123 $LogObject->Log( 124 Message => "No such attachment ($FileID)! May be an attack!!!", 125 Priority => 'error', 126 ); 127 $Output .= $LayoutObject->CustomerFooter(); 128 return $Output; 129 } 130 131 # download it AttachmentDownloadType is configured 132 return $LayoutObject->Attachment( 133 %Data, 134 Sandbox => 1, 135 ); 136} 137 1381; 139