Skip to content

Commit

Permalink
Merge branch '1.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
Sanjeev Papnoi committed Jul 20, 2021
2 parents 1432fa2 + b8c964c commit 5cf2eeb
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions Controller/Ticket.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -509,6 +509,12 @@ public function downloadAttachmentZip(Request $request)
$this->noResultFound();
}

$ticket = $attachment->getThread()->getTicket();
// Proceed only if user has access to the resource
if (false == $this->ticketService->isTicketAccessGranted($ticket)) {
throw new \Exception('Access Denied', 403);
}

$zipname = 'attachments/' .$threadId.'.zip';
$zip = new \ZipArchive;

Expand Down Expand Up @@ -540,6 +546,12 @@ public function downloadAttachment(Request $request)
$this->noResultFound();
}

$ticket = $attachment->getThread()->getTicket();
// Proceed only if user has access to the resource
if (false == $this->ticketService->isTicketAccessGranted($ticket, $user)) {
throw new \Exception('Access Denied', 403);
}

$path = $this->get('kernel')->getProjectDir() . "/public/". $attachment->getPath();

$response = new Response();
Expand Down

0 comments on commit 5cf2eeb

Please sign in to comment.