| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2016-05-20 12:27:31 +02:00
										 |  |  | /** | 
					
						
							|  |  |  |  * AttachmentController.php | 
					
						
							| 
									
										
										
										
											2020-01-31 07:32:04 +01:00
										 |  |  |  * Copyright (c) 2019 james@firefly-iii.org | 
					
						
							| 
									
										
										
										
											2016-05-20 12:27:31 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This file is part of Firefly III (https://github.com/firefly-iii). | 
					
						
							| 
									
										
										
										
											2016-10-05 06:52:15 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  |  * it under the terms of the GNU Affero General Public License as | 
					
						
							|  |  |  |  * published by the Free Software Foundation, either version 3 of the | 
					
						
							|  |  |  |  * License, or (at your option) any later version. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * This program is distributed in the hope that it will be useful, | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * GNU Affero General Public License for more details. | 
					
						
							| 
									
										
										
										
											2017-10-21 08:40:00 +02:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-10-02 06:37:26 +02:00
										 |  |  |  * You should have received a copy of the GNU Affero General Public License | 
					
						
							|  |  |  |  * along with this program.  If not, see <https://www.gnu.org/licenses/>. | 
					
						
							| 
									
										
										
										
											2016-05-20 12:27:31 +02:00
										 |  |  |  */ | 
					
						
							| 
									
										
										
										
											2017-04-09 07:44:22 +02:00
										 |  |  | declare(strict_types=1); | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | namespace FireflyIII\Http\Controllers; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-02-07 07:56:58 +01:00
										 |  |  | use FireflyIII\Exceptions\FireflyException; | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  | use FireflyIII\Http\Requests\AttachmentFormRequest; | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  | use FireflyIII\Models\Attachment; | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  | use FireflyIII\Repositories\Attachment\AttachmentRepositoryInterface; | 
					
						
							| 
									
										
										
										
											2021-09-18 10:20:19 +02:00
										 |  |  | use Illuminate\Contracts\Container\BindingResolutionException; | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  | use Illuminate\Contracts\View\Factory; | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  | use Illuminate\Http\RedirectResponse; | 
					
						
							| 
									
										
										
										
											2017-02-17 20:14:22 +01:00
										 |  |  | use Illuminate\Http\Request; | 
					
						
							| 
									
										
										
										
											2017-01-14 19:43:33 +01:00
										 |  |  | use Illuminate\Http\Response as LaravelResponse; | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  | use Illuminate\Routing\Redirector; | 
					
						
							|  |  |  | use Illuminate\View\View; | 
					
						
							| 
									
										
										
										
											2015-07-18 23:51:51 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  | /** | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |  * Class AttachmentController. | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  |  * | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | class AttachmentController extends Controller | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2021-04-06 17:00:16 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |     /** @var AttachmentRepositoryInterface Attachment repository */ | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |     private $repository; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-18 23:51:51 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * AttachmentController constructor. | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2019-07-21 17:15:06 +02:00
										 |  |  |      * @codeCoverageIgnore | 
					
						
							| 
									
										
										
										
											2015-07-18 23:51:51 +02:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function __construct() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         parent::__construct(); | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // translations:
 | 
					
						
							|  |  |  |         $this->middleware( | 
					
						
							|  |  |  |             function ($request, $next) { | 
					
						
							| 
									
										
										
										
											2017-12-16 19:46:36 +01:00
										 |  |  |                 app('view')->share('mainTitleIcon', 'fa-paperclip'); | 
					
						
							| 
									
										
										
										
											2022-03-29 14:58:06 +02:00
										 |  |  |                 app('view')->share('title', (string) trans('firefly.attachments')); | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |                 $this->repository = app(AttachmentRepositoryInterface::class); | 
					
						
							| 
									
										
										
										
											2016-10-29 07:44:46 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |                 return $next($request); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2015-07-18 23:51:51 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Form to delete an attachment. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |      * @param Attachment $attachment | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  |      * @return Factory|View | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2017-12-29 09:05:35 +01:00
										 |  |  |     public function delete(Attachment $attachment) | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2022-03-29 14:58:06 +02:00
										 |  |  |         $subTitle = (string) trans('firefly.delete_attachment', ['name' => $attachment->filename]); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // put previous url in session
 | 
					
						
							| 
									
										
										
										
											2022-04-12 18:19:30 +02:00
										 |  |  |         $this->rememberPreviousUrl('attachments.delete.url'); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |         return view('attachments.delete', compact('attachment', 'subTitle')); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Destroy attachment. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |      * @param Request    $request | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |      * @param Attachment $attachment | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  |      * @return RedirectResponse|Redirector | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |     public function destroy(Request $request, Attachment $attachment) | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |     { | 
					
						
							|  |  |  |         $name = $attachment->filename; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |         $this->repository->destroy($attachment); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-03-29 14:58:06 +02:00
										 |  |  |         $request->session()->flash('success', (string) trans('firefly.attachment_deleted', ['name' => $name])); | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |         app('preferences')->mark(); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-04-12 18:19:30 +02:00
										 |  |  |         return redirect($this->getPreviousUrl('attachments.delete.url')); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:53:58 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Download attachment to PC. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |      * @param Attachment $attachment | 
					
						
							| 
									
										
										
										
											2016-01-29 07:08:17 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-05-24 08:50:17 +02:00
										 |  |  |      * @return LaravelResponse | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  |      * @throws FireflyException | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |     public function download(Attachment $attachment) | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |         if ($this->repository->exists($attachment)) { | 
					
						
							|  |  |  |             $content = $this->repository->getContent($attachment); | 
					
						
							| 
									
										
										
										
											2016-08-26 08:21:31 +02:00
										 |  |  |             $quoted  = sprintf('"%s"', addcslashes(basename($attachment->filename), '"\\')); | 
					
						
							| 
									
										
										
										
											2016-12-25 12:23:36 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-14 19:43:33 +01:00
										 |  |  |             /** @var LaravelResponse $response */ | 
					
						
							| 
									
										
										
										
											2019-02-13 17:38:41 +01:00
										 |  |  |             $response = response($content); | 
					
						
							| 
									
										
										
										
											2017-01-14 19:43:33 +01:00
										 |  |  |             $response | 
					
						
							| 
									
										
										
										
											2016-02-03 11:46:28 +01:00
										 |  |  |                 ->header('Content-Description', 'File Transfer') | 
					
						
							|  |  |  |                 ->header('Content-Type', 'application/octet-stream') | 
					
						
							|  |  |  |                 ->header('Content-Disposition', 'attachment; filename=' . $quoted) | 
					
						
							|  |  |  |                 ->header('Content-Transfer-Encoding', 'binary') | 
					
						
							|  |  |  |                 ->header('Connection', 'Keep-Alive') | 
					
						
							|  |  |  |                 ->header('Expires', '0') | 
					
						
							|  |  |  |                 ->header('Cache-Control', 'must-revalidate, post-check=0, pre-check=0') | 
					
						
							|  |  |  |                 ->header('Pragma', 'public') | 
					
						
							| 
									
										
										
										
											2019-06-07 17:58:11 +02:00
										 |  |  |                 ->header('Content-Length', strlen($content)); | 
					
						
							| 
									
										
										
										
											2017-01-14 19:43:33 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |             return $response; | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-02-07 07:56:58 +01:00
										 |  |  |         throw new FireflyException('Could not find the indicated attachment. The file is no longer there.'); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-01-24 15:58:16 +01:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Edit an attachment. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |      * @param Request    $request | 
					
						
							| 
									
										
										
										
											2016-01-24 15:58:16 +01:00
										 |  |  |      * @param Attachment $attachment | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  |      * @return Factory|View | 
					
						
							| 
									
										
										
										
											2016-01-24 15:58:16 +01:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2017-02-17 20:14:22 +01:00
										 |  |  |     public function edit(Request $request, Attachment $attachment) | 
					
						
							| 
									
										
										
										
											2016-01-24 15:58:16 +01:00
										 |  |  |     { | 
					
						
							|  |  |  |         $subTitleIcon = 'fa-pencil'; | 
					
						
							| 
									
										
										
										
											2022-03-29 14:58:06 +02:00
										 |  |  |         $subTitle     = (string) trans('firefly.edit_attachment', ['name' => $attachment->filename]); | 
					
						
							| 
									
										
										
										
											2016-01-24 15:58:16 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // put previous url in session if not redirect from store (not "return_to_edit").
 | 
					
						
							| 
									
										
										
										
											2017-11-15 12:25:49 +01:00
										 |  |  |         if (true !== session('attachments.edit.fromUpdate')) { | 
					
						
							| 
									
										
										
										
											2022-04-12 18:19:30 +02:00
										 |  |  |             $this->rememberPreviousUrl('attachments.edit.url'); | 
					
						
							| 
									
										
										
										
											2016-01-24 15:58:16 +01:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-02-17 20:14:22 +01:00
										 |  |  |         $request->session()->forget('attachments.edit.fromUpdate'); | 
					
						
							| 
									
										
										
										
											2018-07-26 06:10:17 +02:00
										 |  |  |         $preFilled = [ | 
					
						
							|  |  |  |             'notes' => $this->repository->getNoteText($attachment), | 
					
						
							|  |  |  |         ]; | 
					
						
							| 
									
										
										
										
											2018-03-19 15:28:35 +01:00
										 |  |  |         $request->session()->flash('preFilled', $preFilled); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |         return view('attachments.edit', compact('attachment', 'subTitleIcon', 'subTitle')); | 
					
						
							| 
									
										
										
										
											2016-01-24 15:58:16 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-04-28 06:34:01 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Index of all attachments. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  |      * @return Factory|View | 
					
						
							| 
									
										
										
										
											2018-04-28 06:34:01 +02:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function index() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-04-28 06:53:37 +02:00
										 |  |  |         $set = $this->repository->get()->reverse(); | 
					
						
							| 
									
										
										
										
											2018-04-28 06:34:01 +02:00
										 |  |  |         $set = $set->each( | 
					
						
							|  |  |  |             function (Attachment $attachment) { | 
					
						
							|  |  |  |                 $attachment->file_exists = $this->repository->exists($attachment); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 return $attachment; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         ); | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-29 14:11:12 +01:00
										 |  |  |         return view('attachments.index', compact('set')); | 
					
						
							| 
									
										
										
										
											2018-04-28 06:34:01 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-19 18:37:29 +02:00
										 |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * Update attachment. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |      * @param AttachmentFormRequest $request | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |      * @param Attachment            $attachment | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |      * @return RedirectResponse | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |     public function update(AttachmentFormRequest $request, Attachment $attachment): RedirectResponse | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2016-10-22 22:03:00 +02:00
										 |  |  |         $data = $request->getAttachmentData(); | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |         $this->repository->update($attachment, $data); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-03-29 14:58:06 +02:00
										 |  |  |         $request->session()->flash('success', (string) trans('firefly.attachment_updated', ['name' => $attachment->filename])); | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |         app('preferences')->mark(); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-04-12 18:19:30 +02:00
										 |  |  |         $redirect = redirect($this->getPreviousUrl('attachments.edit.url')); | 
					
						
							| 
									
										
										
										
											2022-03-29 14:58:06 +02:00
										 |  |  |         if (1 === (int) $request->get('return_to_edit')) { | 
					
						
							| 
									
										
										
										
											2021-04-07 07:28:43 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-17 20:14:22 +01:00
										 |  |  |             $request->session()->put('attachments.edit.fromUpdate', true); | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |             $redirect = redirect(route('attachments.edit', [$attachment->id]))->withInput(['return_to_edit' => 1]); | 
					
						
							| 
									
										
										
										
											2021-04-07 07:28:43 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-07-19 09:37:28 +02:00
										 |  |  |         // redirect to previous URL.
 | 
					
						
							| 
									
										
										
										
											2018-07-08 12:08:53 +02:00
										 |  |  |         return $redirect; | 
					
						
							| 
									
										
										
										
											2015-07-18 21:32:31 +02:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2018-07-22 08:10:16 +02:00
										 |  |  |      * View attachment in browser. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2021-05-24 08:50:17 +02:00
										 |  |  |      * @param Request    $request | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |      * @param Attachment $attachment | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |      * @return LaravelResponse | 
					
						
							| 
									
										
										
										
											2021-03-28 11:46:23 +02:00
										 |  |  |      * @throws FireflyException | 
					
						
							| 
									
										
										
										
											2021-09-18 10:20:19 +02:00
										 |  |  |      * @throws BindingResolutionException | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2019-07-16 19:21:58 +02:00
										 |  |  |     public function view(Request $request, Attachment $attachment): LaravelResponse | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |     { | 
					
						
							|  |  |  |         if ($this->repository->exists($attachment)) { | 
					
						
							|  |  |  |             $content = $this->repository->getContent($attachment); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-07-16 19:21:58 +02:00
										 |  |  |             // prevent XSS by adding a new secure header.
 | 
					
						
							|  |  |  |             $csp = [ | 
					
						
							|  |  |  |                 "default-src 'none'", | 
					
						
							|  |  |  |                 "object-src 'none'", | 
					
						
							|  |  |  |                 "script-src 'none'", | 
					
						
							| 
									
										
										
										
											2019-10-12 04:04:03 +02:00
										 |  |  |                 "style-src 'self' 'unsafe-inline'", | 
					
						
							| 
									
										
										
										
											2019-07-16 19:21:58 +02:00
										 |  |  |                 "base-uri 'none'", | 
					
						
							|  |  |  |                 "font-src 'none'", | 
					
						
							|  |  |  |                 "connect-src 'none'", | 
					
						
							| 
									
										
										
										
											2019-10-12 04:04:03 +02:00
										 |  |  |                 "img-src 'self'", | 
					
						
							| 
									
										
										
										
											2019-07-16 19:21:58 +02:00
										 |  |  |                 "manifest-src 'none'", | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-10 20:30:09 +01:00
										 |  |  |             return response()->make( | 
					
						
							| 
									
										
										
										
											2020-03-17 15:01:00 +01:00
										 |  |  |                 $content, | 
					
						
							|  |  |  |                 200, | 
					
						
							|  |  |  |                 [ | 
					
						
							|  |  |  |                     'Content-Security-Policy' => implode('; ', $csp), | 
					
						
							|  |  |  |                     'Content-Type'            => $attachment->mime, | 
					
						
							|  |  |  |                     'Content-Disposition'     => 'inline; filename="' . $attachment->filename . '"', | 
					
						
							|  |  |  |                 ] | 
					
						
							| 
									
										
										
										
											2018-01-25 19:21:31 +01:00
										 |  |  |             ); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         throw new FireflyException('Could not find the indicated attachment. The file is no longer there.'); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2015-07-19 09:38:44 +02:00
										 |  |  | } |