Passed
Push — 1.11.x ( 31fff3...86e7ae )
by Yannick
15:37 queued 10s
created

getCallbackUrl()   A

Complexity

Conditions 2
Paths 2

Size

Total Lines 19
Code Lines 11

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 0
Metric Value
cc 2
eloc 11
nc 2
nop 5
dl 0
loc 19
rs 9.9
c 1
b 0
f 0
1
<?php
2
/**
3
 *
4
 * (c) Copyright Ascensio System SIA 2021
5
 *
6
 * Licensed under the Apache License, Version 2.0 (the "License");
7
 * you may not use this file except in compliance with the License.
8
 * You may obtain a copy of the License at
9
 *
10
 *     http://www.apache.org/licenses/LICENSE-2.0
11
 *
12
 * Unless required by applicable law or agreed to in writing, software
13
 * distributed under the License is distributed on an "AS IS" BASIS,
14
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
 * See the License for the specific language governing permissions and
16
 * limitations under the License.
17
 *
18
 */
19
20
require_once __DIR__.'/../../main/inc/global.inc.php';
21
22
const USER_AGENT_MOBILE = "/android|avantgo|playbook|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od|ad)|iris|kindle|lge |maemo|midp|mmp|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\\/|plucker|pocket|psp|symbian|treo|up\\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino/i";
23
24
$plugin = OnlyofficePlugin::create();
25
26
$isEnable = $plugin->get("enable_onlyoffice_plugin") === 'true';
27
if (!$isEnable) {
28
    die ("Document server isn't enabled");
29
    return;
30
}
31
32
$documentServerUrl = $plugin->get("document_server_url");
33
if (empty($documentServerUrl)) {
34
    die ("Document server isn't configured");
35
    return;
36
}
37
38
$config = [];
39
40
$docApiUrl = $documentServerUrl . "/web-apps/apps/api/documents/api.js";
41
42
$docId = $_GET["docId"];
43
$groupId = isset($_GET["groupId"]) && !empty($_GET["groupId"]) ? $_GET["groupId"] : null;
44
45
$userId = api_get_user_id();
46
47
$userInfo = api_get_user_info($userId);
48
49
$sessionId = api_get_session_id();
50
$courseId = api_get_course_int_id();
51
$courseInfo = api_get_course_info();
52
$courseCode = $courseInfo["code"];
53
54
$docInfo = DocumentManager::get_document_data_by_id($docId, $courseCode, false, $sessionId);
55
56
$extension = strtolower(pathinfo($docInfo["title"], PATHINFO_EXTENSION));
57
58
$langInfo = LangManager::getLangUser();
59
60
$docType = FileUtility::getDocType($extension);
61
$key = FileUtility::getKey($courseCode, $docId);
62
$fileUrl = FileUtility::getFileUrl($courseId, $userId, $docId, $sessionId, $groupId);
63
64
$config = [
65
    "type" => "desktop",
66
    "documentType" => $docType,
67
    "document" => [
68
        "fileType" => $extension,
69
        "key" => $key,
70
        "title" => $docInfo["title"],
71
        "url" => $fileUrl
72
    ],
73
    "editorConfig" => [
74
        "lang" => $langInfo["isocode"],
75
        "region" => $langInfo["isocode"],
76
        "user" => [
77
            "id" => strval($userId),
78
            "name" => $userInfo["username"]
79
        ],
80
        "customization" => [
81
            "goback" => [
82
                "blank" => false,
83
                "requestClose" => false,
84
                "text" => get_lang("Back"),
85
                "url" => Security::remove_XSS($_SERVER["HTTP_REFERER"])
86
            ],
87
            "compactHeader" => true,
88
            "toolbarNoTabs" => true
89
        ]
90
    ]
91
];
92
93
$userAgent = $_SERVER['HTTP_USER_AGENT'];
94
95
$isMobileAgent = preg_match(USER_AGENT_MOBILE, $userAgent);
96
if ($isMobileAgent) {
97
    $config['type'] = 'mobile';
98
}
99
100
$isAllowToEdit = api_is_allowed_to_edit(true, true);
101
$isMyDir = DocumentManager::is_my_shared_folder(
102
    $userId,
103
    $docInfo["absolute_parent_path"],
104
    $sessionId
105
);
106
107
$isGroupAccess = false;
108
if (!empty($groupId)) {
109
    $groupProperties = GroupManager::get_group_properties($groupId);
110
    $docInfoGroup = api_get_item_property_info(
111
        api_get_course_int_id(),
112
        'document',
113
        $docId,
114
        $sessionId
115
    );
116
    $isGroupAccess = GroupManager::allowUploadEditDocument(
117
        $userId,
118
        $courseCode,
119
        $groupProperties,
120
        $docInfoGroup
121
    );
122
123
    $isMemberGroup = GroupManager::is_user_in_group($userId, $groupProperties);
124
125
    if (!$isGroupAccess) {
126
        if (!$groupProperties["status"]) {
127
            api_not_allowed(true);
128
        }
129
        if (!$isMemberGroup && $groupProperties["doc_state"] != 1) {
130
            api_not_allowed(true);
131
        }
132
    }
133
}
134
135
$accessRights = $isAllowToEdit || $isMyDir || $isGroupAccess;
136
$canEdit = in_array($extension, FileUtility::$can_edit_types);
137
138
$isVisible = DocumentManager::check_visibility_tree($docId, $courseInfo, $sessionId, $userId, $groupId);
139
$isReadonly = $docInfo["readonly"];
140
141
if (!$isVisible) {
142
    api_not_allowed(true);
143
}
144
145
if ($canEdit && $accessRights && !$isReadonly) {
146
    $config["editorConfig"]["mode"] = "edit";
147
    $config["editorConfig"]["callbackUrl"] = getCallbackUrl(
148
        $docId,
149
        $userId,
150
        $courseId,
151
        $sessionId,
152
        $groupId
153
    );
154
} else {
155
    $canView = in_array($extension, FileUtility::$can_view_types);
156
    if ($canView) {
157
        $config["editorConfig"]["mode"] = "view";
158
    } else {
159
        api_not_allowed(true);
160
    }
161
}
162
$config["document"]["permissions"]["edit"] = $accessRights && !$isReadonly;
163
164
if (!empty($plugin->get("jwt_secret"))) {
165
    $token = \Firebase\JWT\JWT::encode($config, $plugin->get("jwt_secret"));
166
    $config["token"] = $token;
167
}
168
169
/**
170
 * Return callback url
171
 */
172
function getCallbackUrl(int $docId, int $userId, int $courseId, int $sessionId, int $groupId = null): string
173
{
174
    $url = "";
175
176
    $data = [
177
        "type" => "track",
178
        "courseId" => $courseId,
179
        "userId" => $userId,
180
        "docId" => $docId,
181
        "sessionId" => $sessionId
182
    ];
183
184
    if (!empty($groupId)) {
185
        $data["groupId"] = $groupId;
186
    }
187
188
    $hashUrl = Crypt::GetHash($data);
189
190
    return $url . api_get_path(WEB_PLUGIN_PATH) . "onlyoffice/callback.php?hash=" . $hashUrl;
191
}
192
193
?>
194
<title>ONLYOFFICE</title>
195
<style>
196
    #app > iframe {
197
        height: calc(100% - 140px);
198
    }
199
    body {
200
        height: 100%;
201
    }
202
    .chatboxheadmain,
203
    .pull-right,
204
    .breadcrumb {
205
        display: none;
206
    }
207
</style>
208
<script type="text/javascript" src=<?php echo $docApiUrl?>></script>
209
<script type="text/javascript">
210
    var onAppReady = function () {
211
        innerAlert("Document editor ready");
212
    };
213
    var connectEditor = function () {
214
        $("#cm-content")[0].remove(".container");
215
        $("#main").append('<div id="app-onlyoffice">' +
216
                            '<div id="app">' +
217
                                '<div id="iframeEditor">' +
218
                                '</div>' +
219
                            '</div>' +
220
                          '</div>');
221
222
        var config = <?php echo json_encode($config)?>;
223
        var isMobileAgent = <?php echo json_encode($isMobileAgent)?>;
224
225
        config.events = {
226
            "onAppReady": onAppReady
227
        };
228
229
        docEditor = new DocsAPI.DocEditor("iframeEditor", config);
230
231
        $(".navbar").css({"margin-bottom": "0px"});
232
        $("body").css({"margin": "0 0 0px"});
233
        if (isMobileAgent) {
234
            var frameEditor = $("#app > iframe")[0];
235
            $(frameEditor).css({"height": "100%", "top": "0px"});
236
        }
237
    }
238
239
    if (window.addEventListener) {
240
        window.addEventListener("load", connectEditor);
241
    } else if (window.attachEvent) {
242
        window.attachEvent("load", connectEditor);
243
    }
244
245
</script>
246
<?php echo Display::display_header(); ?>
0 ignored issues
show
Bug introduced by Yannick Warnier
Are you sure the usage of Display::display_header() targeting Display::display_header() seems to always return null.

This check looks for function or method calls that always return null and whose return value is used.

class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {

The method getObject() can return nothing but null, so it makes no sense to use the return value.

The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.

Loading history...
247