WebServices: download forum attachment

Author: AngelFQC

main/forum/forumfunction.inc.php

@@ -6420,6 +6420,8 @@ function getAttachedFiles(
     if ($result !== false && Database::num_rows($result) > 0) {
         while ($row = Database::fetch_array($result, 'ASSOC')) {
             // name contains an URL to download attachment file and its filename
+            $json['filename'] = $row['filename'];
+            $json['path'] = $row['path'];
             $json['name'] = Display::url(
                 api_htmlentities($row['filename']),
                 api_get_path(WEB_CODE_PATH).'forum/download.php?file='.$row['path'].'&'.api_get_cidreq(),

main/inc/lib/webservices/Rest.php

@@ -60,6 +60,7 @@ class Rest extends WebService
     const SAVE_FORUM_POST = 'save_forum_post';
     const SAVE_FORUM_THREAD = 'save_forum_thread';
     const SET_THREAD_NOTIFY = 'set_thread_notify';
+    const DOWNLOAD_FORUM_ATTACHMENT= 'download_forum_attachment';
 
     const GET_WORK_LIST = 'get_work_list';
     const GET_WORK_STUDENTS_WITHOUT_PUBLICATIONS = 'get_work_students_without_publications';
@@ -879,6 +880,13 @@ public function getCourseForumThread($forumId, $threadId)
                 'author' => api_get_person_name($postInfo['firstname'], $postInfo['lastname']),
                 'date' => api_convert_and_format_date($postInfo['post_date'], DATE_TIME_FORMAT_LONG_24H),
                 'parentId' => $postInfo['post_parent_id'],
+                'attachments' => getAttachedFiles(
+                    $forumId,
+                    $threadId,
+                    $postInfo['iid'],
+                    0,
+                    $this->course->getId()
+                )
             ];
         }
 
@@ -2934,6 +2942,28 @@ public function viewMessage(int $messageId)
         exit;
     }
 
+    public function downloadForumPostAttachment(string $path)
+    {
+
+        $courseCode = $this->course->getCode();
+        $sessionId = $this->session ? $this->session->getId() : 0;
+
+        $url = api_get_path(WEB_CODE_PATH).'forum/download.php?'
+            .http_build_query(
+                [
+                    'cidReq' => $courseCode,
+                    'id_session' => $sessionId,
+                    'gidReq' => 0,
+                    'gradebook' => 0,
+                    'origin' => self::SERVICE_NAME,
+                    'file' => Security::remove_XSS($path),
+                ]
+            );
+
+        header("Location: $url");
+        exit;
+    }
+
     public static function isAllowedByRequest(bool $inpersonate = false): bool
     {
         $username = $_GET['username'] ?? null;

main/webservices/api/v2.php

@@ -300,6 +300,13 @@
                 ]
             );
             break;
+        case Rest::DOWNLOAD_FORUM_ATTACHMENT:
+            if (empty($_GET['path'])) {
+                throw new Exception(get_lang('ActionNotAllowed'));
+            }
+
+            $restApi->downloadForumPostAttachment($_GET['path']);
+            break;
 
         case Rest::GET_WORK_LIST:
             if (!isset($_GET['work'])) {