fileStorageManager = $fileStorageManager; $this->entityManager = $entityManager; $this->acl = $acl; $this->metadata = $metadata; } public function run(Request $request, Response $response): void { $id = $request->getQueryParam('id'); if (!$id) { throw new BadRequest(); } /** @var AttachmentEntity|null $attachment */ $attachment = $this->entityManager->getEntity('Attachment', $id); if (!$attachment) { throw new NotFound(); } if (!$this->acl->checkEntity($attachment)) { throw new Forbidden(); } if (!$this->fileStorageManager->exists($attachment)) { throw new NotFound(); } $fileType = $attachment->getType(); if (!in_array($fileType, $this->getAllowedFileTypeList())) { throw new Forbidden("Not allowed file type '{$fileType}'."); } if ($attachment->isBeingUploaded()) { throw new Forbidden("Attachment is being-uploaded."); } if ($fileType) { $response->setHeader('Content-Type', $fileType); } $stream = $this->fileStorageManager->getStream($attachment); $size = $stream->getSize() ?? $this->fileStorageManager->getSize($attachment); $response ->setHeader('Pragma', 'public') ->setHeader('Content-Length', (string) $size) ->setBody($stream); } /** * @return string[] */ private function getAllowedFileTypeList(): array { return $this->metadata->get(['app', 'image', 'allowedFileTypeList']) ?? []; } }