public void ProcessRequest(HttpContext context) { //Privacy Check: OK paramsContainer = new ParamsContainer(context, nullTenantResponse: false); Guid fileId = string.IsNullOrEmpty(context.Request.Params["FileID"]) ? Guid.Empty : Guid.Parse(context.Request.Params["FileID"]); if (fileId == Guid.Empty && !Guid.TryParse(context.Request.Params["ATTFID"], out fileId)) { fileId = Guid.Empty; } string category = PublicMethods.parse_string(context.Request.Params["Category"], false); bool isTemporary = category.ToLower() == FolderNames.TemporaryFiles.ToString().ToLower(); bool? addFooter = PublicMethods.parse_bool(context.Request.Params["Meta"]); Guid? coverId = PublicMethods.parse_guid(context.Request.Params["CoverID"]); string pdfPassword = PublicMethods.parse_string(context.Request.Params["PS"]); List <FolderNames> freeFolders = new[] { FolderNames.ProfileImages, FolderNames.HighQualityProfileImage, FolderNames.CoverPhoto, FolderNames.HighQualityCoverPhoto, FolderNames.Icons, FolderNames.HighQualityIcon, FolderNames.ApplicationIcons, FolderNames.HighQualityApplicationIcon, FolderNames.Pictures }.ToList(); bool isFreeFolder = !string.IsNullOrEmpty(category) && freeFolders.Any(f => f.ToString().ToLower() == category.ToLower()); if (isFreeFolder) { FolderNames fn = freeFolders.Where(u => u.ToString().ToLower() == category.ToLower()).FirstOrDefault(); DocFileInfo pic = new DocFileInfo() { FileID = fileId, Extension = "jpg", FileName = fileId.ToString(), FolderName = fn }; send_file(pic, false); } if (!paramsContainer.ApplicationID.HasValue) { paramsContainer.return_response(PublicConsts.NullTenantResponse); return; } if (isTemporary) { string ext = PublicMethods.parse_string(context.Request.Params["Extension"]); DocFileInfo temp = new DocFileInfo() { FileID = fileId, Extension = ext, FileName = fileId.ToString(), FolderName = FolderNames.TemporaryFiles }; send_file(temp, false); } else { DocFileInfo AttachFile = DocumentsController.get_file(paramsContainer.Tenant.Id, fileId); if (AttachFile == null) { paramsContainer.return_response("{\"ErrorText\":\"" + Messages.AccessDenied + "\"}"); return; } PrivacyObjectType pot = AttachFile.OwnerType == FileOwnerTypes.Node ? PrivacyObjectType.Node : PrivacyObjectType.None; DocFileInfo ownerNode = !AttachFile.FileID.HasValue ? null : DocumentsController.get_file_owner_node(paramsContainer.Tenant.Id, AttachFile.FileID.Value); if (ownerNode != null) { AttachFile.OwnerNodeID = ownerNode.OwnerNodeID; AttachFile.OwnerNodeName = ownerNode.OwnerNodeName; AttachFile.OwnerNodeType = ownerNode.OwnerNodeType; } bool accessDenied = !PrivacyController.check_access(paramsContainer.Tenant.Id, paramsContainer.CurrentUserID, AttachFile.OwnerID.Value, pot, PermissionType.View) && !( paramsContainer.CurrentUserID.HasValue && new CNAPI() { paramsContainer = this.paramsContainer } ._is_admin(paramsContainer.Tenant.Id, AttachFile.OwnerID.Value, paramsContainer.CurrentUserID.Value, CNAPI.AdminLevel.Creator, false) ); if (accessDenied) { //Save Log try { LogController.save_log(paramsContainer.Tenant.Id, new Log() { UserID = paramsContainer.CurrentUserID, HostAddress = PublicMethods.get_client_ip(HttpContext.Current), HostName = PublicMethods.get_client_host_name(HttpContext.Current), Action = Modules.Log.Action.Download_AccessDenied, SubjectID = fileId, Info = "{\"Error\":\"" + Base64.encode(Messages.AccessDenied.ToString()) + "\"}", ModuleIdentifier = ModuleIdentifier.DCT }); } catch { } //end of Save Log paramsContainer.return_response("{\"ErrorText\":\"" + Messages.AccessDenied + "\"}"); return; } AttachFile.refresh_folder_name(); string ext = AttachFile == null || string.IsNullOrEmpty(AttachFile.Extension) ? string.Empty : AttachFile.Extension.ToLower(); bool isImage = ext == "jpg" || ext == "jpeg" || ext == "png" || ext == "gif" || ext == "bmp"; if (string.IsNullOrEmpty(AttachFile.Extension) || AttachFile.Extension.ToLower() != "pdf") { coverId = null; } bool dl = !isImage || PublicMethods.parse_bool(context.Request.Params["dl"], defaultValue: true) == true; string contentType = !dl && isImage?PublicMethods.get_mime_type_by_extension(ext) : null; send_file(AttachFile, !isImage, addPDFCover: true, addPDFFooter: addFooter.HasValue && addFooter.Value, coverId: coverId, pdfPassword: pdfPassword, contentType: contentType, isAttachment: dl); } }