58 lines
1.7 KiB
PHP
58 lines
1.7 KiB
PHP
<?php
|
|
require_once(__DIR__ . '/../auth_check.php');
|
|
require_once(__DIR__ . '/../../class/db-functions.php');
|
|
|
|
$id = (int)($_GET['id'] ?? 0);
|
|
if ($id <= 0) {
|
|
http_response_code(400);
|
|
exit('ID non valido.');
|
|
}
|
|
|
|
$pdo = DBHandlerSelect::getInstance()->getConnection();
|
|
|
|
$stmt = $pdo->prepare("
|
|
SELECT d.*, e.auth_user_id
|
|
FROM employee_documents d
|
|
JOIN employees e ON e.id = d.employee_id
|
|
WHERE d.id = :id
|
|
LIMIT 1
|
|
");
|
|
$stmt->execute(['id' => $id]);
|
|
$doc = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$doc) {
|
|
http_response_code(404);
|
|
exit('Documento non trovato.');
|
|
}
|
|
|
|
/* Access check: HR roles can download any; otherwise only own employee */
|
|
$roleStmt = $pdo->prepare("
|
|
SELECT r.name
|
|
FROM auth_users u
|
|
LEFT JOIN auth_roles r ON r.id = u.role_id
|
|
WHERE u.id = :id LIMIT 1
|
|
");
|
|
$roleStmt->execute(['id' => $currentUserId]);
|
|
$role = (string)$roleStmt->fetchColumn();
|
|
$hrRoles = ['Admin', 'Superuser', 'employee-hr', 'manager'];
|
|
$isHr = in_array($role, $hrRoles, true);
|
|
|
|
if (!$isHr && (int)$doc['auth_user_id'] !== $currentUserId) {
|
|
http_response_code(403);
|
|
exit('Accesso negato.');
|
|
}
|
|
|
|
$path = __DIR__ . '/../../files/employees/' . (int)$doc['employee_id'] . '/documents/' . $doc['stored_name'];
|
|
if (!is_file($path)) {
|
|
http_response_code(404);
|
|
exit('File non trovato sul server.');
|
|
}
|
|
|
|
while (ob_get_level() > 0) { ob_end_clean(); }
|
|
header('Content-Type: ' . (!empty($doc['mime_type']) ? $doc['mime_type'] : 'application/octet-stream'));
|
|
header('Content-Disposition: attachment; filename="' . rawurlencode($doc['original_name']) . '"');
|
|
header('Content-Length: ' . filesize($path));
|
|
header('Cache-Control: private, max-age=0, must-revalidate');
|
|
readfile($path);
|
|
exit;
|