Eduard Wisch
44a86fa63d
All checks were successful
Deploy bericht / deploy (push) Successful in 1s
- api/pages.php:
- DELETE (oder POST ?delete=1) — Seite aus Bericht entfernen
(source_path wird nur gelöscht wenn unter bericht/work/, damit
Anhänge von Auftrag/Rechnung nicht mit rausfliegen)
- POST {note, rotation} — Meta einer Seite updaten
- POST ?action=signature&bericht_id=X + multipart file= — PNG
Unterschrift als neue Seite am Bericht anhängen mit
note='Unterschrift Kunde'
- api/pdf.php — liefert finales PDF oder on-the-fly Preview mit
JWT-Auth (damit PWA das PDF direkt im <iframe> anzeigen kann)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
[deploy]
119 lines
4.8 KiB
PHP
119 lines
4.8 KiB
PHP
<?php
|
|
/* GET /api/pdf.php?id=<bericht_id>&jwt=<token>
|
|
* Liefert das finale PDF eines Berichts zur Anzeige/Download.
|
|
* Wenn noch kein final_pdf_path existiert oder die Datei fehlt,
|
|
* wird direkt eine temporäre Vorschau generiert (wie preview_pdf.php).
|
|
*/
|
|
if (!defined('NOLOGIN')) define('NOLOGIN', '1');
|
|
if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1');
|
|
if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1');
|
|
if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1');
|
|
if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1');
|
|
if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1');
|
|
|
|
$res = 0;
|
|
if (!$res && !empty($_SERVER["CONTEXT_DOCUMENT_ROOT"])) $res = @include $_SERVER["CONTEXT_DOCUMENT_ROOT"]."/main.inc.php";
|
|
$tmp = empty($_SERVER['SCRIPT_FILENAME']) ? '' : $_SERVER['SCRIPT_FILENAME']; $tmp2 = realpath(__FILE__); $i = strlen($tmp) - 1; $j = strlen($tmp2) - 1;
|
|
while ($i > 0 && $j > 0 && isset($tmp[$i]) && isset($tmp2[$j]) && $tmp[$i] == $tmp2[$j]) { $i--; $j--; }
|
|
if (!$res && $i > 0 && file_exists(substr($tmp, 0, ($i + 1))."/main.inc.php")) $res = @include substr($tmp, 0, ($i + 1))."/main.inc.php";
|
|
if (!$res && $i > 0 && file_exists(dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php")) $res = @include dirname(substr($tmp, 0, ($i + 1)))."/main.inc.php";
|
|
if (!$res && file_exists("../../main.inc.php")) $res = @include "../../main.inc.php";
|
|
if (!$res && file_exists("../../../main.inc.php")) $res = @include "../../../main.inc.php";
|
|
if (!$res) die("Include of main fails");
|
|
|
|
require_once __DIR__.'/_jwt.php';
|
|
require_once __DIR__.'/../class/bericht.class.php';
|
|
require_once __DIR__.'/../lib/bericht.lib.php';
|
|
|
|
// JWT robust lesen
|
|
$token_str = '';
|
|
$hdr = $_SERVER['HTTP_AUTHORIZATION'] ?? ($_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ?? '');
|
|
if (!$hdr && function_exists('apache_request_headers')) {
|
|
foreach (apache_request_headers() as $k => $v) {
|
|
if (strcasecmp($k, 'Authorization') === 0) { $hdr = $v; break; }
|
|
}
|
|
}
|
|
if ($hdr && stripos($hdr, 'bearer ') === 0) $token_str = trim(substr($hdr, 7));
|
|
if (!$token_str && !empty($_GET['jwt'])) $token_str = (string) $_GET['jwt'];
|
|
|
|
$payload = $token_str ? bericht_jwt_decode($token_str) : null;
|
|
if (!$payload || empty($payload['sub'])) {
|
|
http_response_code(401);
|
|
header('Content-Type: text/plain');
|
|
echo 'Token ungültig';
|
|
exit;
|
|
}
|
|
|
|
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
|
|
$u = new User($db);
|
|
if ($u->fetch((int) $payload['sub']) <= 0 || empty($u->statut)) {
|
|
http_response_code(401);
|
|
exit;
|
|
}
|
|
$u->loadRights();
|
|
if (!$u->hasRight('bericht', 'read')) {
|
|
http_response_code(403);
|
|
exit;
|
|
}
|
|
$user = $u;
|
|
|
|
$id = (int) ($_GET['id'] ?? 0);
|
|
if (!$id) { http_response_code(400); exit; }
|
|
|
|
$bericht = new Bericht($db);
|
|
if ($bericht->fetch($id) <= 0) { http_response_code(404); exit; }
|
|
|
|
// Fertiges PDF ausliefern wenn vorhanden
|
|
if ($bericht->final_pdf_path) {
|
|
$full = bericht_resolve_data_path($bericht->final_pdf_path);
|
|
if ($full && file_exists($full)) {
|
|
header('Content-Type: application/pdf');
|
|
header('Content-Length: '.filesize($full));
|
|
header('Cache-Control: private, max-age=60');
|
|
readfile($full);
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// Sonst: on-the-fly Vorschau (wie preview_pdf.php)
|
|
$parent = bericht_fetch_parent($db, $bericht->element_type, $bericht->fk_element);
|
|
if (!$parent) { http_response_code(404); exit; }
|
|
$pages = BerichtPage::fetchAllForBericht($db, $bericht->id);
|
|
if (empty($pages)) { http_response_code(400); exit; }
|
|
|
|
$tcpdf_loaded = false;
|
|
foreach (array(
|
|
DOL_DOCUMENT_ROOT.'/includes/tecnickcom/tcpdf/tcpdf.php',
|
|
DOL_DOCUMENT_ROOT.'/includes/tcpdf/tcpdf.php',
|
|
) as $p) { if (file_exists($p)) { require_once $p; $tcpdf_loaded = true; break; } }
|
|
if (!$tcpdf_loaded) { http_response_code(500); exit; }
|
|
|
|
$fpdi_loaded = false;
|
|
foreach (array(
|
|
DOL_DOCUMENT_ROOT.'/includes/setasign/vendor/setasign/fpdi/src/Tcpdf/Fpdi.php',
|
|
DOL_DOCUMENT_ROOT.'/includes/fpdi/src/Tcpdf/Fpdi.php',
|
|
) as $p) { if (file_exists($p)) { require_once $p; $fpdi_loaded = true; break; } }
|
|
|
|
$ori = in_array($bericht->page_orientation, array('P','L'), true) ? $bericht->page_orientation : 'P';
|
|
$fmt = in_array($bericht->page_format, array('A4','A3','A5','Letter'), true) ? $bericht->page_format : 'A4';
|
|
|
|
$pdf = $fpdi_loaded
|
|
? new \setasign\Fpdi\Tcpdf\Fpdi($ori, 'mm', $fmt, true, 'UTF-8', false)
|
|
: new TCPDF($ori, 'mm', $fmt, true, 'UTF-8', false);
|
|
|
|
$pdf->SetCreator('Dolibarr Bericht (PWA Vorschau)');
|
|
$pdf->SetAuthor($user->getFullName($langs ?? null));
|
|
$pdf->SetTitle($bericht->titel ?: $bericht->ref);
|
|
$pdf->SetMargins(10, 10, 10);
|
|
$pdf->SetAutoPageBreak(true, 10);
|
|
$pdf->setPrintHeader(false);
|
|
$pdf->setPrintFooter(false);
|
|
|
|
foreach ($pages as $page) {
|
|
bericht_render_page_to_pdf($pdf, $page, $ori, $fmt, $fpdi_loaded);
|
|
}
|
|
|
|
header('Content-Type: application/pdf');
|
|
header('Cache-Control: no-store');
|
|
$pdf->Output('bericht_'.$bericht->ref.'.pdf', 'I');
|
|
exit;
|