get_all_users_by_group($row_users['group_id']); if (!in_array($current_uid,array_keys($users_group))) { $not_allowed_to_edit = true; } } else { if ($current_uid != $message_uid) { $not_allowed_to_edit = true; } } if ($not_allowed_to_edit) { api_not_allowed(); exit; } // set the path directory file if (!empty($row_users['group_id'])) { $path_user_info = $userGroup->get_group_picture_path_by_id( $row_users['group_id'], 'system', true ); } else { $path_user_info['dir'] = UserManager::getUserPathById($message_uid, 'system'); } $full_file_name = $path_user_info['dir'].'message_attachments/'.$file_url; if (Security::check_abs_path($full_file_name, $path_user_info['dir'].'message_attachments/')) { // launch event Event::event_download($file_url); DocumentManager::file_send_for_download($full_file_name,TRUE, $title); } exit;