Uploaded (non secure) attachments live now in public/

That way the attachment files can now be loaded much quicker (without invoking a controller). Also added thumbnailing for pictures in tables.

src/Entity/Attachments/Attachment.php

@@ -64,7 +64,7 @@ abstract class Attachment extends NamedDBElement
     /**
      * When the path begins with one of this placeholders
      */
-    public const INTERNAL_PLACEHOLDER = ['%BASE%', '%MEDIA%'];
+    public const INTERNAL_PLACEHOLDER = ['%BASE%', '%MEDIA%', '%SECURE%'];
 
     /** @var array Placeholders for attachments which using built in files. */
     public const BUILTIN_PLACEHOLDER = ['%FOOTPRINTS%', '%FOOTPRINTS3D%'];
@@ -156,6 +156,23 @@ abstract class Attachment extends NamedDBElement
         return !in_array($tmp[0], array_merge(static::INTERNAL_PLACEHOLDER, static::BUILTIN_PLACEHOLDER), false);
     }
 
+    /**
+     * Check if this attachment is saved in a secure place.
+     * This means that it can not be accessed directly via a web request, but must be viewed via a controller.
+     * @return bool True, if the file is secure.
+     */
+    public function isSecure() : bool
+    {
+        //After the %PLACEHOLDER% comes a slash, so we can check if we have a placholder via explode
+        $tmp = explode("/", $this->path);
+
+        if (empty($tmp)) {
+            return false;
+        }
+
+        return $tmp[0] === '%SECURE%';
+    }
+
     /**
      * Checks if the attachment file is using a builtin file. (see BUILTIN_PLACEHOLDERS const for possible placeholders)
      * If a file is built in, the path is shown to user in url field (no sensitive infos are provided)