Move VersionsController#download to AttachmentsController.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1685 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 9ea9ac48e23ae98298191d1b7fe79b6f93e61f52..07fee1269be0cc59424d2098e5efa3daedff12cc 100644 (file)
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -17,7 +17,7 @@
 
 class AttachmentsController < ApplicationController
   layout 'base'
-  before_filter :find_project, :check_project_privacy
+  before_filter :find_project
 
   def show
     if @attachment.is_diff?
@@ -32,6 +32,8 @@ class AttachmentsController < ApplicationController
   end
   
   def download
+    @attachment.increment_download if @attachment.container.is_a?(Version)
+    
     # images are sent inline
     send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
                                     :type => @attachment.content_type, 
@@ -41,9 +43,11 @@ class AttachmentsController < ApplicationController
 private
   def find_project
     @attachment = Attachment.find(params[:id])
-    #render_404 and return false unless File.readable?(@attachment.diskfile)
     @project = @attachment.project
-  #rescue
-  #  render_404
+    permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym
+    allowed = User.current.allowed_to?(permission, @project)
+    allowed ? true : (User.current.logged? ? render_403 : require_login)
+  rescue ActiveRecord::RecordNotFound
+    render_404
   end
 end

diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb
index 7e732b9b6e56d32622db370c9b2044d638f4f696..1f0784bb23dac62b0c895d1df9ca05ad2a7eb33f 100644 (file)
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@@ -65,15 +65,6 @@ class DocumentsController < ApplicationController
     @document.destroy
     redirect_to :controller => 'documents', :action => 'index', :project_id => @project
   end
-
-  def download
-    @attachment = @document.attachments.find(params[:attachment_id])
-    @attachment.increment_download
-    send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                    :type => @attachment.content_type
-  rescue
-    render_404
-  end 
   
   def add_attachment
     attachments = attach_files(@document, params[:attachments])

diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb
index aeb802ccb1345ba597ddefbd3d4ea042d348dd56..5d3393ed8602a3756d93f13c4993f4fde5b9ff8a 100644 (file)
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@@ -37,15 +37,6 @@ class VersionsController < ApplicationController
     flash[:error] = "Unable to delete version"
     redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
   end
-
-  def download
-    @attachment = @version.attachments.find(params[:attachment_id])
-    @attachment.increment_download
-    send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                    :type => @attachment.content_type
-  rescue
-    render_404
-  end 
   
   def destroy_file
     @version.attachments.find(params[:attachment_id]).destroy

diff --git a/app/views/projects/list_files.rhtml b/app/views/projects/list_files.rhtml
index f385229ae0b6f7ad62f7f876980c5c7fafc1bd04..43687c50a49d64fe14c2a864bd3f1c78e9108903 100644 (file)
--- a/app/views/projects/list_files.rhtml
+++ b/app/views/projects/list_files.rhtml
@@ -23,8 +23,8 @@
   <% for file in version.attachments %>                
   <tr class="<%= cycle("odd", "even") %>">
     <td></td>
-    <td><%= link_to(file.filename, {:controller => 'versions', :action => 'download', :id => version, :attachment_id => file},
-                                   :title => file.description) %></td>
+    <td><%= link_to(h(file.filename), {:controller => 'attachments', :action => 'download', :id => file},
+                                      :title => file.description) %></td>
     <td align="center"><%= format_time(file.created_on) %></td>
     <td align="center"><%= number_to_human_size(file.filesize) %></td>
     <td align="center"><%= file.downloads %></td>

diff --git a/test/fixtures/attachments.yml b/test/fixtures/attachments.yml
index a73d6b385e551f56d5d57db3e9250ae100fb6e09..ec57aa6dddcf315dbf3bab6f9503bd485babadc4 100644 (file)
--- a/test/fixtures/attachments.yml
+++ b/test/fixtures/attachments.yml
@@ -73,3 +73,16 @@ attachments_006:
   filename: archive.zip\r
   author_id: 2\r
   content_type: application/octet-stream\r
+attachments_007: \r
+  created_on: 2006-07-19 21:07:27 +02:00\r
+  container_type: Issue\r
+  container_id: 4\r
+  downloads: 0\r
+  disk_filename: 060719210727_archive.zip\r
+  digest: b91e08d0cf966d5c6ff411bd8c4cc3a2\r
+  id: 7\r
+  filesize: 157\r
+  filename: archive.zip\r
+  author_id: 1\r
+  content_type: application/octet-stream\r
+  
\ No newline at end of file

diff --git a/test/functional/attachments_controller_test.rb b/test/functional/attachments_controller_test.rb
index d088c0b0faff8862119ccf5ef56652081ef02e8e..af73eb77ed4266f8133f4fe8a8bbb4e4cb78bb67 100644 (file)
--- a/test/functional/attachments_controller_test.rb
+++ b/test/functional/attachments_controller_test.rb
@@ -56,4 +56,9 @@ class AttachmentsControllerTest < Test::Unit::TestCase
     assert_response :success
     assert_equal 'application/x-ruby', @response.content_type
   end
+  
+  def test_anonymous_on_private_private
+    get :download, :id => 7
+    assert_redirected_to 'account/login'
+  end
 end