git-svn-id: http://redmine.rubyforge.org/svn/trunk@1685 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/0.8.0-RC1
@@ -17,7 +17,7 @@ | |||
class AttachmentsController < ApplicationController | |||
layout 'base' | |||
before_filter :find_project, :check_project_privacy | |||
before_filter :find_project | |||
def show | |||
if @attachment.is_diff? | |||
@@ -32,6 +32,8 @@ class AttachmentsController < ApplicationController | |||
end | |||
def download | |||
@attachment.increment_download if @attachment.container.is_a?(Version) | |||
# images are sent inline | |||
send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), | |||
:type => @attachment.content_type, | |||
@@ -41,9 +43,11 @@ class AttachmentsController < ApplicationController | |||
private | |||
def find_project | |||
@attachment = Attachment.find(params[:id]) | |||
#render_404 and return false unless File.readable?(@attachment.diskfile) | |||
@project = @attachment.project | |||
#rescue | |||
# render_404 | |||
permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym | |||
allowed = User.current.allowed_to?(permission, @project) | |||
allowed ? true : (User.current.logged? ? render_403 : require_login) | |||
rescue ActiveRecord::RecordNotFound | |||
render_404 | |||
end | |||
end |
@@ -65,15 +65,6 @@ class DocumentsController < ApplicationController | |||
@document.destroy | |||
redirect_to :controller => 'documents', :action => 'index', :project_id => @project | |||
end | |||
def download | |||
@attachment = @document.attachments.find(params[:attachment_id]) | |||
@attachment.increment_download | |||
send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), | |||
:type => @attachment.content_type | |||
rescue | |||
render_404 | |||
end | |||
def add_attachment | |||
attachments = attach_files(@document, params[:attachments]) |
@@ -37,15 +37,6 @@ class VersionsController < ApplicationController | |||
flash[:error] = "Unable to delete version" | |||
redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project | |||
end | |||
def download | |||
@attachment = @version.attachments.find(params[:attachment_id]) | |||
@attachment.increment_download | |||
send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), | |||
:type => @attachment.content_type | |||
rescue | |||
render_404 | |||
end | |||
def destroy_file | |||
@version.attachments.find(params[:attachment_id]).destroy |
@@ -23,8 +23,8 @@ | |||
<% for file in version.attachments %> | |||
<tr class="<%= cycle("odd", "even") %>"> | |||
<td></td> | |||
<td><%= link_to(file.filename, {:controller => 'versions', :action => 'download', :id => version, :attachment_id => file}, | |||
:title => file.description) %></td> | |||
<td><%= link_to(h(file.filename), {:controller => 'attachments', :action => 'download', :id => file}, | |||
:title => file.description) %></td> | |||
<td align="center"><%= format_time(file.created_on) %></td> | |||
<td align="center"><%= number_to_human_size(file.filesize) %></td> | |||
<td align="center"><%= file.downloads %></td> |
@@ -73,3 +73,16 @@ attachments_006: | |||
filename: archive.zip | |||
author_id: 2 | |||
content_type: application/octet-stream | |||
attachments_007: | |||
created_on: 2006-07-19 21:07:27 +02:00 | |||
container_type: Issue | |||
container_id: 4 | |||
downloads: 0 | |||
disk_filename: 060719210727_archive.zip | |||
digest: b91e08d0cf966d5c6ff411bd8c4cc3a2 | |||
id: 7 | |||
filesize: 157 | |||
filename: archive.zip | |||
author_id: 1 | |||
content_type: application/octet-stream | |||
@@ -56,4 +56,9 @@ class AttachmentsControllerTest < Test::Unit::TestCase | |||
assert_response :success | |||
assert_equal 'application/x-ruby', @response.content_type | |||
end | |||
def test_anonymous_on_private_private | |||
get :download, :id => 7 | |||
assert_redirected_to 'account/login' | |||
end | |||
end |