123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126 |
- # Redmine - project management software
- # Copyright (C) 2006-2011 Jean-Philippe Lang
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; either version 2
- # of the License, or (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-
- class AttachmentsController < ApplicationController
- before_filter :find_project, :except => :upload
- before_filter :file_readable, :read_authorize, :only => [:show, :download]
- before_filter :delete_authorize, :only => :destroy
- before_filter :authorize_global, :only => :upload
-
- accept_api_auth :show, :download, :upload
-
- def show
- respond_to do |format|
- format.html {
- if @attachment.is_diff?
- @diff = File.new(@attachment.diskfile, "rb").read
- @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
- @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
- # Save diff type as user preference
- if User.current.logged? && @diff_type != User.current.pref[:diff_type]
- User.current.pref[:diff_type] = @diff_type
- User.current.preference.save
- end
- render :action => 'diff'
- elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
- @content = File.new(@attachment.diskfile, "rb").read
- render :action => 'file'
- else
- download
- end
- }
- format.api
- end
- end
-
- def download
- if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
- @attachment.increment_download
- end
-
- # images are sent inline
- send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
- :type => detect_content_type(@attachment),
- :disposition => (@attachment.image? ? 'inline' : 'attachment')
-
- end
-
- def upload
- # Make sure that API users get used to set this content type
- # as it won't trigger Rails' automatic parsing of the request body for parameters
- unless request.content_type == 'application/octet-stream'
- render :nothing => true, :status => 406
- return
- end
-
- @attachment = Attachment.new(:file => request.raw_post)
- @attachment.author = User.current
- @attachment.filename = Redmine::Utils.random_hex(16)
-
- if @attachment.save
- respond_to do |format|
- format.api { render :action => 'upload', :status => :created }
- end
- else
- respond_to do |format|
- format.api { render_validation_errors(@attachment) }
- end
- end
- end
-
- def destroy
- if @attachment.container.respond_to?(:init_journal)
- @attachment.container.init_journal(User.current)
- end
- # Make sure association callbacks are called
- @attachment.container.attachments.delete(@attachment)
- redirect_to :back
- rescue ::ActionController::RedirectBackError
- redirect_to :controller => 'projects', :action => 'show', :id => @project
- end
-
- private
- def find_project
- @attachment = Attachment.find(params[:id])
- # Show 404 if the filename in the url is wrong
- raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
- @project = @attachment.project
- rescue ActiveRecord::RecordNotFound
- render_404
- end
-
- # Checks that the file exists and is readable
- def file_readable
- @attachment.readable? ? true : render_404
- end
-
- def read_authorize
- @attachment.visible? ? true : deny_access
- end
-
- def delete_authorize
- @attachment.deletable? ? true : deny_access
- end
-
- def detect_content_type(attachment)
- content_type = attachment.content_type
- if content_type.blank?
- content_type = Redmine::MimeType.of(attachment.filename)
- end
- content_type.to_s
- end
- end
|