mirrors
/
redmine
mirror of https://github.com/redmine/redmine.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 199 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8153 Commits
33 Branches
Tree: ba5a052c8c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ba5a052c8c'
${ noResults }
redmine/app/controllers/attachments_controller.rb

attachments_controller.rb 4.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. # Redmine - project management software

  2. # Copyright (C) 2006-2012  Jean-Philippe Lang

  3. #

  4. # This program is free software; you can redistribute it and/or

  5. # modify it under the terms of the GNU General Public License

  6. # as published by the Free Software Foundation; either version 2

  7. # of the License, or (at your option) any later version.

  8. #

  9. # This program is distributed in the hope that it will be useful,

  10. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. # GNU General Public License for more details.

  13. #

  14. # You should have received a copy of the GNU General Public License

  15. # along with this program; if not, write to the Free Software

  16. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  17. 

  18. class AttachmentsController < ApplicationController

  19.   before_filter :find_project, :except => :upload

  20.   before_filter :file_readable, :read_authorize, :only => [:show, :download]

  21.   before_filter :delete_authorize, :only => :destroy

  22.   before_filter :authorize_global, :only => :upload

  23. 

  24.   accept_api_auth :show, :download, :upload

  25. 

  26.   def show

  27.     respond_to do |format|

  28.       format.html {

  29.         if @attachment.is_diff?

  30.           @diff = File.new(@attachment.diskfile, "rb").read

  31.           @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'

  32.           @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)

  33.           # Save diff type as user preference

  34.           if User.current.logged? && @diff_type != User.current.pref[:diff_type]

  35.             User.current.pref[:diff_type] = @diff_type

  36.             User.current.preference.save

  37.           end

  38.           render :action => 'diff'

  39.         elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte

  40.           @content = File.new(@attachment.diskfile, "rb").read

  41.           render :action => 'file'

  42.         else

  43.           download

  44.         end

  45.       }

  46.       format.api

  47.     end

  48.   end

  49. 

  50.   def download

  51.     if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)

  52.       @attachment.increment_download

  53.     end

  54. 

  55.     # images are sent inline

  56.     send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),

  57.                                     :type => detect_content_type(@attachment),

  58.                                     :disposition => (@attachment.image? ? 'inline' : 'attachment')

  59. 

  60.   end

  61. 

  62.   def upload

  63.     # Make sure that API users get used to set this content type

  64.     # as it won't trigger Rails' automatic parsing of the request body for parameters

  65.     unless request.content_type == 'application/octet-stream'

  66.       render :nothing => true, :status => 406

  67.       return

  68.     end

  69. 

  70.     @attachment = Attachment.new(:file => request.body)

  71.     @attachment.author = User.current

  72.     @attachment.filename = Redmine::Utils.random_hex(16)

  73. 

  74.     if @attachment.save

  75.       respond_to do |format|

  76.         format.api { render :action => 'upload', :status => :created }

  77.       end

  78.     else

  79.       respond_to do |format|

  80.         format.api { render_validation_errors(@attachment) }

  81.       end

  82.     end

  83.   end

  84. 

  85.   def destroy

  86.     if @attachment.container.respond_to?(:init_journal)

  87.       @attachment.container.init_journal(User.current)

  88.     end

  89.     # Make sure association callbacks are called

  90.     @attachment.container.attachments.delete(@attachment)

  91.     redirect_to_referer_or project_path(@project)

  92.   end

  93. 

  94. private

  95.   def find_project

  96.     @attachment = Attachment.find(params[:id])

  97.     # Show 404 if the filename in the url is wrong

  98.     raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename

  99.     @project = @attachment.project

  100.   rescue ActiveRecord::RecordNotFound

  101.     render_404

  102.   end

  103. 

  104.   # Checks that the file exists and is readable

  105.   def file_readable

  106.     @attachment.readable? ? true : render_404

  107.   end

  108. 

  109.   def read_authorize

  110.     @attachment.visible? ? true : deny_access

  111.   end

  112. 

  113.   def delete_authorize

  114.     @attachment.deletable? ? true : deny_access

  115.   end

  116. 

  117.   def detect_content_type(attachment)

  118.     content_type = attachment.content_type

  119.     if content_type.blank?

  120.       content_type = Redmine::MimeType.of(attachment.filename)

  121.     end

  122.     content_type.to_s

  123.   end

  124. end