diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-07-22 17:20:02 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-07-22 17:20:02 +0000 |
| commit | 8a7bfc72b20a0a554812db7f8bb7bfdf3e2a21d4 (patch) | |
| tree | 0c7d861eb6d8cdcb32b4dd4c91e8c7c3f91faa37 | |
| parent | aaca2c50e563287f16cbce230ddbcc5d4e6dc972 (diff) | |
| download | redmine-8a7bfc72b20a0a554812db7f8bb7bfdf3e2a21d4.tar.gz redmine-8a7bfc72b20a0a554812db7f8bb7bfdf3e2a21d4.zip | |
Move VersionsController#download to AttachmentsController.
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1685 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/attachments_controller.rb | 12 | ||||
| -rw-r--r-- | app/controllers/documents_controller.rb | 9 | ||||
| -rw-r--r-- | app/controllers/versions_controller.rb | 9 | ||||
| -rw-r--r-- | app/views/projects/list_files.rhtml | 4 | ||||
| -rw-r--r-- | test/fixtures/attachments.yml | 13 | ||||
| -rw-r--r-- | test/functional/attachments_controller_test.rb | 5 |
6 files changed, 28 insertions, 24 deletions
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 9ea9ac48e..07fee1269 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -17,7 +17,7 @@ class AttachmentsController < ApplicationController layout 'base' - before_filter :find_project, :check_project_privacy + before_filter :find_project def show if @attachment.is_diff? @@ -32,6 +32,8 @@ class AttachmentsController < ApplicationController end def download + @attachment.increment_download if @attachment.container.is_a?(Version) + # images are sent inline send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), :type => @attachment.content_type, @@ -41,9 +43,11 @@ class AttachmentsController < ApplicationController private def find_project @attachment = Attachment.find(params[:id]) - #render_404 and return false unless File.readable?(@attachment.diskfile) @project = @attachment.project - #rescue - # render_404 + permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym + allowed = User.current.allowed_to?(permission, @project) + allowed ? true : (User.current.logged? ? render_403 : require_login) + rescue ActiveRecord::RecordNotFound + render_404 end end diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb index 7e732b9b6..1f0784bb2 100644 --- a/app/controllers/documents_controller.rb +++ b/app/controllers/documents_controller.rb @@ -65,15 +65,6 @@ class DocumentsController < ApplicationController @document.destroy redirect_to :controller => 'documents', :action => 'index', :project_id => @project end - - def download - @attachment = @document.attachments.find(params[:attachment_id]) - @attachment.increment_download - send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), - :type => @attachment.content_type - rescue - render_404 - end def add_attachment attachments = attach_files(@document, params[:attachments]) diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index aeb802ccb..5d3393ed8 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -37,15 +37,6 @@ class VersionsController < ApplicationController flash[:error] = "Unable to delete version" redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project end - - def download - @attachment = @version.attachments.find(params[:attachment_id]) - @attachment.increment_download - send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), - :type => @attachment.content_type - rescue - render_404 - end def destroy_file @version.attachments.find(params[:attachment_id]).destroy diff --git a/app/views/projects/list_files.rhtml b/app/views/projects/list_files.rhtml index f385229ae..43687c50a 100644 --- a/app/views/projects/list_files.rhtml +++ b/app/views/projects/list_files.rhtml @@ -23,8 +23,8 @@ <% for file in version.attachments %> <tr class="<%= cycle("odd", "even") %>"> <td></td> - <td><%= link_to(file.filename, {:controller => 'versions', :action => 'download', :id => version, :attachment_id => file}, - :title => file.description) %></td> + <td><%= link_to(h(file.filename), {:controller => 'attachments', :action => 'download', :id => file}, + :title => file.description) %></td> <td align="center"><%= format_time(file.created_on) %></td> <td align="center"><%= number_to_human_size(file.filesize) %></td> <td align="center"><%= file.downloads %></td> diff --git a/test/fixtures/attachments.yml b/test/fixtures/attachments.yml index a73d6b385..ec57aa6dd 100644 --- a/test/fixtures/attachments.yml +++ b/test/fixtures/attachments.yml @@ -73,3 +73,16 @@ attachments_006: filename: archive.zip
author_id: 2
content_type: application/octet-stream
+attachments_007:
+ created_on: 2006-07-19 21:07:27 +02:00
+ container_type: Issue
+ container_id: 4
+ downloads: 0
+ disk_filename: 060719210727_archive.zip
+ digest: b91e08d0cf966d5c6ff411bd8c4cc3a2
+ id: 7
+ filesize: 157
+ filename: archive.zip
+ author_id: 1
+ content_type: application/octet-stream
+
\ No newline at end of file diff --git a/test/functional/attachments_controller_test.rb b/test/functional/attachments_controller_test.rb index d088c0b0f..af73eb77e 100644 --- a/test/functional/attachments_controller_test.rb +++ b/test/functional/attachments_controller_test.rb @@ -56,4 +56,9 @@ class AttachmentsControllerTest < Test::Unit::TestCase assert_response :success assert_equal 'application/x-ruby', @response.content_type end + + def test_anonymous_on_private_private + get :download, :id => 7 + assert_redirected_to 'account/login' + end end |