File: app/controllers/attachments_controller.rb
Prev Chapter 4.  Sources  Next

File: app/controllers/attachments_controller.rb

Overview
Module Structure
Class Hierarchy
Code

Overview

Module Structure
Class Hierarchy

Module Structure

  module: <Toplevel Module>
  class: AttachmentsController#18
inherits from
  ApplicationController   
has properties
method: show #26
method: download #50
method: upload #62
method: destroy #85
method: find_project #97
method: file_readable #107
method: read_authorize #111
method: delete_authorize #115
method: detect_content_type / 1 #119

Class Hierarchy

Object ( Builtin-Module )
Base ( ActionController )
ApplicationController
  AttachmentsController    #18

Code 

   1  # Redmine - project management software
   2  # Copyright (C) 2006-2011  Jean-Philippe Lang
   3  #
   4  # This program is free software; you can redistribute it and/or
   5  # modify it under the terms of the GNU General Public License
   6  # as published by the Free Software Foundation; either version 2
   7  # of the License, or (at your option) any later version.
   8  #
   9  # This program is distributed in the hope that it will be useful,
  10  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  # GNU General Public License for more details.
  13  #
  14  # You should have received a copy of the GNU General Public License
  15  # along with this program; if not, write to the Free Software
  16  # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
  17 
  18  class AttachmentsController < ApplicationController
  19    before_filter :find_project, :except => :upload
  20    before_filter :file_readable, :read_authorize, :only => [:show, :download]
  21    before_filter :delete_authorize, :only => :destroy
  22    before_filter :authorize_global, :only => :upload
  23 
  24    accept_api_auth :show, :download, :upload
  25 
  26    def show
  27      respond_to do |format|
  28        format.html {
  29          if @attachment.is_diff?
  30            @diff = File.new(@attachment.diskfile, "rb").read
  31            @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
  32            @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
  33            # Save diff type as user preference
  34            if User.current.logged? && @diff_type != User.current.pref[:diff_type]
  35              User.current.pref[:diff_type] = @diff_type
  36              User.current.preference.save
  37            end
  38            render :action => 'diff'
  39          elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
  40            @content = File.new(@attachment.diskfile, "rb").read
  41            render :action => 'file'
  42          else
  43            download
  44          end
  45        }
  46        format.api
  47      end
  48    end
  49 
  50    def download
  51      if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
  52        @attachment.increment_download
  53      end
  54 
  55      # images are sent inline
  56      send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
  57                                      :type => detect_content_type(@attachment),
  58                                      :disposition => (@attachment.image? ? 'inline' : 'attachment')
  59 
  60    end
  61 
  62    def upload
  63      # Make sure that API users get used to set this content type
  64      # as it won't trigger Rails' automatic parsing of the request body for parameters
  65      unless request.content_type == 'application/octet-stream'
  66        render :nothing => true, :status => 406
  67        return
  68      end
  69 
  70      @attachment = Attachment.new(:file => request.body)
  71      @attachment.author = User.current
  72      @attachment.filename = Redmine::Utils.random_hex(16)
  73 
  74      if @attachment.save
  75        respond_to do |format|
  76          format.api { render :action => 'upload', :status => :created }
  77        end
  78      else
  79        respond_to do |format|
  80          format.api { render_validation_errors(@attachment) }
  81        end
  82      end
  83    end
  84 
  85    def destroy
  86      if @attachment.container.respond_to?(:init_journal)
  87        @attachment.container.init_journal(User.current)
  88      end
  89      # Make sure association callbacks are called
  90      @attachment.container.attachments.delete(@attachment)
  91      redirect_to :back
  92    rescue ::ActionController::RedirectBackError
  93      redirect_to :controller => 'projects', :action => 'show', :id => @project
  94    end
  95 
  96  private
  97    def find_project
  98      @attachment = Attachment.find(params[:id])
  99      # Show 404 if the filename in the url is wrong
 100      raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
 101      @project = @attachment.project
 102    rescue ActiveRecord::RecordNotFound
 103      render_404
 104    end
 105 
 106    # Checks that the file exists and is readable
 107    def file_readable
 108      @attachment.readable? ? true : render_404
 109    end
 110 
 111    def read_authorize
 112      @attachment.visible? ? true : deny_access
 113    end
 114 
 115    def delete_authorize
 116      @attachment.deletable? ? true : deny_access
 117    end
 118 
 119    def detect_content_type(attachment)
 120      content_type = attachment.content_type
 121      if content_type.blank?
 122        content_type = Redmine::MimeType.of(attachment.filename)
 123      end
 124      content_type.to_s
 125    end
 126  end
Prev Up Next
File: app/controllers/admin_controller.rb  Home  File: app/controllers/auth_sources_controller.rb