##// END OF EJS Templates
Introduce virtual MenuNodes (#15880)....
Introduce virtual MenuNodes (#15880). They are characterized by having a blank url. they will only be rendered if the user is authorized to see at least one of its children. they render as links which do nothing when clicked. Patch by Jan Schulz-Hofen. git-svn-id: http://svn.redmine.org/redmine/trunk@15501 e93f8b46-1217-0410-a6f0-8f06a7374b81

File last commit:

r15027:3e776af8066e
r15119:53710d80fc88
Show More
attachments_controller.rb
202 lines | 6.3 KiB | text/x-ruby | RubyLexer
/ app / controllers / attachments_controller.rb
Jean-Philippe Lang
AttachmentsController now handles attachments deletion....
r2114 # Redmine - project management software
Jean-Philippe Lang
Updates copyright for 2016....
r14856 # Copyright (C) 2006-2016 Jean-Philippe Lang
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 #
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716 #
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 # This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716 #
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 # You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
class AttachmentsController < ApplicationController
Jean-Philippe Lang
Edit attachments after upload (#1326)....
r13283 before_filter :find_attachment, :only => [:show, :download, :thumbnail, :destroy]
before_filter :find_editable_attachments, :only => [:edit, :update]
Jean-Philippe Lang
Displays thumbnails of attached images of the issue view (#1006)....
r9750 before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
Jean-Philippe Lang
AttachmentsController now handles attachments deletion....
r2114 before_filter :delete_authorize, :only => :destroy
Jean-Philippe Lang
Adds support for adding attachments to issues through the REST API (#8171)....
r8808 before_filter :authorize_global, :only => :upload
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Support for deleting attachments via API (#14828)....
r14950 accept_api_auth :show, :download, :thumbnail, :upload, :destroy
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Unified diff viewer for attached files with .patch or .diff extension (#1403)....
r1502 def show
Jean-Philippe Lang
REST API for reading attachments (#7671)....
r6175 respond_to do |format|
format.html {
if @attachment.is_diff?
Jean-Philippe Lang
Fix that AttachmentsController#show don't close the file after reading....
r14907 @diff = File.read(@attachment.diskfile, :mode => "rb")
Toshi MARUYAMA
attachment: add a new feature to switch "side by side" and "inline" for patches (#9612)...
r7740 @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
@diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
Toshi MARUYAMA
attachment: fix that diff type is not saved in user preference (#10152)...
r8641 # Save diff type as user preference
if User.current.logged? && @diff_type != User.current.pref[:diff_type]
User.current.pref[:diff_type] = @diff_type
User.current.preference.save
end
Jean-Philippe Lang
REST API for reading attachments (#7671)....
r6175 render :action => 'diff'
elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
Jean-Philippe Lang
Fix that AttachmentsController#show don't close the file after reading....
r14907 @content = File.read(@attachment.diskfile, :mode => "rb")
Jean-Philippe Lang
REST API for reading attachments (#7671)....
r6175 render :action => 'file'
Jean-Philippe Lang
Add inline image preview/display for attachments and repository entries (#22058)....
r14942 elsif @attachment.is_image?
render :action => 'image'
Jean-Philippe Lang
REST API for reading attachments (#7671)....
r6175 else
Jean-Philippe Lang
Show attachment view even is no preview is available (#22482)....
r15016 render :action => 'other'
Jean-Philippe Lang
REST API for reading attachments (#7671)....
r6175 end
}
format.api
Jean-Philippe Lang
Unified diff viewer for attached files with .patch or .diff extension (#1403)....
r1502 end
end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 def download
Jean-Philippe Lang
Increment project files downloads....
r2207 if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
@attachment.increment_download
end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Adds Etags on attachments....
r9780 if stale?(:etag => @attachment.digest)
# images are sent inline
send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
:type => detect_content_type(@attachment),
Jean-Philippe Lang
Don't force download of PDF (#22483)....
r15027 :disposition => disposition(@attachment)
Jean-Philippe Lang
Adds Etags on attachments....
r9780 end
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Displays thumbnails of attached images of the issue view (#1006)....
r9750 def thumbnail
Toshi MARUYAMA
fix variable name confusion at AttachmentsController#thumbnail...
r12901 if @attachment.thumbnailable? && tbnail = @attachment.thumbnail(:size => params[:size])
if stale?(:etag => tbnail)
send_file tbnail,
Jean-Philippe Lang
Adds Etags on attachments....
r9780 :filename => filename_for_content_disposition(@attachment.filename),
:type => detect_content_type(@attachment),
:disposition => 'inline'
end
Jean-Philippe Lang
Displays thumbnails of attached images of the issue view (#1006)....
r9750 else
# No thumbnail for the attachment or thumbnail could not be created
render :nothing => true, :status => 404
end
end
Jean-Philippe Lang
Adds support for adding attachments to issues through the REST API (#8171)....
r8808 def upload
# Make sure that API users get used to set this content type
# as it won't trigger Rails' automatic parsing of the request body for parameters
unless request.content_type == 'application/octet-stream'
render :nothing => true, :status => 406
return
end
Jean-Philippe Lang
Fixed that REST Uploads fail with fastcgi (#10832)....
r9469 @attachment = Attachment.new(:file => request.raw_post)
Jean-Philippe Lang
Adds support for adding attachments to issues through the REST API (#8171)....
r8808 @attachment.author = User.current
Jean-Philippe Lang
Let the attachment filename be specified on upload (#12125)....
r10467 @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
Jean-Philippe Lang
Send the content type as parameter when uploading a file....
r13406 @attachment.content_type = params[:content_type].presence
Jean-Philippe Lang
Merged ajax_upload branch (#3957)....
r10748 saved = @attachment.save
Jean-Philippe Lang
Adds support for adding attachments to issues through the REST API (#8171)....
r8808
Jean-Philippe Lang
Merged ajax_upload branch (#3957)....
r10748 respond_to do |format|
format.js
format.api {
if saved
render :action => 'upload', :status => :created
else
render_validation_errors(@attachment)
end
}
Jean-Philippe Lang
Adds support for adding attachments to issues through the REST API (#8171)....
r8808 end
end
Jean-Philippe Lang
Edit attachments after upload (#1326)....
r13283 def edit
end
def update
if params[:attachments].is_a?(Hash)
if Attachment.update_attachments(@attachments, params[:attachments])
redirect_back_or_default home_path
return
end
end
render :action => 'edit'
end
Jean-Philippe Lang
AttachmentsController now handles attachments deletion....
r2114 def destroy
Jean-Philippe Lang
Rails 3.1 compatibility....
r8953 if @attachment.container.respond_to?(:init_journal)
@attachment.container.init_journal(User.current)
end
Jean-Philippe Lang
Merged ajax_upload branch (#3957)....
r10748 if @attachment.container
# Make sure association callbacks are called
@attachment.container.attachments.delete(@attachment)
else
@attachment.destroy
end
respond_to do |format|
format.html { redirect_to_referer_or project_path(@project) }
format.js
Jean-Philippe Lang
Support for deleting attachments via API (#14828)....
r14950 format.api { render_api_ok }
Jean-Philippe Lang
Merged ajax_upload branch (#3957)....
r10748 end
Jean-Philippe Lang
AttachmentsController now handles attachments deletion....
r2114 end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Edit attachments after upload (#1326)....
r13283 private
def find_attachment
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 @attachment = Attachment.find(params[:id])
Jean-Philippe Lang
Appends the filename to the attachment url so that clients that ignore content-disposition http header get the real filename (#1649)....
r1669 # Show 404 if the filename in the url is wrong
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 @project = @attachment.project
Jean-Philippe Lang
Move VersionsController#download to AttachmentsController....
r1668 rescue ActiveRecord::RecordNotFound
render_404
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Edit attachments after upload (#1326)....
r13283 def find_editable_attachments
klass = params[:object_type].to_s.singularize.classify.constantize rescue nil
unless klass && klass.reflect_on_association(:attachments)
render_404
return
end
@container = klass.find(params[:object_id])
if @container.respond_to?(:visible?) && !@container.visible?
render_403
return
end
@attachments = @container.attachments.select(&:editable?)
if @container.respond_to?(:project)
@project = @container.project
end
render_404 if @attachments.empty?
rescue ActiveRecord::RecordNotFound
render_404
end
Jean-Philippe Lang
Returns a 404 error when trying to view/download an attachment that can't be read from disk....
r2600 # Checks that the file exists and is readable
def file_readable
Jean-Philippe Lang
Log an error when trying to send an attachment that cannot be read....
r10854 if @attachment.readable?
true
else
logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
render_404
end
Jean-Philippe Lang
Returns a 404 error when trying to view/download an attachment that can't be read from disk....
r2600 end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
AttachmentsController now handles attachments deletion....
r2114 def read_authorize
@attachment.visible? ? true : deny_access
end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
AttachmentsController now handles attachments deletion....
r2114 def delete_authorize
@attachment.deletable? ? true : deny_access
end
Toshi MARUYAMA
remove trailing white-spaces from attachments controller source....
r5716
Jean-Philippe Lang
Auto-detect attachment content type when blank (#3782)....
r3144 def detect_content_type(attachment)
content_type = attachment.content_type
Jean-Philippe Lang
Send a better content type than application/octet-stream (#19131)....
r13652 if content_type.blank? || content_type == "application/octet-stream"
Jean-Philippe Lang
Auto-detect attachment content type when blank (#3782)....
r3144 content_type = Redmine::MimeType.of(attachment.filename)
end
Jean-Philippe Lang
Fixed: error when downloading a file with no matching mime type (#3782)....
r3167 content_type.to_s
Jean-Philippe Lang
Auto-detect attachment content type when blank (#3782)....
r3144 end
Jean-Philippe Lang
Don't force download of PDF (#22483)....
r15027
def disposition(attachment)
if attachment.is_image? || attachment.is_pdf?
'inline'
else
'attachment'
end
end
Jean-Philippe Lang
Attachments can now be added to wiki pages (original patch by Pavol Murin). Only authorized users can add/delete attachments....
r538 end