##// END OF EJS Templates
jro_apps » redmine
RSS
Let the attachment filename be specified on upload (#12125)....
Jean-Philippe Lang -
r10467:251f263abdc5
parent child
Show More
Side by Side Unified
Context file:
r10467:251f263abdc5 Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,139 +1,139
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AttachmentsController < ApplicationController
19 19 before_filter :find_project, :except => :upload
20 20 before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
21 21 before_filter :delete_authorize, :only => :destroy
22 22 before_filter :authorize_global, :only => :upload
23 23
24 24 accept_api_auth :show, :download, :upload
25 25
26 26 def show
27 27 respond_to do |format|
28 28 format.html {
29 29 if @attachment.is_diff?
30 30 @diff = File.new(@attachment.diskfile, "rb").read
31 31 @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
32 32 @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
33 33 # Save diff type as user preference
34 34 if User.current.logged? && @diff_type != User.current.pref[:diff_type]
35 35 User.current.pref[:diff_type] = @diff_type
36 36 User.current.preference.save
37 37 end
38 38 render :action => 'diff'
39 39 elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
40 40 @content = File.new(@attachment.diskfile, "rb").read
41 41 render :action => 'file'
42 42 else
43 43 download
44 44 end
45 45 }
46 46 format.api
47 47 end
48 48 end
49 49
50 50 def download
51 51 if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
52 52 @attachment.increment_download
53 53 end
54 54
55 55 if stale?(:etag => @attachment.digest)
56 56 # images are sent inline
57 57 send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
58 58 :type => detect_content_type(@attachment),
59 59 :disposition => (@attachment.image? ? 'inline' : 'attachment')
60 60 end
61 61 end
62 62
63 63 def thumbnail
64 64 if @attachment.thumbnailable? && thumbnail = @attachment.thumbnail(:size => params[:size])
65 65 if stale?(:etag => thumbnail)
66 66 send_file thumbnail,
67 67 :filename => filename_for_content_disposition(@attachment.filename),
68 68 :type => detect_content_type(@attachment),
69 69 :disposition => 'inline'
70 70 end
71 71 else
72 72 # No thumbnail for the attachment or thumbnail could not be created
73 73 render :nothing => true, :status => 404
74 74 end
75 75 end
76 76
77 77 def upload
78 78 # Make sure that API users get used to set this content type
79 79 # as it won't trigger Rails' automatic parsing of the request body for parameters
80 80 unless request.content_type == 'application/octet-stream'
81 81 render :nothing => true, :status => 406
82 82 return
83 83 end
84 84
85 85 @attachment = Attachment.new(:file => request.raw_post)
86 86 @attachment.author = User.current
87 @attachment.filename = Redmine::Utils.random_hex(16)
87 @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
88 88
89 89 if @attachment.save
90 90 respond_to do |format|
91 91 format.api { render :action => 'upload', :status => :created }
92 92 end
93 93 else
94 94 respond_to do |format|
95 95 format.api { render_validation_errors(@attachment) }
96 96 end
97 97 end
98 98 end
99 99
100 100 def destroy
101 101 if @attachment.container.respond_to?(:init_journal)
102 102 @attachment.container.init_journal(User.current)
103 103 end
104 104 # Make sure association callbacks are called
105 105 @attachment.container.attachments.delete(@attachment)
106 106 redirect_to_referer_or project_path(@project)
107 107 end
108 108
109 109 private
110 110 def find_project
111 111 @attachment = Attachment.find(params[:id])
112 112 # Show 404 if the filename in the url is wrong
113 113 raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
114 114 @project = @attachment.project
115 115 rescue ActiveRecord::RecordNotFound
116 116 render_404
117 117 end
118 118
119 119 # Checks that the file exists and is readable
120 120 def file_readable
121 121 @attachment.readable? ? true : render_404
122 122 end
123 123
124 124 def read_authorize
125 125 @attachment.visible? ? true : deny_access
126 126 end
127 127
128 128 def delete_authorize
129 129 @attachment.deletable? ? true : deny_access
130 130 end
131 131
132 132 def detect_content_type(attachment)
133 133 content_type = attachment.content_type
134 134 if content_type.blank?
135 135 content_type = Redmine::MimeType.of(attachment.filename)
136 136 end
137 137 content_type.to_s
138 138 end
139 139 end
Show file before | Show file after | Hide comments
@@ -1,138 +1,150
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2012 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require File.expand_path('../../../test_helper', __FILE__)
19 19
20 20 class ApiTest::AttachmentsTest < ActionController::IntegrationTest
21 21 fixtures :projects, :trackers, :issue_statuses, :issues,
22 22 :enumerations, :users, :issue_categories,
23 23 :projects_trackers,
24 24 :roles,
25 25 :member_roles,
26 26 :members,
27 27 :enabled_modules,
28 28 :workflows,
29 29 :attachments
30 30
31 31 def setup
32 32 Setting.rest_api_enabled = '1'
33 33 set_fixtures_attachments_directory
34 34 end
35 35
36 36 def teardown
37 37 set_tmp_attachments_directory
38 38 end
39 39
40 40 test "GET /attachments/:id.xml should return the attachment" do
41 41 get '/attachments/7.xml', {}, credentials('jsmith')
42 42 assert_response :success
43 43 assert_equal 'application/xml', @response.content_type
44 44 assert_tag :tag => 'attachment',
45 45 :child => {
46 46 :tag => 'id',
47 47 :content => '7',
48 48 :sibling => {
49 49 :tag => 'filename',
50 50 :content => 'archive.zip',
51 51 :sibling => {
52 52 :tag => 'content_url',
53 53 :content => 'http://www.example.com/attachments/download/7/archive.zip'
54 54 }
55 55 }
56 56 }
57 57 end
58 58
59 59 test "GET /attachments/:id.xml should deny access without credentials" do
60 60 get '/attachments/7.xml'
61 61 assert_response 401
62 62 set_tmp_attachments_directory
63 63 end
64 64
65 65 test "GET /attachments/download/:id/:filename should return the attachment content" do
66 66 get '/attachments/download/7/archive.zip', {}, credentials('jsmith')
67 67 assert_response :success
68 68 assert_equal 'application/octet-stream', @response.content_type
69 69 set_tmp_attachments_directory
70 70 end
71 71
72 72 test "GET /attachments/download/:id/:filename should deny access without credentials" do
73 73 get '/attachments/download/7/archive.zip'
74 74 assert_response 302
75 75 set_tmp_attachments_directory
76 76 end
77 77
78 78 test "POST /uploads.xml should return the token" do
79 79 set_tmp_attachments_directory
80 80 assert_difference 'Attachment.count' do
81 81 post '/uploads.xml', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith'))
82 82 assert_response :created
83 83 assert_equal 'application/xml', response.content_type
84 84 end
85 85
86 86 xml = Hash.from_xml(response.body)
87 87 assert_kind_of Hash, xml['upload']
88 88 token = xml['upload']['token']
89 89 assert_not_nil token
90 90
91 91 attachment = Attachment.first(:order => 'id DESC')
92 92 assert_equal token, attachment.token
93 93 assert_nil attachment.container
94 94 assert_equal 2, attachment.author_id
95 95 assert_equal 'File content'.size, attachment.filesize
96 96 assert attachment.content_type.blank?
97 97 assert attachment.filename.present?
98 98 assert_match /\d+_[0-9a-z]+/, attachment.diskfile
99 99 assert File.exist?(attachment.diskfile)
100 100 assert_equal 'File content', File.read(attachment.diskfile)
101 101 end
102 102
103 103 test "POST /uploads.json should return the token" do
104 104 set_tmp_attachments_directory
105 105 assert_difference 'Attachment.count' do
106 106 post '/uploads.json', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith'))
107 107 assert_response :created
108 108 assert_equal 'application/json', response.content_type
109 109 end
110 110
111 111 json = ActiveSupport::JSON.decode(response.body)
112 112 assert_kind_of Hash, json['upload']
113 113 token = json['upload']['token']
114 114 assert_not_nil token
115 115
116 116 attachment = Attachment.first(:order => 'id DESC')
117 117 assert_equal token, attachment.token
118 118 end
119 119
120 test "POST /uploads.xml should accept :filename param as the attachment filename" do
121 set_tmp_attachments_directory
122 assert_difference 'Attachment.count' do
123 post '/uploads.xml?filename=test.txt', 'File content', {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith'))
124 assert_response :created
125 end
126
127 attachment = Attachment.order('id DESC').first
128 assert_equal 'test.txt', attachment.filename
129 assert_match /_test\.txt$/, attachment.diskfile
130 end
131
120 132 test "POST /uploads.xml should not accept other content types" do
121 133 set_tmp_attachments_directory
122 134 assert_no_difference 'Attachment.count' do
123 135 post '/uploads.xml', 'PNG DATA', {"CONTENT_TYPE" => 'image/png'}.merge(credentials('jsmith'))
124 136 assert_response 406
125 137 end
126 138 end
127 139
128 140 test "POST /uploads.xml should return errors if file is too big" do
129 141 set_tmp_attachments_directory
130 142 with_settings :attachment_max_size => 1 do
131 143 assert_no_difference 'Attachment.count' do
132 144 post '/uploads.xml', ('x' * 2048), {"CONTENT_TYPE" => 'application/octet-stream'}.merge(credentials('jsmith'))
133 145 assert_response 422
134 146 assert_tag 'error', :content => /exceeds the maximum allowed file size/
135 147 end
136 148 end
137 149 end
138 150 end
General Comments 0
You need to be logged in to leave comments. Login now