##// END OF EJS Templates
jro_apps » redmine
RSS
Fix that AttachmentsController#show don't close the file after reading....
Jean-Philippe Lang -
r14907:3e1d2c09243b
parent child
Show More
Side by Side Unified
Context file:
r14907:3e1d2c09243b Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,191 +1,191
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AttachmentsController < ApplicationController
19 19 before_filter :find_attachment, :only => [:show, :download, :thumbnail, :destroy]
20 20 before_filter :find_editable_attachments, :only => [:edit, :update]
21 21 before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
22 22 before_filter :delete_authorize, :only => :destroy
23 23 before_filter :authorize_global, :only => :upload
24 24
25 25 accept_api_auth :show, :download, :thumbnail, :upload
26 26
27 27 def show
28 28 respond_to do |format|
29 29 format.html {
30 30 if @attachment.is_diff?
31 @diff = File.new(@attachment.diskfile, "rb").read
31 @diff = File.read(@attachment.diskfile, :mode => "rb")
32 32 @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
33 33 @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
34 34 # Save diff type as user preference
35 35 if User.current.logged? && @diff_type != User.current.pref[:diff_type]
36 36 User.current.pref[:diff_type] = @diff_type
37 37 User.current.preference.save
38 38 end
39 39 render :action => 'diff'
40 40 elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
41 @content = File.new(@attachment.diskfile, "rb").read
41 @content = File.read(@attachment.diskfile, :mode => "rb")
42 42 render :action => 'file'
43 43 else
44 44 download
45 45 end
46 46 }
47 47 format.api
48 48 end
49 49 end
50 50
51 51 def download
52 52 if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
53 53 @attachment.increment_download
54 54 end
55 55
56 56 if stale?(:etag => @attachment.digest)
57 57 # images are sent inline
58 58 send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
59 59 :type => detect_content_type(@attachment),
60 60 :disposition => (@attachment.image? ? 'inline' : 'attachment')
61 61 end
62 62 end
63 63
64 64 def thumbnail
65 65 if @attachment.thumbnailable? && tbnail = @attachment.thumbnail(:size => params[:size])
66 66 if stale?(:etag => tbnail)
67 67 send_file tbnail,
68 68 :filename => filename_for_content_disposition(@attachment.filename),
69 69 :type => detect_content_type(@attachment),
70 70 :disposition => 'inline'
71 71 end
72 72 else
73 73 # No thumbnail for the attachment or thumbnail could not be created
74 74 render :nothing => true, :status => 404
75 75 end
76 76 end
77 77
78 78 def upload
79 79 # Make sure that API users get used to set this content type
80 80 # as it won't trigger Rails' automatic parsing of the request body for parameters
81 81 unless request.content_type == 'application/octet-stream'
82 82 render :nothing => true, :status => 406
83 83 return
84 84 end
85 85
86 86 @attachment = Attachment.new(:file => request.raw_post)
87 87 @attachment.author = User.current
88 88 @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
89 89 @attachment.content_type = params[:content_type].presence
90 90 saved = @attachment.save
91 91
92 92 respond_to do |format|
93 93 format.js
94 94 format.api {
95 95 if saved
96 96 render :action => 'upload', :status => :created
97 97 else
98 98 render_validation_errors(@attachment)
99 99 end
100 100 }
101 101 end
102 102 end
103 103
104 104 def edit
105 105 end
106 106
107 107 def update
108 108 if params[:attachments].is_a?(Hash)
109 109 if Attachment.update_attachments(@attachments, params[:attachments])
110 110 redirect_back_or_default home_path
111 111 return
112 112 end
113 113 end
114 114 render :action => 'edit'
115 115 end
116 116
117 117 def destroy
118 118 if @attachment.container.respond_to?(:init_journal)
119 119 @attachment.container.init_journal(User.current)
120 120 end
121 121 if @attachment.container
122 122 # Make sure association callbacks are called
123 123 @attachment.container.attachments.delete(@attachment)
124 124 else
125 125 @attachment.destroy
126 126 end
127 127
128 128 respond_to do |format|
129 129 format.html { redirect_to_referer_or project_path(@project) }
130 130 format.js
131 131 end
132 132 end
133 133
134 134 private
135 135
136 136 def find_attachment
137 137 @attachment = Attachment.find(params[:id])
138 138 # Show 404 if the filename in the url is wrong
139 139 raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
140 140 @project = @attachment.project
141 141 rescue ActiveRecord::RecordNotFound
142 142 render_404
143 143 end
144 144
145 145 def find_editable_attachments
146 146 klass = params[:object_type].to_s.singularize.classify.constantize rescue nil
147 147 unless klass && klass.reflect_on_association(:attachments)
148 148 render_404
149 149 return
150 150 end
151 151
152 152 @container = klass.find(params[:object_id])
153 153 if @container.respond_to?(:visible?) && !@container.visible?
154 154 render_403
155 155 return
156 156 end
157 157 @attachments = @container.attachments.select(&:editable?)
158 158 if @container.respond_to?(:project)
159 159 @project = @container.project
160 160 end
161 161 render_404 if @attachments.empty?
162 162 rescue ActiveRecord::RecordNotFound
163 163 render_404
164 164 end
165 165
166 166 # Checks that the file exists and is readable
167 167 def file_readable
168 168 if @attachment.readable?
169 169 true
170 170 else
171 171 logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
172 172 render_404
173 173 end
174 174 end
175 175
176 176 def read_authorize
177 177 @attachment.visible? ? true : deny_access
178 178 end
179 179
180 180 def delete_authorize
181 181 @attachment.deletable? ? true : deny_access
182 182 end
183 183
184 184 def detect_content_type(attachment)
185 185 content_type = attachment.content_type
186 186 if content_type.blank? || content_type == "application/octet-stream"
187 187 content_type = Redmine::MimeType.of(attachment.filename)
188 188 end
189 189 content_type.to_s
190 190 end
191 191 end
General Comments 0
You need to be logged in to leave comments. Login now