##// END OF EJS Templates
jro_apps » redmine
RSS
Don't force download of PDF (#22483)....
Jean-Philippe Lang -
r15027:3e776af8066e
parent child
Show More
Side by Side Unified
Context file:
r15027:3e776af8066e Loading diff...:
Show file before | Show file after | Hide comments
@@ -1,194 +1,202
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 class AttachmentsController < ApplicationController
19 19 before_filter :find_attachment, :only => [:show, :download, :thumbnail, :destroy]
20 20 before_filter :find_editable_attachments, :only => [:edit, :update]
21 21 before_filter :file_readable, :read_authorize, :only => [:show, :download, :thumbnail]
22 22 before_filter :delete_authorize, :only => :destroy
23 23 before_filter :authorize_global, :only => :upload
24 24
25 25 accept_api_auth :show, :download, :thumbnail, :upload, :destroy
26 26
27 27 def show
28 28 respond_to do |format|
29 29 format.html {
30 30 if @attachment.is_diff?
31 31 @diff = File.read(@attachment.diskfile, :mode => "rb")
32 32 @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
33 33 @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
34 34 # Save diff type as user preference
35 35 if User.current.logged? && @diff_type != User.current.pref[:diff_type]
36 36 User.current.pref[:diff_type] = @diff_type
37 37 User.current.preference.save
38 38 end
39 39 render :action => 'diff'
40 40 elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
41 41 @content = File.read(@attachment.diskfile, :mode => "rb")
42 42 render :action => 'file'
43 43 elsif @attachment.is_image?
44 44 render :action => 'image'
45 45 else
46 46 render :action => 'other'
47 47 end
48 48 }
49 49 format.api
50 50 end
51 51 end
52 52
53 53 def download
54 54 if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
55 55 @attachment.increment_download
56 56 end
57 57
58 58 if stale?(:etag => @attachment.digest)
59 59 # images are sent inline
60 60 send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
61 61 :type => detect_content_type(@attachment),
62 :disposition => (@attachment.image? ? 'inline' : 'attachment')
62 :disposition => disposition(@attachment)
63 63 end
64 64 end
65 65
66 66 def thumbnail
67 67 if @attachment.thumbnailable? && tbnail = @attachment.thumbnail(:size => params[:size])
68 68 if stale?(:etag => tbnail)
69 69 send_file tbnail,
70 70 :filename => filename_for_content_disposition(@attachment.filename),
71 71 :type => detect_content_type(@attachment),
72 72 :disposition => 'inline'
73 73 end
74 74 else
75 75 # No thumbnail for the attachment or thumbnail could not be created
76 76 render :nothing => true, :status => 404
77 77 end
78 78 end
79 79
80 80 def upload
81 81 # Make sure that API users get used to set this content type
82 82 # as it won't trigger Rails' automatic parsing of the request body for parameters
83 83 unless request.content_type == 'application/octet-stream'
84 84 render :nothing => true, :status => 406
85 85 return
86 86 end
87 87
88 88 @attachment = Attachment.new(:file => request.raw_post)
89 89 @attachment.author = User.current
90 90 @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
91 91 @attachment.content_type = params[:content_type].presence
92 92 saved = @attachment.save
93 93
94 94 respond_to do |format|
95 95 format.js
96 96 format.api {
97 97 if saved
98 98 render :action => 'upload', :status => :created
99 99 else
100 100 render_validation_errors(@attachment)
101 101 end
102 102 }
103 103 end
104 104 end
105 105
106 106 def edit
107 107 end
108 108
109 109 def update
110 110 if params[:attachments].is_a?(Hash)
111 111 if Attachment.update_attachments(@attachments, params[:attachments])
112 112 redirect_back_or_default home_path
113 113 return
114 114 end
115 115 end
116 116 render :action => 'edit'
117 117 end
118 118
119 119 def destroy
120 120 if @attachment.container.respond_to?(:init_journal)
121 121 @attachment.container.init_journal(User.current)
122 122 end
123 123 if @attachment.container
124 124 # Make sure association callbacks are called
125 125 @attachment.container.attachments.delete(@attachment)
126 126 else
127 127 @attachment.destroy
128 128 end
129 129
130 130 respond_to do |format|
131 131 format.html { redirect_to_referer_or project_path(@project) }
132 132 format.js
133 133 format.api { render_api_ok }
134 134 end
135 135 end
136 136
137 137 private
138 138
139 139 def find_attachment
140 140 @attachment = Attachment.find(params[:id])
141 141 # Show 404 if the filename in the url is wrong
142 142 raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
143 143 @project = @attachment.project
144 144 rescue ActiveRecord::RecordNotFound
145 145 render_404
146 146 end
147 147
148 148 def find_editable_attachments
149 149 klass = params[:object_type].to_s.singularize.classify.constantize rescue nil
150 150 unless klass && klass.reflect_on_association(:attachments)
151 151 render_404
152 152 return
153 153 end
154 154
155 155 @container = klass.find(params[:object_id])
156 156 if @container.respond_to?(:visible?) && !@container.visible?
157 157 render_403
158 158 return
159 159 end
160 160 @attachments = @container.attachments.select(&:editable?)
161 161 if @container.respond_to?(:project)
162 162 @project = @container.project
163 163 end
164 164 render_404 if @attachments.empty?
165 165 rescue ActiveRecord::RecordNotFound
166 166 render_404
167 167 end
168 168
169 169 # Checks that the file exists and is readable
170 170 def file_readable
171 171 if @attachment.readable?
172 172 true
173 173 else
174 174 logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
175 175 render_404
176 176 end
177 177 end
178 178
179 179 def read_authorize
180 180 @attachment.visible? ? true : deny_access
181 181 end
182 182
183 183 def delete_authorize
184 184 @attachment.deletable? ? true : deny_access
185 185 end
186 186
187 187 def detect_content_type(attachment)
188 188 content_type = attachment.content_type
189 189 if content_type.blank? || content_type == "application/octet-stream"
190 190 content_type = Redmine::MimeType.of(attachment.filename)
191 191 end
192 192 content_type.to_s
193 193 end
194
195 def disposition(attachment)
196 if attachment.is_image? || attachment.is_pdf?
197 'inline'
198 else
199 'attachment'
200 end
201 end
194 202 end
Show file before | Show file after | Hide comments
@@ -1,444 +1,452
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require 'SVG/Graph/Bar'
19 19 require 'SVG/Graph/BarHorizontal'
20 20 require 'digest/sha1'
21 21 require 'redmine/scm/adapters'
22 22
23 23 class ChangesetNotFound < Exception; end
24 24 class InvalidRevisionParam < Exception; end
25 25
26 26 class RepositoriesController < ApplicationController
27 27 menu_item :repository
28 28 menu_item :settings, :only => [:new, :create, :edit, :update, :destroy, :committers]
29 29 default_search_scope :changesets
30 30
31 31 before_filter :find_project_by_project_id, :only => [:new, :create]
32 32 before_filter :find_repository, :only => [:edit, :update, :destroy, :committers]
33 33 before_filter :find_project_repository, :except => [:new, :create, :edit, :update, :destroy, :committers]
34 34 before_filter :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
35 35 before_filter :authorize
36 36 accept_rss_auth :revisions
37 37
38 38 rescue_from Redmine::Scm::Adapters::CommandFailed, :with => :show_error_command_failed
39 39
40 40 def new
41 41 scm = params[:repository_scm] || (Redmine::Scm::Base.all & Setting.enabled_scm).first
42 42 @repository = Repository.factory(scm)
43 43 @repository.is_default = @project.repository.nil?
44 44 @repository.project = @project
45 45 end
46 46
47 47 def create
48 48 attrs = pickup_extra_info
49 49 @repository = Repository.factory(params[:repository_scm])
50 50 @repository.safe_attributes = params[:repository]
51 51 if attrs[:attrs_extra].keys.any?
52 52 @repository.merge_extra_info(attrs[:attrs_extra])
53 53 end
54 54 @repository.project = @project
55 55 if request.post? && @repository.save
56 56 redirect_to settings_project_path(@project, :tab => 'repositories')
57 57 else
58 58 render :action => 'new'
59 59 end
60 60 end
61 61
62 62 def edit
63 63 end
64 64
65 65 def update
66 66 attrs = pickup_extra_info
67 67 @repository.safe_attributes = attrs[:attrs]
68 68 if attrs[:attrs_extra].keys.any?
69 69 @repository.merge_extra_info(attrs[:attrs_extra])
70 70 end
71 71 @repository.project = @project
72 72 if @repository.save
73 73 redirect_to settings_project_path(@project, :tab => 'repositories')
74 74 else
75 75 render :action => 'edit'
76 76 end
77 77 end
78 78
79 79 def pickup_extra_info
80 80 p = {}
81 81 p_extra = {}
82 82 params[:repository].each do |k, v|
83 83 if k =~ /^extra_/
84 84 p_extra[k] = v
85 85 else
86 86 p[k] = v
87 87 end
88 88 end
89 89 {:attrs => p, :attrs_extra => p_extra}
90 90 end
91 91 private :pickup_extra_info
92 92
93 93 def committers
94 94 @committers = @repository.committers
95 95 @users = @project.users.to_a
96 96 additional_user_ids = @committers.collect(&:last).collect(&:to_i) - @users.collect(&:id)
97 97 @users += User.where(:id => additional_user_ids).to_a unless additional_user_ids.empty?
98 98 @users.compact!
99 99 @users.sort!
100 100 if request.post? && params[:committers].is_a?(Hash)
101 101 # Build a hash with repository usernames as keys and corresponding user ids as values
102 102 @repository.committer_ids = params[:committers].values.inject({}) {|h, c| h[c.first] = c.last; h}
103 103 flash[:notice] = l(:notice_successful_update)
104 104 redirect_to settings_project_path(@project, :tab => 'repositories')
105 105 end
106 106 end
107 107
108 108 def destroy
109 109 @repository.destroy if request.delete?
110 110 redirect_to settings_project_path(@project, :tab => 'repositories')
111 111 end
112 112
113 113 def show
114 114 @repository.fetch_changesets if @project.active? && Setting.autofetch_changesets? && @path.empty?
115 115
116 116 @entries = @repository.entries(@path, @rev)
117 117 @changeset = @repository.find_changeset_by_name(@rev)
118 118 if request.xhr?
119 119 @entries ? render(:partial => 'dir_list_content') : render(:nothing => true)
120 120 else
121 121 (show_error_not_found; return) unless @entries
122 122 @changesets = @repository.latest_changesets(@path, @rev)
123 123 @properties = @repository.properties(@path, @rev)
124 124 @repositories = @project.repositories
125 125 render :action => 'show'
126 126 end
127 127 end
128 128
129 129 alias_method :browse, :show
130 130
131 131 def changes
132 132 @entry = @repository.entry(@path, @rev)
133 133 (show_error_not_found; return) unless @entry
134 134 @changesets = @repository.latest_changesets(@path, @rev, Setting.repository_log_display_limit.to_i)
135 135 @properties = @repository.properties(@path, @rev)
136 136 @changeset = @repository.find_changeset_by_name(@rev)
137 137 end
138 138
139 139 def revisions
140 140 @changeset_count = @repository.changesets.count
141 141 @changeset_pages = Paginator.new @changeset_count,
142 142 per_page_option,
143 143 params['page']
144 144 @changesets = @repository.changesets.
145 145 limit(@changeset_pages.per_page).
146 146 offset(@changeset_pages.offset).
147 147 includes(:user, :repository, :parents).
148 148 to_a
149 149
150 150 respond_to do |format|
151 151 format.html { render :layout => false if request.xhr? }
152 152 format.atom { render_feed(@changesets, :title => "#{@project.name}: #{l(:label_revision_plural)}") }
153 153 end
154 154 end
155 155
156 156 def raw
157 157 entry_and_raw(true)
158 158 end
159 159
160 160 def entry
161 161 entry_and_raw(false)
162 162 end
163 163
164 164 def entry_and_raw(is_raw)
165 165 @entry = @repository.entry(@path, @rev)
166 166 (show_error_not_found; return) unless @entry
167 167
168 168 # If the entry is a dir, show the browser
169 169 (show; return) if @entry.is_dir?
170 170
171 171 if is_raw
172 172 # Force the download
173 173 send_opt = { :filename => filename_for_content_disposition(@path.split('/').last) }
174 174 send_type = Redmine::MimeType.of(@path)
175 175 send_opt[:type] = send_type.to_s if send_type
176 send_opt[:disposition] = (Redmine::MimeType.is_type?('image', @path) ? 'inline' : 'attachment')
176 send_opt[:disposition] = disposition(@path)
177 177 send_data @repository.cat(@path, @rev), send_opt
178 178 else
179 179 if !@entry.size || @entry.size <= Setting.file_max_size_displayed.to_i.kilobyte
180 180 content = @repository.cat(@path, @rev)
181 181 (show_error_not_found; return) unless content
182 182
183 183 if content.size <= Setting.file_max_size_displayed.to_i.kilobyte &&
184 184 is_entry_text_data?(content, @path)
185 185 # TODO: UTF-16
186 186 # Prevent empty lines when displaying a file with Windows style eol
187 187 # Is this needed? AttachmentsController simply reads file.
188 188 @content = content.gsub("\r\n", "\n")
189 189 end
190 190 end
191 191 @changeset = @repository.find_changeset_by_name(@rev)
192 192 end
193 193 end
194 194 private :entry_and_raw
195 195
196 196 def is_entry_text_data?(ent, path)
197 197 # UTF-16 contains "\x00".
198 198 # It is very strict that file contains less than 30% of ascii symbols
199 199 # in non Western Europe.
200 200 return true if Redmine::MimeType.is_type?('text', path)
201 201 # Ruby 1.8.6 has a bug of integer divisions.
202 202 # http://apidock.com/ruby/v1_8_6_287/String/is_binary_data%3F
203 203 return false if ent.is_binary_data?
204 204 true
205 205 end
206 206 private :is_entry_text_data?
207 207
208 208 def annotate
209 209 @entry = @repository.entry(@path, @rev)
210 210 (show_error_not_found; return) unless @entry
211 211
212 212 @annotate = @repository.scm.annotate(@path, @rev)
213 213 if @annotate.nil? || @annotate.empty?
214 214 (render_error l(:error_scm_annotate); return)
215 215 end
216 216 ann_buf_size = 0
217 217 @annotate.lines.each do |buf|
218 218 ann_buf_size += buf.size
219 219 end
220 220 if ann_buf_size > Setting.file_max_size_displayed.to_i.kilobyte
221 221 (render_error l(:error_scm_annotate_big_text_file); return)
222 222 end
223 223 @changeset = @repository.find_changeset_by_name(@rev)
224 224 end
225 225
226 226 def revision
227 227 respond_to do |format|
228 228 format.html
229 229 format.js {render :layout => false}
230 230 end
231 231 end
232 232
233 233 # Adds a related issue to a changeset
234 234 # POST /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues
235 235 def add_related_issue
236 236 issue_id = params[:issue_id].to_s.sub(/^#/,'')
237 237 @issue = @changeset.find_referenced_issue_by_id(issue_id)
238 238 if @issue && (!@issue.visible? || @changeset.issues.include?(@issue))
239 239 @issue = nil
240 240 end
241 241
242 242 if @issue
243 243 @changeset.issues << @issue
244 244 end
245 245 end
246 246
247 247 # Removes a related issue from a changeset
248 248 # DELETE /projects/:project_id/repository/(:repository_id/)revisions/:rev/issues/:issue_id
249 249 def remove_related_issue
250 250 @issue = Issue.visible.find_by_id(params[:issue_id])
251 251 if @issue
252 252 @changeset.issues.delete(@issue)
253 253 end
254 254 end
255 255
256 256 def diff
257 257 if params[:format] == 'diff'
258 258 @diff = @repository.diff(@path, @rev, @rev_to)
259 259 (show_error_not_found; return) unless @diff
260 260 filename = "changeset_r#{@rev}"
261 261 filename << "_r#{@rev_to}" if @rev_to
262 262 send_data @diff.join, :filename => "#{filename}.diff",
263 263 :type => 'text/x-patch',
264 264 :disposition => 'attachment'
265 265 else
266 266 @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
267 267 @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
268 268
269 269 # Save diff type as user preference
270 270 if User.current.logged? && @diff_type != User.current.pref[:diff_type]
271 271 User.current.pref[:diff_type] = @diff_type
272 272 User.current.preference.save
273 273 end
274 274 @cache_key = "repositories/diff/#{@repository.id}/" +
275 275 Digest::MD5.hexdigest("#{@path}-#{@rev}-#{@rev_to}-#{@diff_type}-#{current_language}")
276 276 unless read_fragment(@cache_key)
277 277 @diff = @repository.diff(@path, @rev, @rev_to)
278 278 show_error_not_found unless @diff
279 279 end
280 280
281 281 @changeset = @repository.find_changeset_by_name(@rev)
282 282 @changeset_to = @rev_to ? @repository.find_changeset_by_name(@rev_to) : nil
283 283 @diff_format_revisions = @repository.diff_format_revisions(@changeset, @changeset_to)
284 284 end
285 285 end
286 286
287 287 def stats
288 288 end
289 289
290 290 def graph
291 291 data = nil
292 292 case params[:graph]
293 293 when "commits_per_month"
294 294 data = graph_commits_per_month(@repository)
295 295 when "commits_per_author"
296 296 data = graph_commits_per_author(@repository)
297 297 end
298 298 if data
299 299 headers["Content-Type"] = "image/svg+xml"
300 300 send_data(data, :type => "image/svg+xml", :disposition => "inline")
301 301 else
302 302 render_404
303 303 end
304 304 end
305 305
306 306 private
307 307
308 308 def find_repository
309 309 @repository = Repository.find(params[:id])
310 310 @project = @repository.project
311 311 rescue ActiveRecord::RecordNotFound
312 312 render_404
313 313 end
314 314
315 315 REV_PARAM_RE = %r{\A[a-f0-9]*\Z}i
316 316
317 317 def find_project_repository
318 318 @project = Project.find(params[:id])
319 319 if params[:repository_id].present?
320 320 @repository = @project.repositories.find_by_identifier_param(params[:repository_id])
321 321 else
322 322 @repository = @project.repository
323 323 end
324 324 (render_404; return false) unless @repository
325 325 @path = params[:path].is_a?(Array) ? params[:path].join('/') : params[:path].to_s
326 326 @rev = params[:rev].blank? ? @repository.default_branch : params[:rev].to_s.strip
327 327 @rev_to = params[:rev_to]
328 328
329 329 unless @rev.to_s.match(REV_PARAM_RE) && @rev_to.to_s.match(REV_PARAM_RE)
330 330 if @repository.branches.blank?
331 331 raise InvalidRevisionParam
332 332 end
333 333 end
334 334 rescue ActiveRecord::RecordNotFound
335 335 render_404
336 336 rescue InvalidRevisionParam
337 337 show_error_not_found
338 338 end
339 339
340 340 def find_changeset
341 341 if @rev.present?
342 342 @changeset = @repository.find_changeset_by_name(@rev)
343 343 end
344 344 show_error_not_found unless @changeset
345 345 end
346 346
347 347 def show_error_not_found
348 348 render_error :message => l(:error_scm_not_found), :status => 404
349 349 end
350 350
351 351 # Handler for Redmine::Scm::Adapters::CommandFailed exception
352 352 def show_error_command_failed(exception)
353 353 render_error l(:error_scm_command_failed, exception.message)
354 354 end
355 355
356 356 def graph_commits_per_month(repository)
357 357 @date_to = User.current.today
358 358 @date_from = @date_to << 11
359 359 @date_from = Date.civil(@date_from.year, @date_from.month, 1)
360 360 commits_by_day = Changeset.
361 361 where("repository_id = ? AND commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to).
362 362 group(:commit_date).
363 363 count
364 364 commits_by_month = [0] * 12
365 365 commits_by_day.each {|c| commits_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
366 366
367 367 changes_by_day = Change.
368 368 joins(:changeset).
369 369 where("#{Changeset.table_name}.repository_id = ? AND #{Changeset.table_name}.commit_date BETWEEN ? AND ?", repository.id, @date_from, @date_to).
370 370 group(:commit_date).
371 371 count
372 372 changes_by_month = [0] * 12
373 373 changes_by_day.each {|c| changes_by_month[(@date_to.month - c.first.to_date.month) % 12] += c.last }
374 374
375 375 fields = []
376 376 today = User.current.today
377 377 12.times {|m| fields << month_name(((today.month - 1 - m) % 12) + 1)}
378 378
379 379 graph = SVG::Graph::Bar.new(
380 380 :height => 300,
381 381 :width => 800,
382 382 :fields => fields.reverse,
383 383 :stack => :side,
384 384 :scale_integers => true,
385 385 :step_x_labels => 2,
386 386 :show_data_values => false,
387 387 :graph_title => l(:label_commits_per_month),
388 388 :show_graph_title => true
389 389 )
390 390
391 391 graph.add_data(
392 392 :data => commits_by_month[0..11].reverse,
393 393 :title => l(:label_revision_plural)
394 394 )
395 395
396 396 graph.add_data(
397 397 :data => changes_by_month[0..11].reverse,
398 398 :title => l(:label_change_plural)
399 399 )
400 400
401 401 graph.burn
402 402 end
403 403
404 404 def graph_commits_per_author(repository)
405 405 #data
406 406 stats = repository.stats_by_author
407 407 fields, commits_data, changes_data = [], [], []
408 408 stats.each do |name, hsh|
409 409 fields << name
410 410 commits_data << hsh[:commits_count]
411 411 changes_data << hsh[:changes_count]
412 412 end
413 413
414 414 #expand to 10 values if needed
415 415 fields = fields + [""]*(10 - fields.length) if fields.length<10
416 416 commits_data = commits_data + [0]*(10 - commits_data.length) if commits_data.length<10
417 417 changes_data = changes_data + [0]*(10 - changes_data.length) if changes_data.length<10
418 418
419 419 # Remove email address in usernames
420 420 fields = fields.collect {|c| c.gsub(%r{<.+@.+>}, '') }
421 421
422 422 #prepare graph
423 423 graph = SVG::Graph::BarHorizontal.new(
424 424 :height => 30 * commits_data.length,
425 425 :width => 800,
426 426 :fields => fields,
427 427 :stack => :side,
428 428 :scale_integers => true,
429 429 :show_data_values => false,
430 430 :rotate_y_labels => false,
431 431 :graph_title => l(:label_commits_per_author),
432 432 :show_graph_title => true
433 433 )
434 434 graph.add_data(
435 435 :data => commits_data,
436 436 :title => l(:label_revision_plural)
437 437 )
438 438 graph.add_data(
439 439 :data => changes_data,
440 440 :title => l(:label_change_plural)
441 441 )
442 442 graph.burn
443 443 end
444
445 def disposition(path)
446 if Redmine::MimeType.is_type?('image', @path) || Redmine::MimeType.of(@path) == "application/pdf"
447 'inline'
448 else
449 'attachment'
450 end
451 end
444 452 end
Show file before | Show file after | Hide comments
@@ -1,406 +1,410
1 1 # Redmine - project management software
2 2 # Copyright (C) 2006-2016 Jean-Philippe Lang
3 3 #
4 4 # This program is free software; you can redistribute it and/or
5 5 # modify it under the terms of the GNU General Public License
6 6 # as published by the Free Software Foundation; either version 2
7 7 # of the License, or (at your option) any later version.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU General Public License
15 15 # along with this program; if not, write to the Free Software
16 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 17
18 18 require "digest/md5"
19 19 require "fileutils"
20 20
21 21 class Attachment < ActiveRecord::Base
22 22 belongs_to :container, :polymorphic => true
23 23 belongs_to :author, :class_name => "User"
24 24
25 25 validates_presence_of :filename, :author
26 26 validates_length_of :filename, :maximum => 255
27 27 validates_length_of :disk_filename, :maximum => 255
28 28 validates_length_of :description, :maximum => 255
29 29 validate :validate_max_file_size, :validate_file_extension
30 30 attr_protected :id
31 31
32 32 acts_as_event :title => :filename,
33 33 :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id, :filename => o.filename}}
34 34
35 35 acts_as_activity_provider :type => 'files',
36 36 :permission => :view_files,
37 37 :author_key => :author_id,
38 38 :scope => select("#{Attachment.table_name}.*").
39 39 joins("LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " +
40 40 "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )")
41 41
42 42 acts_as_activity_provider :type => 'documents',
43 43 :permission => :view_documents,
44 44 :author_key => :author_id,
45 45 :scope => select("#{Attachment.table_name}.*").
46 46 joins("LEFT JOIN #{Document.table_name} ON #{Attachment.table_name}.container_type='Document' AND #{Document.table_name}.id = #{Attachment.table_name}.container_id " +
47 47 "LEFT JOIN #{Project.table_name} ON #{Document.table_name}.project_id = #{Project.table_name}.id")
48 48
49 49 cattr_accessor :storage_path
50 50 @@storage_path = Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")
51 51
52 52 cattr_accessor :thumbnails_storage_path
53 53 @@thumbnails_storage_path = File.join(Rails.root, "tmp", "thumbnails")
54 54
55 55 before_create :files_to_final_location
56 56 after_rollback :delete_from_disk, :on => :create
57 57 after_commit :delete_from_disk, :on => :destroy
58 58
59 59 # Returns an unsaved copy of the attachment
60 60 def copy(attributes=nil)
61 61 copy = self.class.new
62 62 copy.attributes = self.attributes.dup.except("id", "downloads")
63 63 copy.attributes = attributes if attributes
64 64 copy
65 65 end
66 66
67 67 def validate_max_file_size
68 68 if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
69 69 errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
70 70 end
71 71 end
72 72
73 73 def validate_file_extension
74 74 if @temp_file
75 75 extension = File.extname(filename)
76 76 unless self.class.valid_extension?(extension)
77 77 errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
78 78 end
79 79 end
80 80 end
81 81
82 82 def file=(incoming_file)
83 83 unless incoming_file.nil?
84 84 @temp_file = incoming_file
85 85 if @temp_file.size > 0
86 86 if @temp_file.respond_to?(:original_filename)
87 87 self.filename = @temp_file.original_filename
88 88 self.filename.force_encoding("UTF-8")
89 89 end
90 90 if @temp_file.respond_to?(:content_type)
91 91 self.content_type = @temp_file.content_type.to_s.chomp
92 92 end
93 93 self.filesize = @temp_file.size
94 94 end
95 95 end
96 96 end
97 97
98 98 def file
99 99 nil
100 100 end
101 101
102 102 def filename=(arg)
103 103 write_attribute :filename, sanitize_filename(arg.to_s)
104 104 filename
105 105 end
106 106
107 107 # Copies the temporary file to its final location
108 108 # and computes its MD5 hash
109 109 def files_to_final_location
110 110 if @temp_file && (@temp_file.size > 0)
111 111 self.disk_directory = target_directory
112 112 self.disk_filename = Attachment.disk_filename(filename, disk_directory)
113 113 logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)") if logger
114 114 path = File.dirname(diskfile)
115 115 unless File.directory?(path)
116 116 FileUtils.mkdir_p(path)
117 117 end
118 118 md5 = Digest::MD5.new
119 119 File.open(diskfile, "wb") do |f|
120 120 if @temp_file.respond_to?(:read)
121 121 buffer = ""
122 122 while (buffer = @temp_file.read(8192))
123 123 f.write(buffer)
124 124 md5.update(buffer)
125 125 end
126 126 else
127 127 f.write(@temp_file)
128 128 md5.update(@temp_file)
129 129 end
130 130 end
131 131 self.digest = md5.hexdigest
132 132 end
133 133 @temp_file = nil
134 134
135 135 if content_type.blank? && filename.present?
136 136 self.content_type = Redmine::MimeType.of(filename)
137 137 end
138 138 # Don't save the content type if it's longer than the authorized length
139 139 if self.content_type && self.content_type.length > 255
140 140 self.content_type = nil
141 141 end
142 142 end
143 143
144 144 # Deletes the file from the file system if it's not referenced by other attachments
145 145 def delete_from_disk
146 146 if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
147 147 delete_from_disk!
148 148 end
149 149 end
150 150
151 151 # Returns file's location on disk
152 152 def diskfile
153 153 File.join(self.class.storage_path, disk_directory.to_s, disk_filename.to_s)
154 154 end
155 155
156 156 def title
157 157 title = filename.to_s
158 158 if description.present?
159 159 title << " (#{description})"
160 160 end
161 161 title
162 162 end
163 163
164 164 def increment_download
165 165 increment!(:downloads)
166 166 end
167 167
168 168 def project
169 169 container.try(:project)
170 170 end
171 171
172 172 def visible?(user=User.current)
173 173 if container_id
174 174 container && container.attachments_visible?(user)
175 175 else
176 176 author == user
177 177 end
178 178 end
179 179
180 180 def editable?(user=User.current)
181 181 if container_id
182 182 container && container.attachments_editable?(user)
183 183 else
184 184 author == user
185 185 end
186 186 end
187 187
188 188 def deletable?(user=User.current)
189 189 if container_id
190 190 container && container.attachments_deletable?(user)
191 191 else
192 192 author == user
193 193 end
194 194 end
195 195
196 196 def image?
197 197 !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png)$/i)
198 198 end
199 199
200 200 def thumbnailable?
201 201 image?
202 202 end
203 203
204 204 # Returns the full path the attachment thumbnail, or nil
205 205 # if the thumbnail cannot be generated.
206 206 def thumbnail(options={})
207 207 if thumbnailable? && readable?
208 208 size = options[:size].to_i
209 209 if size > 0
210 210 # Limit the number of thumbnails per image
211 211 size = (size / 50) * 50
212 212 # Maximum thumbnail size
213 213 size = 800 if size > 800
214 214 else
215 215 size = Setting.thumbnails_size.to_i
216 216 end
217 217 size = 100 unless size > 0
218 218 target = File.join(self.class.thumbnails_storage_path, "#{id}_#{digest}_#{size}.thumb")
219 219
220 220 begin
221 221 Redmine::Thumbnail.generate(self.diskfile, target, size)
222 222 rescue => e
223 223 logger.error "An error occured while generating thumbnail for #{disk_filename} to #{target}\nException was: #{e.message}" if logger
224 224 return nil
225 225 end
226 226 end
227 227 end
228 228
229 229 # Deletes all thumbnails
230 230 def self.clear_thumbnails
231 231 Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
232 232 File.delete file
233 233 end
234 234 end
235 235
236 236 def is_text?
237 237 Redmine::MimeType.is_type?('text', filename)
238 238 end
239 239
240 240 def is_image?
241 241 Redmine::MimeType.is_type?('image', filename)
242 242 end
243 243
244 244 def is_diff?
245 245 self.filename =~ /\.(patch|diff)$/i
246 246 end
247 247
248 def is_pdf?
249 Redmine::MimeType.of(filename) == "application/pdf"
250 end
251
248 252 # Returns true if the file is readable
249 253 def readable?
250 254 File.readable?(diskfile)
251 255 end
252 256
253 257 # Returns the attachment token
254 258 def token
255 259 "#{id}.#{digest}"
256 260 end
257 261
258 262 # Finds an attachment that matches the given token and that has no container
259 263 def self.find_by_token(token)
260 264 if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
261 265 attachment_id, attachment_digest = $1, $2
262 266 attachment = Attachment.where(:id => attachment_id, :digest => attachment_digest).first
263 267 if attachment && attachment.container.nil?
264 268 attachment
265 269 end
266 270 end
267 271 end
268 272
269 273 # Bulk attaches a set of files to an object
270 274 #
271 275 # Returns a Hash of the results:
272 276 # :files => array of the attached files
273 277 # :unsaved => array of the files that could not be attached
274 278 def self.attach_files(obj, attachments)
275 279 result = obj.save_attachments(attachments, User.current)
276 280 obj.attach_saved_attachments
277 281 result
278 282 end
279 283
280 284 # Updates the filename and description of a set of attachments
281 285 # with the given hash of attributes. Returns true if all
282 286 # attachments were updated.
283 287 #
284 288 # Example:
285 289 # Attachment.update_attachments(attachments, {
286 290 # 4 => {:filename => 'foo'},
287 291 # 7 => {:filename => 'bar', :description => 'file description'}
288 292 # })
289 293 #
290 294 def self.update_attachments(attachments, params)
291 295 params = params.transform_keys {|key| key.to_i}
292 296
293 297 saved = true
294 298 transaction do
295 299 attachments.each do |attachment|
296 300 if p = params[attachment.id]
297 301 attachment.filename = p[:filename] if p.key?(:filename)
298 302 attachment.description = p[:description] if p.key?(:description)
299 303 saved &&= attachment.save
300 304 end
301 305 end
302 306 unless saved
303 307 raise ActiveRecord::Rollback
304 308 end
305 309 end
306 310 saved
307 311 end
308 312
309 313 def self.latest_attach(attachments, filename)
310 314 attachments.sort_by(&:created_on).reverse.detect do |att|
311 315 filename.casecmp(att.filename) == 0
312 316 end
313 317 end
314 318
315 319 def self.prune(age=1.day)
316 320 Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
317 321 end
318 322
319 323 # Moves an existing attachment to its target directory
320 324 def move_to_target_directory!
321 325 return unless !new_record? & readable?
322 326
323 327 src = diskfile
324 328 self.disk_directory = target_directory
325 329 dest = diskfile
326 330
327 331 return if src == dest
328 332
329 333 if !FileUtils.mkdir_p(File.dirname(dest))
330 334 logger.error "Could not create directory #{File.dirname(dest)}" if logger
331 335 return
332 336 end
333 337
334 338 if !FileUtils.mv(src, dest)
335 339 logger.error "Could not move attachment from #{src} to #{dest}" if logger
336 340 return
337 341 end
338 342
339 343 update_column :disk_directory, disk_directory
340 344 end
341 345
342 346 # Moves existing attachments that are stored at the root of the files
343 347 # directory (ie. created before Redmine 2.3) to their target subdirectories
344 348 def self.move_from_root_to_target_directory
345 349 Attachment.where("disk_directory IS NULL OR disk_directory = ''").find_each do |attachment|
346 350 attachment.move_to_target_directory!
347 351 end
348 352 end
349 353
350 354 # Returns true if the extension is allowed, otherwise false
351 355 def self.valid_extension?(extension)
352 356 extension = extension.downcase.sub(/\A\.+/, '')
353 357
354 358 denied, allowed = [:attachment_extensions_denied, :attachment_extensions_allowed].map do |setting|
355 359 Setting.send(setting).to_s.split(",").map {|s| s.strip.downcase.sub(/\A\.+/, '')}.reject(&:blank?)
356 360 end
357 361 if denied.present? && denied.include?(extension)
358 362 return false
359 363 end
360 364 unless allowed.blank? || allowed.include?(extension)
361 365 return false
362 366 end
363 367 true
364 368 end
365 369
366 370 private
367 371
368 372 # Physically deletes the file from the file system
369 373 def delete_from_disk!
370 374 if disk_filename.present? && File.exist?(diskfile)
371 375 File.delete(diskfile)
372 376 end
373 377 end
374 378
375 379 def sanitize_filename(value)
376 380 # get only the filename, not the whole path
377 381 just_filename = value.gsub(/\A.*(\\|\/)/m, '')
378 382
379 383 # Finally, replace invalid characters with underscore
380 384 just_filename.gsub(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_')
381 385 end
382 386
383 387 # Returns the subdirectory in which the attachment will be saved
384 388 def target_directory
385 389 time = created_on || DateTime.now
386 390 time.strftime("%Y/%m")
387 391 end
388 392
389 393 # Returns an ASCII or hashed filename that do not
390 394 # exists yet in the given subdirectory
391 395 def self.disk_filename(filename, directory=nil)
392 396 timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
393 397 ascii = ''
394 398 if filename =~ %r{^[a-zA-Z0-9_\.\-]*$}
395 399 ascii = filename
396 400 else
397 401 ascii = Digest::MD5.hexdigest(filename)
398 402 # keep the extension if any
399 403 ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
400 404 end
401 405 while File.exist?(File.join(storage_path, directory.to_s, "#{timestamp}_#{ascii}"))
402 406 timestamp.succ!
403 407 end
404 408 "#{timestamp}_#{ascii}"
405 409 end
406 410 end
General Comments 0
You need to be logged in to leave comments. Login now