jro_apps/redmine Commit - r2114:5d2899ee1b3e

AttachmentsController now handles attachments deletion....

Jean-Philippe Lang -

r2114:5d2899ee1b3e

parent child

Context file:

r2114:5d2899ee1b3e

Expand all files

vendor/plugins/acts_as_attachable/init.rb created 644 +2 0

@@ -0,0 +1,2
	1	require File.dirname(__FILE__) + '/lib/acts_as_attachable'
	2	ActiveRecord::Base.send(:include, Redmine::Acts::Attachable)

vendor/plugins/acts_as_attachable/lib/acts_as_attachable.rb created 644 +57 0

@@ -0,0 +1,57
	1	# Redmine - project management software
	2	# Copyright (C) 2006-2008 Jean-Philippe Lang
	3	#
	4	# This program is free software; you can redistribute it and/or
	5	# modify it under the terms of the GNU General Public License
	6	# as published by the Free Software Foundation; either version 2
	7	# of the License, or (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU General Public License
	15	# along with this program; if not, write to the Free Software
	16	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
	17
	18	module Redmine
	19	module Acts
	20	module Attachable
	21	def self.included(base)
	22	base.extend ClassMethods
	23	end
	24
	25	module ClassMethods
	26	def acts_as_attachable(options = {})
	27	cattr_accessor :attachable_options
	28	self.attachable_options = {}
	29	attachable_options[:view_permission] = options.delete(:view_permission) \|\| "view_#{self.name.pluralize.underscore}".to_sym
	30	attachable_options[:delete_permission] = options.delete(:delete_permission) \|\| "edit_#{self.name.pluralize.underscore}".to_sym
	31
	32	has_many :attachments, options.merge(:as => :container,
	33	:order => "#{Attachment.table_name}.created_on",
	34	:dependent => :destroy)
	35	send :include, Redmine::Acts::Attachable::InstanceMethods
	36	end
	37	end
	38
	39	module InstanceMethods
	40	def self.included(base)
	41	base.extend ClassMethods
	42	end
	43
	44	def attachments_visible?(user=User.current)
	45	user.allowed_to?(self.class.attachable_options[:view_permission], self.project)
	46	end
	47
	48	def attachments_deletable?(user=User.current)
	49	user.allowed_to?(self.class.attachable_options[:delete_permission], self.project)
	50	end
	51
	52	module ClassMethods
	53	end
	54	end
	55	end
	56	end
	57	end

app/controllers/attachments_controller.rb +25 -8

-            # redMine - project management software
+            # Redmine - project management software
-            # Copyright (C) 2006-2007  Jean-Philippe Lang
+            # Copyright (C) 2006-2008  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             class AttachmentsController < ApplicationController
               before_filter :find_project
+              before_filter :read_authorize, :except => :destroy
+              before_filter :delete_authorize, :only => :destroy
+              verify :method => :post, :only => :destroy
               def show
                 if @attachment.is_diff?
                   @diff = File.new(@attachment.diskfile, "rb").read
                 send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
                                                 :type => @attachment.content_type,
                                                 :disposition => (@attachment.image? ? 'inline' : 'attachment')
               end
+              def destroy
+                # Make sure association callbacks are called
+                @attachment.container.attachments.delete(@attachment)
+                redirect_to :back
+              rescue ::ActionController::RedirectBackError
+                redirect_to :controller => 'projects', :action => 'show', :id => @project
+              end
             private
               def find_project
                 @attachment = Attachment.find(params[:id])
                 # Show 404 if the filename in the url is wrong
                 raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
                 @project = @attachment.project
-                permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym
-                allowed = User.current.allowed_to?(permission, @project)
-                allowed ? true : (User.current.logged? ? render_403 : require_login)
               rescue ActiveRecord::RecordNotFound
                 render_404
               end
+              def read_authorize
+                @attachment.visible? ? true : deny_access
+              end
+              def delete_authorize
+                @attachment.deletable? ? true : deny_access
+              end
             end

app/controllers/documents_controller.rb 0 -5

                 Mailer.deliver_attachments_added(attachments) if !attachments.empty? && Setting.notified_events.include?('document_added')
                 redirect_to :action => 'show', :id => @document
               end
-              def destroy_attachment
-                @document.attachments.find(params[:attachment_id]).destroy
-                redirect_to :action => 'show', :id => @document
-              end
             private
               def find_project

app/controllers/issues_controller.rb +1 -12

             class IssuesController < ApplicationController
               menu_item :new_issue, :only => :new
-              before_filter :find_issue, :only => [:show, :edit, :reply, :destroy_attachment]
+              before_filter :find_issue, :only => [:show, :edit, :reply]
               before_filter :find_issues, :only => [:bulk_edit, :move, :destroy]
               before_filter :find_project, :only => [:new, :update_form, :preview]
               before_filter :authorize, :except => [:index, :changes, :gantt, :calendar, :preview, :update_form, :context_menu]
                 @issues.each(&:destroy)
                 redirect_to :action => 'index', :project_id => @project
               end
-              def destroy_attachment
-                a = @issue.attachments.find(params[:attachment_id])
-                a.destroy
-                journal = @issue.init_journal(User.current)
-                journal.details << JournalDetail.new(:property => 'attachment',
-                                                     :prop_key => a.id,
-                                                     :old_value => a.filename)
-                journal.save
-                redirect_to :action => 'show', :id => @issue
-              end
               def gantt
                 @gantt = Redmine::Helpers::Gantt.new(params)

app/controllers/versions_controller.rb 0 -6

                 redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
               end
-              def destroy_file
-                @version.attachments.find(params[:attachment_id]).destroy
-                flash[:notice] = l(:notice_successful_delete)
-                redirect_to :controller => 'projects', :action => 'list_files', :id => @project
-              end
               def status_by
                 respond_to do |format|
                   format.html { render :action => 'show' }

app/controllers/wiki_controller.rb +1 -8

             class WikiController < ApplicationController
               before_filter :find_wiki, :authorize
-              verify :method => :post, :only => [:destroy, :destroy_attachment, :protect], :redirect_to => { :action => :index }
+              verify :method => :post, :only => [:destroy, :protect], :redirect_to => { :action => :index }
               helper :attachments
               include AttachmentsHelper
                 redirect_to :action => 'index', :page => @page.title
               end
-              def destroy_attachment
-                @page = @wiki.find_page(params[:page])
-                return render_403 unless editable?
-                @page.attachments.find(params[:attachment_id]).destroy
-                redirect_to :action => 'index', :page => @page.title
-              end
             private
               def find_wiki

app/helpers/attachments_helper.rb +9 -4

@@ -16,10 +16,15
16	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.	16	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17		17
18	module AttachmentsHelper	18	module AttachmentsHelper
19	# displays the links to ~~a collection of~~ attachments	19	# Displays view/delete links to the attachments of the given object
20	def link_to_attachments(attachments, options = {})	20	# Options:
21	if attachments.any?	21	# :author -- author names are not displayed if set to false
22	render :partial => 'attachments/links', :locals => {:attachments => attachments, :options => options}	22	def link_to_attachments(container, options = {})
		23	options.assert_valid_keys(:author)
		24
		25	if container.attachments.any?
		26	options = {:deletable => container.attachments_deletable?, :author => true}.merge(options)
		27	render :partial => 'attachments/links', :locals => {:attachments => container.attachments, :options => options}
23	end	28	end
24	end	29	end
25		30

app/models/attachment.rb +8 0

                 container.project
               end
+              def visible?(user=User.current)
+                container.attachments_visible?(user)
+              end
+              def deletable?(user=User.current)
+                container.attachments_deletable?(user)
+              end
               def image?
                 self.filename =~ /\.(jpe?g|gif|png)$/i
               end

app/models/document.rb +1 -1

             class Document < ActiveRecord::Base
               belongs_to :project
               belongs_to :category, :class_name => "Enumeration", :foreign_key => "category_id"
-              has_many :attachments, :as => :container, :dependent => :destroy
+              acts_as_attachable :delete_permission => :manage_documents
               acts_as_searchable :columns => ['title', "#{table_name}.description"], :include => :project
               acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"},

app/models/issue.rb +12 -1

               belongs_to :category, :class_name => 'IssueCategory', :foreign_key => 'category_id'
               has_many :journals, :as => :journalized, :dependent => :destroy
-              has_many :attachments, :as => :container, :dependent => :destroy
               has_many :time_entries, :dependent => :delete_all
               has_and_belongs_to_many :changesets, :order => "#{Changeset.table_name}.committed_on ASC, #{Changeset.table_name}.id ASC"
               has_many :relations_from, :class_name => 'IssueRelation', :foreign_key => 'issue_from_id', :dependent => :delete_all
               has_many :relations_to, :class_name => 'IssueRelation', :foreign_key => 'issue_to_id', :dependent => :delete_all
+              acts_as_attachable :after_remove => :attachment_removed
               acts_as_customizable
               acts_as_watchable
               acts_as_searchable :columns => ['subject', "#{table_name}.description", "#{Journal.table_name}.notes"],
               def to_s
                 "#{tracker} ##{id}: #{subject}"
               end
+              private
+              # Callback on attachment deletion
+              def attachment_removed(obj)
+                journal = init_journal(User.current)
+                journal.details << JournalDetail.new(:property => 'attachment',
+                                                     :prop_key => obj.id,
+                                                     :old_value => obj.filename)
+                journal.save
+              end
             end

app/models/message.rb +1 -1

               belongs_to :board
               belongs_to :author, :class_name => 'User', :foreign_key => 'author_id'
               acts_as_tree :counter_cache => :replies_count, :order => "#{Message.table_name}.created_on ASC"
-              has_many :attachments, :as => :container, :dependent => :destroy
+              acts_as_attachable
               belongs_to :last_reply, :class_name => 'Message', :foreign_key => 'last_reply_id'
               acts_as_searchable :columns => ['subject', 'content'],

app/models/version.rb +2 -1

               before_destroy :check_integrity
               belongs_to :project
               has_many :fixed_issues, :class_name => 'Issue', :foreign_key => 'fixed_version_id'
-              has_many :attachments, :as => :container, :dependent => :destroy
+              acts_as_attachable :view_permission => :view_files,
+                                 :delete_permission => :manage_files
               validates_presence_of :name
               validates_uniqueness_of :name, :scope => [:project_id]

app/models/wiki_page.rb +5 -1

             class WikiPage < ActiveRecord::Base
               belongs_to :wiki
               has_one :content, :class_name => 'WikiContent', :foreign_key => 'page_id', :dependent => :destroy
-              has_many :attachments, :as => :container, :dependent => :destroy
+              acts_as_attachable :delete_permission => :delete_wiki_pages_attachments
               acts_as_tree :order => 'title'
               acts_as_event :title => Proc.new {|o| "#{l(:label_wiki)}: #{o.title}"},
               def editable_by?(usr)
                 !protected? || usr.allowed_to?(:protect_wiki_pages, wiki.project)
               end
+              def attachments_deletable?(usr=User.current)
+                editable_by?(usr) && super(usr)
+              end
               def parent_title
                 @parent_title || (self.parent && self.parent.pretty_title)

app/views/attachments/_links.rhtml +3 -3

             <p><%= link_to_attachment attachment, :class => 'icon icon-attachment' -%>
             <%= h(" - #{attachment.description}") unless attachment.description.blank? %>
               <span class="size">(<%= number_to_human_size attachment.filesize %>)</span>
-              <% if options[:delete_url] %>
+              <% if options[:deletable] %>
-                <%= link_to image_tag('delete.png'), options[:delete_url].update({:attachment_id => attachment}),
+                <%= link_to image_tag('delete.png'), {:controller => 'attachments', :action => 'destroy', :id => attachment},
                                                      :confirm => l(:text_are_you_sure),
                                                      :method => :post,
                                                      :class => 'delete',
                                                      :title => l(:button_delete) %>
               <% end %>
-              <% unless options[:no_author] %>
+              <% if options[:author] %>
                 <span class="author"><%= attachment.author %>, <%= format_time(attachment.created_on) %></span>
               <% end %>
               </p>

app/views/documents/show.rhtml +1 -1

             </div>
             <h3><%= l(:label_attachment_plural) %></h3>
-            <%= link_to_attachments @attachments, :delete_url => (authorize_for('documents', 'destroy_attachment') ? {:controller => 'documents', :action => 'destroy_attachment', :id => @document} : nil) %>
+            <%= link_to_attachments @document %>
             <% if authorize_for('documents', 'add_attachment') %>
             <p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",

app/views/issues/show.rhtml +1 -3

             <%= textilizable @issue, :description, :attachments => @issue.attachments %>
             </div>
-            <% if @issue.attachments.any? %>
+            <%= link_to_attachments @issue %>
-            <%= link_to_attachments @issue.attachments, :delete_url => (authorize_for('issues', 'destroy_attachment') ? {:controller => 'issues', :action => 'destroy_attachment', :id => @issue} : nil) %>
-            <% end %>
             <% if authorize_for('issue_relations', 'new') || @issue.relations.any? %>
             <hr />

app/views/messages/show.rhtml +2 -2

             <div class="wiki">
             <%= textilizable(@topic.content, :attachments => @topic.attachments) %>
             </div>
-            <%= link_to_attachments @topic.attachments, :no_author => true %>
+            <%= link_to_attachments @topic, :author => false %>
             </div>
             <br />
               <div class="message reply">
               <h4><%=h message.subject %> - <%= authoring message.created_on, message.author %></h4>
               <div class="wiki"><%= textilizable message, :content, :attachments => message.attachments %></div>
-              <%= link_to_attachments message.attachments, :no_author => true %>
+              <%= link_to_attachments message, :author => false %>
               </div>
             <% end %>
             <% end %>

app/views/projects/list_files.rhtml +3 -2

             <h2><%=l(:label_attachment_plural)%></h2>
-            <% delete_allowed = authorize_for('versions', 'destroy_file') %>
+            <% delete_allowed = User.current.allowed_to?(:manage_files, @project) %>
             <table class="list">
               <thead><tr>
                 <td align="center"><small><%= file.digest %></small></td>
                 <% if delete_allowed %>
                 <td align="center">
-                    <%= link_to_if_authorized image_tag('delete.png'), {:controller => 'versions', :action => 'destroy_file', :id => version, :attachment_id => file}, :confirm => l(:text_are_you_sure), :method => :post %>
+                    <%= link_to image_tag('delete.png'), {:controller => 'attachments', :action => 'destroy', :id => file},
+            																						 :confirm => l(:text_are_you_sure), :method => :post %>
                 </td>
                 <% end %>
               </tr>

app/views/wiki/show.rhtml +1 -1

             <%= render(:partial => "wiki/content", :locals => {:content => @content}) %>
-            <%= link_to_attachments @page.attachments, :delete_url => ((@editable && authorize_for('wiki', 'destroy_attachment')) ? {:controller => 'wiki', :action => 'destroy_attachment', :page => @page.title} : nil) %>
+            <%= link_to_attachments @page %>
             <% if @editable && authorize_for('wiki', 'add_attachment') %>
             <p><%= link_to l(:label_attachment_new), {}, :onclick => "Element.show('add_attachment_form'); Element.hide(this); Element.scrollTo('add_attachment_form'); return false;",

lib/redmine.rb +4 -4

                                               :queries => :index,
                                               :reports => :issue_report}, :public => true
                 map.permission :add_issues, {:issues => :new}
-                map.permission :edit_issues, {:issues => [:edit, :reply, :bulk_edit, :destroy_attachment]}
+                map.permission :edit_issues, {:issues => [:edit, :reply, :bulk_edit]}
                 map.permission :manage_issue_relations, {:issue_relations => [:new, :destroy]}
                 map.permission :add_issue_notes, {:issues => [:edit, :reply]}
                 map.permission :edit_issue_notes, {:journals => :edit}, :require => :loggedin
               end
               map.project_module :documents do |map|
-                map.permission :manage_documents, {:documents => [:new, :edit, :destroy, :add_attachment, :destroy_attachment]}, :require => :loggedin
+                map.permission :manage_documents, {:documents => [:new, :edit, :destroy, :add_attachment]}, :require => :loggedin
                 map.permission :view_documents, :documents => [:index, :show, :download]
               end
               map.project_module :files do |map|
-                map.permission :manage_files, {:projects => :add_file, :versions => :destroy_file}, :require => :loggedin
+                map.permission :manage_files, {:projects => :add_file}, :require => :loggedin
                 map.permission :view_files, :projects => :list_files, :versions => :download
               end
                 map.permission :view_wiki_pages, :wiki => [:index, :special]
                 map.permission :view_wiki_edits, :wiki => [:history, :diff, :annotate]
                 map.permission :edit_wiki_pages, :wiki => [:edit, :preview, :add_attachment]
-                map.permission :delete_wiki_pages_attachments, :wiki => :destroy_attachment
+                map.permission :delete_wiki_pages_attachments, {}
                 map.permission :protect_wiki_pages, {:wiki => :protect}, :require => :member
               end

test/functional/attachments_controller_test.rb +29 0

@@ -76,4 +76,33 class AttachmentsControllerTest < Test::Unit::TestCase
76	get :download, :id => 7	76	get :download, :id => 7
77	assert_redirected_to 'account/login'	77	assert_redirected_to 'account/login'
78	end	78	end
		79
		80	def test_destroy_issue_attachment
		81	issue = Issue.find(3)
		82	@request.session[:user_id] = 2
		83
		84	assert_difference 'issue.attachments.count', -1 do
		85	post :destroy, :id => 1
		86	end
		87	# no referrer
		88	assert_redirected_to 'projects/show/ecookbook'
		89	assert_nil Attachment.find_by_id(1)
		90	j = issue.journals.find(:first, :order => 'created_on DESC')
		91	assert_equal 'attachment', j.details.first.property
		92	assert_equal '1', j.details.first.prop_key
		93	assert_equal 'error281.txt', j.details.first.old_value
		94	end
		95
		96	def test_destroy_wiki_page_attachment
		97	@request.session[:user_id] = 2
		98	assert_difference 'Attachment.count', -1 do
		99	post :destroy, :id => 3
		100	end
		101	end
		102
		103	def test_destroy_without_permission
		104	post :destroy, :id => 3
		105	assert_redirected_to '/login'
		106	assert Attachment.find_by_id(3)
		107	end
79	end	108	end

test/functional/issues_controller_test.rb 0 -13

@@ -713,17 +713,4 class IssuesControllerTest < Test::Unit::TestCase
713	assert_equal 2, TimeEntry.find(1).issue_id	713	assert_equal 2, TimeEntry.find(1).issue_id
714	assert_equal 2, TimeEntry.find(2).issue_id	714	assert_equal 2, TimeEntry.find(2).issue_id
715	end	715	end
716
717	def test_destroy_attachment
718	issue = Issue.find(3)
719	a = issue.attachments.size
720	@request.session[:user_id] = 2
721	post :destroy_attachment, :id => 3, :attachment_id => 1
722	assert_redirected_to 'issues/show/3'
723	assert_nil Attachment.find_by_id(1)
724	issue.reload
725	assert_equal((a-1), issue.attachments.size)
726	j = issue.journals.find(:first, :order => 'created_on DESC')
727	assert_equal 'attachment', j.details.first.property
728	end
729	end	716	end

test/functional/wiki_controller_test.rb 0 -7

@@ -251,11 +251,4 class WikiControllerTest < Test::Unit::TestCase
251	assert_response :success	251	assert_response :success
252	assert_template 'edit'	252	assert_template 'edit'
253	end	253	end
254
255	def test_destroy_attachment
256	@request.session[:user_id] = 2
257	assert_difference 'Attachment.count', -1 do
258	post :destroy_attachment, :id => 1, :page => 'Page_with_an_inline_image', :attachment_id => 3
259	end
260	end
261	end	254	end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages