jro_apps/redmine Commit - r1668:8a7bfc72b20a

Move VersionsController#download to AttachmentsController....

Jean-Philippe Lang -

r1668:8a7bfc72b20a

parent child

Context file:

r1668:8a7bfc72b20a

app/controllers/attachments_controller.rb +8 -4

              class AttachmentsController < ApplicationController
                layout 'base'
-               before_filter :find_project, :check_project_privacy
+               before_filter :find_project
                def show
                  if @attachment.is_diff?
                end
                def download
+                 @attachment.increment_download if @attachment.container.is_a?(Version)
                  # images are sent inline
                  send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
                                                  :type => @attachment.content_type,
              private
                def find_project
                  @attachment = Attachment.find(params[:id])
-                 #render_404 and return false unless File.readable?(@attachment.diskfile)
                  @project = @attachment.project
-               #rescue
-               #  render_404
+                 permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym
+                 allowed = User.current.allowed_to?(permission, @project)
+                 allowed ? true : (User.current.logged? ? render_403 : require_login)
+               rescue ActiveRecord::RecordNotFound
+                 render_404
                end
              end

app/controllers/documents_controller.rb 0 -9

                  @document.destroy
                  redirect_to :controller => 'documents', :action => 'index', :project_id => @project
                end
-               def download
-                 @attachment = @document.attachments.find(params[:attachment_id])
-                 @attachment.increment_download
-                 send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                                 :type => @attachment.content_type
-               rescue
-                 render_404
-               end
                def add_attachment
                  attachments = attach_files(@document, params[:attachments])

app/controllers/versions_controller.rb 0 -9

                  flash[:error] = "Unable to delete version"
                  redirect_to :controller => 'projects', :action => 'settings', :tab => 'versions', :id => @project
                end
-               def download
-                 @attachment = @version.attachments.find(params[:attachment_id])
-                 @attachment.increment_download
-                 send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
-                                                 :type => @attachment.content_type
-               rescue
-                 render_404
-               end
                def destroy_file
                  @version.attachments.find(params[:attachment_id]).destroy

app/views/projects/list_files.rhtml +2 -2

                <% for file in version.attachments %>
                <tr class="<%= cycle("odd", "even") %>">
                  <td></td>
-                 <td><%= link_to(file.filename, {:controller => 'versions', :action => 'download', :id => version, :attachment_id => file},
-                                                :title => file.description) %></td>
+                 <td><%= link_to(h(file.filename), {:controller => 'attachments', :action => 'download', :id => file},
+                                                   :title => file.description) %></td>
                  <td align="center"><%= format_time(file.created_on) %></td>
                  <td align="center"><%= number_to_human_size(file.filesize) %></td>
                  <td align="center"><%= file.downloads %></td>

test/fixtures/attachments.yml +13 0

		@@ -73,3 +73,16 attachments_006:
73	73	filename: archive.zip
74	74	author_id: 2
75	75	content_type: application/octet-stream
	76	attachments_007:
	77	created_on: 2006-07-19 21:07:27 +02:00
	78	container_type: Issue
	79	container_id: 4
	80	downloads: 0
	81	disk_filename: 060719210727_archive.zip
	82	digest: b91e08d0cf966d5c6ff411bd8c4cc3a2
	83	id: 7
	84	filesize: 157
	85	filename: archive.zip
	86	author_id: 1
	87	content_type: application/octet-stream
	88	No newline at end of file

test/functional/attachments_controller_test.rb +5 0

                  assert_response :success
                  assert_equal 'application/x-ruby', @response.content_type
                end
+               def test_anonymous_on_private_private
+                 get :download, :id => 7
+                 assert_redirected_to 'account/login'
+               end
              end

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages