jro_apps/redmine Commit - r15539:f94711ea8c99

Option to specify allowed extensions for a file custom field (#6719)....

Jean-Philippe Lang -

r15539:f94711ea8c99

parent child

Context file:

r15539:f94711ea8c99

Collapse all files

app/models/attachment.rb +21 -6

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require "digest/md5"
             require "fileutils"
             class Attachment < ActiveRecord::Base
               include Redmine::SafeAttributes
               belongs_to :container, :polymorphic => true
               belongs_to :author, :class_name => "User"
               validates_presence_of :filename, :author
               validates_length_of :filename, :maximum => 255
               validates_length_of :disk_filename, :maximum => 255
               validates_length_of :description, :maximum => 255
               validate :validate_max_file_size, :validate_file_extension
               attr_protected :id
               acts_as_event :title => :filename,
                             :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id, :filename => o.filename}}
               acts_as_activity_provider :type => 'files',
                                         :permission => :view_files,
                                         :author_key => :author_id,
                                         :scope => select("#{Attachment.table_name}.*").
                                                   joins("LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " +
                                                         "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )")
               acts_as_activity_provider :type => 'documents',
                                         :permission => :view_documents,
                                         :author_key => :author_id,
                                         :scope => select("#{Attachment.table_name}.*").
                                                   joins("LEFT JOIN #{Document.table_name} ON #{Attachment.table_name}.container_type='Document' AND #{Document.table_name}.id = #{Attachment.table_name}.container_id " +
                                                         "LEFT JOIN #{Project.table_name} ON #{Document.table_name}.project_id = #{Project.table_name}.id")
               cattr_accessor :storage_path
               @@storage_path = Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")
               cattr_accessor :thumbnails_storage_path
               @@thumbnails_storage_path = File.join(Rails.root, "tmp", "thumbnails")
               before_create :files_to_final_location
               after_rollback :delete_from_disk, :on => :create
               after_commit :delete_from_disk, :on => :destroy
               safe_attributes 'filename', 'content_type', 'description'
               # Returns an unsaved copy of the attachment
               def copy(attributes=nil)
                 copy = self.class.new
                 copy.attributes = self.attributes.dup.except("id", "downloads")
                 copy.attributes = attributes if attributes
                 copy
               end
               def validate_max_file_size
                 if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
                   errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
                 end
               end
               def validate_file_extension
                 if @temp_file
                   extension = File.extname(filename)
                   unless self.class.valid_extension?(extension)
                     errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
                   end
                 end
               end
               def file=(incoming_file)
                 unless incoming_file.nil?
                   @temp_file = incoming_file
                   if @temp_file.size > 0
                     if @temp_file.respond_to?(:original_filename)
                       self.filename = @temp_file.original_filename
                       self.filename.force_encoding("UTF-8")
                     end
                     if @temp_file.respond_to?(:content_type)
                       self.content_type = @temp_file.content_type.to_s.chomp
                     end
                     self.filesize = @temp_file.size
                   end
                 end
               end
               def file
                 nil
               end
               def filename=(arg)
                 write_attribute :filename, sanitize_filename(arg.to_s)
                 filename
               end
               # Copies the temporary file to its final location
               # and computes its MD5 hash
               def files_to_final_location
                 if @temp_file && (@temp_file.size > 0)
                   self.disk_directory = target_directory
                   self.disk_filename = Attachment.disk_filename(filename, disk_directory)
                   logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)") if logger
                   path = File.dirname(diskfile)
                   unless File.directory?(path)
                     FileUtils.mkdir_p(path)
                   end
                   md5 = Digest::MD5.new
                   File.open(diskfile, "wb") do |f|
                     if @temp_file.respond_to?(:read)
                       buffer = ""
                       while (buffer = @temp_file.read(8192))
                         f.write(buffer)
                         md5.update(buffer)
                       end
                     else
                       f.write(@temp_file)
                       md5.update(@temp_file)
                     end
                   end
                   self.digest = md5.hexdigest
                 end
                 @temp_file = nil
                 if content_type.blank? && filename.present?
                   self.content_type = Redmine::MimeType.of(filename)
                 end
                 # Don't save the content type if it's longer than the authorized length
                 if self.content_type && self.content_type.length > 255
                   self.content_type = nil
                 end
               end
               # Deletes the file from the file system if it's not referenced by other attachments
               def delete_from_disk
                 if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
                   delete_from_disk!
                 end
               end
               # Returns file's location on disk
               def diskfile
                 File.join(self.class.storage_path, disk_directory.to_s, disk_filename.to_s)
               end
               def title
                 title = filename.to_s
                 if description.present?
                   title << " (#{description})"
                 end
                 title
               end
               def increment_download
                 increment!(:downloads)
               end
               def project
                 container.try(:project)
               end
               def visible?(user=User.current)
                 if container_id
                   container && container.attachments_visible?(user)
                 else
                   author == user
                 end
               end
               def editable?(user=User.current)
                 if container_id
                   container && container.attachments_editable?(user)
                 else
                   author == user
                 end
               end
               def deletable?(user=User.current)
                 if container_id
                   container && container.attachments_deletable?(user)
                 else
                   author == user
                 end
               end
               def image?
                 !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png)$/i)
               end
               def thumbnailable?
                 image?
               end
               # Returns the full path the attachment thumbnail, or nil
               # if the thumbnail cannot be generated.
               def thumbnail(options={})
                 if thumbnailable? && readable?
                   size = options[:size].to_i
                   if size > 0
                     # Limit the number of thumbnails per image
                     size = (size / 50) * 50
                     # Maximum thumbnail size
                     size = 800 if size > 800
                   else
                     size = Setting.thumbnails_size.to_i
                   end
                   size = 100 unless size > 0
                   target = File.join(self.class.thumbnails_storage_path, "#{id}_#{digest}_#{size}.thumb")
                   begin
                     Redmine::Thumbnail.generate(self.diskfile, target, size)
                   rescue => e
                     logger.error "An error occured while generating thumbnail for #{disk_filename} to #{target}\nException was: #{e.message}" if logger
                     return nil
                   end
                 end
               end
               # Deletes all thumbnails
               def self.clear_thumbnails
                 Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
                   File.delete file
                 end
               end
               def is_text?
                 Redmine::MimeType.is_type?('text', filename)
               end
               def is_image?
                 Redmine::MimeType.is_type?('image', filename)
               end
               def is_diff?
                 self.filename =~ /\.(patch|diff)$/i
               end
               def is_pdf?
                 Redmine::MimeType.of(filename) == "application/pdf"
               end
               # Returns true if the file is readable
               def readable?
                 File.readable?(diskfile)
               end
               # Returns the attachment token
               def token
                 "#{id}.#{digest}"
               end
               # Finds an attachment that matches the given token and that has no container
               def self.find_by_token(token)
                 if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
                   attachment_id, attachment_digest = $1, $2
                   attachment = Attachment.where(:id => attachment_id, :digest => attachment_digest).first
                   if attachment && attachment.container.nil?
                     attachment
                   end
                 end
               end
               # Bulk attaches a set of files to an object
               #
               # Returns a Hash of the results:
               # :files => array of the attached files
               # :unsaved => array of the files that could not be attached
               def self.attach_files(obj, attachments)
                 result = obj.save_attachments(attachments, User.current)
                 obj.attach_saved_attachments
                 result
               end
               # Updates the filename and description of a set of attachments
               # with the given hash of attributes. Returns true if all
               # attachments were updated.
               #
               # Example:
               #   Attachment.update_attachments(attachments, {
               #     4 => {:filename => 'foo'},
               #     7 => {:filename => 'bar', :description => 'file description'}
               #   })
               #
               def self.update_attachments(attachments, params)
                 params = params.transform_keys {|key| key.to_i}
                 saved = true
                 transaction do
                   attachments.each do |attachment|
                     if p = params[attachment.id]
                       attachment.filename = p[:filename] if p.key?(:filename)
                       attachment.description = p[:description] if p.key?(:description)
                       saved &&= attachment.save
                     end
                   end
                   unless saved
                     raise ActiveRecord::Rollback
                   end
                 end
                 saved
               end
               def self.latest_attach(attachments, filename)
                 attachments.sort_by(&:created_on).reverse.detect do |att|
                   filename.casecmp(att.filename) == 0
                 end
               end
               def self.prune(age=1.day)
                 Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
               end
               # Moves an existing attachment to its target directory
               def move_to_target_directory!
                 return unless !new_record? & readable?
                 src = diskfile
                 self.disk_directory = target_directory
                 dest = diskfile
                 return if src == dest
                 if !FileUtils.mkdir_p(File.dirname(dest))
                   logger.error "Could not create directory #{File.dirname(dest)}" if logger
                   return
                 end
                 if !FileUtils.mv(src, dest)
                   logger.error "Could not move attachment from #{src} to #{dest}" if logger
                   return
                 end
                 update_column :disk_directory, disk_directory
               end
               # Moves existing attachments that are stored at the root of the files
               # directory (ie. created before Redmine 2.3) to their target subdirectories
               def self.move_from_root_to_target_directory
                 Attachment.where("disk_directory IS NULL OR disk_directory = ''").find_each do |attachment|
                   attachment.move_to_target_directory!
                 end
               end
-              # Returns true if the extension is allowed, otherwise false
+              # Returns true if the extension is allowed regarding allowed/denied
+              # extensions defined in application settings, otherwise false
               def self.valid_extension?(extension)
-                extension = extension.downcase.sub(/\A\.+/, '')
                 denied, allowed = [:attachment_extensions_denied, :attachment_extensions_allowed].map do |setting|
-                  Setting.send(setting).to_s.split(",").map {|s| s.strip.downcase.sub(/\A\.+/, '')}.reject(&:blank?)
+                  Setting.send(setting)
                 end
-                if denied.present? && denied.include?(extension)
+                if denied.present? && extension_in?(extension, denied)
                   return false
                 end
-                unless allowed.blank? || allowed.include?(extension)
+                if allowed.present? && !extension_in?(extension, allowed)
                   return false
                 end
                 true
               end
+              # Returns true if extension belongs to extensions list.
+              def self.extension_in?(extension, extensions)
+                extension = extension.downcase.sub(/\A\.+/, '')
+                unless extensions.is_a?(Array)
+                  extensions = extensions.to_s.split(",").map(&:strip)
+                end
+                extensions = extensions.map {|s| s.downcase.sub(/\A\.+/, '')}.reject(&:blank?)
+                extensions.include?(extension)
+              end
+              # Returns true if attachment's extension belongs to extensions list.
+              def extension_in?(extensions)
+                self.class.extension_in?(File.extname(filename), extensions)
+              end
               private
               # Physically deletes the file from the file system
               def delete_from_disk!
                 if disk_filename.present? && File.exist?(diskfile)
                   File.delete(diskfile)
                 end
               end
               def sanitize_filename(value)
                 # get only the filename, not the whole path
                 just_filename = value.gsub(/\A.*(\\|\/)/m, '')
                 # Finally, replace invalid characters with underscore
                 just_filename.gsub(/[\/\?\%\*\:\|\"\'<>\n\r]+/, '_')
               end
               # Returns the subdirectory in which the attachment will be saved
               def target_directory
                 time = created_on || DateTime.now
                 time.strftime("%Y/%m")
               end
               # Returns an ASCII or hashed filename that do not
               # exists yet in the given subdirectory
               def self.disk_filename(filename, directory=nil)
                 timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
                 ascii = ''
                 if filename =~ %r{^[a-zA-Z0-9_\.\-]*$}
                   ascii = filename
                 else
                   ascii = Digest::MD5.hexdigest(filename)
                   # keep the extension if any
                   ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
                 end
                 while File.exist?(File.join(storage_path, directory.to_s, "#{timestamp}_#{ascii}"))
                   timestamp.succ!
                 end
                 "#{timestamp}_#{ascii}"
               end
             end

app/models/custom_field.rb +2 -1

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             class CustomField < ActiveRecord::Base
               include Redmine::SafeAttributes
               include Redmine::SubclassFactory
               has_many :enumerations,
                        lambda { order(:position) },
                        :class_name => 'CustomFieldEnumeration',
                        :dependent => :delete_all
               has_many :custom_values, :dependent => :delete_all
               has_and_belongs_to_many :roles, :join_table => "#{table_name_prefix}custom_fields_roles#{table_name_suffix}", :foreign_key => "custom_field_id"
               acts_as_positioned
               serialize :possible_values
               store :format_store
               validates_presence_of :name, :field_format
               validates_uniqueness_of :name, :scope => :type
               validates_length_of :name, :maximum => 30
               validates_inclusion_of :field_format, :in => Proc.new { Redmine::FieldFormat.available_formats }
               validate :validate_custom_field
               attr_protected :id
               before_validation :set_searchable
               before_save do |field|
                 field.format.before_custom_field_save(field)
               end
               after_save :handle_multiplicity_change
               after_save do |field|
                 if field.visible_changed? && field.visible
                   field.roles.clear
                 end
               end
               scope :sorted, lambda { order(:position) }
               scope :visible, lambda {|*args|
                 user = args.shift || User.current
                 if user.admin?
                   # nop
                 elsif user.memberships.any?
                   where("#{table_name}.visible = ? OR #{table_name}.id IN (SELECT DISTINCT cfr.custom_field_id FROM #{Member.table_name} m" +
                     " INNER JOIN #{MemberRole.table_name} mr ON mr.member_id = m.id" +
                     " INNER JOIN #{table_name_prefix}custom_fields_roles#{table_name_suffix} cfr ON cfr.role_id = mr.role_id" +
                     " WHERE m.user_id = ?)",
                     true, user.id)
                 else
                   where(:visible => true)
                 end
               }
               def visible_by?(project, user=User.current)
                 visible? || user.admin?
               end
               safe_attributes 'name',
                 'field_format',
                 'possible_values',
                 'regexp',
                 'min_lnegth',
                 'max_length',
                 'is_required',
                 'is_for_all',
                 'is_filter',
                 'position',
                 'searchable',
                 'default_value',
                 'editable',
                 'visible',
                 'multiple',
                 'description',
                 'role_ids',
                 'url_pattern',
                 'text_formatting',
                 'edit_tag_style',
                 'user_role',
-                'version_status'
+                'version_status',
+                'extensions_allowed'
               def format
                 @format ||= Redmine::FieldFormat.find(field_format)
               end
               def field_format=(arg)
                 # cannot change format of a saved custom field
                 if new_record?
                   @format = nil
                   super
                 end
               end
               def set_searchable
                 # make sure these fields are not searchable
                 self.searchable = false unless format.class.searchable_supported
                 # make sure only these fields can have multiple values
                 self.multiple = false unless format.class.multiple_supported
                 true
               end
               def validate_custom_field
                 format.validate_custom_field(self).each do |attribute, message|
                   errors.add attribute, message
                 end
                 if regexp.present?
                   begin
                     Regexp.new(regexp)
                   rescue
                     errors.add(:regexp, :invalid)
                   end
                 end
                 if default_value.present?
                   validate_field_value(default_value).each do |message|
                     errors.add :default_value, message
                   end
                 end
               end
               def possible_custom_value_options(custom_value)
                 format.possible_custom_value_options(custom_value)
               end
               def possible_values_options(object=nil)
                 if object.is_a?(Array)
                   object.map {|o| format.possible_values_options(self, o)}.reduce(:&) || []
                 else
                   format.possible_values_options(self, object) || []
                 end
               end
               def possible_values
                 values = read_attribute(:possible_values)
                 if values.is_a?(Array)
                   values.each do |value|
                     value.to_s.force_encoding('UTF-8')
                   end
                   values
                 else
                   []
                 end
               end
               # Makes possible_values accept a multiline string
               def possible_values=(arg)
                 if arg.is_a?(Array)
                   values = arg.compact.map {|a| a.to_s.strip}.reject(&:blank?)
                   write_attribute(:possible_values, values)
                 else
                   self.possible_values = arg.to_s.split(/[\n\r]+/)
                 end
               end
               def set_custom_field_value(custom_field_value, value)
                 format.set_custom_field_value(self, custom_field_value, value)
               end
               def cast_value(value)
                 format.cast_value(self, value)
               end
               def value_from_keyword(keyword, customized)
                 format.value_from_keyword(self, keyword, customized)
               end
               # Returns the options hash used to build a query filter for the field
               def query_filter_options(query)
                 format.query_filter_options(self, query)
               end
               def totalable?
                 format.totalable_supported
               end
               # Returns a ORDER BY clause that can used to sort customized
               # objects by their value of the custom field.
               # Returns nil if the custom field can not be used for sorting.
               def order_statement
                 return nil if multiple?
                 format.order_statement(self)
               end
               # Returns a GROUP BY clause that can used to group by custom value
               # Returns nil if the custom field can not be used for grouping.
               def group_statement
                 return nil if multiple?
                 format.group_statement(self)
               end
               def join_for_order_statement
                 format.join_for_order_statement(self)
               end
               def visibility_by_project_condition(project_key=nil, user=User.current, id_column=nil)
                 if visible? || user.admin?
                   "1=1"
                 elsif user.anonymous?
                   "1=0"
                 else
                   project_key ||= "#{self.class.customized_class.table_name}.project_id"
                   id_column ||= id
                   "#{project_key} IN (SELECT DISTINCT m.project_id FROM #{Member.table_name} m" +
                     " INNER JOIN #{MemberRole.table_name} mr ON mr.member_id = m.id" +
                     " INNER JOIN #{table_name_prefix}custom_fields_roles#{table_name_suffix} cfr ON cfr.role_id = mr.role_id" +
                     " WHERE m.user_id = #{user.id} AND cfr.custom_field_id = #{id_column})"
                 end
               end
               def self.visibility_condition
                 if user.admin?
                   "1=1"
                 elsif user.anonymous?
                   "#{table_name}.visible"
                 else
                   "#{project_key} IN (SELECT DISTINCT m.project_id FROM #{Member.table_name} m" +
                     " INNER JOIN #{MemberRole.table_name} mr ON mr.member_id = m.id" +
                     " INNER JOIN #{table_name_prefix}custom_fields_roles#{table_name_suffix} cfr ON cfr.role_id = mr.role_id" +
                     " WHERE m.user_id = #{user.id} AND cfr.custom_field_id = #{id})"
                 end
               end
               def <=>(field)
                 position <=> field.position
               end
               # Returns the class that values represent
               def value_class
                 format.target_class if format.respond_to?(:target_class)
               end
               def self.customized_class
                 self.name =~ /^(.+)CustomField$/
                 $1.constantize rescue nil
               end
               # to move in project_custom_field
               def self.for_all
                 where(:is_for_all => true).order('position').to_a
               end
               def type_name
                 nil
               end
               # Returns the error messages for the given value
               # or an empty array if value is a valid value for the custom field
               def validate_custom_value(custom_value)
                 value = custom_value.value
                 errs = format.validate_custom_value(custom_value)
                 unless errs.any?
                   if value.is_a?(Array)
                     if !multiple?
                       errs << ::I18n.t('activerecord.errors.messages.invalid')
                     end
                     if is_required? && value.detect(&:present?).nil?
                       errs << ::I18n.t('activerecord.errors.messages.blank')
                     end
                   else
                     if is_required? && value.blank?
                       errs << ::I18n.t('activerecord.errors.messages.blank')
                     end
                   end
                 end
                 errs
               end
               # Returns the error messages for the default custom field value
               def validate_field_value(value)
                 validate_custom_value(CustomFieldValue.new(:custom_field => self, :value => value))
               end
               # Returns true if value is a valid value for the custom field
               def valid_field_value?(value)
                 validate_field_value(value).empty?
               end
               def after_save_custom_value(custom_value)
                 format.after_save_custom_value(self, custom_value)
               end
               def format_in?(*args)
                 args.include?(field_format)
               end
               def self.human_attribute_name(attribute_key_name, *args)
                 attr_name = attribute_key_name.to_s
                 if attr_name == 'url_pattern'
                   attr_name = "url"
                 end
                 super(attr_name, *args)
               end
               protected
               # Removes multiple values for the custom field after setting the multiple attribute to false
               # We kepp the value with the highest id for each customized object
               def handle_multiplicity_change
                 if !new_record? && multiple_was && !multiple
                   ids = custom_values.
                     where("EXISTS(SELECT 1 FROM #{CustomValue.table_name} cve WHERE cve.custom_field_id = #{CustomValue.table_name}.custom_field_id" +
                       " AND cve.customized_type = #{CustomValue.table_name}.customized_type AND cve.customized_id = #{CustomValue.table_name}.customized_id" +
                       " AND cve.id > #{CustomValue.table_name}.id)").
                     pluck(:id)
                   if ids.any?
                     custom_values.where(:id => ids).delete_all
                   end
                 end
               end
             end
             require_dependency 'redmine/field_format'

app/views/custom_fields/formats/_attachment.html.erb +4 0

@@ -0,0 +1,4
	1	<p>
	2	<%= f.text_field :extensions_allowed, :size => 50, :label => :setting_attachment_extensions_allowed %>
	3	<em class="info"><%= l(:text_comma_separated) %> <%= l(:label_example) %>: txt, png</em>
	4	</p>

lib/redmine/field_format.rb +13 -2

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require 'uri'
             module Redmine
               module FieldFormat
                 def self.add(name, klass)
                   all[name.to_s] = klass.instance
                 end
                 def self.delete(name)
                   all.delete(name.to_s)
                 end
                 def self.all
                   @formats ||= Hash.new(Base.instance)
                 end
                 def self.available_formats
                   all.keys
                 end
                 def self.find(name)
                   all[name.to_s]
                 end
                 # Return an array of custom field formats which can be used in select_tag
                 def self.as_select(class_name=nil)
                   formats = all.values.select do |format|
                     format.class.customized_class_names.nil? || format.class.customized_class_names.include?(class_name)
                   end
                   formats.map {|format| [::I18n.t(format.label), format.name] }.sort_by(&:first)
                 end
                 # Returns an array of formats that can be used for a custom field class
                 def self.formats_for_custom_field_class(klass=nil)
                   all.values.select do |format|
                     format.class.customized_class_names.nil? || format.class.customized_class_names.include?(klass.name)
                   end
                 end
                 class Base
                   include Singleton
                   include Redmine::I18n
                   include Redmine::Helpers::URL
                   include ERB::Util
                   class_attribute :format_name
                   self.format_name = nil
                   # Set this to true if the format supports multiple values
                   class_attribute :multiple_supported
                   self.multiple_supported = false
                   # Set this to true if the format supports filtering on custom values
                   class_attribute :is_filter_supported
                   self.is_filter_supported = true
                   # Set this to true if the format supports textual search on custom values
                   class_attribute :searchable_supported
                   self.searchable_supported = false
                   # Set this to true if field values can be summed up
                   class_attribute :totalable_supported
                   self.totalable_supported = false
                   # Restricts the classes that the custom field can be added to
                   # Set to nil for no restrictions
                   class_attribute :customized_class_names
                   self.customized_class_names = nil
                   # Name of the partial for editing the custom field
                   class_attribute :form_partial
                   self.form_partial = nil
                   class_attribute :change_as_diff
                   self.change_as_diff = false
                   class_attribute :change_no_details
                   self.change_no_details = false
                   def self.add(name)
                     self.format_name = name
                     Redmine::FieldFormat.add(name, self)
                   end
                   private_class_method :add
                   def self.field_attributes(*args)
                     CustomField.store_accessor :format_store, *args
                   end
                   field_attributes :url_pattern
                   def name
                     self.class.format_name
                   end
                   def label
                     "label_#{name}"
                   end
                   def set_custom_field_value(custom_field, custom_field_value, value)
                     if value.is_a?(Array)
                       value = value.map(&:to_s).reject{|v| v==''}.uniq
                       if value.empty?
                         value << ''
                       end
                     else
                       value = value.to_s
                     end
                     value
                   end
                   def cast_custom_value(custom_value)
                     cast_value(custom_value.custom_field, custom_value.value, custom_value.customized)
                   end
                   def cast_value(custom_field, value, customized=nil)
                     if value.blank?
                       nil
                     elsif value.is_a?(Array)
                       casted = value.map do |v|
                         cast_single_value(custom_field, v, customized)
                       end
                       casted.compact.sort
                     else
                       cast_single_value(custom_field, value, customized)
                     end
                   end
                   def cast_single_value(custom_field, value, customized=nil)
                     value.to_s
                   end
                   def target_class
                     nil
                   end
                   def possible_custom_value_options(custom_value)
                     possible_values_options(custom_value.custom_field, custom_value.customized)
                   end
                   def possible_values_options(custom_field, object=nil)
                     []
                   end
                   def value_from_keyword(custom_field, keyword, object)
                     possible_values_options = possible_values_options(custom_field, object)
                     if possible_values_options.present?
                       keyword = keyword.to_s
                       if v = possible_values_options.detect {|text, id| keyword.casecmp(text)  == 0}
                         if v.is_a?(Array)
                           v.last
                         else
                           v
                         end
                       end
                     else
                       keyword
                     end
                   end
                   # Returns the validation errors for custom_field
                   # Should return an empty array if custom_field is valid
                   def validate_custom_field(custom_field)
                     errors = []
                     pattern = custom_field.url_pattern
                     if pattern.present? && !uri_with_safe_scheme?(url_pattern_without_tokens(pattern))
                       errors << [:url_pattern, :invalid]
                     end
                     errors
                   end
                   # Returns the validation error messages for custom_value
                   # Should return an empty array if custom_value is valid
                   # custom_value is a CustomFieldValue.
                   def validate_custom_value(custom_value)
                     values = Array.wrap(custom_value.value).reject {|value| value.to_s == ''}
                     errors = values.map do |value|
                       validate_single_value(custom_value.custom_field, value, custom_value.customized)
                     end
                     errors.flatten.uniq
                   end
                   def validate_single_value(custom_field, value, customized=nil)
                     []
                   end
                   # CustomValue after_save callback
                   def after_save_custom_value(custom_field, custom_value)
                   end
                   def formatted_custom_value(view, custom_value, html=false)
                     formatted_value(view, custom_value.custom_field, custom_value.value, custom_value.customized, html)
                   end
                   def formatted_value(view, custom_field, value, customized=nil, html=false)
                     casted = cast_value(custom_field, value, customized)
                     if html && custom_field.url_pattern.present?
                       texts_and_urls = Array.wrap(casted).map do |single_value|
                         text = view.format_object(single_value, false).to_s
                         url = url_from_pattern(custom_field, single_value, customized)
                         [text, url]
                       end
                       links = texts_and_urls.sort_by(&:first).map {|text, url| view.link_to_if uri_with_safe_scheme?(url), text, url}
                       links.join(', ').html_safe
                     else
                       casted
                     end
                   end
                   # Returns an URL generated with the custom field URL pattern
                   # and variables substitution:
                   # %value% => the custom field value
                   # %id% => id of the customized object
                   # %project_id% => id of the project of the customized object if defined
                   # %project_identifier% => identifier of the project of the customized object if defined
                   # %m1%, %m2%... => capture groups matches of the custom field regexp if defined
                   def url_from_pattern(custom_field, value, customized)
                     url = custom_field.url_pattern.to_s.dup
                     url.gsub!('%value%') {URI.encode value.to_s}
                     url.gsub!('%id%') {URI.encode customized.id.to_s}
                     url.gsub!('%project_id%') {URI.encode (customized.respond_to?(:project) ? customized.project.try(:id) : nil).to_s}
                     url.gsub!('%project_identifier%') {URI.encode (customized.respond_to?(:project) ? customized.project.try(:identifier) : nil).to_s}
                     if custom_field.regexp.present?
                       url.gsub!(%r{%m(\d+)%}) do
                         m = $1.to_i
                         if matches ||= value.to_s.match(Regexp.new(custom_field.regexp))
                           URI.encode matches[m].to_s
                         end
                       end
                     end
                     url
                   end
                   protected :url_from_pattern
                   # Returns the URL pattern with substitution tokens removed,
                   # for validation purpose
                   def url_pattern_without_tokens(url_pattern)
                     url_pattern.to_s.gsub(/%(value|id|project_id|project_identifier|m\d+)%/, '')
                   end
                   protected :url_pattern_without_tokens
                   def edit_tag(view, tag_id, tag_name, custom_value, options={})
                     view.text_field_tag(tag_name, custom_value.value, options.merge(:id => tag_id))
                   end
                   def bulk_edit_tag(view, tag_id, tag_name, custom_field, objects, value, options={})
                     view.text_field_tag(tag_name, value, options.merge(:id => tag_id)) +
                       bulk_clear_tag(view, tag_id, tag_name, custom_field, value)
                   end
                   def bulk_clear_tag(view, tag_id, tag_name, custom_field, value)
                     if custom_field.is_required?
                       ''.html_safe
                     else
                       view.content_tag('label',
                         view.check_box_tag(tag_name, '__none__', (value == '__none__'), :id => nil, :data => {:disables => "##{tag_id}"}) + l(:button_clear),
                         :class => 'inline'
                       )
                     end
                   end
                   protected :bulk_clear_tag
                   def query_filter_options(custom_field, query)
                     {:type => :string}
                   end
                   def before_custom_field_save(custom_field)
                   end
                   # Returns a ORDER BY clause that can used to sort customized
                   # objects by their value of the custom field.
                   # Returns nil if the custom field can not be used for sorting.
                   def order_statement(custom_field)
                     # COALESCE is here to make sure that blank and NULL values are sorted equally
                     "COALESCE(#{join_alias custom_field}.value, '')"
                   end
                   # Returns a GROUP BY clause that can used to group by custom value
                   # Returns nil if the custom field can not be used for grouping.
                   def group_statement(custom_field)
                     nil
                   end
                   # Returns a JOIN clause that is added to the query when sorting by custom values
                   def join_for_order_statement(custom_field)
                     alias_name = join_alias(custom_field)
                     "LEFT OUTER JOIN #{CustomValue.table_name} #{alias_name}" +
                       " ON #{alias_name}.customized_type = '#{custom_field.class.customized_class.base_class.name}'" +
                       " AND #{alias_name}.customized_id = #{custom_field.class.customized_class.table_name}.id" +
                       " AND #{alias_name}.custom_field_id = #{custom_field.id}" +
                       " AND (#{custom_field.visibility_by_project_condition})" +
                       " AND #{alias_name}.value <> ''" +
                       " AND #{alias_name}.id = (SELECT max(#{alias_name}_2.id) FROM #{CustomValue.table_name} #{alias_name}_2" +
                         " WHERE #{alias_name}_2.customized_type = #{alias_name}.customized_type" +
                         " AND #{alias_name}_2.customized_id = #{alias_name}.customized_id" +
                         " AND #{alias_name}_2.custom_field_id = #{alias_name}.custom_field_id)"
                   end
                   def join_alias(custom_field)
                     "cf_#{custom_field.id}"
                   end
                   protected :join_alias
                 end
                 class Unbounded < Base
                   def validate_single_value(custom_field, value, customized=nil)
                     errs = super
                     value = value.to_s
                     unless custom_field.regexp.blank? or value =~ Regexp.new(custom_field.regexp)
                       errs << ::I18n.t('activerecord.errors.messages.invalid')
                     end
                     if custom_field.min_length && value.length < custom_field.min_length
                       errs << ::I18n.t('activerecord.errors.messages.too_short', :count => custom_field.min_length)
                     end
                     if custom_field.max_length && custom_field.max_length > 0 && value.length > custom_field.max_length
                       errs << ::I18n.t('activerecord.errors.messages.too_long', :count => custom_field.max_length)
                     end
                     errs
                   end
                 end
                 class StringFormat < Unbounded
                   add 'string'
                   self.searchable_supported = true
                   self.form_partial = 'custom_fields/formats/string'
                   field_attributes :text_formatting
                   def formatted_value(view, custom_field, value, customized=nil, html=false)
                     if html
                       if custom_field.url_pattern.present?
                         super
                       elsif custom_field.text_formatting == 'full'
                         view.textilizable(value, :object => customized)
                       else
                         value.to_s
                       end
                     else
                       value.to_s
                     end
                   end
                 end
                 class TextFormat < Unbounded
                   add 'text'
                   self.searchable_supported = true
                   self.form_partial = 'custom_fields/formats/text'
                   self.change_as_diff = true
                   def formatted_value(view, custom_field, value, customized=nil, html=false)
                     if html
                       if value.present?
                         if custom_field.text_formatting == 'full'
                           view.textilizable(value, :object => customized)
                         else
                           view.simple_format(html_escape(value))
                         end
                       else
                         ''
                       end
                     else
                       value.to_s
                     end
                   end
                   def edit_tag(view, tag_id, tag_name, custom_value, options={})
                     view.text_area_tag(tag_name, custom_value.value, options.merge(:id => tag_id, :rows => 3))
                   end
                   def bulk_edit_tag(view, tag_id, tag_name, custom_field, objects, value, options={})
                     view.text_area_tag(tag_name, value, options.merge(:id => tag_id, :rows => 3)) +
                       '<br />'.html_safe +
                       bulk_clear_tag(view, tag_id, tag_name, custom_field, value)
                   end
                   def query_filter_options(custom_field, query)
                     {:type => :text}
                   end
                 end
                 class LinkFormat < StringFormat
                   add 'link'
                   self.searchable_supported = false
                   self.form_partial = 'custom_fields/formats/link'
                   def formatted_value(view, custom_field, value, customized=nil, html=false)
                     if html && value.present?
                       if custom_field.url_pattern.present?
                         url = url_from_pattern(custom_field, value, customized)
                       else
                         url = value.to_s
                         unless url =~ %r{\A[a-z]+://}i
                           # no protocol found, use http by default
                           url = "http://" + url
                         end
                       end
                       view.link_to value.to_s.truncate(40), url
                     else
                       value.to_s
                     end
                   end
                 end
                 class Numeric < Unbounded
                   self.form_partial = 'custom_fields/formats/numeric'
                   self.totalable_supported = true
                   def order_statement(custom_field)
                     # Make the database cast values into numeric
                     # Postgresql will raise an error if a value can not be casted!
                     # CustomValue validations should ensure that it doesn't occur
                     "CAST(CASE #{join_alias custom_field}.value WHEN '' THEN '0' ELSE #{join_alias custom_field}.value END AS decimal(30,3))"
                   end
                   # Returns totals for the given scope
                   def total_for_scope(custom_field, scope)
                     scope.joins(:custom_values).
                       where(:custom_values => {:custom_field_id => custom_field.id}).
                       where.not(:custom_values => {:value => ''}).
                       sum("CAST(#{CustomValue.table_name}.value AS decimal(30,3))")
                   end
                   def cast_total_value(custom_field, value)
                     cast_single_value(custom_field, value)
                   end
                 end
                 class IntFormat < Numeric
                   add 'int'
                   def label
                     "label_integer"
                   end
                   def cast_single_value(custom_field, value, customized=nil)
                     value.to_i
                   end
                   def validate_single_value(custom_field, value, customized=nil)
                     errs = super
                     errs << ::I18n.t('activerecord.errors.messages.not_a_number') unless value.to_s =~ /^[+-]?\d+$/
                     errs
                   end
                   def query_filter_options(custom_field, query)
                     {:type => :integer}
                   end
                   def group_statement(custom_field)
                     order_statement(custom_field)
                   end
                 end
                 class FloatFormat < Numeric
                   add 'float'
                   def cast_single_value(custom_field, value, customized=nil)
                     value.to_f
                   end
                   def cast_total_value(custom_field, value)
                     value.to_f.round(2)
                   end
                   def validate_single_value(custom_field, value, customized=nil)
                     errs = super
                     errs << ::I18n.t('activerecord.errors.messages.invalid') unless (Kernel.Float(value) rescue nil)
                     errs
                   end
                   def query_filter_options(custom_field, query)
                     {:type => :float}
                   end
                 end
                 class DateFormat < Unbounded
                   add 'date'
                   self.form_partial = 'custom_fields/formats/date'
                   def cast_single_value(custom_field, value, customized=nil)
                     value.to_date rescue nil
                   end
                   def validate_single_value(custom_field, value, customized=nil)
                     if value =~ /^\d{4}-\d{2}-\d{2}$/ && (value.to_date rescue false)
                       []
                     else
                       [::I18n.t('activerecord.errors.messages.not_a_date')]
                     end
                   end
                   def edit_tag(view, tag_id, tag_name, custom_value, options={})
                     view.date_field_tag(tag_name, custom_value.value, options.merge(:id => tag_id, :size => 10)) +
                       view.calendar_for(tag_id)
                   end
                   def bulk_edit_tag(view, tag_id, tag_name, custom_field, objects, value, options={})
                     view.date_field_tag(tag_name, value, options.merge(:id => tag_id, :size => 10)) +
                       view.calendar_for(tag_id) +
                       bulk_clear_tag(view, tag_id, tag_name, custom_field, value)
                   end
                   def query_filter_options(custom_field, query)
                     {:type => :date}
                   end
                   def group_statement(custom_field)
                     order_statement(custom_field)
                   end
                 end
                 class List < Base
                   self.multiple_supported = true
                   field_attributes :edit_tag_style
                   def edit_tag(view, tag_id, tag_name, custom_value, options={})
                     if custom_value.custom_field.edit_tag_style == 'check_box'
                       check_box_edit_tag(view, tag_id, tag_name, custom_value, options)
                     else
                       select_edit_tag(view, tag_id, tag_name, custom_value, options)
                     end
                   end
                   def bulk_edit_tag(view, tag_id, tag_name, custom_field, objects, value, options={})
                     opts = []
                     opts << [l(:label_no_change_option), ''] unless custom_field.multiple?
                     opts << [l(:label_none), '__none__'] unless custom_field.is_required?
                     opts += possible_values_options(custom_field, objects)
                     view.select_tag(tag_name, view.options_for_select(opts, value), options.merge(:multiple => custom_field.multiple?))
                   end
                   def query_filter_options(custom_field, query)
                     {:type => :list_optional, :values => query_filter_values(custom_field, query)}
                   end
                   protected
                   # Returns the values that are available in the field filter
                   def query_filter_values(custom_field, query)
                     possible_values_options(custom_field, query.project)
                   end
                   # Renders the edit tag as a select tag
                   def select_edit_tag(view, tag_id, tag_name, custom_value, options={})
                     blank_option = ''.html_safe
                     unless custom_value.custom_field.multiple?
                       if custom_value.custom_field.is_required?
                         unless custom_value.custom_field.default_value.present?
                           blank_option = view.content_tag('option', "--- #{l(:actionview_instancetag_blank_option)} ---", :value => '')
                         end
                       else
                         blank_option = view.content_tag('option', '&nbsp;'.html_safe, :value => '')
                       end
                     end
                     options_tags = blank_option + view.options_for_select(possible_custom_value_options(custom_value), custom_value.value)
                     s = view.select_tag(tag_name, options_tags, options.merge(:id => tag_id, :multiple => custom_value.custom_field.multiple?))
                     if custom_value.custom_field.multiple?
                       s << view.hidden_field_tag(tag_name, '')
                     end
                     s
                   end
                   # Renders the edit tag as check box or radio tags
                   def check_box_edit_tag(view, tag_id, tag_name, custom_value, options={})
                     opts = []
                     unless custom_value.custom_field.multiple? || custom_value.custom_field.is_required?
                       opts << ["(#{l(:label_none)})", '']
                     end
                     opts += possible_custom_value_options(custom_value)
                     s = ''.html_safe
                     tag_method = custom_value.custom_field.multiple? ? :check_box_tag : :radio_button_tag
                     opts.each do |label, value|
                       value ||= label
                       checked = (custom_value.value.is_a?(Array) && custom_value.value.include?(value)) || custom_value.value.to_s == value
                       tag = view.send(tag_method, tag_name, value, checked, :id => tag_id)
                       # set the id on the first tag only
                       tag_id = nil
                       s << view.content_tag('label', tag + ' ' + label)
                     end
                     if custom_value.custom_field.multiple?
                       s << view.hidden_field_tag(tag_name, '')
                     end
                     css = "#{options[:class]} check_box_group"
                     view.content_tag('span', s, options.merge(:class => css))
                   end
                 end
                 class ListFormat < List
                   add 'list'
                   self.searchable_supported = true
                   self.form_partial = 'custom_fields/formats/list'
                   def possible_custom_value_options(custom_value)
                     options = possible_values_options(custom_value.custom_field)
                     missing = [custom_value.value].flatten.reject(&:blank?) - options
                     if missing.any?
                       options += missing
                     end
                     options
                   end
                   def possible_values_options(custom_field, object=nil)
                     custom_field.possible_values
                   end
                   def validate_custom_field(custom_field)
                     errors = []
                     errors << [:possible_values, :blank] if custom_field.possible_values.blank?
                     errors << [:possible_values, :invalid] unless custom_field.possible_values.is_a? Array
                     errors
                   end
                   def validate_custom_value(custom_value)
                     values = Array.wrap(custom_value.value).reject {|value| value.to_s == ''}
                     invalid_values = values - Array.wrap(custom_value.value_was) - custom_value.custom_field.possible_values
                     if invalid_values.any?
                       [::I18n.t('activerecord.errors.messages.inclusion')]
                     else
                       []
                     end
                   end
                   def group_statement(custom_field)
                     order_statement(custom_field)
                   end
                 end
                 class BoolFormat < List
                   add 'bool'
                   self.multiple_supported = false
                   self.form_partial = 'custom_fields/formats/bool'
                   def label
                     "label_boolean"
                   end
                   def cast_single_value(custom_field, value, customized=nil)
                     value == '1' ? true : false
                   end
                   def possible_values_options(custom_field, object=nil)
                     [[::I18n.t(:general_text_Yes), '1'], [::I18n.t(:general_text_No), '0']]
                   end
                   def group_statement(custom_field)
                     order_statement(custom_field)
                   end
                   def edit_tag(view, tag_id, tag_name, custom_value, options={})
                     case custom_value.custom_field.edit_tag_style
                     when 'check_box'
                       single_check_box_edit_tag(view, tag_id, tag_name, custom_value, options)
                     when 'radio'
                       check_box_edit_tag(view, tag_id, tag_name, custom_value, options)
                     else
                       select_edit_tag(view, tag_id, tag_name, custom_value, options)
                     end
                   end
                   # Renders the edit tag as a simple check box
                   def single_check_box_edit_tag(view, tag_id, tag_name, custom_value, options={})
                     s = ''.html_safe
                     s << view.hidden_field_tag(tag_name, '0', :id => nil)
                     s << view.check_box_tag(tag_name, '1', custom_value.value.to_s == '1', :id => tag_id)
                     view.content_tag('span', s, options)
                   end
                 end
                 class RecordList < List
                   self.customized_class_names = %w(Issue TimeEntry Version Document Project)
                   def cast_single_value(custom_field, value, customized=nil)
                     target_class.find_by_id(value.to_i) if value.present?
                   end
                   def target_class
                     @target_class ||= self.class.name[/^(.*::)?(.+)Format$/, 2].constantize rescue nil
                   end
                   def reset_target_class
                     @target_class = nil
                   end
                   def possible_custom_value_options(custom_value)
                     options = possible_values_options(custom_value.custom_field, custom_value.customized)
                     missing = [custom_value.value_was].flatten.reject(&:blank?) - options.map(&:last)
                     if missing.any?
                       options += target_class.where(:id => missing.map(&:to_i)).map {|o| [o.to_s, o.id.to_s]}
                     end
                     options
                   end
                   def order_statement(custom_field)
                     if target_class.respond_to?(:fields_for_order_statement)
                       target_class.fields_for_order_statement(value_join_alias(custom_field))
                     end
                   end
                   def group_statement(custom_field)
                     "COALESCE(#{join_alias custom_field}.value, '')"
                   end
                   def join_for_order_statement(custom_field)
                     alias_name = join_alias(custom_field)
                     "LEFT OUTER JOIN #{CustomValue.table_name} #{alias_name}" +
                       " ON #{alias_name}.customized_type = '#{custom_field.class.customized_class.base_class.name}'" +
                       " AND #{alias_name}.customized_id = #{custom_field.class.customized_class.table_name}.id" +
                       " AND #{alias_name}.custom_field_id = #{custom_field.id}" +
                       " AND (#{custom_field.visibility_by_project_condition})" +
                       " AND #{alias_name}.value <> ''" +
                       " AND #{alias_name}.id = (SELECT max(#{alias_name}_2.id) FROM #{CustomValue.table_name} #{alias_name}_2" +
                         " WHERE #{alias_name}_2.customized_type = #{alias_name}.customized_type" +
                         " AND #{alias_name}_2.customized_id = #{alias_name}.customized_id" +
                         " AND #{alias_name}_2.custom_field_id = #{alias_name}.custom_field_id)" +
                       " LEFT OUTER JOIN #{target_class.table_name} #{value_join_alias custom_field}" +
                       " ON CAST(CASE #{alias_name}.value WHEN '' THEN '0' ELSE #{alias_name}.value END AS decimal(30,0)) = #{value_join_alias custom_field}.id"
                   end
                   def value_join_alias(custom_field)
                     join_alias(custom_field) + "_" + custom_field.field_format
                   end
                   protected :value_join_alias
                 end
                 class EnumerationFormat < RecordList
                   add 'enumeration'
                   self.form_partial = 'custom_fields/formats/enumeration'
                   def label
                     "label_field_format_enumeration"
                   end
                   def target_class
                     @target_class ||= CustomFieldEnumeration
                   end
                   def possible_values_options(custom_field, object=nil)
                     possible_values_records(custom_field, object).map {|u| [u.name, u.id.to_s]}
                   end
                   def possible_values_records(custom_field, object=nil)
                     custom_field.enumerations.active
                   end
                   def value_from_keyword(custom_field, keyword, object)
                     value = custom_field.enumerations.where("LOWER(name) LIKE LOWER(?)", keyword).first
                     value ? value.id : nil
                   end
                 end
                 class UserFormat < RecordList
                   add 'user'
                   self.form_partial = 'custom_fields/formats/user'
                   field_attributes :user_role
                   def possible_values_options(custom_field, object=nil)
                     possible_values_records(custom_field, object).map {|u| [u.name, u.id.to_s]}
                   end
                   def possible_values_records(custom_field, object=nil)
                     if object.is_a?(Array)
                       projects = object.map {|o| o.respond_to?(:project) ? o.project : nil}.compact.uniq
                       projects.map {|project| possible_values_records(custom_field, project)}.reduce(:&) || []
                     elsif object.respond_to?(:project) && object.project
                       scope = object.project.users
                       if custom_field.user_role.is_a?(Array)
                         role_ids = custom_field.user_role.map(&:to_s).reject(&:blank?).map(&:to_i)
                         if role_ids.any?
                           scope = scope.where("#{Member.table_name}.id IN (SELECT DISTINCT member_id FROM #{MemberRole.table_name} WHERE role_id IN (?))", role_ids)
                         end
                       end
                       scope.sorted
                     else
                       []
                     end
                   end
                   def value_from_keyword(custom_field, keyword, object)
                     users = possible_values_records(custom_field, object).to_a
                     user = Principal.detect_by_keyword(users, keyword)
                     user ? user.id : nil
                   end
                   def before_custom_field_save(custom_field)
                     super
                     if custom_field.user_role.is_a?(Array)
                       custom_field.user_role.map!(&:to_s).reject!(&:blank?)
                     end
                   end
                 end
                 class VersionFormat < RecordList
                   add 'version'
                   self.form_partial = 'custom_fields/formats/version'
                   field_attributes :version_status
                   def possible_values_options(custom_field, object=nil)
                     versions_options(custom_field, object)
                   end
                   def before_custom_field_save(custom_field)
                     super
                     if custom_field.version_status.is_a?(Array)
                       custom_field.version_status.map!(&:to_s).reject!(&:blank?)
                     end
                   end
                   protected
                   def query_filter_values(custom_field, query)
                     versions_options(custom_field, query.project, true)
                   end
                   def versions_options(custom_field, object, all_statuses=false)
                     if object.is_a?(Array)
                       projects = object.map {|o| o.respond_to?(:project) ? o.project : nil}.compact.uniq
                       projects.map {|project| possible_values_options(custom_field, project)}.reduce(:&) || []
                     elsif object.respond_to?(:project) && object.project
                       scope = object.project.shared_versions
                       filtered_versions_options(custom_field, scope, all_statuses)
                     elsif object.nil?
                       scope = ::Version.visible.where(:sharing => 'system')
                       filtered_versions_options(custom_field, scope, all_statuses)
                     else
                       []
                     end
                   end
                   def filtered_versions_options(custom_field, scope, all_statuses=false)
                     if !all_statuses && custom_field.version_status.is_a?(Array)
                       statuses = custom_field.version_status.map(&:to_s).reject(&:blank?)
                       if statuses.any?
                         scope = scope.where(:status => statuses.map(&:to_s))
                       end
                     end
                     scope.sort.collect{|u| [u.to_s, u.id.to_s] }
                   end
                 end
                 class AttachementFormat < Base
                   add 'attachment'
                   self.form_partial = 'custom_fields/formats/attachment'
                   self.is_filter_supported = false
                   self.change_no_details = true
+                  field_attributes :extensions_allowed
                   def set_custom_field_value(custom_field, custom_field_value, value)
                     attachment_present = false
                     if value.is_a?(Hash)
                       attachment_present = true
                       value = value.except(:blank)
                       if value.values.any? && value.values.all? {|v| v.is_a?(Hash)}
                         value = value.values.first
                       end
                       if value.key?(:id)
                         value = set_custom_field_value_by_id(custom_field, custom_field_value, value[:id])
                       elsif value[:token].present?
                         if attachment = Attachment.find_by_token(value[:token])
                           value = attachment.id.to_s
                         else
                           value = ''
                         end
                       elsif value.key?(:file)
                         attachment = Attachment.new(:file => value[:file], :author => User.current)
                         if attachment.save
                           value = attachment.id.to_s
                         else
                           value = ''
                         end
                       else
                         attachment_present = false
                         value = ''
                       end
                     elsif value.is_a?(String)
                       value = set_custom_field_value_by_id(custom_field, custom_field_value, value)
                     end
                     custom_field_value.instance_variable_set "@attachment_present", attachment_present
                     value
                   end
                   def set_custom_field_value_by_id(custom_field, custom_field_value, id)
                     attachment = Attachment.find_by_id(id)
                     if attachment && attachment.container.is_a?(CustomValue) && attachment.container.customized == custom_field_value.customized
                       id.to_s
                     else
                       ''
                     end
                   end
                   private :set_custom_field_value_by_id
                   def cast_single_value(custom_field, value, customized=nil)
                     Attachment.find_by_id(value.to_i) if value.present? && value.respond_to?(:to_i)
                   end
                   def validate_custom_value(custom_value)
                     errors = []
-                    if custom_value.instance_variable_get("@attachment_present") && custom_value.value.blank?
+                    if custom_value.value.blank?
-                      errors << ::I18n.t('activerecord.errors.messages.invalid')
+                      if custom_value.instance_variable_get("@attachment_present")
+                        errors << ::I18n.t('activerecord.errors.messages.invalid')
+                      end
+                    else
+                      if custom_value.value.present?
+                        attachment = Attachment.where(:id => custom_value.value.to_s).first
+                        extensions = custom_value.custom_field.extensions_allowed
+                        if attachment && extensions.present? && !attachment.extension_in?(extensions)
+                          errors << "#{::I18n.t('activerecord.errors.messages.invalid')} (#{l(:setting_attachment_extensions_allowed)}: #{extensions})"
+                        end
+                      end
                     end
                     errors.uniq
                   end
                   def after_save_custom_value(custom_field, custom_value)
                     if custom_value.value_changed?
                       if custom_value.value.present?
                         attachment = Attachment.where(:id => custom_value.value.to_s).first
                         if attachment
                           attachment.container = custom_value
                           attachment.save!
                         end
                       end
                       if custom_value.value_was.present?
                         attachment = Attachment.where(:id => custom_value.value_was.to_s).first
                         if attachment
                           attachment.destroy
                         end
                       end
                     end
                   end
                   def edit_tag(view, tag_id, tag_name, custom_value, options={})
                     attachment = nil
                     if custom_value.value.present? #&& custom_value.value == custom_value.value_was
                       attachment = Attachment.find_by_id(custom_value.value)
                     end
                     view.hidden_field_tag("#{tag_name}[blank]", "") +
                       view.render(:partial => 'attachments/form',
                         :locals => {
                           :attachment_param => tag_name,
                           :multiple => false,
                           :description => false,
                           :saved_attachments => [attachment].compact,
                           :filedrop => false
                         })
                   end
                 end
               end
             end

test/integration/lib/redmine/field_format/attachment_format_test.rb +38 0

             # Redmine - project management software
             # Copyright (C) 2006-2016  Jean-Philippe Lang
             #
             # This program is free software; you can redistribute it and/or
             # modify it under the terms of the GNU General Public License
             # as published by the Free Software Foundation; either version 2
             # of the License, or (at your option) any later version.
             #
             # This program is distributed in the hope that it will be useful,
             # but WITHOUT ANY WARRANTY; without even the implied warranty of
             # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
             # GNU General Public License for more details.
             #
             # You should have received a copy of the GNU General Public License
             # along with this program; if not, write to the Free Software
             # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
             require File.expand_path('../../../../../test_helper', __FILE__)
             class AttachmentFieldFormatTest < Redmine::IntegrationTest
               fixtures :projects,
                        :users, :email_addresses,
                        :roles,
                        :members,
                        :member_roles,
                        :trackers,
                        :projects_trackers,
                        :enabled_modules,
                        :issue_statuses,
                        :issues,
                        :enumerations,
                        :custom_fields,
                        :custom_values,
                        :custom_fields_trackers,
                        :attachments
               def setup
                 set_tmp_attachments_directory
                 @field = IssueCustomField.generate!(:name => "File", :field_format => "attachment")
                 log_user "jsmith", "jsmith"
               end
               def test_new_should_include_inputs
                 get '/projects/ecookbook/issues/new'
                 assert_response :success
                 assert_select '[name^=?]', "issue[custom_field_values][#{@field.id}]", 2
                 assert_select 'input[name=?][type=hidden][value=""]', "issue[custom_field_values][#{@field.id}][blank]"
               end
               def test_create_with_attachment
                 issue = new_record(Issue) do
                   assert_difference 'Attachment.count' do
                     post '/projects/ecookbook/issues', {
                         :issue => {
                           :subject => "Subject",
                           :custom_field_values => {
                             @field.id => {
                               'blank' => '',
                               '1' => {:file => uploaded_test_file("testfile.txt", "text/plain")}
                             }
                           }
                         }
                       }
                     assert_response 302
                   end
                 end
                 custom_value = issue.custom_value_for(@field)
                 assert custom_value
                 assert custom_value.value.present?
                 attachment = Attachment.find_by_id(custom_value.value)
                 assert attachment
                 assert_equal custom_value, attachment.container
                 follow_redirect!
                 assert_response :success
                 # link to the attachment
                 link = css_select(".cf_#{@field.id} .value a")
                 assert_equal 1, link.size
                 assert_equal "testfile.txt", link.text
                 # download the attachment
                 get link.attr('href')
                 assert_response :success
                 assert_equal "text/plain", response.content_type
               end
               def test_create_without_attachment
                 issue = new_record(Issue) do
                   assert_no_difference 'Attachment.count' do
                     post '/projects/ecookbook/issues', {
                         :issue => {
                           :subject => "Subject",
                           :custom_field_values => {
                             @field.id => {:blank => ''}
                           }
                         }
                       }
                     assert_response 302
                   end
                 end
                 custom_value = issue.custom_value_for(@field)
                 assert custom_value
                 assert custom_value.value.blank?
                 follow_redirect!
                 assert_response :success
                 # no links to the attachment
                 assert_select ".cf_#{@field.id} .value a", 0
               end
               def test_failure_on_create_should_preserve_attachment
                 attachment = new_record(Attachment) do
                   assert_no_difference 'Issue.count' do
                     post '/projects/ecookbook/issues', {
                         :issue => {
                           :subject => "",
                           :custom_field_values => {
                             @field.id => {:file => uploaded_test_file("testfile.txt", "text/plain")}
                           }
                         }
                       }
                     assert_response :success
                     assert_select_error /Subject cannot be blank/
                   end
                 end
                 assert_nil attachment.container_id
                 assert_select 'input[name=?][value=?][type=hidden]', "issue[custom_field_values][#{@field.id}][p0][token]", attachment.token
                 assert_select 'input[name=?][value=?]', "issue[custom_field_values][#{@field.id}][p0][filename]", 'testfile.txt'
                 issue = new_record(Issue) do
                   assert_no_difference 'Attachment.count' do
                     post '/projects/ecookbook/issues', {
                         :issue => {
                           :subject => "Subject",
                           :custom_field_values => {
                             @field.id => {:token => attachment.token}
                           }
                         }
                       }
                     assert_response 302
                   end
                 end
                 custom_value = issue.custom_value_for(@field)
                 assert custom_value
                 assert_equal attachment.id.to_s, custom_value.value
                 assert_equal custom_value, attachment.reload.container
               end
+              def test_create_with_valid_extension
+                @field.extensions_allowed = "txt, log"
+                @field.save!
+                attachment = new_record(Attachment) do
+                  assert_difference 'Issue.count' do
+                    post '/projects/ecookbook/issues', {
+                        :issue => {
+                          :subject => "Blank",
+                          :custom_field_values => {
+                            @field.id => {:file => uploaded_test_file("testfile.txt", "text/plain")}
+                          }
+                        }
+                      }
+                    assert_response 302
+                  end
+                end
+              end
+              def test_create_with_invalid_extension_should_fail
+                @field.extensions_allowed = "png, jpeg"
+                @field.save!
+                attachment = new_record(Attachment) do
+                  assert_no_difference 'Issue.count' do
+                    post '/projects/ecookbook/issues', {
+                        :issue => {
+                          :subject => "Blank",
+                          :custom_field_values => {
+                            @field.id => {:file => uploaded_test_file("testfile.txt", "text/plain")}
+                          }
+                        }
+                      }
+                    assert_response :success
+                  end
+                end
+              end
             end

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages