2008-12-09 16:54:46 +00:00
|
|
|
# Redmine - project management software
|
|
|
|
|
# Copyright (C) 2006-2008 Jean-Philippe Lang
|
2007-05-26 15:42:37 +00:00
|
|
|
#
|
|
|
|
|
# This program is free software; you can redistribute it and/or
|
|
|
|
|
# modify it under the terms of the GNU General Public License
|
|
|
|
|
# as published by the Free Software Foundation; either version 2
|
|
|
|
|
# of the License, or (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with this program; if not, write to the Free Software
|
|
|
|
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
|
|
|
|
|
|
|
|
class AttachmentsController < ApplicationController
|
2008-07-22 17:20:02 +00:00
|
|
|
before_filter :find_project
|
2008-12-09 16:54:46 +00:00
|
|
|
before_filter :read_authorize, :except => :destroy
|
|
|
|
|
before_filter :delete_authorize, :only => :destroy
|
|
|
|
|
|
|
|
|
|
verify :method => :post, :only => :destroy
|
|
|
|
|
|
2008-06-08 18:26:39 +00:00
|
|
|
def show
|
|
|
|
|
if @attachment.is_diff?
|
|
|
|
|
@diff = File.new(@attachment.diskfile, "rb").read
|
|
|
|
|
render :action => 'diff'
|
2008-06-09 18:40:59 +00:00
|
|
|
elsif @attachment.is_text?
|
|
|
|
|
@content = File.new(@attachment.diskfile, "rb").read
|
|
|
|
|
render :action => 'file'
|
|
|
|
|
elsif
|
2008-06-08 18:26:39 +00:00
|
|
|
download
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2007-05-26 15:42:37 +00:00
|
|
|
def download
|
2008-07-22 17:20:02 +00:00
|
|
|
@attachment.increment_download if @attachment.container.is_a?(Version)
|
|
|
|
|
|
2007-08-15 15:36:15 +00:00
|
|
|
# images are sent inline
|
2008-01-10 22:42:41 +00:00
|
|
|
send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
|
2007-08-15 15:36:15 +00:00
|
|
|
:type => @attachment.content_type,
|
|
|
|
|
:disposition => (@attachment.image? ? 'inline' : 'attachment')
|
2008-12-09 16:54:46 +00:00
|
|
|
|
2007-05-26 15:42:37 +00:00
|
|
|
end
|
2008-12-09 16:54:46 +00:00
|
|
|
|
|
|
|
|
def destroy
|
|
|
|
|
# Make sure association callbacks are called
|
|
|
|
|
@attachment.container.attachments.delete(@attachment)
|
|
|
|
|
redirect_to :back
|
|
|
|
|
rescue ::ActionController::RedirectBackError
|
|
|
|
|
redirect_to :controller => 'projects', :action => 'show', :id => @project
|
|
|
|
|
end
|
|
|
|
|
|
2007-05-26 15:42:37 +00:00
|
|
|
private
|
|
|
|
|
def find_project
|
|
|
|
|
@attachment = Attachment.find(params[:id])
|
2008-07-22 17:55:19 +00:00
|
|
|
# Show 404 if the filename in the url is wrong
|
|
|
|
|
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
|
2007-05-26 15:42:37 +00:00
|
|
|
@project = @attachment.project
|
2008-07-22 17:20:02 +00:00
|
|
|
rescue ActiveRecord::RecordNotFound
|
|
|
|
|
render_404
|
2007-05-26 15:42:37 +00:00
|
|
|
end
|
2008-12-09 16:54:46 +00:00
|
|
|
|
|
|
|
|
def read_authorize
|
|
|
|
|
@attachment.visible? ? true : deny_access
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def delete_authorize
|
|
|
|
|
@attachment.deletable? ? true : deny_access
|
|
|
|
|
end
|
2007-05-26 15:42:37 +00:00
|
|
|
end
|
