socialforge/app/controllers/attachments_controller.rb

# Redmine - project management software
# Copyright (C) 2006-2013  Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

class AttachmentsController < ApplicationController
  before_filter :find_project, :only => [:show, :download, :thumbnail, :destroy, :delete_homework]#, :except => [:upload, :autocomplete]
  before_filter :file_readable, :read_authorize, :only => [:show, :thumbnail]#Modified by young
  before_filter :delete_authorize, :only => :destroy
  before_filter :authorize_global, :only => :upload
  
  before_filter :require_login, only: [:download]

  accept_api_auth :show, :download, :upload

  def show
    respond_to do |format|
      format.html {
        if @attachment.is_diff?
          @diff = File.new(@attachment.diskfile, "rb").read
          @diff_type = params[:type] || User.current.pref[:diff_type] || 'inline'
          @diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)
          # Save diff type as user preference
          if User.current.logged? && @diff_type != User.current.pref[:diff_type]
            User.current.pref[:diff_type] = @diff_type
            User.current.preference.save
          end
          render :action => 'diff'
        elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte
          @content = File.new(@attachment.diskfile, "rb").read
          render :action => 'file'
        else
          download
        end
      }
      format.api
    end
  end

  def download
    if true || @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project)
      @attachment.increment_download
    end

    if stale?(:etag => @attachment.digest)
      # images are sent inline
      send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),
                                      :type => detect_content_type(@attachment),
                                      :disposition => (@attachment.image? ? 'inline' : 'attachment')
    end
  end

  def thumbnail
    if @attachment.thumbnailable? && thumbnail = @attachment.thumbnail(:size => params[:size])
      if stale?(:etag => thumbnail)
        send_file thumbnail,
          :filename => filename_for_content_disposition(@attachment.filename),
          :type => detect_content_type(@attachment),
          :disposition => 'inline'
      end
    else
      # No thumbnail for the attachment or thumbnail could not be created
      render :nothing => true, :status => 404
    end
  end

  def upload
    # Make sure that API users get used to set this content type
    # as it won't trigger Rails' automatic parsing of the request body for parameters
    unless request.content_type == 'application/octet-stream'
      render :nothing => true, :status => 406
      return
    end

    @attachment = Attachment.new(:file => request.raw_post)
    @attachment.author = User.current
    @attachment.filename = params[:filename].presence || Redmine::Utils.random_hex(16)
    saved = @attachment.save

    respond_to do |format|
      format.js
      format.api {
        if saved
          render :action => 'upload', :status => :created
        else
          render_validation_errors(@attachment)
        end
      }
    end
  end

  def destroy
    if @attachment.container.respond_to?(:init_journal)
      @attachment.container.init_journal(User.current)
    end
    if @attachment.container
      # Make sure association callbacks are called
      @attachment.container.attachments.delete(@attachment)
    else
      @attachment.destroy
    end

    respond_to do |format|
      format.html { redirect_to_referer_or project_path(@project) }
      format.js
    end
  end
  
  def delete_homework
      @bid = @attachment.container.bid
      # Make sure association callbacks are called
      container = @attachment.container
      @attachment.container.attachments.delete(@attachment)
      if container.attachments.empty?
        container.delete
      end

    respond_to do |format|
      format.html { redirect_to_referer_or respond_path(@bid) }
      format.js
    end
  end

  def autocomplete
    @project = Project.find_by_id(params[:project_id])
    respond_to do |format|
      format.js
    end
  end

  def add_exist_file_to_project
    classname = params[:class_name]
    class_id  = params[:class_id]
    attachments = params[:attachment][:attach]

    obj = Object.const_get(classname).find_by_id(class_id)
    attachments.collect do |attach_id|
      ori = Attachment.find_by_id(attach_id)
      next if ori.blank?
      attach_copied_obj = ori.copy
      attach_copied_obj.container = obj
      attach_copied_obj.created_on = Time.now
      attach_copied_obj.author_id = User.current.id
      @obj = obj
      @save_flag = attach_copied_obj.save
      @save_message = attach_copied_obj.errors.full_messages
    end

    respond_to do |format|
      format.js 
    end
  rescue NoMethodError
    @save_flag = false
    @save_message = [] << l(:error_attachment_empty)
    respond_to do |format|
      format.js 
    end
  end

private
  def find_project
    @attachment = Attachment.find(params[:id])
    # Show 404 if the filename in the url is wrong
    raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
    unless @attachment.container_type == 'Bid' || @attachment.container_type == 'HomeworkAttach' || @attachment.container_type == 'Memo'
      @project = @attachment.project
    end
  rescue ActiveRecord::RecordNotFound
    render_404
  end

  # Checks that the file exists and is readable
  def file_readable
    if @attachment.readable?
      true
    else
      logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."
      render_404
    end
  end

  def read_authorize
    @attachment.visible? ? true : deny_access
  end

  def delete_authorize
    @attachment.deletable? ? true : deny_access
  end

  def detect_content_type(attachment)
    content_type = attachment.content_type
    if content_type.blank?
      content_type = Redmine::MimeType.of(attachment.filename)
    end
    content_type.to_s
  end
end
first commit 2013-08-01 10:33:49 +08:00			`# Redmine - project management software`
			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`

			`class AttachmentsController < ApplicationController`
毛的资源库关联文件 2014-03-06 16:47:28 +08:00			`before_filter :find_project, :only => [:show, :download, :thumbnail, :destroy, :delete_homework]#, :except => [:upload, :autocomplete]`
修正了文件下载权限和文档查看权限 2013-08-07 09:48:59 +08:00			`before_filter :file_readable, :read_authorize, :only => [:show, :thumbnail]#Modified by young`
first commit 2013-08-01 10:33:49 +08:00			`before_filter :delete_authorize, :only => :destroy`
			`before_filter :authorize_global, :only => :upload`
给下载添加登录过滤器 2014-04-10 16:23:40 +08:00
			`before_filter :require_login, only: [:download]`
first commit 2013-08-01 10:33:49 +08:00
			`accept_api_auth :show, :download, :upload`

			`def show`
			`respond_to do \|format\|`
			`format.html {`
			`if @attachment.is_diff?`
			`@diff = File.new(@attachment.diskfile, "rb").read`
			`@diff_type = params[:type] \|\| User.current.pref[:diff_type] \|\| 'inline'`
			`@diff_type = 'inline' unless %w(inline sbs).include?(@diff_type)`
			`# Save diff type as user preference`
			`if User.current.logged? && @diff_type != User.current.pref[:diff_type]`
			`User.current.pref[:diff_type] = @diff_type`
			`User.current.preference.save`
			`end`
			`render :action => 'diff'`
			`elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte`
			`@content = File.new(@attachment.diskfile, "rb").read`
			`render :action => 'file'`
			`else`
			`download`
			`end`
			`}`
			`format.api`
			`end`
			`end`

			`def download`
文件下载全部统计次数 2014-01-18 10:57:09 +08:00			`if true \|\| @attachment.container.is_a?(Version) \|\| @attachment.container.is_a?(Project)`
first commit 2013-08-01 10:33:49 +08:00			`@attachment.increment_download`
			`end`

			`if stale?(:etag => @attachment.digest)`
			`# images are sent inline`
			`send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename),`
			`:type => detect_content_type(@attachment),`
			`:disposition => (@attachment.image? ? 'inline' : 'attachment')`
			`end`
			`end`

			`def thumbnail`
			`if @attachment.thumbnailable? && thumbnail = @attachment.thumbnail(:size => params[:size])`
			`if stale?(:etag => thumbnail)`
			`send_file thumbnail,`
			`:filename => filename_for_content_disposition(@attachment.filename),`
			`:type => detect_content_type(@attachment),`
			`:disposition => 'inline'`
			`end`
			`else`
			`# No thumbnail for the attachment or thumbnail could not be created`
			`render :nothing => true, :status => 404`
			`end`
			`end`

			`def upload`
			`# Make sure that API users get used to set this content type`
			`# as it won't trigger Rails' automatic parsing of the request body for parameters`
			`unless request.content_type == 'application/octet-stream'`
			`render :nothing => true, :status => 406`
			`return`
			`end`

			`@attachment = Attachment.new(:file => request.raw_post)`
			`@attachment.author = User.current`
			`@attachment.filename = params[:filename].presence \|\| Redmine::Utils.random_hex(16)`
			`saved = @attachment.save`

			`respond_to do \|format\|`
			`format.js`
			`format.api {`
			`if saved`
			`render :action => 'upload', :status => :created`
			`else`
			`render_validation_errors(@attachment)`
			`end`
			`}`
			`end`
			`end`

			`def destroy`
			`if @attachment.container.respond_to?(:init_journal)`
			`@attachment.container.init_journal(User.current)`
			`end`
			`if @attachment.container`
			`# Make sure association callbacks are called`
			`@attachment.container.attachments.delete(@attachment)`
			`else`
			`@attachment.destroy`
			`end`

			`respond_to do \|format\|`
			`format.html { redirect_to_referer_or project_path(@project) }`
			`format.js`
			`end`
			`end`
增加了附件删除功能修改用户主页中课程与项目之间的关系用户课程页面中的作业进行了按课程分组 2013-09-18 22:56:01 +08:00
			`def delete_homework`
			`@bid = @attachment.container.bid`
			`# Make sure association callbacks are called`
			`container = @attachment.container`
			`@attachment.container.attachments.delete(@attachment)`
			`if container.attachments.empty?`
			`container.delete`
			`end`

			`respond_to do \|format\|`
			`format.html { redirect_to_referer_or respond_path(@bid) }`
			`format.js`
			`end`
			`end`
first commit 2013-08-01 10:33:49 +08:00
maoxian 2014-03-05 11:17:16 +08:00			`def autocomplete`
毛的资源库关联文件 2014-03-06 16:47:28 +08:00			`@project = Project.find_by_id(params[:project_id])`
maoxian 2014-03-05 11:17:16 +08:00			`respond_to do \|format\|`
			`format.js`
			`end`
			`end`

毛的资源库关联文件 2014-03-06 16:47:28 +08:00			`def add_exist_file_to_project`
			`classname = params[:class_name]`
			`class_id = params[:class_id]`
			`attachments = params[:attachment][:attach]`

			`obj = Object.const_get(classname).find_by_id(class_id)`
			`attachments.collect do \|attach_id\|`
			`ori = Attachment.find_by_id(attach_id)`
			`next if ori.blank?`
			`attach_copied_obj = ori.copy`
			`attach_copied_obj.container = obj`
			`attach_copied_obj.created_on = Time.now`
改留言 2014-03-07 16:49:45 +08:00			`attach_copied_obj.author_id = User.current.id`
毛的资源库关联文件 2014-03-06 16:47:28 +08:00			`@obj = obj`
			`@save_flag = attach_copied_obj.save`
			`@save_message = attach_copied_obj.errors.full_messages`
			`end`

			`respond_to do \|format\|`
			`format.js`
			`end`
			`rescue NoMethodError`
			`@save_flag = false`
			`@save_message = [] << l(:error_attachment_empty)`
			`respond_to do \|format\|`
			`format.js`
			`end`
			`end`

first commit 2013-08-01 10:33:49 +08:00			`private`
			`def find_project`
			`@attachment = Attachment.find(params[:id])`
			`# Show 404 if the filename in the url is wrong`
			`raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename`
memo edit/destory. 2013-11-26 16:32:08 +08:00			`unless @attachment.container_type == 'Bid' \|\| @attachment.container_type == 'HomeworkAttach' \|\| @attachment.container_type == 'Memo'`
添加了提交作业 2013-09-13 21:52:24 +08:00			`@project = @attachment.project`
			`end`
first commit 2013-08-01 10:33:49 +08:00			`rescue ActiveRecord::RecordNotFound`
			`render_404`
			`end`

			`# Checks that the file exists and is readable`
			`def file_readable`
			`if @attachment.readable?`
			`true`
			`else`
			`logger.error "Cannot send attachment, #{@attachment.diskfile} does not exist or is unreadable."`
			`render_404`
			`end`
			`end`

			`def read_authorize`
			`@attachment.visible? ? true : deny_access`
			`end`

			`def delete_authorize`
			`@attachment.deletable? ? true : deny_access`
			`end`

			`def detect_content_type(attachment)`
			`content_type = attachment.content_type`
			`if content_type.blank?`
			`content_type = Redmine::MimeType.of(attachment.filename)`
			`end`
			`content_type.to_s`
			`end`
			`end`