#-- encoding: UTF-8 #-- copyright # OpenProject is a project management system. # # Copyright (C) 2012-2013 the OpenProject Team # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License version 3. # # See doc/COPYRIGHT.rdoc for more details. #++ class AttachmentsController < ApplicationController before_filter :find_project before_filter :file_readable, :read_authorize, :except => :destroy before_filter :delete_authorize, :only => :destroy def show if @attachment.is_diff? @diff = File.new(@attachment.diskfile, "rb").read render :action => 'diff' elsif @attachment.is_text? && @attachment.filesize <= Setting.file_max_size_displayed.to_i.kilobyte @content = File.new(@attachment.diskfile, "rb").read render :action => 'file' else download end end def download if @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project) @attachment.increment_download end # images are sent inline send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), :type => detect_content_type(@attachment), :disposition => (@attachment.image? ? 'inline' : 'attachment') end def destroy # Make sure association callbacks are called @attachment.container.attachments.delete(@attachment) redirect_to :back rescue ::ActionController::RedirectBackError # we cannot be sure the container actually has a project (example: LandingPage) if @project redirect_to :controller => '/projects', :action => 'show', :id => @project else redirect_to home_url end end private def find_project @attachment = Attachment.find(params[:id]) # Show 404 if the filename in the url is wrong raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename @project = @attachment.project rescue ActiveRecord::RecordNotFound render_404 end # Checks that the file exists and is readable def file_readable @attachment.readable? ? true : render_404 end def read_authorize @attachment.visible? ? true : deny_access end def delete_authorize @attachment.deletable? ? true : deny_access end def detect_content_type(attachment) content_type = attachment.content_type if content_type.blank? content_type = Redmine::MimeType.of(attachment.filename) end content_type.to_s end end