From f4ce0ddde44c278af9c7a9f198c9893d7db7472d Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Wed, 4 Feb 2015 15:35:10 +0100 Subject: Show image attachments in browser instead of downloading them. Resolves #1702. --- app/controllers/files_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index 7937454810d..9671245d3f4 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -5,7 +5,8 @@ class FilesController < ApplicationController if uploader.file_storage? if can?(current_user, :read_project, note.project) - send_file uploader.file.path, disposition: 'attachment' + disposition = uploader.image? ? 'inline' : 'attachment' + send_file uploader.file.path, disposition: disposition else not_found! end -- cgit v1.2.1 From 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hannes=20Rosen=C3=B6gger?= Date: Mon, 9 Feb 2015 14:35:48 +0100 Subject: Fix broken access control and refactor avatar upload This commit moves the note folder from /public/uploads/note to /uploads/note and changes the uploader accordingly. Now it's no longer possible to avoid the access control by modifing the url. The Avatar upload has been refactored to use an own uploader as well to cleanly seperate the two upload types. --- app/controllers/files_controller.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index 9671245d3f4..561af8084c3 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -6,7 +6,9 @@ class FilesController < ApplicationController if uploader.file_storage? if can?(current_user, :read_project, note.project) disposition = uploader.image? ? 'inline' : 'attachment' - send_file uploader.file.path, disposition: disposition + # Replace old notes location in /public with the new one in / and send the file + path = uploader.file.path.gsub("#{Rails.root}/public",Rails.root.to_s) + send_file path, disposition: disposition else not_found! end -- cgit v1.2.1 From ebd39fc082b09177e0777e5de5729c3f98495e87 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Mon, 16 Feb 2015 18:42:52 +0100 Subject: Nitpicking. --- app/controllers/files_controller.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index 561af8084c3..15523cbc2e7 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -5,9 +5,10 @@ class FilesController < ApplicationController if uploader.file_storage? if can?(current_user, :read_project, note.project) - disposition = uploader.image? ? 'inline' : 'attachment' # Replace old notes location in /public with the new one in / and send the file - path = uploader.file.path.gsub("#{Rails.root}/public",Rails.root.to_s) + path = uploader.file.path.gsub("#{Rails.root}/public", Rails.root.to_s) + + disposition = uploader.image? ? 'inline' : 'attachment' send_file path, disposition: disposition else not_found! -- cgit v1.2.1 From 9bf8480b4a0d3ea6e284c4bd8bf26243f3f3f6f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hannes=20Rosen=C3=B6gger?= <123haynes@gmail.com> Date: Sat, 14 Feb 2015 16:04:45 +0100 Subject: Generalize the image upload in markdown This commit generalizes the image upload via drag and drop so it supports all files. It also adds access control for these files. --- app/controllers/files_controller.rb | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index 15523cbc2e7..a86340dd9bb 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -1,5 +1,5 @@ class FilesController < ApplicationController - def download + def download_notes note = Note.find(params[:id]) uploader = note.attachment @@ -14,7 +14,32 @@ class FilesController < ApplicationController not_found! end else - redirect_to uploader.url + not_found! end end + + def download_files + namespace_id = params[:namespace] + project_id = params[:project] + folder_id = params[:folder_id] + filename = params[:filename] + project_with_namespace="#{namespace_id}/#{project_id}" + filename_with_id="#{folder_id}/#{filename}" + + project = Project.find_with_namespace(project_with_namespace) + + uploader = FileUploader.new("#{Rails.root}/uploads","#{project_with_namespace}/#{folder_id}") + uploader.retrieve_from_store!(filename) + + if can?(current_user, :read_project, project) + download(uploader) + else + not_found! + end + end + + def download(uploader) + disposition = uploader.image? ? 'inline' : 'attachment' + send_file uploader.file.path, disposition: disposition + end end -- cgit v1.2.1 From 9729cc584f5758395960416f308a9c45f698cdee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hannes=20Rosen=C3=B6gger?= <123haynes@gmail.com> Date: Sat, 14 Feb 2015 19:52:45 +0100 Subject: implement Project::UploadsController --- app/controllers/files_controller.rb | 29 ++--------------------------- 1 file changed, 2 insertions(+), 27 deletions(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index a86340dd9bb..15523cbc2e7 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -1,5 +1,5 @@ class FilesController < ApplicationController - def download_notes + def download note = Note.find(params[:id]) uploader = note.attachment @@ -14,32 +14,7 @@ class FilesController < ApplicationController not_found! end else - not_found! + redirect_to uploader.url end end - - def download_files - namespace_id = params[:namespace] - project_id = params[:project] - folder_id = params[:folder_id] - filename = params[:filename] - project_with_namespace="#{namespace_id}/#{project_id}" - filename_with_id="#{folder_id}/#{filename}" - - project = Project.find_with_namespace(project_with_namespace) - - uploader = FileUploader.new("#{Rails.root}/uploads","#{project_with_namespace}/#{folder_id}") - uploader.retrieve_from_store!(filename) - - if can?(current_user, :read_project, project) - download(uploader) - else - not_found! - end - end - - def download(uploader) - disposition = uploader.image? ? 'inline' : 'attachment' - send_file uploader.file.path, disposition: disposition - end end -- cgit v1.2.1 From d2ebdf664b42d4fac6b2e060ef79aa9fe0b0e72d Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Mon, 16 Feb 2015 19:58:40 +0100 Subject: Refactor. --- app/controllers/files_controller.rb | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index 15523cbc2e7..267239b7b84 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -3,18 +3,21 @@ class FilesController < ApplicationController note = Note.find(params[:id]) uploader = note.attachment - if uploader.file_storage? - if can?(current_user, :read_project, note.project) - # Replace old notes location in /public with the new one in / and send the file + if can?(current_user, :read_project, note.project) + if uploader.file_storage? path = uploader.file.path.gsub("#{Rails.root}/public", Rails.root.to_s) - disposition = uploader.image? ? 'inline' : 'attachment' - send_file path, disposition: disposition + if File.exist?(path) + disposition = uploader.image? ? 'inline' : 'attachment' + send_file path, disposition: disposition + else + not_found! + end else - not_found! + redirect_to uploader.url end else - redirect_to uploader.url + not_found! end end end -- cgit v1.2.1 From 7c3147e6e969a7ae97e2f8d05e536abeeb7d3936 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Thu, 19 Feb 2015 08:57:33 -0800 Subject: Revert "Nitpicking." This reverts commit ebd39fc082b09177e0777e5de5729c3f98495e87. --- app/controllers/files_controller.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index 15523cbc2e7..561af8084c3 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -5,10 +5,9 @@ class FilesController < ApplicationController if uploader.file_storage? if can?(current_user, :read_project, note.project) - # Replace old notes location in /public with the new one in / and send the file - path = uploader.file.path.gsub("#{Rails.root}/public", Rails.root.to_s) - disposition = uploader.image? ? 'inline' : 'attachment' + # Replace old notes location in /public with the new one in / and send the file + path = uploader.file.path.gsub("#{Rails.root}/public",Rails.root.to_s) send_file path, disposition: disposition else not_found! -- cgit v1.2.1 From 8184a6564454faf0f9ae9dfee1377c3407d08447 Mon Sep 17 00:00:00 2001 From: Dmitriy Zaporozhets Date: Thu, 19 Feb 2015 08:57:35 -0800 Subject: Revert "Fix broken access control and refactor avatar upload" This reverts commit 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07. --- app/controllers/files_controller.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'app/controllers/files_controller.rb') diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index 561af8084c3..9671245d3f4 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -6,9 +6,7 @@ class FilesController < ApplicationController if uploader.file_storage? if can?(current_user, :read_project, note.project) disposition = uploader.image? ? 'inline' : 'attachment' - # Replace old notes location in /public with the new one in / and send the file - path = uploader.file.path.gsub("#{Rails.root}/public",Rails.root.to_s) - send_file path, disposition: disposition + send_file uploader.file.path, disposition: disposition else not_found! end -- cgit v1.2.1