Chris@0: # redMine - project management software Chris@0: # Copyright (C) 2006-2007 Jean-Philippe Lang Chris@0: # Chris@0: # This program is free software; you can redistribute it and/or Chris@0: # modify it under the terms of the GNU General Public License Chris@0: # as published by the Free Software Foundation; either version 2 Chris@0: # of the License, or (at your option) any later version. Chris@0: # Chris@0: # This program is distributed in the hope that it will be useful, Chris@0: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@0: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@0: # GNU General Public License for more details. Chris@0: # Chris@0: # You should have received a copy of the GNU General Public License Chris@0: # along with this program; if not, write to the Free Software Chris@0: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@0: Chris@0: require "digest/md5" Chris@0: Chris@0: class Attachment < ActiveRecord::Base Chris@0: belongs_to :container, :polymorphic => true Chris@0: belongs_to :author, :class_name => "User", :foreign_key => "author_id" Chris@0: Chris@0: validates_presence_of :container, :filename, :author Chris@0: validates_length_of :filename, :maximum => 255 Chris@0: validates_length_of :disk_filename, :maximum => 255 Chris@0: Chris@0: acts_as_event :title => :filename, Chris@0: :url => Proc.new {|o| {:controller => 'attachments', :action => 'download', :id => o.id, :filename => o.filename}} Chris@0: Chris@0: acts_as_activity_provider :type => 'files', Chris@0: :permission => :view_files, Chris@0: :author_key => :author_id, Chris@0: :find_options => {:select => "#{Attachment.table_name}.*", Chris@0: :joins => "LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " + Chris@0: "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )"} Chris@0: Chris@0: acts_as_activity_provider :type => 'documents', Chris@0: :permission => :view_documents, Chris@0: :author_key => :author_id, Chris@0: :find_options => {:select => "#{Attachment.table_name}.*", Chris@0: :joins => "LEFT JOIN #{Document.table_name} ON #{Attachment.table_name}.container_type='Document' AND #{Document.table_name}.id = #{Attachment.table_name}.container_id " + Chris@0: "LEFT JOIN #{Project.table_name} ON #{Document.table_name}.project_id = #{Project.table_name}.id"} Chris@0: Chris@0: cattr_accessor :storage_path Chris@0: @@storage_path = "#{RAILS_ROOT}/files" Chris@0: Chris@0: def validate Chris@0: if self.filesize > Setting.attachment_max_size.to_i.kilobytes Chris@0: errors.add(:base, :too_long, :count => Setting.attachment_max_size.to_i.kilobytes) Chris@0: end Chris@0: end Chris@0: Chris@0: def file=(incoming_file) Chris@0: unless incoming_file.nil? Chris@0: @temp_file = incoming_file Chris@0: if @temp_file.size > 0 Chris@0: self.filename = sanitize_filename(@temp_file.original_filename) Chris@0: self.disk_filename = Attachment.disk_filename(filename) Chris@0: self.content_type = @temp_file.content_type.to_s.chomp Chris@0: if content_type.blank? Chris@0: self.content_type = Redmine::MimeType.of(filename) Chris@0: end Chris@0: self.filesize = @temp_file.size Chris@0: end Chris@0: end Chris@0: end Chris@0: Chris@0: def file Chris@0: nil Chris@0: end Chris@0: Chris@0: # Copies the temporary file to its final location Chris@0: # and computes its MD5 hash Chris@0: def before_save Chris@0: if @temp_file && (@temp_file.size > 0) Chris@0: logger.debug("saving '#{self.diskfile}'") Chris@0: md5 = Digest::MD5.new Chris@0: File.open(diskfile, "wb") do |f| Chris@0: buffer = "" Chris@0: while (buffer = @temp_file.read(8192)) Chris@0: f.write(buffer) Chris@0: md5.update(buffer) Chris@0: end Chris@0: end Chris@0: self.digest = md5.hexdigest Chris@0: end Chris@0: # Don't save the content type if it's longer than the authorized length Chris@0: if self.content_type && self.content_type.length > 255 Chris@0: self.content_type = nil Chris@0: end Chris@0: end Chris@0: Chris@0: # Deletes file on the disk Chris@0: def after_destroy Chris@0: File.delete(diskfile) if !filename.blank? && File.exist?(diskfile) Chris@0: end Chris@0: Chris@0: # Returns file's location on disk Chris@0: def diskfile Chris@0: "#{@@storage_path}/#{self.disk_filename}" Chris@0: end Chris@0: Chris@0: def increment_download Chris@0: increment!(:downloads) Chris@0: end Chris@0: Chris@0: def project Chris@0: container.project Chris@0: end Chris@0: Chris@0: def visible?(user=User.current) Chris@0: container.attachments_visible?(user) Chris@0: end Chris@0: Chris@0: def deletable?(user=User.current) Chris@0: container.attachments_deletable?(user) Chris@0: end Chris@0: Chris@0: def image? Chris@0: self.filename =~ /\.(jpe?g|gif|png)$/i Chris@0: end Chris@0: Chris@0: def is_text? Chris@0: Redmine::MimeType.is_type?('text', filename) Chris@0: end Chris@0: Chris@0: def is_diff? Chris@0: self.filename =~ /\.(patch|diff)$/i Chris@0: end Chris@0: Chris@0: # Returns true if the file is readable Chris@0: def readable? Chris@0: File.readable?(diskfile) Chris@0: end Chris@0: Chris@0: # Bulk attaches a set of files to an object Chris@0: # Chris@0: # Returns a Hash of the results: Chris@0: # :files => array of the attached files Chris@0: # :unsaved => array of the files that could not be attached Chris@0: def self.attach_files(obj, attachments) Chris@0: attached = [] Chris@0: if attachments && attachments.is_a?(Hash) Chris@0: attachments.each_value do |attachment| Chris@0: file = attachment['file'] Chris@0: next unless file && file.size > 0 Chris@0: a = Attachment.create(:container => obj, Chris@0: :file => file, Chris@0: :description => attachment['description'].to_s.strip, Chris@0: :author => User.current) Chris@0: Chris@0: if a.new_record? Chris@0: obj.unsaved_attachments ||= [] Chris@0: obj.unsaved_attachments << a Chris@0: else Chris@0: attached << a Chris@0: end Chris@0: end Chris@0: end Chris@0: {:files => attached, :unsaved => obj.unsaved_attachments} Chris@0: end Chris@0: Chris@0: private Chris@0: def sanitize_filename(value) Chris@0: # get only the filename, not the whole path Chris@0: just_filename = value.gsub(/^.*(\\|\/)/, '') Chris@0: # NOTE: File.basename doesn't work right with Windows paths on Unix Chris@0: # INCORRECT: just_filename = File.basename(value.gsub('\\\\', '/')) Chris@0: Chris@0: # Finally, replace all non alphanumeric, hyphens or periods with underscore Chris@0: @filename = just_filename.gsub(/[^\w\.\-]/,'_') Chris@0: end Chris@0: Chris@0: # Returns an ASCII or hashed filename Chris@0: def self.disk_filename(filename) Chris@0: timestamp = DateTime.now.strftime("%y%m%d%H%M%S") Chris@0: ascii = '' Chris@0: if filename =~ %r{^[a-zA-Z0-9_\.\-]*$} Chris@0: ascii = filename Chris@0: else Chris@0: ascii = Digest::MD5.hexdigest(filename) Chris@0: # keep the extension if any Chris@0: ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$} Chris@0: end Chris@0: while File.exist?(File.join(@@storage_path, "#{timestamp}_#{ascii}")) Chris@0: timestamp.succ! Chris@0: end Chris@0: "#{timestamp}_#{ascii}" Chris@0: end Chris@0: end