2015-02-20 12:13:48 +00:00
|
|
|
class UploadsController < ApplicationController
|
2015-02-24 13:54:32 +00:00
|
|
|
skip_before_filter :authenticate_user!, :reject_blocked!
|
2015-02-24 03:35:42 +00:00
|
|
|
before_filter :authorize_access
|
|
|
|
|
2015-02-20 12:13:48 +00:00
|
|
|
def show
|
2015-03-03 02:11:50 +00:00
|
|
|
unless upload_model && upload_mount
|
|
|
|
return not_found!
|
|
|
|
end
|
2015-02-20 12:13:48 +00:00
|
|
|
|
2015-03-03 02:11:50 +00:00
|
|
|
model = upload_model.find(params[:id])
|
|
|
|
uploader = model.send(upload_mount)
|
2015-02-20 14:37:37 +00:00
|
|
|
|
2015-03-03 02:11:50 +00:00
|
|
|
if model.respond_to?(:project) && !can?(current_user, :read_project, model.project)
|
|
|
|
return not_found!
|
|
|
|
end
|
2015-02-20 14:37:37 +00:00
|
|
|
|
2015-03-03 02:11:50 +00:00
|
|
|
unless uploader.file_storage?
|
|
|
|
return redirect_to uploader.url
|
|
|
|
end
|
|
|
|
|
|
|
|
unless uploader.file.exists?
|
|
|
|
return not_found!
|
|
|
|
end
|
2015-02-20 14:37:37 +00:00
|
|
|
|
|
|
|
disposition = uploader.image? ? 'inline' : 'attachment'
|
|
|
|
send_file uploader.file.path, disposition: disposition
|
2015-02-20 12:13:48 +00:00
|
|
|
end
|
2015-02-24 03:35:42 +00:00
|
|
|
|
2015-03-03 02:11:50 +00:00
|
|
|
private
|
|
|
|
|
2015-02-24 03:35:42 +00:00
|
|
|
def authorize_access
|
|
|
|
unless params[:mounted_as] == 'avatar'
|
2015-02-24 13:54:32 +00:00
|
|
|
authenticate_user! && reject_blocked!
|
2015-02-24 03:35:42 +00:00
|
|
|
end
|
|
|
|
end
|
2015-03-03 02:11:50 +00:00
|
|
|
|
|
|
|
def upload_model
|
|
|
|
upload_models = {
|
|
|
|
user: User,
|
|
|
|
project: Project,
|
|
|
|
note: Note,
|
|
|
|
group: Group
|
|
|
|
}
|
|
|
|
|
|
|
|
upload_models[params[:model].to_sym]
|
|
|
|
end
|
|
|
|
|
|
|
|
def upload_mount
|
|
|
|
upload_mounts = %w(avatar attachment file)
|
|
|
|
|
|
|
|
if upload_mounts.include?(params[:mounted_as])
|
|
|
|
params[:mounted_as]
|
|
|
|
end
|
|
|
|
end
|
2015-02-20 12:13:48 +00:00
|
|
|
end
|