attachments_controller.rb 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. class AttachmentsController < ApplicationController
  3. prepend_before_action :authorize!, only: %i[show destroy]
  4. prepend_before_action :authentication_check, except: %i[show destroy]
  5. prepend_before_action :authentication_check_only, only: %i[show destroy]
  6. def show
  7. return render_calendar_preview if params[:preview].present? && params[:type] == 'calendar'
  8. view_type = params[:preview] ? 'preview' : nil
  9. send_data(
  10. download_file.content(view_type),
  11. filename: download_file.filename,
  12. type: download_file.content_type,
  13. disposition: download_file.disposition
  14. )
  15. end
  16. def create
  17. file = params[:File]
  18. content_type = file.content_type
  19. if !content_type || content_type == 'application/octet-stream'
  20. content_type = if MIME::Types.type_for(file.original_filename).first
  21. MIME::Types.type_for(file.original_filename).first.content_type
  22. else
  23. 'application/octet-stream'
  24. end
  25. end
  26. headers_store = {
  27. 'Content-Type' => content_type
  28. }
  29. store = Store.create!(
  30. object: 'UploadCache',
  31. o_id: params[:form_id],
  32. data: file.read,
  33. filename: file.original_filename,
  34. preferences: headers_store
  35. )
  36. render json: {
  37. success: true,
  38. data: {
  39. id: store.id,
  40. filename: file.original_filename,
  41. size: store.size,
  42. contentType: store.preferences['Content-Type']
  43. }
  44. }
  45. end
  46. def destroy
  47. Store.remove_item(download_file.id)
  48. render json: {
  49. success: true,
  50. }
  51. end
  52. def destroy_form
  53. Store.remove(
  54. object: 'UploadCache',
  55. o_id: params[:form_id],
  56. )
  57. render json: {
  58. success: true,
  59. }
  60. end
  61. private
  62. def render_calendar_preview
  63. render json: Service::Calendar::IcsFile::Parse.new(current_user:).execute(file: download_file), status: :ok
  64. rescue => e
  65. logger.error e
  66. render json: { error: e.message }, status: :unprocessable_entity
  67. end
  68. def user_not_authorized(e)
  69. not_found(e)
  70. end
  71. end