Главная Обзор Помощь
Вход
SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git
1
0
Ответвить 0
Файлы
Дерево: d1ed72a071
Ветки Метки
zammad
/
app
/
controllers
/
attachments_controller.rb

attachments_controller.rb 2.2 KB
История Исходник

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. class AttachmentsController < ApplicationController
    2. 

  2.   prepend_before_action :authentication_check, except: :show
    3. 

  3.   before_action :verify_object_permissions, only: %i[show destroy]
    4. 

  4. 

  5.   def show
    6. 

  6.     content   = @file.content_preview if params[:preview] && @file.preferences[:content_preview]
    7. 

  7.     content ||= @file.content
    8. 

  8. 

  9.     send_data(
    10. 

  10.       content,
    11. 

  11.       filename:    @file.filename,
    12. 

  12.       type:        @file.preferences['Content-Type'] || @file.preferences['Mime-Type'] || 'application/octet-stream',
    13. 

  13.       disposition: sanitized_disposition
    14. 

  14.     )
    15. 

  15.   end
    16. 

  16. 

  17.   def create
    18. 

  18.     file = params[:File]
    19. 

  19.     content_type = file.content_type
    20. 

  20. 

  21.     if !content_type || content_type == 'application/octet-stream'
    22. 

  22.       content_type = if MIME::Types.type_for(file.original_filename).first
    23. 

  23.                        MIME::Types.type_for(file.original_filename).first.content_type
    24. 

  24.                      else
    25. 

  25.                        'application/octet-stream'
    26. 

  26.                      end
    27. 

  27.     end
    28. 

  28. 

  29.     headers_store = {
    30. 

  30.       'Content-Type' => content_type
    31. 

  31.     }
    32. 

  32. 

  33.     store = Store.add(
    34. 

  34.       object:      'UploadCache',
    35. 

  35.       o_id:        params[:form_id],
    36. 

  36.       data:        file.read,
    37. 

  37.       filename:    file.original_filename,
    38. 

  38.       preferences: headers_store
    39. 

  39.     )
    40. 

  40. 

  41.     render json: {
    42. 

  42.       success: true,
    43. 

  43.       data:    {
    44. 

  44.         id:       store.id,
    45. 

  45.         filename: file.original_filename,
    46. 

  46.         size:     store.size,
    47. 

  47.       }
    48. 

  48.     }
    49. 

  49.   end
    50. 

  50. 

  51.   def destroy
    52. 

  52.     Store.remove_item(@file.id)
    53. 

  53. 

  54.     render json: {
    55. 

  55.       success: true,
    56. 

  56.     }
    57. 

  57.   end
    58. 

  58. 

  59.   def destroy_form
    60. 

  60.     Store.remove(
    61. 

  61.       object: 'UploadCache',
    62. 

  62.       o_id:   params[:form_id],
    63. 

  63.     )
    64. 

  64. 

  65.     render json: {
    66. 

  66.       success: true,
    67. 

  67.     }
    68. 

  68.   end
    69. 

  69. 

  70.   private
    71. 

  71. 

  72.   def sanitized_disposition
    73. 

  73.     disposition = params.fetch(:disposition, 'inline')
    74. 

  74.     valid_disposition = %w[inline attachment]
    75. 

  75.     return disposition if valid_disposition.include?(disposition)
    76. 

  76. 

  77.     raise Exceptions::NotAuthorized, "Invalid disposition #{disposition} requested. Only #{valid_disposition.join(', ')} are valid."
    78. 

  78.   end
    79. 

  79. 

  80.   def verify_object_permissions
    81. 

  81.     @file = Store.find(params[:id])
    82. 

  82. 

  83.     klass = @file&.store_object&.name&.safe_constantize
    84. 

  84.     return if klass.send("can_#{params[:action]}_attachment?", @file, current_user)
    85. 

  85. 

  86.     raise ActiveRecord::RecordNotFound
    87. 

  87.   end
    88. 

  88. end
    89.