2013-02-05 14:16:51 -05:00
class UploadsController < ApplicationController
2013-09-06 19:18:42 +02:00
before_filter :ensure_logged_in , except : [ :show ]
2014-08-04 16:43:57 +10:00
skip_before_filter :check_xhr , only : [ :show ]
2013-04-03 01:17:17 +02:00
2013-02-05 14:16:51 -05:00
def create
file = params [ :file ] || params [ :files ] . first
2013-06-15 09:54:49 +02:00
2013-07-24 00:54:18 +02:00
filesize = File . size ( file . tempfile )
2014-04-15 17:15:47 +02:00
upload = Upload . create_for ( current_user . id , file . tempfile , file . original_filename , filesize , { content_type : file . content_type } )
2013-06-15 09:54:49 +02:00
2014-04-14 22:55:57 +02:00
if upload . errors . empty?
render_serialized ( upload , UploadSerializer , root : false )
else
render status : 422 , text : upload . errors . full_messages
end
2013-02-05 14:16:51 -05:00
end
2013-06-05 00:34:53 +02:00
2013-09-06 19:18:42 +02:00
def show
2014-05-14 10:51:09 +10:00
return render_404 if ! RailsMultisite :: ConnectionManagement . has_db? ( params [ :site ] )
2014-03-25 10:37:31 +11:00
RailsMultisite :: ConnectionManagement . with_connection ( params [ :site ] ) do | db |
2014-05-14 10:51:09 +10:00
return render_404 unless Discourse . store . internal?
2014-09-09 18:40:11 +02:00
return render_404 if SiteSetting . prevent_anons_from_downloading_files && current_user . nil?
2013-09-06 19:18:42 +02:00
2014-03-25 10:37:31 +11:00
id = params [ :id ] . to_i
url = request . fullpath
2013-09-06 19:18:42 +02:00
2014-03-25 10:37:31 +11:00
# the "url" parameter is here to prevent people from scanning the uploads using the id
2014-05-06 14:41:59 +01:00
if upload = Upload . find_by ( id : id , url : url )
2014-04-14 22:55:57 +02:00
send_file ( Discourse . store . path_for ( upload ) , filename : upload . original_filename )
else
2014-05-14 10:51:09 +10:00
render_404
2014-04-14 22:55:57 +02:00
end
2014-03-25 10:37:31 +11:00
end
2013-09-06 19:18:42 +02:00
end
2014-05-14 10:51:09 +10:00
protected
def render_404
render nothing : true , status : 404
end
2013-02-05 14:16:51 -05:00
end