2013-02-05 14:16:51 -05:00
class UploadsController < ApplicationController
2013-09-06 19:18:42 +02:00
before_filter :ensure_logged_in , except : [ :show ]
2015-05-20 17:12:16 +10:00
skip_before_filter :preload_json , :check_xhr , only : [ :show ]
2013-04-03 01:17:17 +02:00
2013-02-05 14:16:51 -05:00
def create
2015-05-20 01:39:58 +02:00
type = params . require ( :type )
2013-02-05 14:16:51 -05:00
file = params [ :file ] || params [ :files ] . first
2015-05-20 01:39:58 +02:00
url = params [ :url ]
2015-05-28 15:08:54 +10:00
client_id = params [ :client_id ]
2015-06-15 16:12:15 +02:00
synchronous = is_api? && params [ :synchronous ]
2015-05-20 01:39:58 +02:00
2015-06-15 16:12:15 +02:00
# HACK FOR IE9 to prevent the "download dialog"
response . headers [ " Content-Type " ] = " text/plain " if request . user_agent =~ / MSIE 9 /
2015-05-26 15:54:25 +02:00
2015-06-15 16:12:15 +02:00
if synchronous
data = create_upload ( type , file , url )
render json : data . as_json
else
Scheduler :: Defer . later ( " Create Upload " ) do
data = create_upload ( type , file , url )
2015-05-28 15:08:54 +10:00
MessageBus . publish ( " /uploads/ #{ type } " , data . as_json , client_ids : [ client_id ] )
2015-05-20 17:38:06 +02:00
end
2015-06-15 16:12:15 +02:00
render json : success_json
2014-09-23 15:50:26 +10:00
end
2013-02-05 14:16:51 -05:00
end
2013-06-05 00:34:53 +02:00
2013-09-06 19:18:42 +02:00
def show
2014-05-14 10:51:09 +10:00
return render_404 if ! RailsMultisite :: ConnectionManagement . has_db? ( params [ :site ] )
2014-03-25 10:37:31 +11:00
RailsMultisite :: ConnectionManagement . with_connection ( params [ :site ] ) do | db |
2014-05-14 10:51:09 +10:00
return render_404 unless Discourse . store . internal?
2014-09-09 18:40:11 +02:00
return render_404 if SiteSetting . prevent_anons_from_downloading_files && current_user . nil?
2013-09-06 19:18:42 +02:00
2015-05-20 15:32:31 +02:00
if upload = Upload . find_by ( sha1 : params [ :sha ] ) || Upload . find_by ( id : params [ :id ] , url : request . env [ " PATH_INFO " ] )
2015-05-19 12:31:12 +02:00
opts = { filename : upload . original_filename }
2014-11-13 08:50:55 +11:00
opts [ :disposition ] = 'inline' if params [ :inline ]
2015-05-19 12:31:12 +02:00
send_file ( Discourse . store . path_for ( upload ) , opts )
2014-04-14 22:55:57 +02:00
else
2014-05-14 10:51:09 +10:00
render_404
2014-04-14 22:55:57 +02:00
end
2014-03-25 10:37:31 +11:00
end
2013-09-06 19:18:42 +02:00
end
2014-05-14 10:51:09 +10:00
protected
def render_404
render nothing : true , status : 404
end
2015-06-15 16:12:15 +02:00
def create_upload ( type , file , url )
begin
# API can provide a URL
if file . nil? && url . present? && is_api?
tempfile = FileHelper . download ( url , SiteSetting . max_image_size_kb . kilobytes , " discourse-upload- #{ type } " ) rescue nil
filename = File . basename ( URI . parse ( file ) . path )
else
tempfile = file . tempfile
filename = file . original_filename
content_type = file . content_type
end
# when we're dealing with an avatar, crop it to its maximum size
if type == " avatar " && FileHelper . is_image? ( filename )
max = Discourse . avatar_sizes . max
OptimizedImage . resize ( tempfile . path , tempfile . path , max , max , allow_animation : SiteSetting . allow_animated_avatars )
end
upload = Upload . create_for ( current_user . id , tempfile , filename , tempfile . size , content_type : content_type )
if upload . errors . empty? && current_user . admin?
retain_hours = params [ :retain_hours ] . to_i
upload . update_columns ( retain_hours : retain_hours ) if retain_hours > 0
end
if upload . errors . empty? && FileHelper . is_image? ( filename )
Jobs . enqueue ( :create_thumbnails , upload_id : upload . id , type : type , user_id : params [ :user_id ] )
end
upload . errors . empty? ? upload : { errors : upload . errors . values . flatten }
ensure
tempfile . try ( :close! ) rescue nil
end
end
2013-02-05 14:16:51 -05:00
end
