Class: Attachment

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Redmine::SafeAttributes
Defined in:
app/models/attachment.rb

Constant Summary collapse

@@storage_path =
Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")
@@thumbnails_storage_path =
File.join(Rails.root, "tmp", "thumbnails")

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.archive_attachments(attachments) ⇒ Object


381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
# File 'app/models/attachment.rb', line 381

def self.archive_attachments(attachments)
  attachments = attachments.select(&:readable?)
  return nil if attachments.blank?

  Zip.unicode_names = true
  archived_file_names = []
  buffer = Zip::OutputStream.write_buffer do |zos|
    attachments.each do |attachment|
      filename = attachment.filename
      # rename the file if a file with the same name already exists
      dup_count = 0
      while archived_file_names.include?(filename)
        dup_count += 1
        extname = File.extname(attachment.filename)
        basename = File.basename(attachment.filename, extname)
        filename = "#{basename}(#{dup_count})#{extname}"
      end
      zos.put_next_entry(filename)
      zos << IO.binread(attachment.diskfile)
      archived_file_names << filename
    end
  end
  buffer.string
ensure
  buffer&.close
end

.attach_files(obj, attachments) ⇒ Object

Bulk attaches a set of files to an object

Returns a Hash of the results: :files => array of the attached files :unsaved => array of the files that could not be attached


334
335
336
337
338
# File 'app/models/attachment.rb', line 334

def self.attach_files(obj, attachments)
  result = obj.save_attachments(attachments, User.current)
  obj.attach_saved_attachments
  result
end

.clear_thumbnailsObject

Deletes all thumbnails


266
267
268
269
270
# File 'app/models/attachment.rb', line 266

def self.clear_thumbnails
  Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
    File.delete file
  end
end

.disk_filename(filename, directory = nil) ⇒ Object

Returns an ASCII or hashed filename that do not exists yet in the given subdirectory


562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
# File 'app/models/attachment.rb', line 562

def disk_filename(filename, directory=nil)
  timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
  ascii = ''
  if %r{^[a-zA-Z0-9_\.\-]*$}.match?(filename) && filename.length <= 50
    ascii = filename
  else
    ascii = Digest::MD5.hexdigest(filename)
    # keep the extension if any
    ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
  end
  while File.exist?(File.join(storage_path, directory.to_s,
                              "#{timestamp}_#{ascii}"))
    timestamp.succ!
  end
  "#{timestamp}_#{ascii}"
end

.extension_in?(extension, extensions) ⇒ Boolean

Returns true if extension belongs to extensions list.

Returns:

  • (Boolean)

477
478
479
480
481
482
483
484
485
# File 'app/models/attachment.rb', line 477

def self.extension_in?(extension, extensions)
  extension = extension.downcase.sub(/\A\.+/, '')

  unless extensions.is_a?(Array)
    extensions = extensions.to_s.split(",").map(&:strip)
  end
  extensions = extensions.map {|s| s.downcase.sub(/\A\.+/, '')}.reject(&:blank?)
  extensions.include?(extension)
end

.find_by_token(token) ⇒ Object

Finds an attachment that matches the given token and that has no container


319
320
321
322
323
324
325
326
327
# File 'app/models/attachment.rb', line 319

def self.find_by_token(token)
  if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
    attachment_id, attachment_digest = $1, $2
    attachment = Attachment.find_by(:id => attachment_id, :digest => attachment_digest)
    if attachment && attachment.container.nil?
      attachment
    end
  end
end

.latest_attach(attachments, filename) ⇒ Object


369
370
371
372
373
374
375
# File 'app/models/attachment.rb', line 369

def self.latest_attach(attachments, filename)
  return unless filename.valid_encoding?

  attachments.sort_by{|attachment| [attachment.created_on, attachment.id]}.reverse.detect do |att|
    filename.casecmp?(att.filename)
  end
end

.move_from_root_to_target_directoryObject

Moves existing attachments that are stored at the root of the files directory (ie. created before Redmine 2.3) to their target subdirectories


433
434
435
436
437
# File 'app/models/attachment.rb', line 433

def self.move_from_root_to_target_directory
  Attachment.where("disk_directory IS NULL OR disk_directory = ''").find_each do |attachment|
    attachment.move_to_target_directory!
  end
end

.prune(age = 1.day) ⇒ Object


377
378
379
# File 'app/models/attachment.rb', line 377

def self.prune(age=1.day)
  Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
end

.update_attachments(attachments, params) ⇒ Object

Updates the filename and description of a set of attachments with the given hash of attributes. Returns true if all attachments were updated.

Example:

Attachment.update_attachments(attachments, {
  4 => {:filename => 'foo'},
  7 => {:filename => 'bar', :description => 'file description'}
})

350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
# File 'app/models/attachment.rb', line 350

def self.update_attachments(attachments, params)
  params = params.transform_keys {|key| key.to_i}

  saved = true
  transaction do
    attachments.each do |attachment|
      if p = params[attachment.id]
        attachment.filename = p[:filename] if p.key?(:filename)
        attachment.description = p[:description] if p.key?(:description)
        saved &&= attachment.save
      end
    end
    unless saved
      raise ActiveRecord::Rollback
    end
  end
  saved
end

.update_digests_to_sha256Object

Updates digests to SHA256 for all attachments that have a MD5 digest (ie. created before Redmine 3.4)


441
442
443
444
445
# File 'app/models/attachment.rb', line 441

def self.update_digests_to_sha256
  Attachment.where("length(digest) < 64").find_each do |attachment|
    attachment.update_digest_to_sha256!
  end
end

.valid_extension?(extension) ⇒ Boolean

Returns true if the extension is allowed regarding allowed/denied extensions defined in application settings, otherwise false

Returns:

  • (Boolean)

462
463
464
465
466
467
468
469
470
471
472
473
474
# File 'app/models/attachment.rb', line 462

def self.valid_extension?(extension)
  denied, allowed = [:attachment_extensions_denied, :attachment_extensions_allowed].map do |setting|
    Setting.send(setting)
  end
  if denied.present? && extension_in?(extension, denied)
    return false
  end
  if allowed.present? && !extension_in?(extension, allowed)
    return false
  end

  true
end

Instance Method Details

#copy(attributes = nil) ⇒ Object

Returns an unsaved copy of the attachment


93
94
95
96
97
98
# File 'app/models/attachment.rb', line 93

def copy(attributes=nil)
  copy = self.class.new
  copy.attributes = self.attributes.dup.except("id", "downloads")
  copy.attributes = attributes if attributes
  copy
end

#deletable?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)

217
218
219
220
221
222
223
# File 'app/models/attachment.rb', line 217

def deletable?(user=User.current)
  if container_id
    container && container.attachments_deletable?(user)
  else
    author == user
  end
end

#delete_from_diskObject

Deletes the file from the file system if it's not referenced by other attachments


174
175
176
177
178
# File 'app/models/attachment.rb', line 174

def delete_from_disk
  if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
    delete_from_disk!
  end
end

#digest_typeObject

returns either MD5 or SHA256 depending on the way self.digest was computed


493
494
495
# File 'app/models/attachment.rb', line 493

def digest_type
  digest.size < 64 ? "MD5" : "SHA256" if digest.present?
end

#diskfileObject

Returns file's location on disk


181
182
183
# File 'app/models/attachment.rb', line 181

def diskfile
  File.join(self.class.storage_path, disk_directory.to_s, disk_filename.to_s)
end

#editable?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)

209
210
211
212
213
214
215
# File 'app/models/attachment.rb', line 209

def editable?(user=User.current)
  if container_id
    container && container.attachments_editable?(user)
  else
    author == user
  end
end

#extension_in?(extensions) ⇒ Boolean

Returns true if attachment's extension belongs to extensions list.

Returns:

  • (Boolean)

488
489
490
# File 'app/models/attachment.rb', line 488

def extension_in?(extensions)
  self.class.extension_in?(File.extname(filename), extensions)
end

#fileObject


127
128
129
# File 'app/models/attachment.rb', line 127

def file
  nil
end

#file=(incoming_file) ⇒ Object


113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'app/models/attachment.rb', line 113

def file=(incoming_file)
  unless incoming_file.nil?
    @temp_file = incoming_file
    if @temp_file.respond_to?(:original_filename)
      self.filename = @temp_file.original_filename
      self.filename.force_encoding("UTF-8")
    end
    if @temp_file.respond_to?(:content_type)
      self.content_type = @temp_file.content_type.to_s.chomp
    end
    self.filesize = @temp_file.size
  end
end

#filename=(arg) ⇒ Object


131
132
133
134
# File 'app/models/attachment.rb', line 131

def filename=(arg)
  write_attribute :filename, sanitize_filename(arg.to_s)
  filename
end

#files_to_final_locationObject

Copies the temporary file to its final location and computes its MD5 hash


138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# File 'app/models/attachment.rb', line 138

def files_to_final_location
  if @temp_file
    self.disk_directory = target_directory
    self.disk_filename = Attachment.disk_filename(filename, disk_directory)
    logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)") if logger
    path = File.dirname(diskfile)
    unless File.directory?(path)
      FileUtils.mkdir_p(path)
    end
    sha = Digest::SHA256.new
    File.open(diskfile, "wb") do |f|
      if @temp_file.respond_to?(:read)
        buffer = ""
        while (buffer = @temp_file.read(8192))
          f.write(buffer)
          sha.update(buffer)
        end
      else
        f.write(@temp_file)
        sha.update(@temp_file)
      end
    end
    self.digest = sha.hexdigest
  end
  @temp_file = nil

  if content_type.blank? && filename.present?
    self.content_type = Redmine::MimeType.of(filename)
  end
  # Don't save the content type if it's longer than the authorized length
  if self.content_type && self.content_type.length > 255
    self.content_type = nil
  end
end

#image?Boolean

Returns:

  • (Boolean)

225
226
227
# File 'app/models/attachment.rb', line 225

def image?
  !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png)$/i)
end

#increment_downloadObject


193
194
195
# File 'app/models/attachment.rb', line 193

def increment_download
  increment!(:downloads)
end

#is_audio?Boolean

Returns:

  • (Boolean)

300
301
302
# File 'app/models/attachment.rb', line 300

def is_audio?
  Redmine::MimeType.is_type?('audio', filename)
end

#is_diff?Boolean

Returns:

  • (Boolean)

288
289
290
# File 'app/models/attachment.rb', line 288

def is_diff?
  /\.(patch|diff)$/i.match?(filename)
end

#is_image?Boolean

Returns:

  • (Boolean)

284
285
286
# File 'app/models/attachment.rb', line 284

def is_image?
  Redmine::MimeType.is_type?('image', filename)
end

#is_markdown?Boolean

Returns:

  • (Boolean)

276
277
278
# File 'app/models/attachment.rb', line 276

def is_markdown?
  Redmine::MimeType.of(filename) == 'text/markdown'
end

#is_pdf?Boolean

Returns:

  • (Boolean)

292
293
294
# File 'app/models/attachment.rb', line 292

def is_pdf?
  Redmine::MimeType.of(filename) == "application/pdf"
end

#is_text?Boolean

Returns:

  • (Boolean)

272
273
274
# File 'app/models/attachment.rb', line 272

def is_text?
  Redmine::MimeType.is_type?('text', filename) || Redmine::SyntaxHighlighting.filename_supported?(filename)
end

#is_textile?Boolean

Returns:

  • (Boolean)

280
281
282
# File 'app/models/attachment.rb', line 280

def is_textile?
  Redmine::MimeType.of(filename) == 'text/x-textile'
end

#is_video?Boolean

Returns:

  • (Boolean)

296
297
298
# File 'app/models/attachment.rb', line 296

def is_video?
  Redmine::MimeType.is_type?('video', filename)
end

#move_to_target_directory!Object

Moves an existing attachment to its target directory


409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
# File 'app/models/attachment.rb', line 409

def move_to_target_directory!
  return unless !new_record? & readable?

  src = diskfile
  self.disk_directory = target_directory
  dest = diskfile

  return if src == dest

  if !FileUtils.mkdir_p(File.dirname(dest))
    logger.error "Could not create directory #{File.dirname(dest)}" if logger
    return
  end

  if !FileUtils.mv(src, dest)
    logger.error "Could not move attachment from #{src} to #{dest}" if logger
    return
  end

  update_column :disk_directory, disk_directory
end

#previewable?Boolean

Returns:

  • (Boolean)

304
305
306
# File 'app/models/attachment.rb', line 304

def previewable?
  is_text? || is_image? || is_video? || is_audio?
end

#projectObject


197
198
199
# File 'app/models/attachment.rb', line 197

def project
  container.try(:project)
end

#readable?Boolean

Returns true if the file is readable

Returns:

  • (Boolean)

309
310
311
# File 'app/models/attachment.rb', line 309

def readable?
  disk_filename.present? && File.readable?(diskfile)
end

#thumbnail(options = {}) ⇒ Object

Returns the full path the attachment thumbnail, or nil if the thumbnail cannot be generated.


237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
# File 'app/models/attachment.rb', line 237

def thumbnail(options={})
  if thumbnailable? && readable?
    size = options[:size].to_i
    if size > 0
      # Limit the number of thumbnails per image
      size = (size / 50.0).ceil * 50
      # Maximum thumbnail size
      size = 800 if size > 800
    else
      size = Setting.thumbnails_size.to_i
    end
    size = 100 unless size > 0
    target = thumbnail_path(size)

    begin
      Redmine::Thumbnail.generate(self.diskfile, target, size, is_pdf?)
    rescue => e
      if logger
        logger.error(
          "An error occured while generating thumbnail for #{disk_filename} " \
            "to #{target}\nException was: #{e.message}"
        )
      end
      nil
    end
  end
end

#thumbnailable?Boolean

Returns:

  • (Boolean)

229
230
231
232
233
# File 'app/models/attachment.rb', line 229

def thumbnailable?
  Redmine::Thumbnail.convert_available? && (
    image? || (is_pdf? && Redmine::Thumbnail.gs_available?)
  )
end

#titleObject


185
186
187
188
189
190
191
# File 'app/models/attachment.rb', line 185

def title
  title = filename.dup
  if description.present?
    title << " (#{description})"
  end
  title
end

#tokenObject

Returns the attachment token


314
315
316
# File 'app/models/attachment.rb', line 314

def token
  "#{id}.#{digest}"
end

#update_digest_to_sha256!Object

Updates attachment digest to SHA256


448
449
450
451
452
453
454
455
456
457
458
# File 'app/models/attachment.rb', line 448

def update_digest_to_sha256!
  if readable?
    sha = Digest::SHA256.new
    File.open(diskfile, 'rb') do |f|
      while buffer = f.read(8192)
        sha.update(buffer)
      end
    end
    update_column :digest, sha.hexdigest
  end
end

#validate_file_extensionObject


106
107
108
109
110
111
# File 'app/models/attachment.rb', line 106

def validate_file_extension
  extension = File.extname(filename)
  unless self.class.valid_extension?(extension)
    errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
  end
end

#validate_max_file_sizeObject


100
101
102
103
104
# File 'app/models/attachment.rb', line 100

def validate_max_file_size
  if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
    errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
  end
end

#visible?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)

201
202
203
204
205
206
207
# File 'app/models/attachment.rb', line 201

def visible?(user=User.current)
  if container_id
    container && container.attachments_visible?(user)
  else
    author == user
  end
end