Class: Attachment

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
Redmine::SafeAttributes
Defined in:
app/models/attachment.rb

Constant Summary collapse

@@storage_path =
Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")
@@thumbnails_storage_path =
File.join(Rails.root, "tmp", "thumbnails")

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.archive_attachments(attachments) ⇒ Object


377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
# File 'app/models/attachment.rb', line 377

def self.archive_attachments(attachments)
  attachments = attachments.select(&:readable?)
  return nil if attachments.blank?

  Zip.unicode_names = true
  archived_file_names = []
  buffer = Zip::OutputStream.write_buffer do |zos|
    attachments.each do |attachment|
      filename = attachment.filename
      # rename the file if a file with the same name already exists
      dup_count = 0
      while archived_file_names.include?(filename)
        dup_count += 1
        extname = File.extname(attachment.filename)
        basename = File.basename(attachment.filename, extname)
        filename = "#{basename}(#{dup_count})#{extname}"
      end
      zos.put_next_entry(filename)
      zos << IO.binread(attachment.diskfile)
      archived_file_names << filename
    end
  end
  buffer.string
ensure
  buffer&.close
end

.attach_files(obj, attachments) ⇒ Object

Bulk attaches a set of files to an object

Returns a Hash of the results: :files => array of the attached files :unsaved => array of the files that could not be attached


330
331
332
333
334
# File 'app/models/attachment.rb', line 330

def self.attach_files(obj, attachments)
  result = obj.save_attachments(attachments, User.current)
  obj.attach_saved_attachments
  result
end

.clear_thumbnailsObject

Deletes all thumbnails


262
263
264
265
266
# File 'app/models/attachment.rb', line 262

def self.clear_thumbnails
  Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
    File.delete file
  end
end

.create_diskfile(filename, directory = nil, &block) ⇒ Object

Claims a unique ASCII or hashed filename, yields the open file handle


557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
# File 'app/models/attachment.rb', line 557

def create_diskfile(filename, directory=nil, &block)
  timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
  ascii = ''
  if %r{^[a-zA-Z0-9_\.\-]*$}.match?(filename) && filename.length <= 50
    ascii = filename
  else
    ascii = Digest::MD5.hexdigest(filename)
    # keep the extension if any
    ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
  end

  path = File.join storage_path, directory.to_s
  FileUtils.mkdir_p(path) unless File.directory?(path)
  begin
    name = "#{timestamp}_#{ascii}"
    File.open(
      File.join(path, name),
      flags: File::CREAT | File::EXCL | File::WRONLY,
      binmode: true,
      &block
    )
  rescue Errno::EEXIST
    timestamp.succ!
    retry
  end
end

.extension_in?(extension, extensions) ⇒ Boolean

Returns true if extension belongs to extensions list.

Returns:

  • (Boolean)

473
474
475
476
477
478
479
480
481
# File 'app/models/attachment.rb', line 473

def self.extension_in?(extension, extensions)
  extension = extension.downcase.sub(/\A\.+/, '')

  unless extensions.is_a?(Array)
    extensions = extensions.to_s.split(",").map(&:strip)
  end
  extensions = extensions.map {|s| s.downcase.sub(/\A\.+/, '')}.reject(&:blank?)
  extensions.include?(extension)
end

.find_by_token(token) ⇒ Object

Finds an attachment that matches the given token and that has no container


315
316
317
318
319
320
321
322
323
# File 'app/models/attachment.rb', line 315

def self.find_by_token(token)
  if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
    attachment_id, attachment_digest = $1, $2
    attachment = Attachment.find_by(:id => attachment_id, :digest => attachment_digest)
    if attachment && attachment.container.nil?
      attachment
    end
  end
end

.latest_attach(attachments, filename) ⇒ Object


365
366
367
368
369
370
371
# File 'app/models/attachment.rb', line 365

def self.latest_attach(attachments, filename)
  return unless filename.valid_encoding?

  attachments.sort_by{|attachment| [attachment.created_on, attachment.id]}.reverse.detect do |att|
    filename.casecmp?(att.filename)
  end
end

.move_from_root_to_target_directoryObject

Moves existing attachments that are stored at the root of the files directory (ie. created before Redmine 2.3) to their target subdirectories


429
430
431
432
433
# File 'app/models/attachment.rb', line 429

def self.move_from_root_to_target_directory
  Attachment.where("disk_directory IS NULL OR disk_directory = ''").find_each do |attachment|
    attachment.move_to_target_directory!
  end
end

.prune(age = 1.day) ⇒ Object


373
374
375
# File 'app/models/attachment.rb', line 373

def self.prune(age=1.day)
  Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
end

.update_attachments(attachments, params) ⇒ Object

Updates the filename and description of a set of attachments with the given hash of attributes. Returns true if all attachments were updated.

Example:

Attachment.update_attachments(attachments, {
  4 => {:filename => 'foo'},
  7 => {:filename => 'bar', :description => 'file description'}
})

346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
# File 'app/models/attachment.rb', line 346

def self.update_attachments(attachments, params)
  params = params.transform_keys {|key| key.to_i}

  saved = true
  transaction do
    attachments.each do |attachment|
      if p = params[attachment.id]
        attachment.filename = p[:filename] if p.key?(:filename)
        attachment.description = p[:description] if p.key?(:description)
        saved &&= attachment.save
      end
    end
    unless saved
      raise ActiveRecord::Rollback
    end
  end
  saved
end

.update_digests_to_sha256Object

Updates digests to SHA256 for all attachments that have a MD5 digest (ie. created before Redmine 3.4)


437
438
439
440
441
# File 'app/models/attachment.rb', line 437

def self.update_digests_to_sha256
  Attachment.where("length(digest) < 64").find_each do |attachment|
    attachment.update_digest_to_sha256!
  end
end

.valid_extension?(extension) ⇒ Boolean

Returns true if the extension is allowed regarding allowed/denied extensions defined in application settings, otherwise false

Returns:

  • (Boolean)

458
459
460
461
462
463
464
465
466
467
468
469
470
# File 'app/models/attachment.rb', line 458

def self.valid_extension?(extension)
  denied, allowed = [:attachment_extensions_denied, :attachment_extensions_allowed].map do |setting|
    Setting.send(setting)
  end
  if denied.present? && extension_in?(extension, denied)
    return false
  end
  if allowed.present? && !extension_in?(extension, allowed)
    return false
  end

  true
end

Instance Method Details

#copy(attributes = nil) ⇒ Object

Returns an unsaved copy of the attachment


93
94
95
96
97
98
# File 'app/models/attachment.rb', line 93

def copy(attributes=nil)
  copy = self.class.new
  copy.attributes = self.attributes.dup.except("id", "downloads")
  copy.attributes = attributes if attributes
  copy
end

#deletable?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)

213
214
215
216
217
218
219
# File 'app/models/attachment.rb', line 213

def deletable?(user=User.current)
  if container_id
    container && container.attachments_deletable?(user)
  else
    author == user
  end
end

#delete_from_diskObject

Deletes the file from the file system if it's not referenced by other attachments


170
171
172
173
174
# File 'app/models/attachment.rb', line 170

def delete_from_disk
  if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
    delete_from_disk!
  end
end

#digest_typeObject

returns either MD5 or SHA256 depending on the way self.digest was computed


489
490
491
# File 'app/models/attachment.rb', line 489

def digest_type
  digest.size < 64 ? "MD5" : "SHA256" if digest.present?
end

#diskfileObject

Returns file's location on disk


177
178
179
# File 'app/models/attachment.rb', line 177

def diskfile
  File.join(self.class.storage_path, disk_directory.to_s, disk_filename.to_s)
end

#editable?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)

205
206
207
208
209
210
211
# File 'app/models/attachment.rb', line 205

def editable?(user=User.current)
  if container_id
    container && container.attachments_editable?(user)
  else
    author == user
  end
end

#extension_in?(extensions) ⇒ Boolean

Returns true if attachment's extension belongs to extensions list.

Returns:

  • (Boolean)

484
485
486
# File 'app/models/attachment.rb', line 484

def extension_in?(extensions)
  self.class.extension_in?(File.extname(filename), extensions)
end

#fileObject


127
128
129
# File 'app/models/attachment.rb', line 127

def file
  nil
end

#file=(incoming_file) ⇒ Object


113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'app/models/attachment.rb', line 113

def file=(incoming_file)
  unless incoming_file.nil?
    @temp_file = incoming_file
    if @temp_file.respond_to?(:original_filename)
      self.filename = @temp_file.original_filename
      self.filename.force_encoding("UTF-8")
    end
    if @temp_file.respond_to?(:content_type)
      self.content_type = @temp_file.content_type.to_s.chomp
    end
    self.filesize = @temp_file.size
  end
end

#filename=(arg) ⇒ Object


131
132
133
134
# File 'app/models/attachment.rb', line 131

def filename=(arg)
  write_attribute :filename, sanitize_filename(arg.to_s)
  filename
end

#files_to_final_locationObject

Copies the temporary file to its final location and computes its MD5 hash


138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# File 'app/models/attachment.rb', line 138

def files_to_final_location
  if @temp_file
    self.disk_directory = target_directory
    sha = Digest::SHA256.new
    Attachment.create_diskfile(filename, disk_directory) do |f|
      self.disk_filename = File.basename f.path
      logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)") if logger
      if @temp_file.respond_to?(:read)
        buffer = ""
        while (buffer = @temp_file.read(8192))
          f.write(buffer)
          sha.update(buffer)
        end
      else
        f.write(@temp_file)
        sha.update(@temp_file)
      end
    end
    self.digest = sha.hexdigest
  end
  @temp_file = nil

  if content_type.blank? && filename.present?
    self.content_type = Redmine::MimeType.of(filename)
  end
  # Don't save the content type if it's longer than the authorized length
  if self.content_type && self.content_type.length > 255
    self.content_type = nil
  end
end

#image?Boolean

Returns:

  • (Boolean)

221
222
223
# File 'app/models/attachment.rb', line 221

def image?
  !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png)$/i)
end

#increment_downloadObject


189
190
191
# File 'app/models/attachment.rb', line 189

def increment_download
  increment!(:downloads)
end

#is_audio?Boolean

Returns:

  • (Boolean)

296
297
298
# File 'app/models/attachment.rb', line 296

def is_audio?
  Redmine::MimeType.is_type?('audio', filename)
end

#is_diff?Boolean

Returns:

  • (Boolean)

284
285
286
# File 'app/models/attachment.rb', line 284

def is_diff?
  /\.(patch|diff)$/i.match?(filename)
end

#is_image?Boolean

Returns:

  • (Boolean)

280
281
282
# File 'app/models/attachment.rb', line 280

def is_image?
  Redmine::MimeType.is_type?('image', filename)
end

#is_markdown?Boolean

Returns:

  • (Boolean)

272
273
274
# File 'app/models/attachment.rb', line 272

def is_markdown?
  Redmine::MimeType.of(filename) == 'text/markdown'
end

#is_pdf?Boolean

Returns:

  • (Boolean)

288
289
290
# File 'app/models/attachment.rb', line 288

def is_pdf?
  Redmine::MimeType.of(filename) == "application/pdf"
end

#is_text?Boolean

Returns:

  • (Boolean)

268
269
270
# File 'app/models/attachment.rb', line 268

def is_text?
  Redmine::MimeType.is_type?('text', filename) || Redmine::SyntaxHighlighting.filename_supported?(filename)
end

#is_textile?Boolean

Returns:

  • (Boolean)

276
277
278
# File 'app/models/attachment.rb', line 276

def is_textile?
  Redmine::MimeType.of(filename) == 'text/x-textile'
end

#is_video?Boolean

Returns:

  • (Boolean)

292
293
294
# File 'app/models/attachment.rb', line 292

def is_video?
  Redmine::MimeType.is_type?('video', filename)
end

#move_to_target_directory!Object

Moves an existing attachment to its target directory


405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
# File 'app/models/attachment.rb', line 405

def move_to_target_directory!
  return unless !new_record? & readable?

  src = diskfile
  self.disk_directory = target_directory
  dest = diskfile

  return if src == dest

  if !FileUtils.mkdir_p(File.dirname(dest))
    logger.error "Could not create directory #{File.dirname(dest)}" if logger
    return
  end

  if !FileUtils.mv(src, dest)
    logger.error "Could not move attachment from #{src} to #{dest}" if logger
    return
  end

  update_column :disk_directory, disk_directory
end

#previewable?Boolean

Returns:

  • (Boolean)

300
301
302
# File 'app/models/attachment.rb', line 300

def previewable?
  is_text? || is_image? || is_video? || is_audio?
end

#projectObject


193
194
195
# File 'app/models/attachment.rb', line 193

def project
  container.try(:project)
end

#readable?Boolean

Returns true if the file is readable

Returns:

  • (Boolean)

305
306
307
# File 'app/models/attachment.rb', line 305

def readable?
  disk_filename.present? && File.readable?(diskfile)
end

#thumbnail(options = {}) ⇒ Object

Returns the full path the attachment thumbnail, or nil if the thumbnail cannot be generated.


233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
# File 'app/models/attachment.rb', line 233

def thumbnail(options={})
  if thumbnailable? && readable?
    size = options[:size].to_i
    if size > 0
      # Limit the number of thumbnails per image
      size = (size / 50.0).ceil * 50
      # Maximum thumbnail size
      size = 800 if size > 800
    else
      size = Setting.thumbnails_size.to_i
    end
    size = 100 unless size > 0
    target = thumbnail_path(size)

    begin
      Redmine::Thumbnail.generate(self.diskfile, target, size, is_pdf?)
    rescue => e
      if logger
        logger.error(
          "An error occured while generating thumbnail for #{disk_filename} " \
            "to #{target}\nException was: #{e.message}"
        )
      end
      nil
    end
  end
end

#thumbnailable?Boolean

Returns:

  • (Boolean)

225
226
227
228
229
# File 'app/models/attachment.rb', line 225

def thumbnailable?
  Redmine::Thumbnail.convert_available? && (
    image? || (is_pdf? && Redmine::Thumbnail.gs_available?)
  )
end

#titleObject


181
182
183
184
185
186
187
# File 'app/models/attachment.rb', line 181

def title
  title = filename.dup
  if description.present?
    title << " (#{description})"
  end
  title
end

#tokenObject

Returns the attachment token


310
311
312
# File 'app/models/attachment.rb', line 310

def token
  "#{id}.#{digest}"
end

#update_digest_to_sha256!Object

Updates attachment digest to SHA256


444
445
446
447
448
449
450
451
452
453
454
# File 'app/models/attachment.rb', line 444

def update_digest_to_sha256!
  if readable?
    sha = Digest::SHA256.new
    File.open(diskfile, 'rb') do |f|
      while buffer = f.read(8192)
        sha.update(buffer)
      end
    end
    update_column :digest, sha.hexdigest
  end
end

#validate_file_extensionObject


106
107
108
109
110
111
# File 'app/models/attachment.rb', line 106

def validate_file_extension
  extension = File.extname(filename)
  unless self.class.valid_extension?(extension)
    errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
  end
end

#validate_max_file_sizeObject


100
101
102
103
104
# File 'app/models/attachment.rb', line 100

def validate_max_file_size
  if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
    errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
  end
end

#visible?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)

197
198
199
200
201
202
203
# File 'app/models/attachment.rb', line 197

def visible?(user=User.current)
  if container_id
    container && container.attachments_visible?(user)
  else
    author == user
  end
end