Class: Attachment

Inherits:
ApplicationRecord show all
Includes:
Redmine::SafeAttributes
Defined in:
app/models/attachment.rb

Constant Summary collapse

@@storage_path =
Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")
@@thumbnails_storage_path =
File.join(Rails.root, "tmp", "thumbnails")

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Methods inherited from ApplicationRecord

human_attribute_name

Class Method Details

.archive_attachments(attachments) ⇒ Object



378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
# File 'app/models/attachment.rb', line 378

def self.archive_attachments(attachments)
  attachments = attachments.select(&:readable?)
  return nil if attachments.blank?

  Zip.unicode_names = true
  archived_file_names = []
  buffer = Zip::OutputStream.write_buffer do |zos|
    attachments.each do |attachment|
      filename = attachment.filename
      # rename the file if a file with the same name already exists
      dup_count = 0
      while archived_file_names.include?(filename)
        dup_count += 1
        extname = File.extname(attachment.filename)
        basename = File.basename(attachment.filename, extname)
        filename = "#{basename}(#{dup_count})#{extname}"
      end
      zos.put_next_entry(filename)
      zos << IO.binread(attachment.diskfile)
      archived_file_names << filename
    end
  end
  buffer.string
ensure
  buffer&.close
end

.attach_files(obj, attachments) ⇒ Object

Bulk attaches a set of files to an object

Returns a Hash of the results: :files => array of the attached files :unsaved => array of the files that could not be attached



331
332
333
334
335
# File 'app/models/attachment.rb', line 331

def self.attach_files(obj, attachments)
  result = obj.save_attachments(attachments, User.current)
  obj.attach_saved_attachments
  result
end

.clear_thumbnailsObject

Deletes all thumbnails



263
264
265
266
267
# File 'app/models/attachment.rb', line 263

def self.clear_thumbnails
  Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
    File.delete file
  end
end

.create_diskfile(filename, directory = nil) ⇒ Object

Claims a unique ASCII or hashed filename, yields the open file handle



556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
# File 'app/models/attachment.rb', line 556

def create_diskfile(filename, directory=nil, &)
  timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
  ascii = ''
  if %r{^[a-zA-Z0-9_\.\-]*$}.match?(filename) && filename.length <= 50
    ascii = filename
  else
    ascii = ActiveSupport::Digest.hexdigest(filename)
    # keep the extension if any
    ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
  end

  path = File.join storage_path, directory.to_s
  FileUtils.mkdir_p(path) unless File.directory?(path)
  begin
    name = "#{timestamp}_#{ascii}"
    File.open(
      File.join(path, name),
      flags: File::CREAT | File::EXCL | File::WRONLY,
      binmode: true,
      &
    )
  rescue Errno::EEXIST
    timestamp.succ!
    retry
  end
end

.extension_in?(extension, extensions) ⇒ Boolean

Returns true if extension belongs to extensions list.

Returns:

  • (Boolean)


474
475
476
477
478
479
480
481
482
# File 'app/models/attachment.rb', line 474

def self.extension_in?(extension, extensions)
  extension = extension.downcase.sub(/\A\.+/, '')

  unless extensions.is_a?(Array)
    extensions = extensions.to_s.split(",").map(&:strip)
  end
  extensions = extensions.map {|s| s.downcase.sub(/\A\.+/, '')}.reject(&:blank?)
  extensions.include?(extension)
end

.find_by_token(token) ⇒ Object

Finds an attachment that matches the given token and that has no container



316
317
318
319
320
321
322
323
324
# File 'app/models/attachment.rb', line 316

def self.find_by_token(token)
  if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
    attachment_id, attachment_digest = $1, $2
    attachment = Attachment.find_by(:id => attachment_id, :digest => attachment_digest)
    if attachment && attachment.container.nil?
      attachment
    end
  end
end

.latest_attach(attachments, filename) ⇒ Object



366
367
368
369
370
371
372
# File 'app/models/attachment.rb', line 366

def self.latest_attach(attachments, filename)
  return unless filename.valid_encoding?

  attachments.sort_by{|attachment| [attachment.created_on, attachment.id]}.reverse.detect do |att|
    filename.casecmp?(att.filename)
  end
end

.move_from_root_to_target_directoryObject

Moves existing attachments that are stored at the root of the files directory (ie. created before Redmine 2.3) to their target subdirectories



430
431
432
433
434
# File 'app/models/attachment.rb', line 430

def self.move_from_root_to_target_directory
  Attachment.where("disk_directory IS NULL OR disk_directory = ''").find_each do |attachment|
    attachment.move_to_target_directory!
  end
end

.prune(age = 1.day) ⇒ Object



374
375
376
# File 'app/models/attachment.rb', line 374

def self.prune(age=1.day)
  Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
end

.update_attachments(attachments, params) ⇒ Object

Updates the filename and description of a set of attachments with the given hash of attributes. Returns true if all attachments were updated.

Example:

Attachment.update_attachments(attachments, {
  4 => {:filename => 'foo'},
  7 => {:filename => 'bar', :description => 'file description'}
})


347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
# File 'app/models/attachment.rb', line 347

def self.update_attachments(attachments, params)
  converted = {}
  params.each {|key, val| converted[key.to_i] = val}
  saved = true
  transaction do
    attachments.each do |attachment|
      if file = converted[attachment.id]
        attachment.filename = file[:filename] if file.key?(:filename)
        attachment.description = file[:description] if file.key?(:description)
        saved &&= attachment.save
      end
    end
    unless saved
      raise ActiveRecord::Rollback
    end
  end
  saved
end

.update_digests_to_sha256Object

Updates digests to SHA256 for all attachments that have a MD5 digest (ie. created before Redmine 3.4)



438
439
440
441
442
# File 'app/models/attachment.rb', line 438

def self.update_digests_to_sha256
  Attachment.where("length(digest) < 64").find_each do |attachment|
    attachment.update_digest_to_sha256!
  end
end

.valid_extension?(extension) ⇒ Boolean

Returns true if the extension is allowed regarding allowed/denied extensions defined in application settings, otherwise false

Returns:

  • (Boolean)


459
460
461
462
463
464
465
466
467
468
469
470
471
# File 'app/models/attachment.rb', line 459

def self.valid_extension?(extension)
  denied, allowed = [:attachment_extensions_denied, :attachment_extensions_allowed].map do |setting|
    Setting.send(setting)
  end
  if denied.present? && extension_in?(extension, denied)
    return false
  end
  if allowed.present? && !extension_in?(extension, allowed)
    return false
  end

  true
end

Instance Method Details

#copy(attributes = nil) ⇒ Object

Returns an unsaved copy of the attachment



94
95
96
97
98
99
# File 'app/models/attachment.rb', line 94

def copy(attributes=nil)
  copy = self.class.new
  copy.attributes = self.attributes.dup.except("id", "downloads")
  copy.attributes = attributes if attributes
  copy
end

#deletable?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)


214
215
216
217
218
219
220
# File 'app/models/attachment.rb', line 214

def deletable?(user=User.current)
  if container_id
    container && container.attachments_deletable?(user)
  else
    author == user
  end
end

#delete_from_diskObject

Deletes the file from the file system if it’s not referenced by other attachments



171
172
173
174
175
# File 'app/models/attachment.rb', line 171

def delete_from_disk
  if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
    delete_from_disk!
  end
end

#digest_typeObject

returns either MD5 or SHA256 depending on the way self.digest was computed



490
491
492
# File 'app/models/attachment.rb', line 490

def digest_type
  digest.size < 64 ? "MD5" : "SHA256" if digest.present?
end

#diskfileObject

Returns file’s location on disk



178
179
180
# File 'app/models/attachment.rb', line 178

def diskfile
  File.join(self.class.storage_path, disk_directory.to_s, disk_filename.to_s)
end

#editable?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)


206
207
208
209
210
211
212
# File 'app/models/attachment.rb', line 206

def editable?(user=User.current)
  if container_id
    container && container.attachments_editable?(user)
  else
    author == user
  end
end

#extension_in?(extensions) ⇒ Boolean

Returns true if attachment’s extension belongs to extensions list.

Returns:

  • (Boolean)


485
486
487
# File 'app/models/attachment.rb', line 485

def extension_in?(extensions)
  self.class.extension_in?(File.extname(filename), extensions)
end

#fileObject



128
129
130
# File 'app/models/attachment.rb', line 128

def file
  nil
end

#file=(incoming_file) ⇒ Object



114
115
116
117
118
119
120
121
122
123
124
125
126
# File 'app/models/attachment.rb', line 114

def file=(incoming_file)
  unless incoming_file.nil?
    @temp_file = incoming_file
    if @temp_file.respond_to?(:original_filename)
      self.filename = @temp_file.original_filename
      self.filename.force_encoding("UTF-8")
    end
    if @temp_file.respond_to?(:content_type)
      self.content_type = @temp_file.content_type.to_s.chomp
    end
    self.filesize = @temp_file.size
  end
end

#filename=(arg) ⇒ Object



132
133
134
135
# File 'app/models/attachment.rb', line 132

def filename=(arg)
  write_attribute :filename, sanitize_filename(arg.to_s)
  filename
end

#files_to_final_locationObject

Copies the temporary file to its final location and computes its hash



139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# File 'app/models/attachment.rb', line 139

def files_to_final_location
  if @temp_file
    self.disk_directory = target_directory
    sha = Digest::SHA256.new
    Attachment.create_diskfile(filename, disk_directory) do |f|
      self.disk_filename = File.basename f.path
      logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)") if logger
      if @temp_file.respond_to?(:read)
        buffer = ""
        while (buffer = @temp_file.read(8192))
          f.write(buffer)
          sha.update(buffer)
        end
      else
        f.write(@temp_file)
        sha.update(@temp_file)
      end
    end
    self.digest = sha.hexdigest
  end
  @temp_file = nil

  if content_type.blank? && filename.present?
    self.content_type = Redmine::MimeType.of(filename)
  end
  # Don't save the content type if it's longer than the authorized length
  if self.content_type && self.content_type.length > 255
    self.content_type = nil
  end
end

#image?Boolean

Returns:

  • (Boolean)


222
223
224
# File 'app/models/attachment.rb', line 222

def image?
  !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png|webp)$/i)
end

#increment_downloadObject



190
191
192
# File 'app/models/attachment.rb', line 190

def increment_download
  increment!(:downloads)
end

#is_audio?Boolean

Returns:

  • (Boolean)


297
298
299
# File 'app/models/attachment.rb', line 297

def is_audio?
  Redmine::MimeType.is_type?('audio', filename)
end

#is_diff?Boolean

Returns:

  • (Boolean)


285
286
287
# File 'app/models/attachment.rb', line 285

def is_diff?
  /\.(patch|diff)$/i.match?(filename)
end

#is_image?Boolean

Returns:

  • (Boolean)


281
282
283
# File 'app/models/attachment.rb', line 281

def is_image?
  Redmine::MimeType.is_type?('image', filename)
end

#is_markdown?Boolean

Returns:

  • (Boolean)


273
274
275
# File 'app/models/attachment.rb', line 273

def is_markdown?
  Redmine::MimeType.of(filename) == 'text/markdown'
end

#is_pdf?Boolean

Returns:

  • (Boolean)


289
290
291
# File 'app/models/attachment.rb', line 289

def is_pdf?
  Redmine::MimeType.of(filename) == "application/pdf"
end

#is_text?Boolean

Returns:

  • (Boolean)


269
270
271
# File 'app/models/attachment.rb', line 269

def is_text?
  Redmine::MimeType.is_type?('text', filename) || Redmine::SyntaxHighlighting.filename_supported?(filename)
end

#is_textile?Boolean

Returns:

  • (Boolean)


277
278
279
# File 'app/models/attachment.rb', line 277

def is_textile?
  Redmine::MimeType.of(filename) == 'text/x-textile'
end

#is_video?Boolean

Returns:

  • (Boolean)


293
294
295
# File 'app/models/attachment.rb', line 293

def is_video?
  Redmine::MimeType.is_type?('video', filename)
end

#move_to_target_directory!Object

Moves an existing attachment to its target directory



406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
# File 'app/models/attachment.rb', line 406

def move_to_target_directory!
  return unless !new_record? & readable?

  src = diskfile
  self.disk_directory = target_directory
  dest = diskfile

  return if src == dest

  unless FileUtils.mkdir_p(File.dirname(dest))
    logger.error "Could not create directory #{File.dirname(dest)}" if logger
    return
  end

  unless FileUtils.mv(src, dest)
    logger.error "Could not move attachment from #{src} to #{dest}" if logger
    return
  end

  update_column :disk_directory, disk_directory
end

#previewable?Boolean

Returns:

  • (Boolean)


301
302
303
# File 'app/models/attachment.rb', line 301

def previewable?
  is_text? || is_image? || is_video? || is_audio?
end

#projectObject



194
195
196
# File 'app/models/attachment.rb', line 194

def project
  container.try(:project)
end

#readable?Boolean

Returns true if the file is readable

Returns:

  • (Boolean)


306
307
308
# File 'app/models/attachment.rb', line 306

def readable?
  disk_filename.present? && File.readable?(diskfile)
end

#thumbnail(options = {}) ⇒ Object

Returns the full path the attachment thumbnail, or nil if the thumbnail cannot be generated.



234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
# File 'app/models/attachment.rb', line 234

def thumbnail(options={})
  if thumbnailable? && readable?
    size = options[:size].to_i
    if size > 0
      # Limit the number of thumbnails per image
      size = (size / 50.0).ceil * 50
      # Maximum thumbnail size
      size = 800 if size > 800
    else
      size = Setting.thumbnails_size.to_i
    end
    size = 100 unless size > 0
    target = thumbnail_path(size)

    begin
      Redmine::Thumbnail.generate(self.diskfile, target, size, is_pdf?)
    rescue => e
      if logger
        logger.error(
          "An error occured while generating thumbnail for #{disk_filename} " \
            "to #{target}\nException was: #{e.message}"
        )
      end
      nil
    end
  end
end

#thumbnailable?Boolean

Returns:

  • (Boolean)


226
227
228
229
230
# File 'app/models/attachment.rb', line 226

def thumbnailable?
  Redmine::Thumbnail.convert_available? && (
    image? || (is_pdf? && Redmine::Thumbnail.gs_available?)
  )
end

#titleObject



182
183
184
185
186
187
188
# File 'app/models/attachment.rb', line 182

def title
  title = filename.dup
  if description.present?
    title << " (#{description})"
  end
  title
end

#tokenObject

Returns the attachment token



311
312
313
# File 'app/models/attachment.rb', line 311

def token
  "#{id}.#{digest}"
end

#update_digest_to_sha256!Object

Updates attachment digest to SHA256



445
446
447
448
449
450
451
452
453
454
455
# File 'app/models/attachment.rb', line 445

def update_digest_to_sha256!
  if readable?
    sha = Digest::SHA256.new
    File.open(diskfile, 'rb') do |f|
      while buffer = f.read(8192)
        sha.update(buffer)
      end
    end
    update_column :digest, sha.hexdigest
  end
end

#validate_file_extensionObject



107
108
109
110
111
112
# File 'app/models/attachment.rb', line 107

def validate_file_extension
  extension = File.extname(filename)
  unless self.class.valid_extension?(extension)
    errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
  end
end

#validate_max_file_sizeObject



101
102
103
104
105
# File 'app/models/attachment.rb', line 101

def validate_max_file_size
  if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
    errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
  end
end

#visible?(user = User.current) ⇒ Boolean

Returns:

  • (Boolean)


198
199
200
201
202
203
204
# File 'app/models/attachment.rb', line 198

def visible?(user=User.current)
  if container_id
    container && container.attachments_visible?(user)
  else
    author == user
  end
end