Module: UploadsActions

Extended by:
ActiveSupport::Concern
Includes:
Gitlab::Utils::StrongMemoize, SendFileUpload
Included in:
Groups::UploadsController, Projects::UploadsController, UploadsController
Defined in:
app/controllers/concerns/uploads_actions.rb

Constant Summary collapse

UPLOAD_MOUNTS = 
%w[avatar attachment file logo pwa_icon header_logo favicon screenshot].freeze

Instance Method Summary collapse

Methods included from SendFileUpload

#cdn_fronted_url, #content_type_for, #guess_content_type, #send_upload

Instance Method Details

#authorizeObject 



60
61
62
63
64
65
66
67
68
69
70
 
# File 'app/controllers/concerns/uploads_actions.rb', line 60

def authorize
  set_workhorse_internal_api_content_type

  authorized = uploader_class.workhorse_authorize(
    has_length: false,
    maximum_size: Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i)

  render json: authorized
rescue SocketError
  render json: _("Error uploading file"), status: :internal_server_error
end

#createObject 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'app/controllers/concerns/uploads_actions.rb', line 19

def create
  uploader = UploadService.new(model, params[:file], uploader_class).execute

  respond_to do |format|
    if uploader
      format.json do
        render json: { link: uploader.to_h }
      end
    else
      format.json do
        render json: _('Invalid file.'), status: :unprocessable_entity
      end
    end
  end
end

#showObject

This should either

- send the file directly
- or redirect to its URL



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'app/controllers/concerns/uploads_actions.rb', line 39

def show
  Gitlab::PathTraversal.check_path_traversal!(params[:filename])

  return render_404 unless uploader&.exists?

  ttl, directives = *cache_settings
  ttl ||= 0
  directives ||= { private: true, must_revalidate: true }

  expires_in ttl, directives

  file_uploader = [uploader, *uploader.versions.values].find do |version|
    version.filename == params[:filename]
  end

  return render_404 unless file_uploader

  workhorse_set_content_type!
  send_upload(file_uploader, attachment: file_uploader.filename, disposition: content_disposition)
end