Class: Attachment

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Attachment

Includes:

Redmine::SafeAttributes

Defined in:

app/models/attachment.rb

Constant Summary

@@storage_path =

Redmine::Configuration['attachments_storage_path'] || File.join(Rails.root, "files")

@@thumbnails_storage_path =

File.join(Rails.root, "tmp", "thumbnails")

Class Method Summary

• .archive_attachments(attachments) ⇒ Object
• .attach_files(obj, attachments) ⇒ Object

  Bulk attaches a set of files to an object.

• .clear_thumbnails ⇒ Object

  Deletes all thumbnails.

• .create_diskfile(filename, directory = nil, &block) ⇒ Object

  Claims a unique ASCII or hashed filename, yields the open file handle.

• .extension_in?(extension, extensions) ⇒ Boolean

  Returns true if extension belongs to extensions list.

• .find_by_token(token) ⇒ Object

  Finds an attachment that matches the given token and that has no container.

• .latest_attach(attachments, filename) ⇒ Object
• .move_from_root_to_target_directory ⇒ Object

  Moves existing attachments that are stored at the root of the files directory (ie. created before Redmine 2.3) to their target subdirectories.

• .prune(age = 1.day) ⇒ Object
• .update_attachments(attachments, params) ⇒ Object

  Updates the filename and description of a set of attachments with the given hash of attributes.

• .update_digests_to_sha256 ⇒ Object

  Updates digests to SHA256 for all attachments that have a MD5 digest (ie. created before Redmine 3.4).

• .valid_extension?(extension) ⇒ Boolean

  Returns true if the extension is allowed regarding allowed/denied extensions defined in application settings, otherwise false.

Instance Method Summary

• #copy(attributes = nil) ⇒ Object

  Returns an unsaved copy of the attachment.

• #deletable?(user = User.current) ⇒ Boolean
• #delete_from_disk ⇒ Object

  Deletes the file from the file system if it’s not referenced by other attachments.

• #digest_type ⇒ Object

  returns either MD5 or SHA256 depending on the way self.digest was computed.

• #diskfile ⇒ Object

  Returns file’s location on disk.

• #editable?(user = User.current) ⇒ Boolean
• #extension_in?(extensions) ⇒ Boolean

  Returns true if attachment’s extension belongs to extensions list.

• #file ⇒ Object
• #file=(incoming_file) ⇒ Object
• #filename=(arg) ⇒ Object
• #files_to_final_location ⇒ Object

  Copies the temporary file to its final location and computes its MD5 hash.

• #image? ⇒ Boolean
• #increment_download ⇒ Object
• #is_audio? ⇒ Boolean
• #is_diff? ⇒ Boolean
• #is_image? ⇒ Boolean
• #is_markdown? ⇒ Boolean
• #is_pdf? ⇒ Boolean
• #is_text? ⇒ Boolean
• #is_textile? ⇒ Boolean
• #is_video? ⇒ Boolean
• #move_to_target_directory! ⇒ Object

  Moves an existing attachment to its target directory.

• #previewable? ⇒ Boolean
• #project ⇒ Object
• #readable? ⇒ Boolean

  Returns true if the file is readable.

• #thumbnail(options = {}) ⇒ Object

  Returns the full path the attachment thumbnail, or nil if the thumbnail cannot be generated.

• #thumbnailable? ⇒ Boolean
• #title ⇒ Object
• #token ⇒ Object

  Returns the attachment token.

• #update_digest_to_sha256! ⇒ Object

  Updates attachment digest to SHA256.

• #validate_file_extension ⇒ Object
• #validate_max_file_size ⇒ Object
• #visible?(user = User.current) ⇒ Boolean

Methods included from Redmine::SafeAttributes

#delete_unsafe_attributes, included, #safe_attribute?, #safe_attribute_names, #safe_attributes=

Class Method Details

.archive_attachments(attachments) ⇒ Object

# File 'app/models/attachment.rb', line 378

def self.archive_attachments(attachments)
  attachments = attachments.select(&:readable?)
  return nil if attachments.blank?

  Zip.unicode_names = true
  archived_file_names = []
  buffer = Zip::OutputStream.write_buffer do |zos|
    attachments.each do |attachment|
      filename = attachment.filename
      # rename the file if a file with the same name already exists
      dup_count = 0
      while archived_file_names.include?(filename)
        dup_count += 1
        extname = File.extname(attachment.filename)
        basename = File.basename(attachment.filename, extname)
        filename = "#{basename}(#{dup_count})#{extname}"
      end
      zos.put_next_entry(filename)
      zos << IO.binread(attachment.diskfile)
      archived_file_names << filename
    end
  end
  buffer.string
ensure
  buffer&.close
end

.attach_files(obj, attachments) ⇒ Object

Bulk attaches a set of files to an object

Returns a Hash of the results: :files => array of the attached files :unsaved => array of the files that could not be attached

# File 'app/models/attachment.rb', line 331

def self.attach_files(obj, attachments)
  result = obj.save_attachments(attachments, User.current)
  obj.attach_saved_attachments
  result
end

.clear_thumbnails ⇒ Object

Deletes all thumbnails

# File 'app/models/attachment.rb', line 263

def self.clear_thumbnails
  Dir.glob(File.join(thumbnails_storage_path, "*.thumb")).each do |file|
    File.delete file
  end
end

.create_diskfile(filename, directory = nil, &block) ⇒ Object

Claims a unique ASCII or hashed filename, yields the open file handle

# File 'app/models/attachment.rb', line 556

def create_diskfile(filename, directory=nil, &block)
  timestamp = DateTime.now.strftime("%y%m%d%H%M%S")
  ascii = ''
  if %r{^[a-zA-Z0-9_\.\-]*$}.match?(filename) && filename.length <= 50
    ascii = filename
  else
    ascii = Digest::MD5.hexdigest(filename)
    # keep the extension if any
    ascii << $1 if filename =~ %r{(\.[a-zA-Z0-9]+)$}
  end

  path = File.join storage_path, directory.to_s
  FileUtils.mkdir_p(path) unless File.directory?(path)
  begin
    name = "#{timestamp}_#{ascii}"
    File.open(
      File.join(path, name),
      flags: File::CREAT | File::EXCL | File::WRONLY,
      binmode: true,
      &block
    )
  rescue Errno::EEXIST
    timestamp.succ!
    retry
  end
end

.extension_in?(extension, extensions) ⇒ Boolean

Returns true if extension belongs to extensions list.

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 474

def self.extension_in?(extension, extensions)
  extension = extension.downcase.sub(/\A\.+/, '')

  unless extensions.is_a?(Array)
    extensions = extensions.to_s.split(",").map(&:strip)
  end
  extensions = extensions.map {|s| s.downcase.sub(/\A\.+/, '')}.reject(&:blank?)
  extensions.include?(extension)
end

.find_by_token(token) ⇒ Object

Finds an attachment that matches the given token and that has no container

# File 'app/models/attachment.rb', line 316

def self.find_by_token(token)
  if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/
    attachment_id, attachment_digest = $1, $2
    attachment = Attachment.find_by(:id => attachment_id, :digest => attachment_digest)
    if attachment && attachment.container.nil?
      attachment
    end
  end
end

.latest_attach(attachments, filename) ⇒ Object

# File 'app/models/attachment.rb', line 366

def self.latest_attach(attachments, filename)
  return unless filename.valid_encoding?

  attachments.sort_by{|attachment| [attachment.created_on, attachment.id]}.reverse.detect do |att|
    filename.casecmp?(att.filename)
  end
end

.move_from_root_to_target_directory ⇒ Object

Moves existing attachments that are stored at the root of the files directory (ie. created before Redmine 2.3) to their target subdirectories

# File 'app/models/attachment.rb', line 430

def self.move_from_root_to_target_directory
  Attachment.where("disk_directory IS NULL OR disk_directory = ''").find_each do |attachment|
    attachment.move_to_target_directory!
  end
end

.prune(age = 1.day) ⇒ Object

# File 'app/models/attachment.rb', line 374

def self.prune(age=1.day)
  Attachment.where("created_on < ? AND (container_type IS NULL OR container_type = '')", Time.now - age).destroy_all
end

.update_attachments(attachments, params) ⇒ Object

Updates the filename and description of a set of attachments with the given hash of attributes. Returns true if all attachments were updated.

Example:

Attachment.update_attachments(attachments, {
  4 => {:filename => 'foo'},
  7 => {:filename => 'bar', :description => 'file description'}
})

# File 'app/models/attachment.rb', line 347

def self.update_attachments(attachments, params)
  params = params.transform_keys {|key| key.to_i}

  saved = true
  transaction do
    attachments.each do |attachment|
      if p = params[attachment.id]
        attachment.filename = p[:filename] if p.key?(:filename)
        attachment.description = p[:description] if p.key?(:description)
        saved &&= attachment.save
      end
    end
    unless saved
      raise ActiveRecord::Rollback
    end
  end
  saved
end

.update_digests_to_sha256 ⇒ Object

Updates digests to SHA256 for all attachments that have a MD5 digest (ie. created before Redmine 3.4)

# File 'app/models/attachment.rb', line 438

def self.update_digests_to_sha256
  Attachment.where("length(digest) < 64").find_each do |attachment|
    attachment.update_digest_to_sha256!
  end
end

.valid_extension?(extension) ⇒ Boolean

Returns true if the extension is allowed regarding allowed/denied extensions defined in application settings, otherwise false

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 459

def self.valid_extension?(extension)
  denied, allowed = [:attachment_extensions_denied, :attachment_extensions_allowed].map do |setting|
    Setting.send(setting)
  end
  if denied.present? && extension_in?(extension, denied)
    return false
  end
  if allowed.present? && !extension_in?(extension, allowed)
    return false
  end

  true
end

Instance Method Details

#copy(attributes = nil) ⇒ Object

Returns an unsaved copy of the attachment

# File 'app/models/attachment.rb', line 94

def copy(attributes=nil)
  copy = self.class.new
  copy.attributes = self.attributes.dup.except("id", "downloads")
  copy.attributes = attributes if attributes
  copy
end

#deletable?(user = User.current) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 214

def deletable?(user=User.current)
  if container_id
    container && container.attachments_deletable?(user)
  else
    author == user
  end
end

#delete_from_disk ⇒ Object

Deletes the file from the file system if it’s not referenced by other attachments

# File 'app/models/attachment.rb', line 171

def delete_from_disk
  if Attachment.where("disk_filename = ? AND id <> ?", disk_filename, id).empty?
    delete_from_disk!
  end
end

#digest_type ⇒ Object

returns either MD5 or SHA256 depending on the way self.digest was computed

# File 'app/models/attachment.rb', line 490

def digest_type
  digest.size < 64 ? "MD5" : "SHA256" if digest.present?
end

#diskfile ⇒ Object

Returns file’s location on disk

# File 'app/models/attachment.rb', line 178

def diskfile
  File.join(self.class.storage_path, disk_directory.to_s, disk_filename.to_s)
end

#editable?(user = User.current) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 206

def editable?(user=User.current)
  if container_id
    container && container.attachments_editable?(user)
  else
    author == user
  end
end

#extension_in?(extensions) ⇒ Boolean

Returns true if attachment’s extension belongs to extensions list.

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 485

def extension_in?(extensions)
  self.class.extension_in?(File.extname(filename), extensions)
end

#file ⇒ Object

# File 'app/models/attachment.rb', line 128

def file
  nil
end

#file=(incoming_file) ⇒ Object

# File 'app/models/attachment.rb', line 114

def file=(incoming_file)
  unless incoming_file.nil?
    @temp_file = incoming_file
    if @temp_file.respond_to?(:original_filename)
      self.filename = @temp_file.original_filename
      self.filename.force_encoding("UTF-8")
    end
    if @temp_file.respond_to?(:content_type)
      self.content_type = @temp_file.content_type.to_s.chomp
    end
    self.filesize = @temp_file.size
  end
end

#filename=(arg) ⇒ Object

# File 'app/models/attachment.rb', line 132

def filename=(arg)
  write_attribute :filename, sanitize_filename(arg.to_s)
  filename
end

#files_to_final_location ⇒ Object

Copies the temporary file to its final location and computes its MD5 hash

# File 'app/models/attachment.rb', line 139

def files_to_final_location
  if @temp_file
    self.disk_directory = target_directory
    sha = Digest::SHA256.new
    Attachment.create_diskfile(filename, disk_directory) do |f|
      self.disk_filename = File.basename f.path
      logger.info("Saving attachment '#{self.diskfile}' (#{@temp_file.size} bytes)") if logger
      if @temp_file.respond_to?(:read)
        buffer = ""
        while (buffer = @temp_file.read(8192))
          f.write(buffer)
          sha.update(buffer)
        end
      else
        f.write(@temp_file)
        sha.update(@temp_file)
      end
    end
    self.digest = sha.hexdigest
  end
  @temp_file = nil

  if content_type.blank? && filename.present?
    self.content_type = Redmine::MimeType.of(filename)
  end
  # Don't save the content type if it's longer than the authorized length
  if self.content_type && self.content_type.length > 255
    self.content_type = nil
  end
end

#image? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 222

def image?
  !!(self.filename =~ /\.(bmp|gif|jpg|jpe|jpeg|png|webp)$/i)
end

#increment_download ⇒ Object

# File 'app/models/attachment.rb', line 190

def increment_download
  increment!(:downloads)
end

#is_audio? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 297

def is_audio?
  Redmine::MimeType.is_type?('audio', filename)
end

#is_diff? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 285

def is_diff?
  /\.(patch|diff)$/i.match?(filename)
end

#is_image? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 281

def is_image?
  Redmine::MimeType.is_type?('image', filename)
end

#is_markdown? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 273

def is_markdown?
  Redmine::MimeType.of(filename) == 'text/markdown'
end

#is_pdf? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 289

def is_pdf?
  Redmine::MimeType.of(filename) == "application/pdf"
end

#is_text? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 269

def is_text?
  Redmine::MimeType.is_type?('text', filename) || Redmine::SyntaxHighlighting.filename_supported?(filename)
end

#is_textile? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 277

def is_textile?
  Redmine::MimeType.of(filename) == 'text/x-textile'
end

#is_video? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 293

def is_video?
  Redmine::MimeType.is_type?('video', filename)
end

#move_to_target_directory! ⇒ Object

Moves an existing attachment to its target directory

# File 'app/models/attachment.rb', line 406

def move_to_target_directory!
  return unless !new_record? & readable?

  src = diskfile
  self.disk_directory = target_directory
  dest = diskfile

  return if src == dest

  if !FileUtils.mkdir_p(File.dirname(dest))
    logger.error "Could not create directory #{File.dirname(dest)}" if logger
    return
  end

  if !FileUtils.mv(src, dest)
    logger.error "Could not move attachment from #{src} to #{dest}" if logger
    return
  end

  update_column :disk_directory, disk_directory
end

#previewable? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 301

def previewable?
  is_text? || is_image? || is_video? || is_audio?
end

#project ⇒ Object

# File 'app/models/attachment.rb', line 194

def project
  container.try(:project)
end

#readable? ⇒ Boolean

Returns true if the file is readable

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 306

def readable?
  disk_filename.present? && File.readable?(diskfile)
end

#thumbnail(options = {}) ⇒ Object

Returns the full path the attachment thumbnail, or nil if the thumbnail cannot be generated.

# File 'app/models/attachment.rb', line 234

def thumbnail(options={})
  if thumbnailable? && readable?
    size = options[:size].to_i
    if size > 0
      # Limit the number of thumbnails per image
      size = (size / 50.0).ceil * 50
      # Maximum thumbnail size
      size = 800 if size > 800
    else
      size = Setting.thumbnails_size.to_i
    end
    size = 100 unless size > 0
    target = thumbnail_path(size)

    begin
      Redmine::Thumbnail.generate(self.diskfile, target, size, is_pdf?)
    rescue => e
      if logger
        logger.error(
          "An error occured while generating thumbnail for #{disk_filename} " \
            "to #{target}\nException was: #{e.message}"
        )
      end
      nil
    end
  end
end

#thumbnailable? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 226

def thumbnailable?
  Redmine::Thumbnail.convert_available? && (
    image? || (is_pdf? && Redmine::Thumbnail.gs_available?)
  )
end

#title ⇒ Object

# File 'app/models/attachment.rb', line 182

def title
  title = filename.dup
  if description.present?
    title << " (#{description})"
  end
  title
end

#token ⇒ Object

Returns the attachment token

# File 'app/models/attachment.rb', line 311

def token
  "#{id}.#{digest}"
end

#update_digest_to_sha256! ⇒ Object

Updates attachment digest to SHA256

# File 'app/models/attachment.rb', line 445

def update_digest_to_sha256!
  if readable?
    sha = Digest::SHA256.new
    File.open(diskfile, 'rb') do |f|
      while buffer = f.read(8192)
        sha.update(buffer)
      end
    end
    update_column :digest, sha.hexdigest
  end
end

#validate_file_extension ⇒ Object

# File 'app/models/attachment.rb', line 107

def validate_file_extension
  extension = File.extname(filename)
  unless self.class.valid_extension?(extension)
    errors.add(:base, l(:error_attachment_extension_not_allowed, :extension => extension))
  end
end

#validate_max_file_size ⇒ Object

# File 'app/models/attachment.rb', line 101

def validate_max_file_size
  if @temp_file && self.filesize > Setting.attachment_max_size.to_i.kilobytes
    errors.add(:base, l(:error_attachment_too_big, :max_size => Setting.attachment_max_size.to_i.kilobytes))
  end
end

#visible?(user = User.current) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/attachment.rb', line 198

def visible?(user=User.current)
  if container_id
    container && container.attachments_visible?(user)
  else
    author == user
  end
end