98 lines
3.3 KiB
Ruby
98 lines
3.3 KiB
Ruby
class FileManagersController < ApplicationController
|
|
include ActionView::Helpers::NumberHelper
|
|
before_action :check_login? , :set_base_url, except: [:download]
|
|
layout "file_manager"
|
|
def render_403
|
|
render :file => "#{Rails.root}/app/views/errors/403.html", :layout => false, :status => 403, :formats => [:html]
|
|
end
|
|
def render_404
|
|
render :file => "#{Rails.root}/app/views/errors/404.html", :layout => false, :status => 404, :formats => [:html]
|
|
end
|
|
def forbidden_error
|
|
render :body => nil, :status => 403
|
|
end
|
|
def self.custom_widget_data
|
|
@root = FileManagerRoot.first
|
|
@settings = @root.file_manager_settings rescue []
|
|
ac = ActionController::Base.new
|
|
ac.render_to_string("file_managers/custom_widget_data",:locals=>{:@custom_data_field=>@custom_data_field,:@field_name=>@field_name,:@settings=>@settings})
|
|
end
|
|
def check_login?
|
|
@current_user = current_user
|
|
@current_user_id = current_user.id
|
|
if @current_user
|
|
if ['index_backend','path'].include?( params[:action] ) && params[:setting_id].blank?
|
|
module_app = ModuleApp.where(:key=>'file_manager').first
|
|
unless (@current_user.is_admin_for_module?(module_app) rescue true)
|
|
render_403 and return
|
|
end
|
|
end
|
|
else
|
|
render_403 and return
|
|
end
|
|
end
|
|
def download
|
|
upload = FileManagerUpload.where(:id=>params[:id]).first
|
|
if upload
|
|
if upload.is_trash
|
|
if upload.file_manager_trash
|
|
send_file(upload.file_manager_trash.trash_path)
|
|
else
|
|
render_404
|
|
end
|
|
else
|
|
options = {}
|
|
if params[:preview]
|
|
options[:disposition] = 'inline'
|
|
end
|
|
send_file(upload.get_real_path, options)
|
|
end
|
|
else
|
|
render_404
|
|
end
|
|
end
|
|
|
|
private
|
|
def check_editable(path=nil, current_user_id=nil)
|
|
query_hash = {:path=>path,:user_id=>current_user_id}
|
|
query_hash[:file_manager_setting_id] = @setting_id
|
|
FileManagerUpload.where(query_hash).count != 0
|
|
end
|
|
|
|
def safe_expand_path(path)
|
|
current_directory = File.expand_path(@root_path)
|
|
tested_path = File.expand_path(path, @root_path)
|
|
if @disable_path_traversal && !(tested_path.starts_with?(current_directory))
|
|
raise ArgumentError, 'Should not be parent of root'
|
|
end
|
|
tested_path
|
|
end
|
|
|
|
def check_path_exist(path)
|
|
@absolute_path = safe_expand_path(path)
|
|
@relative_path = path
|
|
raise ActionController::RoutingError, 'Not Found' unless File.exists?(@absolute_path)
|
|
@absolute_path
|
|
end
|
|
|
|
def set_base_url(tmp_params=params)
|
|
@base_url = ENV['BASE_URL'] || 'root'
|
|
@root_path = ENV['BASE_DIRECTORY'] || FileManagerRoot::RootPath
|
|
@root = FileManagerRoot.first
|
|
@disable_path_traversal = @root.disable_path_traversal
|
|
@format_time = I18n.locale.to_s == 'zh_tw' ? '%Y/%m/%d %H:%M' : '%d %b %Y %H:%M'
|
|
if tmp_params[:setting_id].present?
|
|
@setting = FileManagerSetting.find(tmp_params[:setting_id]) rescue nil
|
|
end
|
|
@only_editable_for_uploader = false
|
|
@setting_id = nil
|
|
if @setting
|
|
@setting_id = @setting.id
|
|
@root_path = Pathname.new(@root_path).join(@setting.root_path).to_s
|
|
@only_editable_for_uploader = @setting.only_editable_for_uploader
|
|
end
|
|
@default_editable = !@only_editable_for_uploader
|
|
@only_select_folder = (tmp_params[:select_mode] == 'true')
|
|
end
|
|
end
|