Beginnings of a FileController (serving the file upload feature)

app/controllers/application.rb

@@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base
   # implements Instiki's legacy URLs
   require 'url_rewriting_hack'
 
-  before_filter :set_utf8_http_header
+  before_filter :set_utf8_http_header, :connect_to_model
   after_filter :remember_location
 
   # For injecting a different wiki model implementation. Intended for use in tests
@@ -58,4 +58,28 @@ class ApplicationController < ActionController::Base
     @response.headers['Content-Type'] = 'text/html; charset=UTF-8'
   end
 
+  def connect_to_model
+    @action_name = @params['action'] || 'index'
+    @web_name = @params['web']
+    @wiki = wiki
+    @web = @wiki.webs[@web_name] unless @web_name.nil?
+    @page_name = @params['id']
+    @page = @wiki.read_page(@web_name, @page_name) unless @page_name.nil?
+    @author = cookies['author'] || 'AnonymousCoward'
+    check_authorization(@action_name)
+  end
+
+  def check_authorization(action_name)
+    if in_a_web? and 
+        not authorized? and 
+        not %w( login authenticate published ).include?(action_name)
+      redirect_to :action => 'login'
+      return false
+    end
+  end
+
+  def in_a_web?
+    not @web_name.nil?
+  end
+
 end

app/controllers/file_controller.rb

@@ -0,0 +1,30 @@
+require 'application'
+class FileController < ApplicationController
+
+  layout 'default', :except => [:rss_feed, :rss_with_headlines, :tex,  :export_tex, :export_html]
+
+  def file
+    if have_file?(@params['id'])
+      render_text 'Download file' 
+    else 
+      render_text 'form'
+    end
+  end
+  
+  private
+  
+  def have_file?(file_name)
+    sanitize_file_name(file_name)
+    @wiki.storage_path
+  end
+
+  SANE_FILE_NAME = /[-_A-Za-z0-9]{1,255}/
+  def sanitize_file_name(file_name)
+    unless file_name =~ SANE_FILE_NAME
+      raise "Invalid file name: '#{file_name}'.\n" +
+            "Only latin characters, digits, underscores and dashes are accepted."
+    end
+  end
+
+end
+

app/controllers/wiki_controller.rb

@@ -5,7 +5,6 @@ require 'redcloth_for_tex'
 class WikiController < ApplicationController
 
   layout 'default', :except => [:rss_feed, :rss_with_headlines, :tex,  :export_tex, :export_html]
-  before_filter :pre_process
 
   def index
     if @web_name
@@ -271,15 +270,6 @@ class WikiController < ApplicationController
     password_check(@params['password'])
   end
 
-  def check_authorization(action_name)
-    if in_a_web? and 
-        not authorized? and 
-        not %w( login authenticate published ).include?(action_name)
-      redirect_to :action => 'login'
-      return false
-    end
-  end
-
   def convert_tex_to_pdf(tex_path)
     # TODO remove earlier PDF files with the same prefix
     # TODO handle gracefully situation where pdflatex is not available
@@ -329,10 +319,6 @@ class WikiController < ApplicationController
     @revision = @page.revisions[@params['rev'].to_i]
   end
 
-  def in_a_web?
-    not @web_name.nil?
-  end
-
   def parse_category
     @categories = @web.categories
     @category = @params['category']
@@ -361,17 +347,6 @@ class WikiController < ApplicationController
     end
   end
 
-  def pre_process
-    @action_name = @params['action'] || 'index'
-    @web_name = @params['web']
-    @wiki = wiki
-    @web = @wiki.webs[@web_name] unless @web_name.nil?
-    @page_name = @params['id']
-    @page = @wiki.read_page(@web_name, @page_name) unless @page_name.nil?
-    @author = cookies['author'] || 'AnonymousCoward'
-    check_authorization(@action_name)
-  end
-
   def redirect_show(page_name = @page_name, web = @web_name)
     redirect_to :web => web, :action => 'show', :id => CGI.escape(page_name)
   end

test/functional/file_controller_test.rb

@@ -0,0 +1,24 @@
+#!/bin/env ruby -w 
+
+require File.dirname(__FILE__) + '/../test_helper'
+require 'file_controller'
+
+# Raise errors beyond the default web-based presentation
+class FileController; def rescue_action(e) logger.error(e); raise e end; end
+
+class FileControllerTest < Test::Unit::TestCase
+
+  def setup
+    setup_test_wiki
+    setup_controller_test
+  end
+
+  def tear_down
+    tear_down_wiki
+  end
+
+  def test_file
+    process 'file', 'id' => 'foo.tgz'
+  end
+
+end

test/test_helper.rb

@@ -54,6 +54,10 @@ class WikiServiceWithNoPersistence
   def initialize
     init_wiki_service
   end
+  
+  def storage_path
+    RAILS_ROOT + '/storage/test'
+  end
 end