From 12a34823a8d8aa9767b72673ea41bd63170979d3 Mon Sep 17 00:00:00 2001 From: Alexey Verkhovsky Date: Sat, 22 Jan 2005 01:35:00 +0000 Subject: [PATCH] Beginnings of a FileController (serving the file upload feature) --- app/controllers/application.rb | 26 ++++++++++++++++++++- app/controllers/file_controller.rb | 30 +++++++++++++++++++++++++ app/controllers/wiki_controller.rb | 25 --------------------- test/functional/file_controller_test.rb | 24 ++++++++++++++++++++ test/test_helper.rb | 4 ++++ 5 files changed, 83 insertions(+), 26 deletions(-) create mode 100644 app/controllers/file_controller.rb create mode 100644 test/functional/file_controller_test.rb diff --git a/app/controllers/application.rb b/app/controllers/application.rb index 2540e8a3..1aec04b6 100644 --- a/app/controllers/application.rb +++ b/app/controllers/application.rb @@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base # implements Instiki's legacy URLs require 'url_rewriting_hack' - before_filter :set_utf8_http_header + before_filter :set_utf8_http_header, :connect_to_model after_filter :remember_location # For injecting a different wiki model implementation. Intended for use in tests @@ -58,4 +58,28 @@ class ApplicationController < ActionController::Base @response.headers['Content-Type'] = 'text/html; charset=UTF-8' end + def connect_to_model + @action_name = @params['action'] || 'index' + @web_name = @params['web'] + @wiki = wiki + @web = @wiki.webs[@web_name] unless @web_name.nil? + @page_name = @params['id'] + @page = @wiki.read_page(@web_name, @page_name) unless @page_name.nil? + @author = cookies['author'] || 'AnonymousCoward' + check_authorization(@action_name) + end + + def check_authorization(action_name) + if in_a_web? and + not authorized? and + not %w( login authenticate published ).include?(action_name) + redirect_to :action => 'login' + return false + end + end + + def in_a_web? + not @web_name.nil? + end + end diff --git a/app/controllers/file_controller.rb b/app/controllers/file_controller.rb new file mode 100644 index 00000000..72feb649 --- /dev/null +++ b/app/controllers/file_controller.rb @@ -0,0 +1,30 @@ +require 'application' +class FileController < ApplicationController + + layout 'default', :except => [:rss_feed, :rss_with_headlines, :tex, :export_tex, :export_html] + + def file + if have_file?(@params['id']) + render_text 'Download file' + else + render_text 'form' + end + end + + private + + def have_file?(file_name) + sanitize_file_name(file_name) + @wiki.storage_path + end + + SANE_FILE_NAME = /[-_A-Za-z0-9]{1,255}/ + def sanitize_file_name(file_name) + unless file_name =~ SANE_FILE_NAME + raise "Invalid file name: '#{file_name}'.\n" + + "Only latin characters, digits, underscores and dashes are accepted." + end + end + +end + diff --git a/app/controllers/wiki_controller.rb b/app/controllers/wiki_controller.rb index 58b4dc67..ccd97eb0 100755 --- a/app/controllers/wiki_controller.rb +++ b/app/controllers/wiki_controller.rb @@ -5,7 +5,6 @@ require 'redcloth_for_tex' class WikiController < ApplicationController layout 'default', :except => [:rss_feed, :rss_with_headlines, :tex, :export_tex, :export_html] - before_filter :pre_process def index if @web_name @@ -271,15 +270,6 @@ class WikiController < ApplicationController password_check(@params['password']) end - def check_authorization(action_name) - if in_a_web? and - not authorized? and - not %w( login authenticate published ).include?(action_name) - redirect_to :action => 'login' - return false - end - end - def convert_tex_to_pdf(tex_path) # TODO remove earlier PDF files with the same prefix # TODO handle gracefully situation where pdflatex is not available @@ -329,10 +319,6 @@ class WikiController < ApplicationController @revision = @page.revisions[@params['rev'].to_i] end - def in_a_web? - not @web_name.nil? - end - def parse_category @categories = @web.categories @category = @params['category'] @@ -361,17 +347,6 @@ class WikiController < ApplicationController end end - def pre_process - @action_name = @params['action'] || 'index' - @web_name = @params['web'] - @wiki = wiki - @web = @wiki.webs[@web_name] unless @web_name.nil? - @page_name = @params['id'] - @page = @wiki.read_page(@web_name, @page_name) unless @page_name.nil? - @author = cookies['author'] || 'AnonymousCoward' - check_authorization(@action_name) - end - def redirect_show(page_name = @page_name, web = @web_name) redirect_to :web => web, :action => 'show', :id => CGI.escape(page_name) end diff --git a/test/functional/file_controller_test.rb b/test/functional/file_controller_test.rb new file mode 100644 index 00000000..129355f3 --- /dev/null +++ b/test/functional/file_controller_test.rb @@ -0,0 +1,24 @@ +#!/bin/env ruby -w + +require File.dirname(__FILE__) + '/../test_helper' +require 'file_controller' + +# Raise errors beyond the default web-based presentation +class FileController; def rescue_action(e) logger.error(e); raise e end; end + +class FileControllerTest < Test::Unit::TestCase + + def setup + setup_test_wiki + setup_controller_test + end + + def tear_down + tear_down_wiki + end + + def test_file + process 'file', 'id' => 'foo.tgz' + end + +end diff --git a/test/test_helper.rb b/test/test_helper.rb index d01d38bd..b94a178c 100755 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -54,6 +54,10 @@ class WikiServiceWithNoPersistence def initialize init_wiki_service end + + def storage_path + RAILS_ROOT + '/storage/test' + end end