From b747b611b367c5deea209a81c10159835ea020a8 Mon Sep 17 00:00:00 2001
From: Alexey Verkhovsky <averkhov@thoughtworks.com>
Date: Mon, 24 Jan 2005 01:04:00 +0000
Subject: [PATCH] Blocking of file uploads by admin

---
 app/controllers/file_controller.rb      | 13 +++++++++++++
 test/functional/file_controller_test.rb | 10 ++++++++++
 2 files changed, 23 insertions(+)

diff --git a/app/controllers/file_controller.rb b/app/controllers/file_controller.rb
index bae7b33b..b5d58422 100644
--- a/app/controllers/file_controller.rb
+++ b/app/controllers/file_controller.rb
@@ -5,6 +5,8 @@ require 'instiki_errors'
 class FileController < ApplicationController
 
   layout 'default'
+  
+  before_filter :check_allow_uploads
 
   def file
     check_path
@@ -43,6 +45,17 @@ class FileController < ApplicationController
     end
   end
 
+
+  protected
+  
+  def check_allow_uploads
+    unless @web.allow_uploads
+      render_text 'File uploads are blocked by the webmaster', '403 Forbidden'
+      return false
+    end
+  end
+
+
   private 
   
   def check_path
diff --git a/test/functional/file_controller_test.rb b/test/functional/file_controller_test.rb
index cc60caa2..0943aa53 100644
--- a/test/functional/file_controller_test.rb
+++ b/test/functional/file_controller_test.rb
@@ -114,4 +114,14 @@ class FileControllerTest < Test::Unit::TestCase
         @home.display_content
   end
 
+  def test_uploads_blocking
+    @web.allow_uploads = true
+    r = process 'file', 'web' => 'wiki1', 'id' => 'filename'
+    assert_success
+
+    @web.allow_uploads = false
+    r = process 'file', 'web' => 'wiki1', 'id' => 'filename'
+    assert_equal '403 Forbidden', r.headers['Status']
+  end
+
 end