Blocking of file uploads by admin

app/controllers/file_controller.rb

@@ -6,6 +6,8 @@ class FileController < ApplicationController
 
   layout 'default'
   
+  before_filter :check_allow_uploads
+
   def file
     check_path
 
@@ -43,6 +45,17 @@ class FileController < ApplicationController
     end
   end
 
+
+  protected
+  
+  def check_allow_uploads
+    unless @web.allow_uploads
+      render_text 'File uploads are blocked by the webmaster', '403 Forbidden'
+      return false
+    end
+  end
+
+
   private 
   
   def check_path

test/functional/file_controller_test.rb

@@ -114,4 +114,14 @@ class FileControllerTest < Test::Unit::TestCase
         @home.display_content
   end
 
+  def test_uploads_blocking
+    @web.allow_uploads = true
+    r = process 'file', 'web' => 'wiki1', 'id' => 'filename'
+    assert_success
+
+    @web.allow_uploads = false
+    r = process 'file', 'web' => 'wiki1', 'id' => 'filename'
+    assert_equal '403 Forbidden', r.headers['Status']
+  end
+
 end