foodsoft/plugins/documents/app/controllers/documents_controller.rb

89 lines
2.8 KiB
Ruby
Raw Normal View History

require 'filemagic'
class DocumentsController < ApplicationController
before_action -> { require_plugin_enabled FoodsoftDocuments }
def index
sort = if params['sort']
case params['sort']
when 'name' then 'data IS NULL DESC, name'
when 'created_at' then 'created_at'
when 'name_reverse' then 'data IS NULL, name DESC'
when 'created_at_reverse' then 'created_at DESC'
end
else
'data IS NULL DESC, name'
end
2023-10-02 22:48:24 +02:00
sort = Arel.sql(sort) # this is okay as we don't use user params directly
2017-11-08 22:35:12 +01:00
@documents = Document.where(parent: @document).page(params[:page]).per(@per_page).order(sort)
end
def new
2017-11-08 22:35:12 +01:00
@document = Document.new parent_id: params[:document_id]
@document.mime = '' unless params[:type] == 'folder'
end
def create
2017-11-08 22:35:12 +01:00
@document = Document.new name: params[:document][:name]
@document.parent = Document.find_by_id(params[:document][:parent_id])
data = params[:document][:data]
if data
@document.data = data.read
@document.mime = FileMagic.new(FileMagic::MAGIC_MIME).buffer(@document.data)
raise t('.not_allowed_mime', mime: @document.mime) unless allowed_mime? @document.mime
2017-11-08 22:35:12 +01:00
if @document.name.empty?
name = File.basename(data.original_filename)
@document.name = name.gsub(/[^\w.-]/, '_')
2017-11-08 22:35:12 +01:00
end
end
@document.created_by = current_user
@document.save!
2017-11-08 22:35:12 +01:00
redirect_to @document.parent || documents_path, notice: t('.notice')
rescue StandardError => e
redirect_to @document.parent || documents_path, alert: t('.error', error: e.message)
end
def update
@document = Document.find(params[:id])
@document.update_attribute(:parent_id, params[:parent_id])
redirect_to @document.parent || documents_path, notice: t('.notice')
rescue StandardError => e
redirect_to @document.parent || documents_path, alert: t('errors.general_msg', msg: e.message)
end
def destroy
@document = Document.find(params[:id])
if @document.created_by == current_user or current_user.role_admin?
@document.destroy
redirect_to documents_path, notice: t('.notice')
else
redirect_to documents_path, alert: t('.no_right')
end
rescue StandardError => e
redirect_to documents_path, alert: t('.error', error: e.message)
end
def show
@document = Document.find(params[:id])
2017-11-08 22:35:12 +01:00
if @document.file?
send_data(@document.data, filename: @document.filename, type: @document.mime)
else
index
render :index
end
end
2017-10-11 02:39:35 +02:00
def move
@document = Document.find(params[:document_id])
end
2017-10-11 02:39:35 +02:00
def allowed_mime?(mime)
whitelist = FoodsoftConfig[:documents_allowed_extension].split
MIME::Types.type_for(whitelist).each do |type|
return true if type.like? mime
end
false
end
end