From a699ebdbcc11051b9473a88788cf8efdde659975 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Mon, 11 Feb 2013 21:31:19 +0200
Subject: [PATCH] handle attahcment with send_file

---
 app/controllers/files_controller.rb    | 8 ++++++++
 app/uploaders/attachment_uploader.rb   | 4 ++++
 app/views/events/event/_note.html.haml | 2 +-
 app/views/notes/_note.html.haml        | 2 +-
 config/routes.rb                       | 5 +++++
 5 files changed, 19 insertions(+), 2 deletions(-)
 create mode 100644 app/controllers/files_controller.rb

diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb
new file mode 100644
index 00000000000..f13a543cfdd
--- /dev/null
+++ b/app/controllers/files_controller.rb
@@ -0,0 +1,8 @@
+class FilesController < ApplicationController
+  def download
+    uploader = Note.find(params[:id]).attachment
+    uploader.retrieve_from_store!(params[:filename])
+    send_file uploader.file.path, disposition: 'attachment'
+  end
+end
+
diff --git a/app/uploaders/attachment_uploader.rb b/app/uploaders/attachment_uploader.rb
index 3dbf2860bd4..3dd2117e339 100644
--- a/app/uploaders/attachment_uploader.rb
+++ b/app/uploaders/attachment_uploader.rb
@@ -19,4 +19,8 @@ class AttachmentUploader < CarrierWave::Uploader::Base
   rescue
     false
   end
+
+  def secure_url
+    "/files/#{model.class.to_s.underscore}/#{model.id}/#{file.filename}"
+  end
 end
diff --git a/app/views/events/event/_note.html.haml b/app/views/events/event/_note.html.haml
index 20c3b927067..19665ce0aea 100644
--- a/app/views/events/event/_note.html.haml
+++ b/app/views/events/event/_note.html.haml
@@ -26,7 +26,7 @@
     = markdown truncate(event.target.note, length: 70)
     - note = event.target
     - if note.attachment.url
-      = link_to note.attachment.url, target: "_blank", class: 'note-file-attach' do
+      = link_to note.attachment.secure_url, target: "_blank", class: 'note-file-attach' do
         - if note.attachment.image?
           = image_tag note.attachment.url, class: 'note-image-attach'
         - else
diff --git a/app/views/notes/_note.html.haml b/app/views/notes/_note.html.haml
index 4d3007a0ed1..b355e2a0bd4 100644
--- a/app/views/notes/_note.html.haml
+++ b/app/views/notes/_note.html.haml
@@ -31,7 +31,7 @@
     - if note.attachment.image?
       = image_tag note.attachment.url, class: 'note-image-attach'
     .attachment.pull-right
-      = link_to note.attachment.url, target: "_blank" do
+      = link_to note.attachment.secure_url, target: "_blank" do
         %i.icon-paper-clip
         = note.attachment_identifier
   .clear
diff --git a/config/routes.rb b/config/routes.rb
index 47c8a4122f5..d717e7352e6 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -45,6 +45,11 @@ Gitlab::Application.routes.draw do
     root to: "projects#index"
   end
 
+  #
+  # Attachments serving
+  #
+  get 'files/:type/:id/:filename' => 'files#download', constraints: { id: /\d+/, type: /[a-z]+/, filename: /[a-zA-Z.0-9_\-\+]+/ }
+
   #
   # Admin Area
   #
-- 
GitLab