applied my changes - initial import

[boxroom-stian.git] / app / controllers / folder_controller.rb

# The folder controller contains the following actions:\r
# [#index]              the default action, redirects to list\r
# [#list]               list files and sub folders in a folder\r
# [#feed]               authorizes, sets appropriate variables and header for RSS feed\r
# [#feed_warning]       renders page with explanations/warnings about RSS feed\r
# [#new]                shows the form for creating a new folder\r
# [#create]             create a new folder\r
# [#rename]             show the form for adjusting the folder's name\r
# [#update]             updates the attributes of a folder\r
# [#destroy]            delete a folder\r
# [#update_permissions] save the new rights given by the user\r
\r
class FolderController < ApplicationController\r
  skip_before_filter :authorize, :only => :feed\r
\r
  before_filter :does_folder_exist, :except => [:list, :feed, :feed_warning]\r
  before_filter :authorize_creating, :only => [:new, :create, :multimove]\r
  before_filter :authorize_reading, :only => :list\r
  before_filter :authorize_updating, :only => [:rename, :update, :update_rights]\r
  before_filter :authorize_deleting, :only => :destroy\r
\r
  # Sessions are not needed for feeds\r
  session :off, :only => 'feed'\r
  layout 'folder', :except => 'feed'\r
                                   \r
  # do something to selected files in folder list\r
  def multichange\r
    @folder = Folder.find(folder_id)\r
    unless @logged_in_user.can_delete(folder_id)\r
      flash[:folder_error] = "You don't have delete permissions for this folder."\r
      redirect_to :action => 'list', :id => folder_id and return false\r
    end\r
\r
    checked_files, checked_folders = [], []\r
    params['checked_file'].each {|k,v| checked_files << Myfile.find(k.to_i) if v == 'yes' } if params['checked_file']\r
    params['checked_folder'].each {|k,v| checked_folders << Folder.find(k.to_i) if v == 'yes' } if params['checked_folder']\r
    unless (checked_files.size + checked_folders.size) > 0\r
      flash[:folder_error] = "You didn't select any files or folders."\r
      redirect_to :action => 'list', :id => folder_id and return false\r
    end\r
\r
    case params['checked']['action']\r
      when 'delete'\r
        checked_files.each {|x| x.destroy }\r
        checked_folders.each {|x| x.delete }\r
\r
      when 'add to clipboard'\r
        flash[:folder_info] = "The files and/or folders you marked have been put on the clipboard. They will not disappear from this folder, until you choose moving them to a new folder."\r
        temp = @logged_in_user.clipboards\r
        already_files, already_folders = temp.collect(&:myfile), temp.collect(&:folder)\r
        checked_files.each do |x| \r
          unless already_files.index(x)\r
            Clipboard.new(:user => @logged_in_user, :myfile => x).save \r
          end\r
        end\r
        \r
        checked_folders.each do |x| \r
          unless already_folders.index(x) \r
            Clipboard.new(:user => @logged_in_user, :folder => x).save \r
          end\r
        end\r
\r
      when 'download all'\r
        tmpfile = TEMP_PATH + "/zip" + Time.now.to_f.to_s + ".tmp"\r
        folders, files = "", "" \r
        checked_folders.collect(&:name).each {|x| folders << "\"#{x}\" " }\r
        checked_files.collect(&:filename).each {|x| files << "\"#{x}\" " }\r
\r
        # tricky because we don't want absolute paths in the zip file, but the temp \r
        # dir is a relative path \r
        slashes = @folder.path_on_disk.scan('/').size\r
        slashes += 1 unless @folder.id == 1\r
        tmppath = '../' * slashes\r
        cmd = "cd \"#{@folder.path_on_disk}\"; zip -r #{tmppath}#{tmpfile} #{folders} #{files}"\r
        `#{cmd}`   \r
        puts cmd\r
        p files\r
        @folder.log_usage("zipped", cmd)\r
        p @folder.path_on_disk\r
\r
        if File.exists?(tmpfile)\r
          send_file tmpfile, :filename => "DownloadAllFiles.zip"\r
          return false\r
        else\r
          flash[:folder_error] = "Could not zip selected files."\r
          @folder.log_usage("error","could not zip " + checked_folders.join(":") + " " + checked_files.join(":") )\r
        end\r
          \r
    end\r
    redirect_to :action => 'list', :id => folder_id\r
  end\r
\r
  # move files and folders in clipboard to the current folder\r
  def multimove\r
    @logged_in_user.clipboards.each do |x|\r
      if x.folder\r
        File.mv(x.folder.path_on_disk, @folder.path_on_disk)\r
        x.folder.log_usage("moved", "from #{x.folder.name} to #{@folder.name}")\r
        x.folder.parent = @folder\r
        x.folder.save\r
      else\r
        File.mv(File.join(x.myfile.folder.path_on_disk, x.myfile.filename), @folder.path_on_disk)\r
        x.myfile.log_usage("moved", "from #{x.myfile.folder.name} to #{@folder.name}")\r
        x.myfile.folder = @folder\r
        x.myfile.save\r
      end\r
      x.destroy\r
    end\r
    redirect_to :action => 'list', :id => folder_id\r
  end\r
\r
  # deletes all clipboard entries for a given user\r
  def cancel_moving\r
    @logged_in_user.clipboards.collect(&:destroy)\r
    redirect_to :action => 'list', :id => params[:folder_id]\r
  end\r
\r
  # The default action, redirects to list.\r
  def index\r
    list\r
    render_action 'list'\r
  end\r
\r
  # List the files and sub-folders in a folder.\r
  def list\r
    # Get the folder\r
    @folder = Folder.find_by_id(folder_id)\r
    \r
    # Set if the user is allowed to update or delete in this folder;\r
    # these instance variables are used in the view.\r
    @can_update = @logged_in_user.can_update(@folder.id)\r
    @can_delete = @logged_in_user.can_delete(@folder.id)\r
\r
    # determine the order in which files are shown\r
    file_order = 'filename '\r
    file_order = params[:order_by].sub('name', 'filename') + ' ' if params[:order_by]\r
    file_order += params[:order] if params[:order]\r
\r
    # determine the order in which folders are shown\r
    folder_order = 'name '\r
    if params[:order_by] and params[:order_by] != 'filesize'    \r
      folder_order = params[:order_by] + ' '\r
      folder_order += params[:order] if params[:order]\r
    end\r
\r
    # List of subfolders\r
    @folders = @folder.list_subfolders(@logged_in_user, folder_order.rstrip)\r
\r
    # List of files in the folder\r
    @myfiles = @folder.list_files(@logged_in_user, file_order.rstrip)\r
\r
    #get the correct URL\r
    url = url_for(:controller => 'folder', :action => 'list', :id => nil)\r
\r
    # it's nice to have the possibility to go up one level\r
    @folder_up = @folder.parent.id.to_s if @folder.parent\r
  end\r
\r
  # Authorizes, sets the appropriate variables and headers.\r
  # The feed is actually implemented in: app/views/folder/feed.rxml.\r
  def feed\r
    # check for valid access key:\r
    user = User.find_by_rss_access_key(params[:access_key])\r
    @authorized = !user.blank?\r
\r
    # get the folder\r
    @folder = Folder.find_by_id(folder_id)\r
\r
    # set appriopriate instance variables,\r
    # so the feed can be created in folder.rxml\r
    if @authorized and not @folder.blank?\r
      if @folder.is_root or user.can_read(@folder.id)\r
        @folders = @folder.list_subfolders(user, 'name')\r
        @myfiles = @folder.list_files(user, 'filename')\r
      else\r
        @authorized = false\r
      end\r
    end\r
\r
    # finally, set correct header\r
    if @authorized\r
      headers['Content-Type'] = 'text/xml'\r
    else\r
      headers['Content-Type'] = 'text/html'\r
    end\r
  end\r
\r
  # Page that shows warning about RSS\r
  # and the feed's authorization.\r
  def feed_warning\r
    render\r
  end\r
\r
  # Shows the form where a user can enter the name for the a folder.\r
  # The new folder will be stored in the 'current' folder.\r
  def new\r
    @folder = Folder.new\r
  end\r
\r
  # Create a new folder with the posted variables from the 'new' view.\r
  def create\r
    if request.post?\r
      params[:folder][:name] = Myfile.base_part_of(params[:folder][:name])\r
      @folder = Folder.new(params[:folder])\r
      @folder.parent = Folder.find(folder_id)\r
      @folder.date_modified = Time.now\r
      @folder.user = @logged_in_user\r
      if @folder.save\r
        # copy groups rights on parent folder to new folder\r
        copy_permissions_to_new_folder(@folder)\r
        # back to the list\r
        redirect_to :action => 'list', :id => params[:id]\r
      else\r
        render_action 'new'\r
      end\r
    end\r
  end\r
\r
  # Show a form with the current name of the folder in a text field.\r
  def rename\r
    render\r
  end\r
\r
  # Update the folder attributes with the posted variables from the 'rename' view.\r
  def update\r
    if request.post?\r
      if @folder.rename(params[:folder][:name])\r
        redirect_to :action => 'list', :id => folder_id\r
      else\r
        render_action 'rename'\r
      end\r
    end\r
  end\r
\r
  # Delete a folder.\r
  def destroy\r
    @folder.delete\r
    redirect_to :action => 'list', :id => folder_id\r
  end\r
\r
  # Saved the new permissions given by the user\r
  def update_permissions\r
    if request.post?\r
      @folder = Folder.find(folder_id)\r
      if @logged_in_user.can_update_perms?\r
        # update the create, read, update, delete right for this folder:\r
        update_group_permissions(folder_id, params[:create_check_box], 'create', params[:update_recursively][:checked] == 'yes' ? true : false)\r
        update_group_permissions(folder_id, params[:read_check_box], 'read', params[:update_recursively][:checked] == 'yes' ? true : false)\r
        update_group_permissions(folder_id, params[:update_check_box], 'update', params[:update_recursively][:checked] == 'yes' ? true : false)\r
        update_group_permissions(folder_id, params[:delete_check_box], 'delete', params[:update_recursively][:checked] == 'yes' ? true : false)\r
\r
        # changing name of folder owner\r
        newuser = User.find_by_name(params[:owner])\r
        if newuser\r
          to_change = [@folder]\r
          to_change += @folder.all_children if params[:owner_recursive][:checked] == 'yes'\r
          to_change.each do |f|\r
            puts f\r
            p "Changing #{f.name}"    \r
            \r
            f.user = newuser\r
            f.save\r
          end\r
        else\r
          flash[:folder_error] = "User #{params[:owner]} could not be found. No change in ownership committed."\r
        end          \r
\r
      end\r
      \r
      # updating folder info and upload info\r
      if @logged_in_user.can_update_folderinfo?(@folder)\r
        @folder.quota = params[:folder][:quota]\r
        @folder.note = params[:folder][:note]\r
        @folder.note_upload = params[:folder][:note_upload]\r
        @folder.note_inheritable = ( params[:folder][:note_inheritable] == '1' ? true : false )\r
        @folder.note_upload_inheritable = ( params[:folder][:note_upload_inheritable] == '1' ? true : false )\r
        @folder.save\r
      end\r
    end\r
\r
    # Return to the folder\r
    redirect_to :action => 'list', :id => folder_id\r
  end\r
\r
  # These methods are private:\r
  # [#update_group_permissions]        Update the group folder permissions\r
  # [#copy_permissions_to_new_folder]  Copy the GroupPermissions of the parent folder to the given folder\r
  # [#authorize_reading]               Allows/disallows the current user to read the current folder\r
  # [#authorize_deleting]              Check logged in user's delete permissions for a particular folder\r
  # [#authorize_deleting_for_children] Check delete permissions for subfolders recursively\r
  private\r
    # Update the group permissions for a given group, folder and field.\r
    # If <i>recursively</i> is true, update the child folders of the given folder too. \r
    def update_group_permissions(folder_id_param, group_check_box_list, field, recursively)\r
      # iteratively update the GroupPermissions\r
      group_check_box_list.each do |group_id, can_do_it|\r
        # get the GroupPermissions\r
        group_permission = GroupPermission.find_by_group_id_and_folder_id(group_id, folder_id_param)\r
\r
        # Do the actual update if the GroupPermission exists;\r
        # do not update the permissions of the admins group\r
        # (it should always be able to do everything)\r
        unless group_permission.blank? or group_permission.group.is_the_administrators_group?\r
          case field\r
          when 'create':\r
            group_permission.can_create = can_do_it\r
          when 'read':\r
            group_permission.can_read = can_do_it\r
          when 'update':\r
            group_permission.can_update = can_do_it\r
          when 'delete':\r
            group_permission.can_delete = can_do_it\r
          end\r
          group_permission.save\r
        end\r
      end\r
\r
      # The recursive part...\r
      if recursively\r
        # Update the child folders\r
        Folder.find_by_id(folder_id_param).all_children.each do |f|\r
          update_group_permissions(f, group_check_box_list, field, true)\r
        end\r
      end\r
    end\r
\r
    # Copy the GroupPermissions of the parent folder to the given folder\r
    def copy_permissions_to_new_folder(folder)\r
      # get the 'parent' GroupPermissions\r
      GroupPermission.find_all_by_folder_id(folder_id).each do |parent_group_permissions|\r
        # create the new GroupPermissions\r
        group_permissions = GroupPermission.new\r
        group_permissions.folder = folder\r
        group_permissions.group = parent_group_permissions.group\r
        group_permissions.can_create = parent_group_permissions.can_create\r
        group_permissions.can_read = parent_group_permissions.can_read\r
        group_permissions.can_update = parent_group_permissions.can_update\r
        group_permissions.can_delete = parent_group_permissions.can_delete\r
        group_permissions.save\r
      end\r
    end\r
\r
    # Redirect to the Root folder and show an error message\r
    # if current user cannot read in current folder.\r
    def authorize_reading\r
      # First check if the folder exists, if it doesn't: show an appropriate message.\r
      # If the folder does exist, only authorize the read-rights if it's not the Root folder.\r
      unless Folder.find_by_id(folder_id)\r
        flash.now[:folder_error] = 'Someone else deleted the folder you are using. Your action was cancelled and you have been taken back to the root folder.'\r
        redirect_to(:controller => 'folder', :action => 'list', :id => nil) and return false\r
      else\r
        super unless folder_id == 1\r
      end\r
    end\r
\r
    # Redirect to the Root folder and show an error message\r
    # if current user cannot delete in current folder\r
    def authorize_deleting\r
      folder = Folder.find_by_id(folder_id)\r
      unless @logged_in_user.can_delete(folder_id)\r
        flash.now[:folder_error] = "You don't have delete permissions for this folder."\r
        redirect_to :controller => 'folder', :action => 'list', :id => folder_id and return false\r
      else\r
        authorize_deleting_for_children(folder)\r
      end\r
    end\r
\r
    # Check the delete permissions for all the child folders of the given folder\r
    def authorize_deleting_for_children(folder)\r
      folder.children.each do |child_folder|\r
        unless @logged_in_user.can_delete(child_folder.id)\r
          error_msg = "Sorry, you don't have delete permissions for one of the subfolders."\r
          if child_folder.parent.id == folder_id\r
            flash.now[:folder_error] = error_msg\r
          else\r
            flash[:folder_error] = error_msg\r
          end\r
          redirect_to :controller => 'folder', :action => 'list', :id => folder_id and return false\r
        else\r
          authorize_deleting_for_children(child_folder) # Checks the permissions of a child's children\r
        end\r
      end\r
    end\r
\r
end\r