source: trunk/grails-app/controllers/dbnp/studycapturing/FileController.groovy @ 1921

Last change on this file since 1921 was 1921, checked in by t.w.abma@…, 11 years ago
  • added filter to BaseFilters?
  • added security annotation to all controllers where needed (except for Home, (Advanced) Search and Publications)
  • added tags to top navigation menus showing only menu(items) dependent on whether a user is logged in or not
  • Property svn:keywords set to Rev Author Date
File size: 2.3 KB
Line 
1/**
2 * FileController
3 *
4 * Handles file uploads and downloads
5 *
6 * @author      Robert Horlings
7 * @since       20100601
8 * @package     dbnp.studycapturing
9 *
10 * Revision information:
11 * $Rev: 1921 $
12 * $Author: t.w.abma@umcutrecht.nl $
13 * $Date: 2011-06-09 10:48:15 +0000 (do, 09 jun 2011) $
14 */
15package dbnp.studycapturing
16
17import org.dbnp.gdt.FileService
18import grails.plugins.springsecurity.Secured
19
20@Secured(['IS_AUTHENTICATED_REMEMBERED'])
21class FileController {
22    def fileService;
23
24    /**
25     * Returns the file that is asked for or a 404 error if the file doesn't exist
26     */
27    def get = {
28        def fileExists;
29
30                // Filename is not url decoded for some reason
31                def coder = new org.apache.commons.codec.net.URLCodec()
32                def filename = coder.decode(params.id)
33
34                // Security check to prevent accessing files in other directories
35                if( filename.contains( '..' ) ) {
36                        response.status = 500;
37                        render "Invalid filename given";
38                        return;
39                }
40               
41        try {
42            fileExists = fileService.fileExists( filename )
43        } catch( FileNotFoundException e ) {
44            fileExists = false;
45        }
46        if( !filename || !fileExists ) {
47            response.status = 404;
48            render( "File not found" );
49            return;
50        }
51        def file = fileService.get( filename );
52
53        //response.setContentType("application/octet-stream")
54        //response.setContentType( "image/jpeg" );
55
56        // Return the file
57                response.setHeader "Content-disposition", "attachment; filename=${filename}"
58        response.outputStream << file.newInputStream()
59                response.outputStream.flush()
60    }
61
62    /**
63     * Uploads a file and returns the filename under which the file is saved
64     */
65    def upload = {
66        def file = request.getFile( params.get( 'field' ) );
67
68        // If no file is uploaded, raise an error
69        if( file == null ) {
70            response.status = 500;
71            render( "" );
72        }
73
74        // If an old file exists, delete it
75        if( params.get( 'oldFile' ) ) {
76            fileService.delete( params.get( 'oldFile' ) );
77        }
78       
79        // Move the file to a upload dir
80        def newfilename = fileService.moveFileToUploadDir( file, file.getOriginalFilename() );
81
82        // Return data to the user
83        if( newfilename ) {
84            render( text: newfilename, contentType: "text/plain" );
85        } else {
86            response.status = 500;
87            render( "" );
88        }
89    }
90}
Note: See TracBrowser for help on using the repository browser.