using EnVisage.Code; using EnVisage.Code.BLL; using EnVisage.Models; using EnVisage.Properties; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Net; using System.Web; using System.Web.Mvc; namespace EnVisage.Controllers { public class AttachmentsController : BaseController { public ActionResult Index() { return new EmptyResult(); } [HttpPost] [AreaSecurityAttribute(area = Areas.Projects, level = AccessLevel.Write)] public ActionResult Upload() { Guid userId = SecurityManager.GetUserPrincipal(); FileManager mngr = new FileManager(DbContext, userId); var uploadedFiles = new List(); for (int index = 0; index < Request.Files.Count; index++) try { HttpPostedFileBase hpf = Request.Files[index] as HttpPostedFileBase; if (hpf.ContentLength == 0) continue; AttachmentModel fileInfo = mngr.CreateTempFile(hpf); uploadedFiles.Add(fileInfo); } catch (Exception ex) { LogException(ex); return new HttpStatusCodeResult(HttpStatusCode.InternalServerError); } return Json(uploadedFiles, JsonRequestBehavior.AllowGet); } [HttpPost] [AreaSecurityAttribute(area = Areas.Projects, level = AccessLevel.Write)] public ActionResult Delete(Guid? id) { if (!id.HasValue || id.Value.Equals(Guid.Empty)) return new HttpStatusCodeResult(HttpStatusCode.BadRequest); Guid userId = SecurityManager.GetUserPrincipal(); FileManager mngr = new FileManager(DbContext, userId); bool fileFound = false; try { if (mngr.IsPermanentFile(id.Value)) { // File will be deleted, during the project saving // Access permissions check should be done during the project save fileFound = true; } if (!fileFound && mngr.IsTempFile(id.Value)) { mngr.DeleteTempFile(id.Value); fileFound = true; } } catch (Exception ex) { LogException(ex); return new HttpStatusCodeResult(HttpStatusCode.InternalServerError); } if (fileFound) return Json(id.Value); else { Exception ex = new BLLException(String.Format("File id='{0}' not found", id.Value)); LogException(ex); return new HttpStatusCodeResult(HttpStatusCode.NotFound); } } [HttpGet] public ActionResult Download(Guid? id) { if (!id.HasValue || id.Value.Equals(Guid.Empty)) return new HttpStatusCodeResult(HttpStatusCode.BadRequest); FileDescriptor fileDescriptor = null; bool fileFound = false; string contentType = "application/octet-stream"; Guid userId = SecurityManager.GetUserPrincipal(); FileManager mngr = new FileManager(DbContext, userId); try { if (mngr.IsPermanentFile(id.Value)) { fileDescriptor = mngr.GetPermanentFileContent(id.Value); fileFound = true; // Check user permissions if (!SecurityManager.CheckProjectPermission(fileDescriptor.HolderId, AccessLevel.Read)) return new HttpStatusCodeResult(HttpStatusCode.Forbidden); } if (!fileFound && mngr.IsTempFile(id.Value)) { fileDescriptor = mngr.GetTempFileContent(id.Value); fileFound = true; } } catch (Exception ex) { LogException(ex); return new HttpStatusCodeResult(HttpStatusCode.InternalServerError); } if (!fileFound) { Exception ex = new FileNotFoundException(String.Format("Attachment (Id = {0}) not found", id.Value)); LogException(ex); return new HttpStatusCodeResult(HttpStatusCode.NotFound); } try { using (fileDescriptor.Content) { if ((fileDescriptor.Meta != null) && !String.IsNullOrEmpty(fileDescriptor.Meta.ContentType)) contentType = fileDescriptor.Meta.ContentType; using (BinaryReader rdr = new BinaryReader(fileDescriptor.Content)) { byte[] contentAsBytes = rdr.ReadBytes((int)fileDescriptor.Content.Length); FileContentResult result = new FileContentResult(contentAsBytes, contentType); result.FileDownloadName = fileDescriptor.Meta.Name; fileDescriptor.Content.Close(); return result; } } } catch (Exception ex) { LogException(ex); return new HttpStatusCodeResult(HttpStatusCode.InternalServerError); } } } }