/// <summary> /// Handles the ItemDataBound event of the AttachmentsDataGrid control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="System.Web.UI.WebControls.DataGridItemEventArgs"/> instance containing the event data.</param> protected void AttachmentsDataGridItemDataBound(object sender, DataGridItemEventArgs e) { if (e.Item.ItemType != ListItemType.Item && e.Item.ItemType != ListItemType.AlternatingItem) return; var currentAttachment = (IssueAttachment)e.Item.DataItem; var lnkAttachment = e.Item.FindControl("lnkAttachment") as HtmlAnchor; if (lnkAttachment != null) { if (HostSettingManager.Get(HostSettingNames.AttachmentStorageType, 0) == (int)IssueAttachmentStorageTypes.FileSystem) { lnkAttachment.InnerText = IssueAttachmentManager.StripGuidFromFileName(currentAttachment.FileName); } else { lnkAttachment.InnerText = currentAttachment.FileName; } lnkAttachment.HRef = string.Concat("DownloadAttachment.axd?id=", currentAttachment.Id.ToString()); } var lblSize = e.Item.FindControl("lblSize") as Label; if (lblSize == null) return; float size; string label; if (currentAttachment.Size > 1000) { size = currentAttachment.Size / 1000f; label = string.Format("{0} kb", size.ToString("##,##")); } else { size = currentAttachment.Size; label = string.Format("{0} b", size.ToString("##,##")); } lblSize.Text = label; var cmdDelete = e.Item.FindControl("cmdDelete") as ImageButton; // Check if the current user is Authenticated and has the permission to delete a comment if (!Page.User.Identity.IsAuthenticated || !UserManager.HasPermission(ProjectId, Common.Permission.DeleteAttachment.ToString())) return; if (cmdDelete == null) return; cmdDelete.Attributes.Add("onclick", string.Format("return confirm('{0}');", GetLocalResourceObject("DeleteAttachment").ToString().Trim().JsEncode())); cmdDelete.Visible = false; // Check if it is the original user, the project admin or a super user trying to delete the comment. if (currentAttachment.CreatorUserName.ToLower() == Context.User.Identity.Name.ToLower() || UserManager.IsSuperUser() || UserManager.IsInRole(ProjectId, Globals.ProjectAdminRole)) { cmdDelete.Visible = true; } }
/// <summary> /// Enables processing of HTTP Web requests by a custom HttpHandler that implements the <see cref="T:System.Web.IHttpHandler"/> interface. /// </summary> /// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param> public void ProcessRequest(HttpContext context) { if (context.Request.QueryString["mode"] == "project") { var projectId = context.Request.QueryString.Get("id", Globals.NEW_ID); var projectImage = ProjectManager.GetProjectImageById(projectId); if (projectImage != null) { // Write out the attachment context.Server.ScriptTimeout = 600; context.Response.Buffer = true; context.Response.Clear(); context.Response.ContentType = "application/octet-stream"; context.Response.AddHeader("Content-Length", projectImage.ImageFileLength.ToString()); context.Response.BinaryWrite(projectImage.ImageContent); } else { context.Response.WriteFile("~/Images/noimage.gif"); } } else { // Get the attachment var attachmentId = context.Request.Get("id", Globals.NEW_ID); // cannot parse the attachment from the querystring bail without trying if (attachmentId.Equals(Globals.NEW_ID)) { context.Response.Write("<h1>Attachment Not Found.</h1> It may have been deleted from the server."); context.Response.End(); return; } try { var attachment = IssueAttachmentManager.GetAttachmentForDownload(attachmentId); if (attachment == null) { context.Response.Write("<h1>Attachment Not Found.</h1> It may have been deleted from the server."); context.Response.End(); return; } var cleanFileName = IssueAttachmentManager.StripGuidFromFileName(attachment.FileName); var fileName = attachment.FileName; if (attachment.Attachment != null) { // Write out the attachment context.Server.ScriptTimeout = 600; context.Response.Buffer = true; context.Response.Clear(); if (attachment.ContentType.ToLower().StartsWith("image/")) { context.Response.ContentType = attachment.ContentType; context.Response.AddHeader("Content-Disposition", string.Format("inline; filename=\"{0}\";", fileName)); } else { context.Response.ContentType = "application/octet-stream"; context.Response.AddHeader("Content-Disposition", string.Format("attachment; filename=\"{0}\";", fileName)); } context.Response.AddHeader("Content-Length", attachment.Attachment.Length.ToString()); context.Response.BinaryWrite(attachment.Attachment); } else { var p = ProjectManager.GetById(IssueManager.GetById(attachment.IssueId).ProjectId); if (string.IsNullOrEmpty(p.UploadPath)) { p.UploadPath = p.Id.ToString();//use project id as pathroot } var projectPath = p.UploadPath; // append a trailing slash if it doesn't exist if (!projectPath.EndsWith(@"\")) { projectPath = String.Concat(projectPath, @"\"); } var path = String.Concat(HostSettingManager.Get(HostSettingNames.AttachmentUploadPath), projectPath, fileName); if (HostSettingManager.Get(HostSettingNames.AttachmentUploadPath).StartsWith("~")) { path = context.Server.MapPath(path); } if (System.IO.File.Exists(path)) { context.Response.Clear(); context.Response.ContentType = attachment.ContentType; context.Response.AddHeader("Content-Disposition", attachment.ContentType.ToLower().StartsWith("image/") ? string.Format("inline; filename=\"{0}\";", cleanFileName) : string.Format("attachment; filename=\"{0}\";", cleanFileName)); context.Response.WriteFile(path); } else { context.Response.Write("<h1>Attachment Not Found.</h1> It may have been deleted from the server."); } } } catch (DataAccessException dx) { if (dx.StatusCode > 0) { var statusCode = dx.StatusCode.ToEnum(DownloadAttachmentStatusCodes.NoAccess); var url = context.Request.Url.PathAndQuery.Trim().ToLower(); var fullPath = context.Request.Url.ToString().ToLower(); var authority = fullPath.Replace(url, ""); var redirectUrl = string.Format("~/Account/Login.aspx?ReturnUrl={0}{1}", authority, context.Server.UrlEncode(url)); switch (statusCode) { case DownloadAttachmentStatusCodes.InvalidAttachmentId: context.Response.Write("<h1>Attachment Not Found.</h1> It may have been deleted from the server."); break; case DownloadAttachmentStatusCodes.AuthenticationRequired: context.Response.Redirect(redirectUrl); break; case DownloadAttachmentStatusCodes.ProjectOrIssueDisabled: context.Response.Write("<h1>Attachment Not Found.</h1> It may have been deleted from the server."); break; case DownloadAttachmentStatusCodes.NoAccess: context.Response.Write("<h1>Access Denied.</h1> You do not have proper permissions to access this Attachment."); break; default: throw new ArgumentOutOfRangeException(); } } } } // End the response HttpContext.Current.ApplicationInstance.CompleteRequest(); }