FEATURE: api support for arbitrary unlinked assets

admins can set retain periods for assets

app/controllers/uploads_controller.rb

@@ -8,6 +8,13 @@ class UploadsController < ApplicationController
     filesize = File.size(file.tempfile)
     upload = Upload.create_for(current_user.id, file.tempfile, file.original_filename, filesize, { content_type: file.content_type })
 
+    if current_user.admin?
+      retain_hours = params[:retain_hours].to_i
+      if retain_hours > 0
+        upload.update_columns(retain_hours: retain_hours)
+      end
+    end
+
     if upload.errors.empty?
       render_serialized(upload, UploadSerializer, root: false)
     else
@@ -26,7 +33,7 @@ class UploadsController < ApplicationController
       url = request.fullpath
 
       # the "url" parameter is here to prevent people from scanning the uploads using the id
-      if upload = Upload.find_by(id: id, url: url)
+      if upload = (Upload.find_by(id: id, url: url) || Upload.find_by(sha1: params[:sha]))
         send_file(Discourse.store.path_for(upload), filename: upload.original_filename)
       else
         render_404

app/jobs/scheduled/clean_up_uploads.rb

@@ -14,7 +14,8 @@ module Jobs
 
       grace_period = [SiteSetting.clean_orphan_uploads_grace_period_hours, 1].max
 
-      Upload.where("created_at < ?", grace_period.hour.ago)
+      Upload.where("created_at < ? AND
+                   (retain_hours IS NULL OR created_at < current_timestamp - interval '1 hour' * retain_hours )", grace_period.hour.ago)
             .where("id NOT IN (SELECT upload_id from post_uploads)")
             .where("id NOT IN (SELECT custom_upload_id from user_avatars)")
             .where("id NOT IN (SELECT gravatar_upload_id from user_avatars)")

db/migrate/20140923042349_add_retain_hours_to_uploads.rb

@@ -0,0 +1,5 @@
+class AddRetainHoursToUploads < ActiveRecord::Migration
+  def change
+    add_column :uploads, :retain_hours, :integer
+  end
+end

spec/controllers/uploads_controller_spec.rb

@@ -51,6 +51,14 @@ describe UploadsController do
             response.status.should eq 200
           end
 
+          it 'correctly sets retain_hours for admins' do
+            log_in :admin
+            xhr :post, :create, file: logo, retain_hours: 100
+            url = JSON.parse(response.body)["url"]
+            id = url.split("/")[3].to_i
+            Upload.find(id).retain_hours.should == 100
+          end
+
           context 'with a big file' do
 
             before { SiteSetting.stubs(:max_attachment_size_kb).returns(1) }
@@ -123,6 +131,8 @@ describe UploadsController do
 
     it "returns 404 when the upload doens't exist" do
       Upload.expects(:find_by).with(id: 2, url: "/uploads/default/2/1234567890abcdef.pdf").returns(nil)
+      Upload.expects(:find_by).with(sha1: "1234567890abcdef").returns(nil)
+
       get :show, site: "default", id: 2, sha: "1234567890abcdef", extension: "pdf"
       response.response_code.should == 404
     end

spec/jobs/clean_up_uploads_spec.rb

@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+require_dependency 'jobs/scheduled/clean_up_uploads'
+
+describe Jobs::CleanUpUploads do
+  it "runs correctly without crashing" do
+    SiteSetting.clean_up_uploads = true
+    Jobs::CleanUpUploads.new.execute(nil)
+  end
+end