From 58eabb03e5d6283b25e9ddd4f070e32c65be43c3 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Tue, 23 Sep 2014 15:50:26 +1000
Subject: [PATCH] FEATURE: api support for arbitrary unlinked assets

admins can set retain periods for assets
---
 app/controllers/uploads_controller.rb                  |  9 ++++++++-
 app/jobs/scheduled/clean_up_uploads.rb                 |  3 ++-
 .../20140923042349_add_retain_hours_to_uploads.rb      |  5 +++++
 spec/controllers/uploads_controller_spec.rb            | 10 ++++++++++
 spec/jobs/clean_up_uploads_spec.rb                     | 10 ++++++++++
 5 files changed, 35 insertions(+), 2 deletions(-)
 create mode 100644 db/migrate/20140923042349_add_retain_hours_to_uploads.rb
 create mode 100644 spec/jobs/clean_up_uploads_spec.rb

diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index ac2ae10126c..d134c061e02 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -8,6 +8,13 @@ class UploadsController < ApplicationController
     filesize = File.size(file.tempfile)
     upload = Upload.create_for(current_user.id, file.tempfile, file.original_filename, filesize, { content_type: file.content_type })
 
+    if current_user.admin?
+      retain_hours = params[:retain_hours].to_i
+      if retain_hours > 0
+        upload.update_columns(retain_hours: retain_hours)
+      end
+    end
+
     if upload.errors.empty?
       render_serialized(upload, UploadSerializer, root: false)
     else
@@ -26,7 +33,7 @@ class UploadsController < ApplicationController
       url = request.fullpath
 
       # the "url" parameter is here to prevent people from scanning the uploads using the id
-      if upload = Upload.find_by(id: id, url: url)
+      if upload = (Upload.find_by(id: id, url: url) || Upload.find_by(sha1: params[:sha]))
         send_file(Discourse.store.path_for(upload), filename: upload.original_filename)
       else
         render_404
diff --git a/app/jobs/scheduled/clean_up_uploads.rb b/app/jobs/scheduled/clean_up_uploads.rb
index b04fda1f829..dbce58d0e9b 100644
--- a/app/jobs/scheduled/clean_up_uploads.rb
+++ b/app/jobs/scheduled/clean_up_uploads.rb
@@ -14,7 +14,8 @@ module Jobs
 
       grace_period = [SiteSetting.clean_orphan_uploads_grace_period_hours, 1].max
 
-      Upload.where("created_at < ?", grace_period.hour.ago)
+      Upload.where("created_at < ? AND
+                   (retain_hours IS NULL OR created_at < current_timestamp - interval '1 hour' * retain_hours )", grace_period.hour.ago)
             .where("id NOT IN (SELECT upload_id from post_uploads)")
             .where("id NOT IN (SELECT custom_upload_id from user_avatars)")
             .where("id NOT IN (SELECT gravatar_upload_id from user_avatars)")
diff --git a/db/migrate/20140923042349_add_retain_hours_to_uploads.rb b/db/migrate/20140923042349_add_retain_hours_to_uploads.rb
new file mode 100644
index 00000000000..38aea048f8a
--- /dev/null
+++ b/db/migrate/20140923042349_add_retain_hours_to_uploads.rb
@@ -0,0 +1,5 @@
+class AddRetainHoursToUploads < ActiveRecord::Migration
+  def change
+    add_column :uploads, :retain_hours, :integer
+  end
+end
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index 6dfc34a41a6..4591b2dae20 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -51,6 +51,14 @@ describe UploadsController do
             response.status.should eq 200
           end
 
+          it 'correctly sets retain_hours for admins' do
+            log_in :admin
+            xhr :post, :create, file: logo, retain_hours: 100
+            url = JSON.parse(response.body)["url"]
+            id = url.split("/")[3].to_i
+            Upload.find(id).retain_hours.should == 100
+          end
+
           context 'with a big file' do
 
             before { SiteSetting.stubs(:max_attachment_size_kb).returns(1) }
@@ -123,6 +131,8 @@ describe UploadsController do
 
     it "returns 404 when the upload doens't exist" do
       Upload.expects(:find_by).with(id: 2, url: "/uploads/default/2/1234567890abcdef.pdf").returns(nil)
+      Upload.expects(:find_by).with(sha1: "1234567890abcdef").returns(nil)
+
       get :show, site: "default", id: 2, sha: "1234567890abcdef", extension: "pdf"
       response.response_code.should == 404
     end
diff --git a/spec/jobs/clean_up_uploads_spec.rb b/spec/jobs/clean_up_uploads_spec.rb
new file mode 100644
index 00000000000..5ccede2c41a
--- /dev/null
+++ b/spec/jobs/clean_up_uploads_spec.rb
@@ -0,0 +1,10 @@
+require 'spec_helper'
+
+require_dependency 'jobs/scheduled/clean_up_uploads'
+
+describe Jobs::CleanUpUploads do
+  it "runs correctly without crashing" do
+    SiteSetting.clean_up_uploads = true
+    Jobs::CleanUpUploads.new.execute(nil)
+  end
+end