Support uploads for groups

8 files changed, 98 insertions, 28 deletions

diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb
index dec2e27335a..a6fb1f40001 100644
--- a/app/controllers/concerns/uploads_actions.rb
+++ b/app/controllers/concerns/uploads_actions.rb
@@ -1,4 +1,6 @@
 module UploadsActions
+  include Gitlab::Utils::StrongMemoize
+
   def create
     link_to_file = UploadService.new(model, params[:file], uploader_class).execute
 
@@ -24,4 +26,25 @@ module UploadsActions
 
     send_file uploader.file.path, disposition: disposition
   end
+
+  private
+
+  def uploader
+    strong_memoize(:uploader) do
+      return if show_model.nil?
+
+      file_uploader = FileUploader.new(show_model, params[:secret])
+      file_uploader.retrieve_from_store!(params[:filename])
+
+      file_uploader
+    end
+  end
+
+  def image_or_video?
+    uploader && uploader.exists? && uploader.image_or_video?
+  end
+
+  def uploader_class
+    FileUploader
+  end
 end
diff --git a/app/controllers/groups/uploads_controller.rb b/app/controllers/groups/uploads_controller.rb
new file mode 100644
index 00000000000..e6bd9806401
--- /dev/null
+++ b/app/controllers/groups/uploads_controller.rb
@@ -0,0 +1,35 @@
+class Groups::UploadsController < Groups::ApplicationController
+  include UploadsActions
+
+  skip_before_action :group, if: -> { action_name == 'show' && image_or_video? }
+
+  before_action :authorize_upload_file!, only: [:create]
+
+  private
+
+  def show_model
+    strong_memoize(:show_model) do
+      group_id = params[:group_id]
+
+      Group.find_by_full_path(group_id)
+    end
+  end
+
+  def authorize_upload_file!
+    render_404 unless can?(current_user, :upload_file, group)
+  end
+
+  def uploader
+    strong_memoize(:uploader) do
+      file_uploader = uploader_class.new(show_model, params[:secret])
+      file_uploader.retrieve_from_store!(params[:filename])
+      file_uploader
+    end
+  end
+
+  def uploader_class
+    NamespaceFileUploader
+  end
+
+  alias_method :model, :group
+end
diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb
index 4d2fb17a19b..4685bbe80b4 100644
--- a/app/controllers/projects/uploads_controller.rb
+++ b/app/controllers/projects/uploads_controller.rb
@@ -8,31 +8,13 @@ class Projects::UploadsController < Projects::ApplicationController
 
   private
 
-  def uploader
-    return @uploader if defined?(@uploader)
+  def show_model
+    strong_memoize(:show_model) do
+      namespace = params[:namespace_id]
+      id = params[:project_id]
 
-    namespace = params[:namespace_id]
-    id = params[:project_id]
-
-    file_project = Project.find_by_full_path("#{namespace}/#{id}")
-
-    if file_project.nil?
-      @uploader = nil
-      return
+      Project.find_by_full_path("#{namespace}/#{id}")
     end
-
-    @uploader = FileUploader.new(file_project, params[:secret])
-    @uploader.retrieve_from_store!(params[:filename])
-
-    @uploader
-  end
-
-  def image_or_video?
-    uploader && uploader.exists? && uploader.image_or_video?
-  end
-
-  def uploader_class
-    FileUploader
   end
 
   alias_method :model, :project
diff --git a/app/models/group.rb b/app/models/group.rb
index 505e943e464..fddace03387 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -298,6 +298,10 @@ class Group < Namespace
     end
   end
 
+  def hashed_storage?(_feature)
+    false
+  end
+
   private
 
   def update_two_factor_requirement
diff --git a/app/policies/group_policy.rb b/app/policies/group_policy.rb
index a2518bc1080..d2d45e402b0 100644
--- a/app/policies/group_policy.rb
+++ b/app/policies/group_policy.rb
@@ -30,7 +30,12 @@ class GroupPolicy < BasePolicy
 
   rule { public_group }      .enable :read_group
   rule { logged_in_viewable }.enable :read_group
-  rule { guest }             .enable :read_group
+
+  rule { guest }.policy do
+    enable :read_group
+    enable :upload_file
+  end
+
   rule { admin }             .enable :read_group
   rule { has_projects }      .enable :read_group
 
diff --git a/app/uploaders/file_uploader.rb b/app/uploaders/file_uploader.rb
index 71658df5b41..0b591e3bbbb 100644
--- a/app/uploaders/file_uploader.rb
+++ b/app/uploaders/file_uploader.rb
@@ -29,11 +29,11 @@ class FileUploader < GitlabUploader
   # model - Object that responds to `full_path` and `disk_path`
   #
   # Returns a String without a trailing slash
-  def self.dynamic_path_segment(project)
-    if project.hashed_storage?(:attachments)
-      dynamic_path_builder(project.disk_path)
+  def self.dynamic_path_segment(model)
+    if model.hashed_storage?(:attachments)
+      dynamic_path_builder(model.disk_path)
     else
-      dynamic_path_builder(project.full_path)
+      dynamic_path_builder(model.full_path)
     end
   end
 
diff --git a/app/uploaders/namespace_file_uploader.rb b/app/uploaders/namespace_file_uploader.rb
new file mode 100644
index 00000000000..672126e9ec2
--- /dev/null
+++ b/app/uploaders/namespace_file_uploader.rb
@@ -0,0 +1,15 @@
+class NamespaceFileUploader < FileUploader
+  def self.base_dir
+    File.join(root_dir, '-', 'system', 'namespace')
+  end
+
+  def self.dynamic_path_segment(model)
+    dynamic_path_builder(model.id.to_s)
+  end
+
+  private
+
+  def secure_url
+    File.join('/uploads', @secret, file.filename)
+  end
+end
diff --git a/app/views/layouts/group.html.haml b/app/views/layouts/group.html.haml
index 08bd6fc311e..bfbfeee7c4b 100644
--- a/app/views/layouts/group.html.haml
+++ b/app/views/layouts/group.html.haml
@@ -4,4 +4,10 @@
 - nav            "group"
 - @left_sidebar = true
 
+- content_for :page_specific_javascripts do
+  - if current_user
+    -# haml-lint:disable InlineJavaScript
+    :javascript
+      window.uploads_path = "#{group_uploads_path(@group)}";
+
 = render template: "layouts/application"