add the config option to disable uploads and downloads

apps/dashboard/app/controllers/files_controller.rb

@@ -13,7 +13,7 @@ def fs
     if @path.directory?
       @path.raise_if_cant_access_directory_contents
 
-      request.format = 'zip' if params[:download]
+      request.format = 'zip' if download?
 
       respond_to do |format|
 
@@ -25,7 +25,12 @@ def fs
           response.headers['Cache-Control'] = 'no-store'
           if params[:can_download]
             # check to see if this directory can be downloaded as a zip
-            can_download, error_message = @path.can_download_as_zip?
+            can_download, error_message = if ::Configuration.download_enabled?
+                                            @path.can_download_as_zip?
+                                          else
+                                            [false, t('dashboard.files_download_not_enabled')]
+                                          end
+
             render json: { can_download: can_download, error_message: error_message }
           else
             @files = @path.ls
@@ -39,7 +44,11 @@ def fs
         # and we can avoid rescuing in a block so we can reintroduce
         # the block braces which is the Rails convention with the respond_to formats.
         format.zip do
-          can_download, error_message = @path.can_download_as_zip?
+          can_download, error_message = if ::Configuration.download_enabled?
+                                          @path.can_download_as_zip?
+                                        else
+                                          raise(StandardError, t('dashboard.files_download_not_enabled'))
+                                        end
 
           if can_download
             zipname = @path.basename.to_s.gsub('"', '\"') + '.zip'
@@ -211,6 +220,10 @@ def posix_file?
     @path.is_a?(PosixFile)
   end
 
+  def download?
+    params[:download]
+  end
+
   def uppy_upload_path
     # careful:
     #
@@ -226,6 +239,8 @@ def uppy_upload_path
   end
 
   def show_file
+    raise(StandardError, t('dashboard.files_download_not_enabled')) unless ::Configuration.download_enabled?
+
     if posix_file?
       send_posix_file
     else
@@ -237,7 +252,7 @@ def send_posix_file
     type = Files.mime_type_by_extension(@path).presence || PosixFile.new(@path).mime_type
 
     # svgs aren't safe to view until we update our CSP
-    if params[:download] || type.to_s == 'image/svg+xml'
+    if download? || type.to_s == 'image/svg+xml'
       type = 'text/plain; charset=utf-8' if type.to_s == 'image/svg+xml'
       send_file @path, type: type
     else
@@ -261,7 +276,7 @@ def send_remote_file
     end
 
     # svgs aren't safe to view until we update our CSP
-    download = params[:download] || type.to_s == "image/svg+xml"
+    download = download? || type.to_s == "image/svg+xml"
     type = "text/plain; charset=utf-8" if type.to_s == "image/svg+xml"
 
     response.set_header('X-Accel-Buffering', 'no')

apps/dashboard/app/views/files/_download_button.html.erb

@@ -0,0 +1,5 @@
+<%- if Configuration.download_enabled? -%>
+<button id="download-btn" type="button" class="btn btn-primary btn-sm">
+  <i class="fas fa-download" aria-hidden="true"></i> Download
+</button>
+<%- end -%>

apps/dashboard/app/views/files/_file_action_menu.html.erb

@@ -13,7 +13,9 @@
         <li><a href="{{data.edit_url}}" class="edit-file dropdown-item" target="_blank" data-row-index="{{row_index}}"><i class="fas fa-edit" aria-hidden="true"></i> Edit</a></li>
       {{/if}}
       <li><a href="#" class="rename-file dropdown-item" data-row-index="{{row_index}}"><i class="fas fa-font" aria-hidden="true"></i> Rename</a></li>
+      <%- if Configuration.download_enabled? -%>
       <li><a href="{{data.download_url}}" class="download-file dropdown-item" data-row-index="{{row_index}}"><i class="fas fa-download" aria-hidden="true"></i> Download</a></li>
+      <%- end -%>
       <li class="dropdown-divider mt-4"></li>
       <li><a href="#" class="delete-file dropdown-item text-danger" data-row-index="{{row_index}}"><i class="fas fa-trash" aria-hidden="true"></i> Delete</a></li>
     </ul>

apps/dashboard/app/views/files/_inline_js.html.erb

@@ -6,7 +6,7 @@ history.replaceState({
   currentDirectoryUrl: '<%= files_path(@filesystem, @path) %>',
   currentDirectoryUpdatedAt: '<%= Time.now.to_i %>',
   currentFilesPath: '<%= files_path(@filesystem, '/') %>',
-  currentFilesUploadPath: '<%= url_for(fs: @filesystem, action: 'upload') %>',
+  currentFilesUploadPath: '<%= url_for(fs: @filesystem, action: 'upload') if Configuration.upload_enabled? %>',
   currentFilesystem: '<%= @filesystem %>'
 }, null);
 

apps/dashboard/app/views/files/_upload_button.html.erb

@@ -0,0 +1,5 @@
+<%- if Configuration.upload_enabled? -%>
+<button id="upload-btn" type="button" class="btn btn-primary btn-sm">
+  <i class="fas fa-upload" aria-hidden="true"></i> Upload
+</button>
+<%- end -%>

apps/dashboard/app/views/files/index.html.erb

@@ -9,8 +9,8 @@
     <button id="refresh-btn" type="button" class="btn btn-outline-dark btn-sm"><i class="fa fa-rotate-right" aria-hidden="true"></i> Refresh</button>
     <button id="new-file-btn" type="button" class="btn btn-outline-dark btn-sm"><i class="fas fa-plus" aria-hidden="true"></i> New File</button>
     <button id="new-dir-btn" type="button" class="btn btn-outline-dark btn-sm"><i class="fas fa-folder-plus" aria-hidden="true"></i> New Directory</button>
-    <button id="upload-btn" type="button" class="btn btn-primary btn-sm"><i class="fas fa-upload" aria-hidden="true"></i> Upload</button>
-    <button id="download-btn" type="button" class="btn btn-primary btn-sm"><i class="fas fa-download" aria-hidden="true"></i> Download</button>
+    <%= render(partial: 'upload_button') %>
+    <%= render(partial: 'download_button') %>
     <% if Configuration.globus_endpoints %>
       <%= render partial: 'globus' %>
     <% end %>

apps/dashboard/app/views/files/index.json.jbuilder

@@ -3,7 +3,7 @@ json.url files_path(@filesystem, @path).to_s
 #TODO: support array of shell urls, along with the default shell url which could be above
 json.shell_url OodAppkit.shell.url(path: @path.to_s).to_s
 json.files_path files_path(@filesystem, '/')
-json.files_upload_path url_for(fs: @filesystem, action: 'upload')
+json.files_upload_path url_for(fs: @filesystem, action: 'upload') if Configuration.upload_enabled?
 json.filesystem @filesystem
 
 json.files @files do |f|

apps/dashboard/config/configuration_singleton.rb

@@ -50,6 +50,8 @@ def boolean_configs
       :cancel_session_enabled       => false,
       :hide_app_version             => false,
       :motd_render_html             => false,
+      :upload_enabled               => true,
+      :download_enabled             => true,
     }.freeze
   end
 

apps/dashboard/config/locales/en.yml

@@ -209,6 +209,7 @@ en:
 
     recently_used_apps_title: 'Recently Used Apps'
 
+    files_download_not_enabled: "Downloading files is not enabled on this server."
     files_directory_download_error_modal_title: "Directory too large to download"
     files_directory_download_unauthorized: "You can only download a directory as zip that you have read and execute access to"
     files_directory_download_size_0: "The directory size is 0 and has no contents for download."

apps/dashboard/config/routes.rb

@@ -25,7 +25,7 @@
       get "files/api/v1/:fs(/*filepath)" => "files#fs", :defaults => { :fs => 'fs', :format => 'html' }, :format => false
       put "files/api/v1/:fs/*filepath" => "files#update", :format => false, :defaults => { :fs => 'fs', :format => 'json' }
     end
-    post "files/upload/:fs" => "files#upload", :defaults => { :fs => 'fs' }
+    post "files/upload/:fs" => "files#upload", :defaults => { :fs => 'fs' } if Configuration.upload_enabled?
 
     get "files", to: redirect("files/fs#{Dir.home}")