scinote-web/app/controllers/asset_sync_controller.rb

# frozen_string_literal: true

class AssetSyncController < ApplicationController
  skip_before_action :authenticate_user!, only: :update
  skip_before_action :verify_authenticity_token, only: :update
  before_action :authenticate_asset_sync_token!, only: :update

  def show
    asset = Asset.find_by(id: params[:asset_id])

    head :forbidden unless asset && can_manage_asset?(asset)

    asset_sync_token = current_user.asset_sync_tokens.find_or_create_by(asset_id: params[:asset_id])

    unless asset_sync_token.token_valid?
      asset_sync_token = current_user.asset_sync_tokens.create(asset_id: params[:asset_id])
    end

    render json: AssetSyncTokenSerializer.new(asset_sync_token).as_json
  end

  def update
    head(:conflict) and return if @asset_sync_token.conflicts?(request.headers['VersionToken'])

    @asset.file.attach(io: request.body, filename: @asset.file.filename)
    @asset.touch

    render json: AssetSyncTokenSerializer.new(@asset_sync_token).as_json
  end

  # private

  def authenticate_asset_sync_token!
    @asset_sync_token = AssetSyncToken.find_by(token: request.headers['Authentication'])

    head(:unauthorized) and return unless @asset_sync_token&.token_valid?

    @asset = @asset_sync_token.asset
    @current_user = @asset_sync_token.user

    head :forbidden unless can_manage_asset?(@asset)
  end
end
Asset sync model and endpoints [SCI-9465] (#6399) 2023-10-17 17:36:08 +08:00			`# frozen_string_literal: true`

			`class AssetSyncController < ApplicationController`
			`skip_before_action :authenticate_user!, only: :update`
			`skip_before_action :verify_authenticity_token, only: :update`
			`before_action :authenticate_asset_sync_token!, only: :update`

			`def show`
Implement file-checkout localhost call [SCI-9466] 2023-10-19 17:53:18 +08:00			`asset = Asset.find_by(id: params[:asset_id])`
Asset sync model and endpoints [SCI-9465] (#6399) 2023-10-17 17:36:08 +08:00
			`head :forbidden unless asset && can_manage_asset?(asset)`

			`asset_sync_token = current_user.asset_sync_tokens.find_or_create_by(asset_id: params[:asset_id])`

			`unless asset_sync_token.token_valid?`
			`asset_sync_token = current_user.asset_sync_tokens.create(asset_id: params[:asset_id])`
			`end`

			`render json: AssetSyncTokenSerializer.new(asset_sync_token).as_json`
			`end`

			`def update`
			`head(:conflict) and return if @asset_sync_token.conflicts?(request.headers['VersionToken'])`

			`@asset.file.attach(io: request.body, filename: @asset.file.filename)`
			`@asset.touch`

			`render json: AssetSyncTokenSerializer.new(@asset_sync_token).as_json`
			`end`

			`# private`

			`def authenticate_asset_sync_token!`
			`@asset_sync_token = AssetSyncToken.find_by(token: request.headers['Authentication'])`

			`head(:unauthorized) and return unless @asset_sync_token&.token_valid?`

			`@asset = @asset_sync_token.asset`
			`@current_user = @asset_sync_token.user`

			`head :forbidden unless can_manage_asset?(@asset)`
			`end`
			`end`