scinote-web/app/controllers/tiny_mce_assets_controller.rb

141 lines
4.3 KiB
Ruby
Raw Normal View History

2019-03-11 20:43:50 +08:00
# frozen_string_literal: true
2017-04-19 15:13:16 +08:00
class TinyMceAssetsController < ApplicationController
include MarvinJsActions
include ActiveStorage::SetCurrent
2019-07-19 20:10:38 +08:00
before_action :load_vars, only: %i(marvinjs_show marvinjs_update download)
2019-07-19 20:10:38 +08:00
before_action :check_read_permission, only: %i(marvinjs_show marvinjs_update download)
before_action :check_edit_permission, only: %i(marvinjs_update)
2017-04-19 15:13:16 +08:00
def create
2017-04-21 22:09:04 +08:00
image = params.fetch(:file) { render_404 }
unless image.content_type.match?(%r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}})
return render json: {
errors: [I18n.t('tiny_mce.unsupported_image_format')]
}, status: :unprocessable_entity
end
2020-03-03 22:55:17 +08:00
if image.size > Rails.configuration.x.file_max_size_mb.megabytes
return render json: {
errors: [t('general.file.size_exceeded', file_size: Rails.configuration.x.file_max_size_mb)]
}, status: :unprocessable_entity
end
tiny_img = TinyMceAsset.new(team_id: current_team.id, saved: false)
tiny_img.transaction do
tiny_img.save!
tiny_img.image.attach(io: image, filename: image.original_filename)
end
if tiny_img.persisted?
2017-04-21 22:09:04 +08:00
render json: {
2017-04-24 22:22:25 +08:00
image: {
url: url_for(tiny_img.image),
2017-04-24 22:22:25 +08:00
token: Base62.encode(tiny_img.id)
}
2017-04-21 22:09:04 +08:00
}, content_type: 'text/html'
else
2017-04-24 22:22:25 +08:00
render json: {
errors: tiny_img.errors.full_messages
2017-04-24 22:22:25 +08:00
}, status: :unprocessable_entity
2017-04-21 22:09:04 +08:00
end
2017-04-19 15:13:16 +08:00
end
2019-07-16 19:40:54 +08:00
def download
2019-07-19 20:10:38 +08:00
if @asset&.image&.attached?
redirect_to rails_blob_path(@asset.image, disposition: 'attachment')
2019-07-16 19:40:54 +08:00
else
render_404
end
end
def marvinjs_show
2019-07-19 15:27:03 +08:00
asset = current_team.tiny_mce_assets.find_by_id(Base62.decode(params[:id]))
return render_404 unless asset
create_edit_marvinjs_activity(asset, current_user, :start_editing) if params[:show_action] == 'start_edit'
render json: {
name: asset.image.metadata[:name],
description: asset.image.metadata[:description]
}
end
def marvinjs_create
2019-07-19 20:10:38 +08:00
result = MarvinJsService.create_sketch(marvin_params, current_user, current_team)
if result[:asset]
render json: {
image: {
url: rails_representation_url(result[:asset].preview),
token: Base62.encode(result[:asset].id),
source_type: result[:asset].image.metadata[:asset_type]
}
}, content_type: 'text/html'
else
render json: result[:asset].errors, status: :unprocessable_entity
end
end
def marvinjs_update
2019-07-19 20:10:38 +08:00
asset = MarvinJsService.update_sketch(marvin_params, current_user, current_team)
if asset
create_edit_marvinjs_activity(asset, current_user, :finish_editing)
render json: { url: rails_representation_url(asset.preview), id: asset.id }
else
render json: { error: t('marvinjs.no_sketches_found') }, status: :unprocessable_entity
end
end
private
def load_vars
2019-07-19 15:27:03 +08:00
@asset = current_team.tiny_mce_assets.find_by_id(Base62.decode(params[:id]))
return render_404 unless @asset
2019-07-19 20:10:38 +08:00
@assoc = @asset.object
if @assoc.class == Step
@protocol = @assoc.protocol
elsif @assoc.class == Protocol
@protocol = @assoc
elsif @assoc.class == MyModule
@my_module = @assoc
2019-07-19 20:10:38 +08:00
elsif @assoc.class == ResultText
@my_module = @assoc.result.my_module
end
end
def check_read_permission
if @assoc.class == Step || @assoc.class == Protocol
2019-07-19 20:10:38 +08:00
return render_403 unless can_read_protocol_in_module?(@protocol) ||
can_read_protocol_in_repository?(@protocol)
elsif @assoc.class == ResultText || @assoc.class == MyModule
return render_403 unless can_read_experiment?(@my_module.experiment)
elsif @assoc.nil?
return render_403 unless current_team == @asset.team
2019-07-19 20:10:38 +08:00
else
render_403
end
end
def check_edit_permission
if @assoc.class == Step || @assoc.class == Protocol
2019-07-19 20:10:38 +08:00
return render_403 unless can_manage_protocol_in_module?(@protocol) ||
can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == ResultText || @assoc.class == MyModule
return render_403 unless can_manage_module?(@my_module)
elsif @assoc.nil?
return render_403 unless current_team == @asset.team
2019-07-19 20:10:38 +08:00
else
render_403
end
end
def marvin_params
params.permit(:id, :description, :object_id, :object_type, :name, :image)
end
2017-04-19 15:13:16 +08:00
end