scinote-web/app/controllers/assets_controller.rb

class AssetsController < ApplicationController
  include WopiUtil
  # include ActionView::Helpers
  include ActionView::Helpers::AssetTagHelper
  include ActionView::Helpers::TextHelper
  include ActionView::Helpers::UrlHelper
  include ActionView::Context
  include InputSanitizeHelper
  include FileIconsHelper
  include WopiHelper

  before_action :load_vars
  before_action :check_read_permission, except: :file_present
  before_action :check_edit_permission, only: :edit

  def file_present
    respond_to do |format|
      format.json do
        if @asset.file.processing?
          render json: {}, status: 404
        else
          # Only if file is present,
          # check_read_permission
          check_read_permission

          # If check_read_permission already rendered error,
          # stop execution
          return if performed?

          # If check permission passes, return :ok
          render json: {
            'asset-id' => @asset.id,
            'image-tag-url' => @asset.url(:medium),
            'preview-url' => large_image_url_asset_path(@asset),
            'filename' => truncate(@asset.file_file_name,
                                   length:
                                     Constants::FILENAME_TRUNCATION_LENGTH),
            'download-url' => download_asset_path(@asset),
            'type' => asset_data_type(@asset),
            'wopi-file-name' => wopi_asset_file_name(@asset, true),
            'wopi-edit' => (wopi_asset_edit_button(@asset) if wopi_file?(@asset)),
            'wopi-view' => (wopi_asset_view_button(@asset) if wopi_file?(@asset))
          }, status: 200
        end
      end
    end
  end

  def large_image_url
    respond_to do |format|
      format.json do
        render json: {
          'large-preview-url' => @asset.url(:large),
          'filename' => truncate(@asset.file_file_name,
                                 length:
                                   Constants::FILENAME_TRUNCATION_LENGTH),
          'download-url' => download_asset_path(@asset),
          'type' => (@asset.is_image? ? 'image' : 'file')
        }
      end
    end
  end

  def download
    if !@asset.file_present
      render_404 and return
    elsif @asset.file.is_stored_on_s3?
      redirect_to @asset.presigned_url(download: true), status: 307
    else
      send_file @asset.file.path, filename: URI.unescape(@asset.file_file_name),
        type: @asset.file_content_type
    end
  end

  def edit
    @action_url = append_wd_params(@asset
                                   .get_action_url(current_user, 'edit', false))
    @favicon_url = @asset.favicon_url('edit')
    tkn = current_user.get_wopi_token
    @token = tkn.token
    @ttl = (tkn.ttl * 1000).to_s
    create_wopi_file_activity(current_user, true)

    render layout: false
  end

  def view
    @action_url = append_wd_params(@asset
                                   .get_action_url(current_user, 'view', false))
    @favicon_url = @asset.favicon_url('view')
    tkn = current_user.get_wopi_token
    @token = tkn.token
    @ttl = (tkn.ttl * 1000).to_s

    render layout: false
  end

  private

  def load_vars
    @asset = Asset.find_by_id(params[:id])
    return render_404 unless @asset

    step_assoc = @asset.step
    result_assoc = @asset.result
    @assoc = step_assoc unless step_assoc.nil?
    @assoc = result_assoc unless result_assoc.nil?

    if @assoc.class == Step
      @protocol = @asset.step.protocol
    else
      @my_module = @assoc.my_module
    end
  end

  def check_read_permission
    if @assoc.class == Step
      render_403 && return unless can_read_protocol_in_module?(@protocol) ||
                                  can_read_protocol_in_repository?(@protocol)
    elsif @assoc.class == Result
      unless can_view_or_download_result_assets(@my_module)
        render_403 and return
      end
    end
  end

  def check_edit_permission
    if @assoc.class == Step
      render_403 && return unless can_manage_protocol_in_module?(@protocol) ||
                                  can_update_protocol_in_repository?(@protocol)
    elsif @assoc.class == Result
      unless can_edit_result_asset_in_module(@my_module)
        render_403 and return
      end
    end
  end

  def append_wd_params(url)
    wd_params = ''
    params.keys.select { |i| i[/^wd.*/] }.each do |wd|
      next if wd == 'wdPreviousSession' || wd == 'wdPreviousCorrelation'
      wd_params += "&#{wd}=#{params[wd]}"
    end
    url + wd_params
  end

  def asset_params
    params.permit(
      :file
    )
  end

  def asset_data_type(asset)
    return 'wopi' if wopi_file?(asset)
    return 'image' if asset.is_image?
    'file'
  end
end
Initial commit. 2016-02-12 23:52:43 +08:00			`class AssetsController < ApplicationController`
Add wopi file activity SCI-393 #close 2016-09-29 21:30:55 +08:00			`include WopiUtil`
fix assets preprocesor for wopi files 2017-03-13 20:20:49 +08:00			`# include ActionView::Helpers`
			`include ActionView::Helpers::AssetTagHelper`
removes asset_helper, fixes loading of processed thumbnails in results and steps and when loading protocols from repository 2016-12-09 20:59:49 +08:00			`include ActionView::Helpers::TextHelper`
fix assets preprocesor for wopi files 2017-03-13 20:20:49 +08:00			`include ActionView::Helpers::UrlHelper`
			`include ActionView::Context`
			`include InputSanitizeHelper`
			`include FileIconsHelper`
			`include WopiHelper`
Add wopi file activity SCI-393 #close 2016-09-29 21:30:55 +08:00
setup delayed_paperclip gem 2016-12-08 22:24:14 +08:00			`before_action :load_vars`
			`before_action :check_read_permission, except: :file_present`
code refactor 2016-12-21 23:52:15 +08:00			`before_action :check_edit_permission, only: :edit`
Initial commit. 2016-02-12 23:52:43 +08:00
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`def file_present`
			`respond_to do \|format\|`
removes asset_helper, fixes loading of processed thumbnails in results and steps and when loading protocols from repository 2016-12-09 20:59:49 +08:00			`format.json do`
			`if @asset.file.processing?`
			`render json: {}, status: 404`
			`else`
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`# Only if file is present,`
			`# check_read_permission`
			`check_read_permission`

			`# If check_read_permission already rendered error,`
			`# stop execution`
removes asset_helper, fixes loading of processed thumbnails in results and steps and when loading protocols from repository 2016-12-09 20:59:49 +08:00			`return if performed?`
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00
			`# If check permission passes, return :ok`
removes asset_helper, fixes loading of processed thumbnails in results and steps and when loading protocols from repository 2016-12-09 20:59:49 +08:00			`render json: {`
Enable image preview for newly uploaded images [SCI-694] 2017-01-06 23:41:24 +08:00			`'asset-id' => @asset.id,`
Enable image preview while editing steps and code style improvements [SCI-694] 2017-01-06 22:58:23 +08:00			`'image-tag-url' => @asset.url(:medium),`
			`'preview-url' => large_image_url_asset_path(@asset),`
removes asset_helper, fixes loading of processed thumbnails in results and steps and when loading protocols from repository 2016-12-09 20:59:49 +08:00			`'filename' => truncate(@asset.file_file_name,`
			`length:`
			`Constants::FILENAME_TRUNCATION_LENGTH),`
			`'download-url' => download_asset_path(@asset),`
fix assets preprocesor for wopi files 2017-03-13 20:20:49 +08:00			`'type' => asset_data_type(@asset),`
refactor 2017-03-17 23:47:58 +08:00			`'wopi-file-name' => wopi_asset_file_name(@asset, true),`
fix assets preprocesor for wopi files 2017-03-13 20:20:49 +08:00			`'wopi-edit' => (wopi_asset_edit_button(@asset) if wopi_file?(@asset)),`
			`'wopi-view' => (wopi_asset_view_button(@asset) if wopi_file?(@asset))`
removes asset_helper, fixes loading of processed thumbnails in results and steps and when loading protocols from repository 2016-12-09 20:59:49 +08:00			`}, status: 200`
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`end`
removes asset_helper, fixes loading of processed thumbnails in results and steps and when loading protocols from repository 2016-12-09 20:59:49 +08:00			`end`
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`end`
			`end`

Fix timeouts when fetching images from S3 [SCI-694] 2016-12-20 22:36:07 +08:00			`def large_image_url`
			`respond_to do \|format\|`
			`format.json do`
			`render json: {`
			`'large-preview-url' => @asset.url(:large),`
			`'filename' => truncate(@asset.file_file_name,`
			`length:`
			`Constants::FILENAME_TRUNCATION_LENGTH),`
			`'download-url' => download_asset_path(@asset),`
			`'type' => (@asset.is_image? ? 'image' : 'file')`
			`}`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`

			`def download`
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`if !@asset.file_present`
			`render_404 and return`
			`elsif @asset.file.is_stored_on_s3?`
File permissions corrected, with some refactoring. 2016-08-17 21:51:04 +08:00			`redirect_to @asset.presigned_url(download: true), status: 307`
Initial commit. 2016-02-12 23:52:43 +08:00			`else`
Special characters caused error [fixes SCI-315]. 2016-08-09 23:08:47 +08:00			`send_file @asset.file.path, filename: URI.unescape(@asset.file_file_name),`
Initial commit. 2016-02-12 23:52:43 +08:00			`type: @asset.file_content_type`
			`end`
			`end`

First working version of office integration Only works on scinote-preview 2016-08-10 23:49:25 +08:00			`def edit`
Add wd* params to iframe action url 2016-10-05 00:00:08 +08:00			`@action_url = append_wd_params(@asset`
			`.get_action_url(current_user, 'edit', false))`
Add favicon url to iframe 2016-09-29 18:19:29 +08:00			`@favicon_url = @asset.favicon_url('edit')`
Users can now have multiple tokens A new token is generated whenever an edit or view file is called. Tokens have a TTL of one day. Also enabled the toggling of both wopi and wopi test mode, using environmental variables. 2016-11-30 23:48:42 +08:00			`tkn = current_user.get_wopi_token`
			`@token = tkn.token`
			`@ttl = (tkn.ttl * 1000).to_s`
Add wopi file activity SCI-393 #close 2016-09-29 21:30:55 +08:00			`create_wopi_file_activity(current_user, true)`
Remove navbar for viewing WOPI files 2016-10-04 02:02:13 +08:00
			`render layout: false`
First working version of office integration Only works on scinote-preview 2016-08-10 23:49:25 +08:00			`end`

			`def view`
Add wd* params to iframe action url 2016-10-05 00:00:08 +08:00			`@action_url = append_wd_params(@asset`
			`.get_action_url(current_user, 'view', false))`
Add favicon url to iframe 2016-09-29 18:19:29 +08:00			`@favicon_url = @asset.favicon_url('view')`
Users can now have multiple tokens A new token is generated whenever an edit or view file is called. Tokens have a TTL of one day. Also enabled the toggling of both wopi and wopi test mode, using environmental variables. 2016-11-30 23:48:42 +08:00			`tkn = current_user.get_wopi_token`
			`@token = tkn.token`
			`@ttl = (tkn.ttl * 1000).to_s`
Remove navbar for viewing WOPI files 2016-10-04 02:02:13 +08:00
			`render layout: false`
First working version of office integration Only works on scinote-preview 2016-08-10 23:49:25 +08:00			`end`

Initial commit. 2016-02-12 23:52:43 +08:00			`private`

			`def load_vars`
			`@asset = Asset.find_by_id(params[:id])`
Actually return 404 when requested asset doesn't exist [SCI-1994] 2018-01-25 21:30:04 +08:00			`return render_404 unless @asset`
Initial commit. 2016-02-12 23:52:43 +08:00
			`step_assoc = @asset.step`
			`result_assoc = @asset.result`
Refactor the rest of WOPI logic from Nejc 2016-09-23 17:42:12 +08:00			`@assoc = step_assoc unless step_assoc.nil?`
			`@assoc = result_assoc unless result_assoc.nil?`
Initial commit. 2016-02-12 23:52:43 +08:00
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`if @assoc.class == Step`
			`@protocol = @asset.step.protocol`
			`else`
			`@my_module = @assoc.my_module`
			`end`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`

			`def check_read_permission`
			`if @assoc.class == Step`
Grouped remaining permissions for experiment, protocol, task, and partially step levels. [SCI-1964] 2018-02-02 01:41:28 +08:00			`render_403 && return unless can_read_protocol_in_module?(@protocol) \|\|`
			`can_read_protocol_in_repository?(@protocol)`
Initial commit. 2016-02-12 23:52:43 +08:00			`elsif @assoc.class == Result`
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`unless can_view_or_download_result_assets(@my_module)`
			`render_403 and return`
Initial commit. 2016-02-12 23:52:43 +08:00			`end`
			`end`
			`end`

Add check file permissions to assets controller SCI-502 #close 2016-09-28 00:14:19 +08:00			`def check_edit_permission`
			`if @assoc.class == Step`
Grouped remaining permissions for experiment, protocol, task, and partially step levels. [SCI-1964] 2018-02-02 01:41:28 +08:00			`render_403 && return unless can_manage_protocol_in_module?(@protocol) \|\|`
			`can_update_protocol_in_repository?(@protocol)`
Add check file permissions to assets controller SCI-502 #close 2016-09-28 00:14:19 +08:00			`elsif @assoc.class == Result`
			`unless can_edit_result_asset_in_module(@my_module)`
			`render_403 and return`
			`end`
			`end`
			`end`

Add wd* params to iframe action url 2016-10-05 00:00:08 +08:00			`def append_wd_params(url)`
			`wd_params = ''`
			`params.keys.select { \|i\| i[/^wd.*/] }.each do \|wd\|`
			`next if wd == 'wdPreviousSession' \|\| wd == 'wdPreviousCorrelation'`
			`wd_params += "&#{wd}=#{params[wd]}"`
			`end`
			`url + wd_params`
			`end`

A lot of file uploading edge cases considered. File uploading is now actually redirected to S3 server, as before was not. Error functions changed and error output format specified, which should be used consistently throughout the application. Some other refactoring. 2016-08-05 23:00:29 +08:00			`def asset_params`
			`params.permit(`
			`:file`
			`)`
			`end`
fix assets preprocesor for wopi files 2017-03-13 20:20:49 +08:00
			`def asset_data_type(asset)`
			`return 'wopi' if wopi_file?(asset)`
			`return 'image' if asset.is_image?`
			`'file'`
			`end`
Migration GitLab -> GitHub 2016-07-21 19:11:15 +08:00			`end`