2016-02-12 23:52:43 +08:00
|
|
|
class AssetsController < ApplicationController
|
2016-09-29 21:30:55 +08:00
|
|
|
include WopiUtil
|
2017-03-13 20:20:49 +08:00
|
|
|
# include ActionView::Helpers
|
|
|
|
include ActionView::Helpers::AssetTagHelper
|
2016-12-09 20:59:49 +08:00
|
|
|
include ActionView::Helpers::TextHelper
|
2017-03-13 20:20:49 +08:00
|
|
|
include ActionView::Helpers::UrlHelper
|
|
|
|
include ActionView::Context
|
|
|
|
include InputSanitizeHelper
|
|
|
|
include FileIconsHelper
|
|
|
|
include WopiHelper
|
2016-09-29 21:30:55 +08:00
|
|
|
|
2016-12-08 22:24:14 +08:00
|
|
|
before_action :load_vars
|
|
|
|
before_action :check_read_permission, except: :file_present
|
2016-12-21 23:52:15 +08:00
|
|
|
before_action :load_vars, except: :signature
|
2016-07-21 19:11:15 +08:00
|
|
|
before_action :check_read_permission, except: [:signature, :file_present]
|
2016-12-21 23:52:15 +08:00
|
|
|
before_action :check_edit_permission, only: :edit
|
2016-02-12 23:52:43 +08:00
|
|
|
|
2016-08-09 20:39:24 +08:00
|
|
|
# Validates asset and then generates S3 upload posts, because
|
|
|
|
# otherwise untracked files could be uploaded to S3
|
2016-02-12 23:52:43 +08:00
|
|
|
def signature
|
|
|
|
respond_to do |format|
|
|
|
|
format.json {
|
2016-08-17 15:44:53 +08:00
|
|
|
asset = Asset.new(asset_params)
|
2016-09-16 17:39:37 +08:00
|
|
|
if asset.valid?
|
2016-02-12 23:52:43 +08:00
|
|
|
posts = generate_upload_posts asset
|
|
|
|
render json: {
|
|
|
|
posts: posts
|
|
|
|
}
|
2016-09-16 17:39:37 +08:00
|
|
|
else
|
|
|
|
render json: {
|
|
|
|
status: 'error',
|
|
|
|
errors: asset.errors
|
|
|
|
}, status: :bad_request
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-07-21 19:11:15 +08:00
|
|
|
def file_present
|
|
|
|
respond_to do |format|
|
2016-12-09 20:59:49 +08:00
|
|
|
format.json do
|
|
|
|
if @asset.file.processing?
|
|
|
|
render json: {}, status: 404
|
|
|
|
else
|
2016-07-21 19:11:15 +08:00
|
|
|
# Only if file is present,
|
|
|
|
# check_read_permission
|
|
|
|
check_read_permission
|
|
|
|
|
|
|
|
# If check_read_permission already rendered error,
|
|
|
|
# stop execution
|
2016-12-09 20:59:49 +08:00
|
|
|
return if performed?
|
2016-07-21 19:11:15 +08:00
|
|
|
|
|
|
|
# If check permission passes, return :ok
|
2016-12-09 20:59:49 +08:00
|
|
|
render json: {
|
2017-01-06 23:41:24 +08:00
|
|
|
'asset-id' => @asset.id,
|
2017-01-06 22:58:23 +08:00
|
|
|
'image-tag-url' => @asset.url(:medium),
|
|
|
|
'preview-url' => large_image_url_asset_path(@asset),
|
2016-12-09 20:59:49 +08:00
|
|
|
'filename' => truncate(@asset.file_file_name,
|
|
|
|
length:
|
|
|
|
Constants::FILENAME_TRUNCATION_LENGTH),
|
|
|
|
'download-url' => download_asset_path(@asset),
|
2017-03-13 20:20:49 +08:00
|
|
|
'type' => asset_data_type(@asset),
|
2017-03-17 23:47:58 +08:00
|
|
|
'wopi-file-name' => wopi_asset_file_name(@asset, true),
|
2017-03-13 20:20:49 +08:00
|
|
|
'wopi-edit' => (wopi_asset_edit_button(@asset) if wopi_file?(@asset)),
|
|
|
|
'wopi-view' => (wopi_asset_view_button(@asset) if wopi_file?(@asset))
|
2016-12-09 20:59:49 +08:00
|
|
|
}, status: 200
|
2016-07-21 19:11:15 +08:00
|
|
|
end
|
2016-12-09 20:59:49 +08:00
|
|
|
end
|
2016-07-21 19:11:15 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-12-20 22:36:07 +08:00
|
|
|
def large_image_url
|
|
|
|
respond_to do |format|
|
|
|
|
format.json do
|
|
|
|
render json: {
|
|
|
|
'large-preview-url' => @asset.url(:large),
|
|
|
|
'filename' => truncate(@asset.file_file_name,
|
|
|
|
length:
|
|
|
|
Constants::FILENAME_TRUNCATION_LENGTH),
|
|
|
|
'download-url' => download_asset_path(@asset),
|
|
|
|
'type' => (@asset.is_image? ? 'image' : 'file')
|
|
|
|
}
|
|
|
|
end
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def download
|
2016-07-21 19:11:15 +08:00
|
|
|
if !@asset.file_present
|
|
|
|
render_404 and return
|
|
|
|
elsif @asset.file.is_stored_on_s3?
|
2016-08-17 21:51:04 +08:00
|
|
|
redirect_to @asset.presigned_url(download: true), status: 307
|
2016-02-12 23:52:43 +08:00
|
|
|
else
|
2016-08-09 23:08:47 +08:00
|
|
|
send_file @asset.file.path, filename: URI.unescape(@asset.file_file_name),
|
2016-02-12 23:52:43 +08:00
|
|
|
type: @asset.file_content_type
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-08-10 23:49:25 +08:00
|
|
|
def edit
|
2016-10-05 00:00:08 +08:00
|
|
|
@action_url = append_wd_params(@asset
|
|
|
|
.get_action_url(current_user, 'edit', false))
|
2016-09-29 18:19:29 +08:00
|
|
|
@favicon_url = @asset.favicon_url('edit')
|
2016-11-30 23:48:42 +08:00
|
|
|
tkn = current_user.get_wopi_token
|
|
|
|
@token = tkn.token
|
|
|
|
@ttl = (tkn.ttl * 1000).to_s
|
2016-09-29 21:30:55 +08:00
|
|
|
create_wopi_file_activity(current_user, true)
|
2016-10-04 02:02:13 +08:00
|
|
|
|
|
|
|
render layout: false
|
2016-08-10 23:49:25 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def view
|
2016-10-05 00:00:08 +08:00
|
|
|
@action_url = append_wd_params(@asset
|
|
|
|
.get_action_url(current_user, 'view', false))
|
2016-09-29 18:19:29 +08:00
|
|
|
@favicon_url = @asset.favicon_url('view')
|
2016-11-30 23:48:42 +08:00
|
|
|
tkn = current_user.get_wopi_token
|
|
|
|
@token = tkn.token
|
|
|
|
@ttl = (tkn.ttl * 1000).to_s
|
2016-10-04 02:02:13 +08:00
|
|
|
|
|
|
|
render layout: false
|
2016-08-10 23:49:25 +08:00
|
|
|
end
|
|
|
|
|
2016-02-12 23:52:43 +08:00
|
|
|
private
|
|
|
|
|
|
|
|
def load_vars
|
|
|
|
@asset = Asset.find_by_id(params[:id])
|
2016-09-23 17:42:12 +08:00
|
|
|
render_404 unless @asset
|
2016-02-12 23:52:43 +08:00
|
|
|
|
|
|
|
step_assoc = @asset.step
|
|
|
|
result_assoc = @asset.result
|
2016-09-23 17:42:12 +08:00
|
|
|
@assoc = step_assoc unless step_assoc.nil?
|
|
|
|
@assoc = result_assoc unless result_assoc.nil?
|
2016-02-12 23:52:43 +08:00
|
|
|
|
2016-07-21 19:11:15 +08:00
|
|
|
if @assoc.class == Step
|
|
|
|
@protocol = @asset.step.protocol
|
|
|
|
else
|
|
|
|
@my_module = @assoc.my_module
|
|
|
|
end
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
def check_read_permission
|
|
|
|
if @assoc.class == Step
|
2016-07-21 19:11:15 +08:00
|
|
|
unless can_view_or_download_step_assets(@protocol)
|
|
|
|
render_403 and return
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
elsif @assoc.class == Result
|
2016-07-21 19:11:15 +08:00
|
|
|
unless can_view_or_download_result_assets(@my_module)
|
|
|
|
render_403 and return
|
2016-02-12 23:52:43 +08:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-09-28 00:14:19 +08:00
|
|
|
def check_edit_permission
|
|
|
|
if @assoc.class == Step
|
|
|
|
unless can_edit_step_in_protocol(@protocol)
|
|
|
|
render_403 and return
|
|
|
|
end
|
|
|
|
elsif @assoc.class == Result
|
|
|
|
unless can_edit_result_asset_in_module(@my_module)
|
|
|
|
render_403 and return
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-02-12 23:52:43 +08:00
|
|
|
def generate_upload_posts(asset)
|
|
|
|
posts = []
|
|
|
|
s3_post = S3_BUCKET.presigned_post(
|
|
|
|
key: asset.file.path[1..-1],
|
|
|
|
success_action_status: '201',
|
|
|
|
acl: 'private',
|
|
|
|
storage_class: "STANDARD",
|
2016-10-05 23:45:20 +08:00
|
|
|
content_length_range: 1..Constants::FILE_MAX_SIZE_MB.megabytes,
|
2016-02-12 23:52:43 +08:00
|
|
|
content_type: asset.file_content_type
|
|
|
|
)
|
|
|
|
posts.push({
|
|
|
|
url: s3_post.url,
|
|
|
|
fields: s3_post.fields
|
|
|
|
})
|
2016-07-21 19:11:15 +08:00
|
|
|
|
2016-11-28 17:08:54 +08:00
|
|
|
condition = %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}}
|
|
|
|
|
|
|
|
if condition === asset.file_content_type
|
2016-02-12 23:52:43 +08:00
|
|
|
asset.file.options[:styles].each do |style, option|
|
|
|
|
s3_post = S3_BUCKET.presigned_post(
|
|
|
|
key: asset.file.path(style)[1..-1],
|
|
|
|
success_action_status: '201',
|
|
|
|
acl: 'public-read',
|
|
|
|
storage_class: "REDUCED_REDUNDANCY",
|
2016-10-05 23:45:20 +08:00
|
|
|
content_length_range: 1..Constants::FILE_MAX_SIZE_MB.megabytes,
|
2016-02-12 23:52:43 +08:00
|
|
|
content_type: asset.file_content_type
|
|
|
|
)
|
|
|
|
posts.push({
|
|
|
|
url: s3_post.url,
|
|
|
|
fields: s3_post.fields,
|
|
|
|
style_option: option,
|
|
|
|
mime_type: asset.file_content_type
|
|
|
|
})
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
posts
|
|
|
|
end
|
|
|
|
|
2016-10-05 00:00:08 +08:00
|
|
|
def append_wd_params(url)
|
|
|
|
wd_params = ''
|
|
|
|
params.keys.select { |i| i[/^wd.*/] }.each do |wd|
|
|
|
|
next if wd == 'wdPreviousSession' || wd == 'wdPreviousCorrelation'
|
|
|
|
wd_params += "&#{wd}=#{params[wd]}"
|
|
|
|
end
|
|
|
|
url + wd_params
|
|
|
|
end
|
|
|
|
|
2016-08-05 23:00:29 +08:00
|
|
|
def asset_params
|
|
|
|
params.permit(
|
|
|
|
:file
|
|
|
|
)
|
|
|
|
end
|
2017-03-13 20:20:49 +08:00
|
|
|
|
|
|
|
def asset_data_type(asset)
|
|
|
|
return 'wopi' if wopi_file?(asset)
|
|
|
|
return 'image' if asset.is_image?
|
|
|
|
'file'
|
|
|
|
end
|
2016-07-21 19:11:15 +08:00
|
|
|
end
|