scinote-web/app/controllers/assets_controller.rb

153 lines
3.6 KiB
Ruby
Raw Normal View History

2016-02-12 23:52:43 +08:00
class AssetsController < ApplicationController
before_action :load_vars, except: [:signature]
2016-07-21 19:11:15 +08:00
before_action :check_read_permission, except: [:signature, :file_present]
2016-02-12 23:52:43 +08:00
def signature
respond_to do |format|
format.json {
if params[:asset_id]
asset = Asset.find_by_id params[:asset_id]
asset.file.destroy
asset.file_empty params[:file_name], params[:file_size]
else
asset = Asset.new_empty params[:file_name], params[:file_size]
end
if not asset.valid?
errors = Hash[asset.errors.map{|k,v| ["asset.#{k}",v]}]
render json: {
status: 'error',
errors: errors
}
else
asset.save!
posts = generate_upload_posts asset
render json: {
asset_id: asset.id,
posts: posts
}
end
}
end
end
2016-07-21 19:11:15 +08:00
def file_present
respond_to do |format|
format.json {
if @asset.file_present
# Only if file is present,
# check_read_permission
check_read_permission
# If check_read_permission already rendered error,
# stop execution
if performed? then
return
end
# If check permission passes, return :ok
render json: {}, status: 200
else
render json: {}, status: 404
end
}
end
end
2016-02-12 23:52:43 +08:00
def preview
if @asset.is_image?
url = @asset.file.url :medium
2016-07-21 19:11:15 +08:00
redirect_to url, status: 307
2016-02-12 23:52:43 +08:00
else
render_400
end
end
def download
2016-07-21 19:11:15 +08:00
if !@asset.file_present
render_404 and return
elsif @asset.file.is_stored_on_s3?
2016-02-12 23:52:43 +08:00
redirect_to @asset.presigned_url, status: 307
else
send_file @asset.file.path, filename: @asset.file_file_name,
type: @asset.file_content_type
end
end
private
def load_vars
@asset = Asset.find_by_id(params[:id])
unless @asset
render_404
end
step_assoc = @asset.step
result_assoc = @asset.result
@assoc = step_assoc if not step_assoc.nil?
@assoc = result_assoc if not result_assoc.nil?
2016-07-21 19:11:15 +08:00
if @assoc.class == Step
@protocol = @asset.step.protocol
else
@my_module = @assoc.my_module
end
2016-02-12 23:52:43 +08:00
end
def check_read_permission
if @assoc.class == Step
2016-07-21 19:11:15 +08:00
unless can_view_or_download_step_assets(@protocol)
render_403 and return
2016-02-12 23:52:43 +08:00
end
elsif @assoc.class == Result
2016-07-21 19:11:15 +08:00
unless can_view_or_download_result_assets(@my_module)
render_403 and return
2016-02-12 23:52:43 +08:00
end
end
end
def generate_upload_posts(asset)
posts = []
s3_post = S3_BUCKET.presigned_post(
key: asset.file.path[1..-1],
success_action_status: '201',
acl: 'private',
storage_class: "STANDARD",
2016-07-21 19:11:15 +08:00
content_length_range: 1..(FILE_SIZE_LIMIT.megabytes),
2016-02-12 23:52:43 +08:00
content_type: asset.file_content_type
)
posts.push({
url: s3_post.url,
fields: s3_post.fields
})
2016-07-21 19:11:15 +08:00
2016-02-12 23:52:43 +08:00
if (asset.file_content_type =~ /^image\//) == 0
asset.file.options[:styles].each do |style, option|
s3_post = S3_BUCKET.presigned_post(
key: asset.file.path(style)[1..-1],
success_action_status: '201',
acl: 'public-read',
storage_class: "REDUCED_REDUNDANCY",
2016-07-21 19:11:15 +08:00
content_length_range: 1..(FILE_SIZE_LIMIT.megabytes),
2016-02-12 23:52:43 +08:00
content_type: asset.file_content_type
)
posts.push({
url: s3_post.url,
fields: s3_post.fields,
style_option: option,
mime_type: asset.file_content_type
})
end
end
posts
end
2016-07-21 19:11:15 +08:00
end