File permissions corrected, with some refactoring.

app/controllers/assets_controller.rb

@@ -52,8 +52,7 @@ class AssetsController < ApplicationController
 
   def preview
     if @asset.is_image?
-      url = @asset.file.url :medium
-      redirect_to url, status: 307
+      redirect_to @asset.presigned_url(:medium), status: 307
     else
       render_400
     end
@@ -63,7 +62,7 @@ class AssetsController < ApplicationController
     if !@asset.file_present
       render_404 and return
     elsif @asset.file.is_stored_on_s3?
-      redirect_to @asset.presigned_url, status: 307
+      redirect_to @asset.presigned_url(download: true), status: 307
     else
       send_file @asset.file.path, filename: URI.unescape(@asset.file_file_name),
         type: @asset.file_content_type

app/controllers/users/registrations_controller.rb

@@ -4,6 +4,8 @@ class Users::RegistrationsController < Devise::RegistrationsController
   def avatar
     user = User.find_by_id(params[:id]) || current_user
     style = params[:style] || "icon_small"
+    # TODO Maybe avatar should be an Asset, so it's methods could be used,
+    # e.g. presigned_url in this case
     redirect_to user.avatar.url(style.to_sym), status: 307
   end
 

app/models/asset.rb

@@ -247,16 +247,17 @@ class Asset < ActiveRecord::Base
     end
   end
 
-  def presigned_url
+  def presigned_url(style = :original, download: false, time: 30)
     if file.is_stored_on_s3?
+      downloadArg = download ? 'attachment; filename=' + URI.escape(file_file_name) : nil
       signer = Aws::S3::Presigner.new(client: S3_BUCKET.client)
-
       signer.presigned_url(:get_object,
         bucket: S3_BUCKET.name,
-        key: file.path[1..-1],
-        expires_in: 30,
+        key: file.path(style)[1..-1],
+        expires_in: time,
         # this response header forces object download
-        response_content_disposition: 'attachment; filename=' + URI.escape(file_file_name))
+        response_content_disposition: downloadArg)
+
     end
   end
 

app/views/results/_result_asset.html.erb

@@ -1,7 +1,8 @@
 <% if can_view_or_download_result_assets(result.my_module) %>
-  <%= link_to image_tag(preview_asset_path result.asset),
-    download_asset_path(result.asset), data: {no_turbolink: true} if result.asset.is_image? %>
-  <p><%= link_to result.asset.file_file_name, download_asset_path(result.asset), data: {no_turbolink: true} %></p>
+  <%= link_to download_asset_path(result.asset), data: {no_turbolink: true} do %>
+    <%= image_tag(preview_asset_path result.asset) if result.asset.is_image? %>
+    <p><%= result.asset.file_file_name %></p>
+  <% end %>
 <% else %>
   <%= image_tag(preview_asset_path result.asset) if result.asset.is_image? %>
   <p><%= result.asset.file_file_name %></p>

app/views/steps/_form_assets.html.erb

@@ -10,12 +10,14 @@
   </div>
   <div class="panel-body">
     <% if ff.object.file.exists? %>
-      <% if !(ff.object.file.content_type =~ /^image/).nil? %>
-        <%= image_tag ff.object.file.url(:medium) %>
-        <br>
-        <%= ff.object.file_file_name %>
+      <% if can_view_or_download_step_assets(@protocol) %>
+        <%= link_to download_asset_path(ff.object), data: {no_turbolink: true} do %>
+          <%= image_tag(preview_asset_path ff.object) if ff.object.is_image? %>
+          <p><%= ff.object.file_file_name %></p>
+        <% end %>
       <% else %>
-        <%= ff.object.file_file_name %>
+        <%= image_tag(preview_asset_path ff.object) if ff.object.is_image? %>
+        <p><%= ff.object.file_file_name %></p>
       <% end %>
     <% else %>
       <%= ff.file_field :file %>

app/views/steps/_step.html.erb

@@ -74,21 +74,17 @@
                 <% assets.each do |asset| %>
                   <li>
                     <% if can_view_or_download_step_assets(@protocol) %>
-                        <% if asset.file_present %>
-                          <%= link_to download_asset_path(asset), data: {no_turbolink: true, id: true, status: "asset-present"} do %>
-                            <% if asset.is_image? %>
-                              <%= image_tag preview_asset_path(asset) %>
-                            <% end %>
-                            <%= raw '<br>' if asset.is_image? %>
-                            <span><%= asset.file_file_name %></span>
-                          <% end %>
-                        <% else %>
-                          <%= asset_loading_span(asset) %>
+                      <% if asset.file_present %>
+                        <%= link_to download_asset_path(asset), data: {no_turbolink: true, id: true, status: "asset-present"} do %>
+                          <%= image_tag preview_asset_path(asset) if asset.is_image? %>
+                          <p><%= asset.file_file_name %></p>
                         <% end %>
+                      <% else %>
+                        <%= asset_loading_span(asset) %>
+                      <% end %>
                     <% else %>
                       <%= image_tag preview_asset_path(asset) if asset.is_image? %>
-                      <%= raw '<br>' if asset.is_image? %>
-                      <span><%= asset.file_file_name %></span>
+                      <p><%= asset.file_file_name %></p>
                     <% end %>
                   </li>
                 <% end %>

config/initializers/paperclip.rb

@@ -31,7 +31,8 @@ if ENV['PAPERCLIP_STORAGE'] == "s3"
       secret_access_key: ENV['AWS_SECRET_ACCESS_KEY']
     },
     s3_permissions: {
-      original: :private
+      original: :private,
+      medium: :private
     },
     s3_storage_class: {
       medium: :reduced_redundancy,