From 27a9dac41269503f260b9c7a7fd4222126f46553 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Zrim=C5=A1ek?= Date: Wed, 17 Aug 2016 15:51:04 +0200 Subject: [PATCH] File permissions corrected, with some refactoring. --- app/controllers/assets_controller.rb | 5 ++--- .../users/registrations_controller.rb | 2 ++ app/models/asset.rb | 11 +++++----- app/views/results/_result_asset.html.erb | 7 ++++--- app/views/steps/_form_assets.html.erb | 12 ++++++----- app/views/steps/_step.html.erb | 20 ++++++++----------- config/initializers/paperclip.rb | 3 ++- 7 files changed, 31 insertions(+), 29 deletions(-) diff --git a/app/controllers/assets_controller.rb b/app/controllers/assets_controller.rb index 891823b84..2789be99a 100644 --- a/app/controllers/assets_controller.rb +++ b/app/controllers/assets_controller.rb @@ -52,8 +52,7 @@ class AssetsController < ApplicationController def preview if @asset.is_image? - url = @asset.file.url :medium - redirect_to url, status: 307 + redirect_to @asset.presigned_url(:medium), status: 307 else render_400 end @@ -63,7 +62,7 @@ class AssetsController < ApplicationController if !@asset.file_present render_404 and return elsif @asset.file.is_stored_on_s3? - redirect_to @asset.presigned_url, status: 307 + redirect_to @asset.presigned_url(download: true), status: 307 else send_file @asset.file.path, filename: URI.unescape(@asset.file_file_name), type: @asset.file_content_type diff --git a/app/controllers/users/registrations_controller.rb b/app/controllers/users/registrations_controller.rb index 0ef8a0b12..6d0533053 100644 --- a/app/controllers/users/registrations_controller.rb +++ b/app/controllers/users/registrations_controller.rb @@ -4,6 +4,8 @@ class Users::RegistrationsController < Devise::RegistrationsController def avatar user = User.find_by_id(params[:id]) || current_user style = params[:style] || "icon_small" + # TODO Maybe avatar should be an Asset, so it's methods could be used, + # e.g. presigned_url in this case redirect_to user.avatar.url(style.to_sym), status: 307 end diff --git a/app/models/asset.rb b/app/models/asset.rb index 654a669e7..e714981f7 100644 --- a/app/models/asset.rb +++ b/app/models/asset.rb @@ -247,16 +247,17 @@ class Asset < ActiveRecord::Base end end - def presigned_url + def presigned_url(style = :original, download: false, time: 30) if file.is_stored_on_s3? + downloadArg = download ? 'attachment; filename=' + URI.escape(file_file_name) : nil signer = Aws::S3::Presigner.new(client: S3_BUCKET.client) - signer.presigned_url(:get_object, bucket: S3_BUCKET.name, - key: file.path[1..-1], - expires_in: 30, + key: file.path(style)[1..-1], + expires_in: time, # this response header forces object download - response_content_disposition: 'attachment; filename=' + URI.escape(file_file_name)) + response_content_disposition: downloadArg) + end end diff --git a/app/views/results/_result_asset.html.erb b/app/views/results/_result_asset.html.erb index 431d859ed..3ef425400 100644 --- a/app/views/results/_result_asset.html.erb +++ b/app/views/results/_result_asset.html.erb @@ -1,7 +1,8 @@ <% if can_view_or_download_result_assets(result.my_module) %> - <%= link_to image_tag(preview_asset_path result.asset), - download_asset_path(result.asset), data: {no_turbolink: true} if result.asset.is_image? %> -

<%= link_to result.asset.file_file_name, download_asset_path(result.asset), data: {no_turbolink: true} %>

+ <%= link_to download_asset_path(result.asset), data: {no_turbolink: true} do %> + <%= image_tag(preview_asset_path result.asset) if result.asset.is_image? %> +

<%= result.asset.file_file_name %>

+ <% end %> <% else %> <%= image_tag(preview_asset_path result.asset) if result.asset.is_image? %>

<%= result.asset.file_file_name %>

diff --git a/app/views/steps/_form_assets.html.erb b/app/views/steps/_form_assets.html.erb index 8d1568b1f..34ad3656a 100644 --- a/app/views/steps/_form_assets.html.erb +++ b/app/views/steps/_form_assets.html.erb @@ -10,12 +10,14 @@
<% if ff.object.file.exists? %> - <% if !(ff.object.file.content_type =~ /^image/).nil? %> - <%= image_tag ff.object.file.url(:medium) %> -
- <%= ff.object.file_file_name %> + <% if can_view_or_download_step_assets(@protocol) %> + <%= link_to download_asset_path(ff.object), data: {no_turbolink: true} do %> + <%= image_tag(preview_asset_path ff.object) if ff.object.is_image? %> +

<%= ff.object.file_file_name %>

+ <% end %> <% else %> - <%= ff.object.file_file_name %> + <%= image_tag(preview_asset_path ff.object) if ff.object.is_image? %> +

<%= ff.object.file_file_name %>

<% end %> <% else %> <%= ff.file_field :file %> diff --git a/app/views/steps/_step.html.erb b/app/views/steps/_step.html.erb index 73d1f7609..94e190535 100644 --- a/app/views/steps/_step.html.erb +++ b/app/views/steps/_step.html.erb @@ -74,21 +74,17 @@ <% assets.each do |asset| %>
  • <% if can_view_or_download_step_assets(@protocol) %> - <% if asset.file_present %> - <%= link_to download_asset_path(asset), data: {no_turbolink: true, id: true, status: "asset-present"} do %> - <% if asset.is_image? %> - <%= image_tag preview_asset_path(asset) %> - <% end %> - <%= raw '
    ' if asset.is_image? %> - <%= asset.file_file_name %> - <% end %> - <% else %> - <%= asset_loading_span(asset) %> + <% if asset.file_present %> + <%= link_to download_asset_path(asset), data: {no_turbolink: true, id: true, status: "asset-present"} do %> + <%= image_tag preview_asset_path(asset) if asset.is_image? %> +

    <%= asset.file_file_name %>

    <% end %> + <% else %> + <%= asset_loading_span(asset) %> + <% end %> <% else %> <%= image_tag preview_asset_path(asset) if asset.is_image? %> - <%= raw '
    ' if asset.is_image? %> - <%= asset.file_file_name %> +

    <%= asset.file_file_name %>

    <% end %>
  • <% end %> diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb index e0866af06..007d32e86 100644 --- a/config/initializers/paperclip.rb +++ b/config/initializers/paperclip.rb @@ -31,7 +31,8 @@ if ENV['PAPERCLIP_STORAGE'] == "s3" secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'] }, s3_permissions: { - original: :private + original: :private, + medium: :private }, s3_storage_class: { medium: :reduced_redundancy,