diff --git a/app/assets/javascripts/sitewide/file_preview.js.erb b/app/assets/javascripts/sitewide/file_preview.js.erb
index 8251f0807..f6dcbafb5 100644
--- a/app/assets/javascripts/sitewide/file_preview.js.erb
+++ b/app/assets/javascripts/sitewide/file_preview.js.erb
@@ -186,12 +186,17 @@
.click(function(ev) {
ev.stopPropagation();
}));
- modal.find('.file-edit-link').off().click(function(ev) {
- ev.preventDefault();
- ev.stopPropagation();
- modal.modal('hide');
- initImageEditor(data);
- });
+ if (data['editable']){
+ modal.find('.file-edit-link').css('display','');
+ modal.find('.file-edit-link').off().click(function(ev) {
+ ev.preventDefault();
+ ev.stopPropagation();
+ modal.modal('hide');
+ initImageEditor(data);
+ });
+ }else{
+ modal.find('.file-edit-link').css('display','none');
+ }
}
} else {
modal.find('.file-preview-container').html(data['preview-icon']);
diff --git a/app/controllers/assets_controller.rb b/app/controllers/assets_controller.rb
index e6a832f70..2b8ccac1b 100644
--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@@ -50,7 +50,8 @@ class AssetsController < ApplicationController
'filename' => truncate(@asset.file_file_name,
length:
Constants::FILENAME_TRUNCATION_LENGTH),
- 'download-url' => download_asset_path(@asset, timestamp: Time.now.to_i)
+ 'download-url' => download_asset_path(@asset, timestamp: Time.now.to_i),
+ 'editable' => @asset.editable?(current_user)
}
if @asset.is_image?
diff --git a/app/models/asset.rb b/app/models/asset.rb
index b8d36af0c..ff3a96ae9 100644
--- a/app/models/asset.rb
+++ b/app/models/asset.rb
@@ -10,8 +10,10 @@ class Asset < ApplicationRecord
# Paperclip validation
has_attached_file :file,
- styles: { large: [Constants::LARGE_PIC_FORMAT, :jpg],
- medium: [Constants::MEDIUM_PIC_FORMAT, :jpg] },
+ styles: {
+ large: [Constants::LARGE_PIC_FORMAT, :jpg],
+ medium: [Constants::MEDIUM_PIC_FORMAT, :jpg]
+ },
convert_options: {
medium: '-quality 70 -strip',
all: '-background "#d2d2d2" -flatten +matte'
@@ -463,6 +465,15 @@ class Asset < ApplicationRecord
save
end
+ def editable?(user)
+ objects = %w(step result)
+ my_module = send(objects.find { |object| send(object) }).my_module
+ Canaid::PermissionsHolder.instance.eval(:manage_experiment, user, my_module.experiment) &&
+ !locked? &&
+ %r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES_EDITABLE)}} ===
+ file.content_type
+ end
+
protected
# Checks if attachments is an image (in post processing imagemagick will
diff --git a/app/views/shared/_file_preview_modal.html.erb b/app/views/shared/_file_preview_modal.html.erb
index dfeac76bb..a4a77e569 100644
--- a/app/views/shared/_file_preview_modal.html.erb
+++ b/app/views/shared/_file_preview_modal.html.erb
@@ -15,7 +15,7 @@
<%= t('Download')%>
-
+
<%= t('Edit')%>
diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb
index e47ad2acf..553511198 100644
--- a/config/initializers/constants.rb
+++ b/config/initializers/constants.rb
@@ -219,6 +219,10 @@ class Constants
'gif', 'jpeg', 'pjpeg', 'png', 'x-png', 'svg+xml', 'bmp', 'tiff'
].freeze
+ WHITELISTED_IMAGE_TYPES_EDITABLE = %w(
+ gif jpeg pjpeg png
+ ).freeze
+
WHITELISTED_TAGS = %w(
a b strong i em li ul ol h1 del ins h2 h3 h4 h5 h6 br sub sup p code hr div
span u s blockquote pre col colgroup table thead tbody th tr td