From b4f632dba8949e2f0307bce2e3bea951b32cefbd Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Wed, 7 Aug 2019 13:29:04 +0200 Subject: [PATCH] Remove dowload endpoint from assets controller [SCI-3680] --- app/controllers/assets_controller.rb | 13 ++----------- .../active_storage/check_blob_permissions.rb | 2 +- app/views/my_modules/archive/_result.html.erb | 2 +- .../search/results/partials/_asset_text.html.erb | 6 +++--- app/views/shared/_asset_link.html.erb | 2 +- app/views/steps/attachments/_item.html.erb | 2 +- config/routes.rb | 3 --- 7 files changed, 9 insertions(+), 21 deletions(-) diff --git a/app/controllers/assets_controller.rb b/app/controllers/assets_controller.rb index bf0e79e3c..d87d4d4b0 100644 --- a/app/controllers/assets_controller.rb +++ b/app/controllers/assets_controller.rb @@ -13,8 +13,7 @@ class AssetsController < ApplicationController include FileIconsHelper before_action :load_vars, except: :create_wopi_file - # File download permissions are now managed by ActiveStorage controllers - before_action :check_read_permission, except: %i(download edit) + before_action :check_read_permission, except: :edit before_action :check_edit_permission, only: :edit def file_preview @@ -23,7 +22,7 @@ class AssetsController < ApplicationController 'type' => @asset.file.metadata[:asset_type] || (@asset.image? ? 'image' : 'file'), 'filename' => truncate(escape_input(@asset.file_name), length: Constants::FILENAME_TRUNCATION_LENGTH), - 'download-url' => download_asset_path(@asset, timestamp: Time.now.to_i) + 'download-url' => rails_blob_path(@asset.file, disposition: 'attachment') } can_edit = if @assoc.class == Step @@ -94,14 +93,6 @@ class AssetsController < ApplicationController return edit_supported, title end - def download - if !@asset.file.attached? - render_404 - else - redirect_to rails_blob_path(@asset.file, disposition: 'attachment') - end - end - def edit action = @asset.file_size.zero? && !@asset.locked? ? 'editnew' : 'edit' @action_url = append_wd_params(@asset.get_action_url(current_user, action, false)) diff --git a/app/controllers/concerns/active_storage/check_blob_permissions.rb b/app/controllers/concerns/active_storage/check_blob_permissions.rb index 276bb94ac..baa3c85b9 100644 --- a/app/controllers/concerns/active_storage/check_blob_permissions.rb +++ b/app/controllers/concerns/active_storage/check_blob_permissions.rb @@ -21,7 +21,7 @@ module ActiveStorage when 'User' # No read restrictions for avatars true - when 'ZipExport' + when 'ZipExport', 'TeamZipExport' check_zip_export_read_permissions else render_403 diff --git a/app/views/my_modules/archive/_result.html.erb b/app/views/my_modules/archive/_result.html.erb index 64cc1d1aa..9b944b660 100644 --- a/app/views/my_modules/archive/_result.html.erb +++ b/app/views/my_modules/archive/_result.html.erb @@ -9,7 +9,7 @@
  • <% option_text = t("my_modules.module_archive.option_download") %> <% if result.is_asset %> - <%= link_to t('protocols.index.archive_results.preview'), download_asset_path(result.asset), + <%= link_to t('protocols.index.archive_results.preview'), rails_blob_path(result.asset.file, disposition: 'attachment'), class: 'file-preview-link', id: "modal_link#{result.asset.id}", data: { turbolinks: false, id: true, status: 'asset-present', 'preview-url': asset_file_preview_path(result.asset) } %> diff --git a/app/views/search/results/partials/_asset_text.html.erb b/app/views/search/results/partials/_asset_text.html.erb index 04de9d822..a5ca105ed 100644 --- a/app/views/search/results/partials/_asset_text.html.erb +++ b/app/views/search/results/partials/_asset_text.html.erb @@ -7,7 +7,7 @@ <% if can_read_protocol_in_module?(protocol) || can_read_protocol_in_repository?(protocol) %> <% asset_read_allowed = true %> - + <%= text %> <% else %> @@ -16,7 +16,7 @@ <% elsif asset.result %> <% if can_read_experiment?(asset.result.my_module.experiment) %> <% asset_read_allowed = true %> - + <%= text %> <% else %> @@ -25,7 +25,7 @@ <% elsif asset.repository_asset_value %> <% if can_read_team?(asset.repository_asset_value.repository_cell.repository_row.repository.team) %> <% asset_read_allowed = true %> - + <%= text %> <% else %> diff --git a/app/views/shared/_asset_link.html.erb b/app/views/shared/_asset_link.html.erb index e63960561..70204927e 100644 --- a/app/views/shared/_asset_link.html.erb +++ b/app/views/shared/_asset_link.html.erb @@ -1,4 +1,4 @@ -<%= link_to download_asset_path(asset), +<%= link_to rails_blob_path(asset.file, disposition: 'attachment'), class: 'file-preview-link', id: "modal_link#{asset.id}", data: { no_turbolink: true, diff --git a/app/views/steps/attachments/_item.html.erb b/app/views/steps/attachments/_item.html.erb index 2723e1ffa..12baf425d 100644 --- a/app/views/steps/attachments/_item.html.erb +++ b/app/views/steps/attachments/_item.html.erb @@ -1,6 +1,6 @@
    - <%= link_to download_asset_path(asset), + <%= link_to rails_blob_path(asset.file, disposition: 'attachment'), class: 'file-preview-link', id: "modal_link#{asset.id}", data: { no_turbolink: true, diff --git a/config/routes.rb b/config/routes.rb index 420591b80..7013d788d 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -473,8 +473,6 @@ Rails.application.routes.draw do get 'result_texts/:id/download' => 'result_texts#download', as: :result_text_download resources :result_assets, only: [:edit, :update, :destroy] - get 'result_assets/:id/download' => 'result_assets#download', - as: :result_asset_download resources :result_tables, only: [:edit, :update, :destroy] get 'result_tables/:id/download' => 'result_tables#download', as: :result_table_download @@ -591,7 +589,6 @@ Rails.application.routes.draw do get 'files/:id/preview', to: 'assets#file_preview', as: 'asset_file_preview' - get 'files/:id/download', to: 'assets#download', as: 'download_asset' get 'files/:id/preview', to: 'assets#preview', as: 'preview_asset' get 'files/:id/view', to: 'assets#view', as: 'view_asset' get 'files/:id/edit', to: 'assets#edit', as: 'edit_asset'