diff --git a/app/controllers/concerns/active_storage/check_blob_permissions.rb b/app/controllers/concerns/active_storage/check_blob_permissions.rb index 064c2ea4c..8e207156e 100644 --- a/app/controllers/concerns/active_storage/check_blob_permissions.rb +++ b/app/controllers/concerns/active_storage/check_blob_permissions.rb @@ -31,6 +31,8 @@ module ActiveStorage true when 'ZipExport', 'TeamZipExport' check_zip_export_read_permissions(attachment.record) + when 'TempFile' + check_temp_file_read_permissions(attachment.record) else render_403 end @@ -87,5 +89,9 @@ module ActiveStorage def check_zip_export_read_permissions(zip_export) render_403 unless zip_export.user == current_user end + + def check_temp_file_read_permissions(temp_file) + render_403 unless temp_file.session_id == request.session_options[:id].to_s + end end end diff --git a/app/jobs/protocols/docx_import_job.rb b/app/jobs/protocols/docx_import_job.rb index 0e96eed2e..0b1ae3003 100644 --- a/app/jobs/protocols/docx_import_job.rb +++ b/app/jobs/protocols/docx_import_job.rb @@ -9,7 +9,8 @@ module Protocols def perform(temp_files_ids, user_id, team_id) @user = User.find(user_id) @team = @user.teams.find(team_id) - TempFile.where(id: temp_files_ids).each do |temp_file| + @tmp_files = TempFile.where(id: temp_files_ids) + @tmp_files.each do |temp_file| temp_file.file.open do |protocol_file| parse_protocol(protocol_file) end @@ -135,15 +136,14 @@ module Protocols end def create_notification! - # TODO: Add proper protocol original file link - protocol_download_link = "" \ - "#{@protocol.name}" + original_file_download_link = + "" \ + "#{@tmp_files.take.file.filename}" notification = Notification.create!( type_of: :deliver, - title: I18n.t('protocols.import_export.import_protocol_notification.title', link: protocol_download_link), + title: I18n.t('protocols.import_export.import_protocol_notification.title', link: original_file_download_link), message: "#{I18n.t('protocols.import_export.import_protocol_notification.message')} " \ "" \