diff --git a/app/controllers/concerns/active_storage/check_blob_permissions.rb b/app/controllers/concerns/active_storage/check_blob_permissions.rb
index 064c2ea4c..8e207156e 100644
--- a/app/controllers/concerns/active_storage/check_blob_permissions.rb
+++ b/app/controllers/concerns/active_storage/check_blob_permissions.rb
@@ -31,6 +31,8 @@ module ActiveStorage
true
when 'ZipExport', 'TeamZipExport'
check_zip_export_read_permissions(attachment.record)
+ when 'TempFile'
+ check_temp_file_read_permissions(attachment.record)
else
render_403
end
@@ -87,5 +89,9 @@ module ActiveStorage
def check_zip_export_read_permissions(zip_export)
render_403 unless zip_export.user == current_user
end
+
+ def check_temp_file_read_permissions(temp_file)
+ render_403 unless temp_file.session_id == request.session_options[:id].to_s
+ end
end
end
diff --git a/app/jobs/protocols/docx_import_job.rb b/app/jobs/protocols/docx_import_job.rb
index 0e96eed2e..0b1ae3003 100644
--- a/app/jobs/protocols/docx_import_job.rb
+++ b/app/jobs/protocols/docx_import_job.rb
@@ -9,7 +9,8 @@ module Protocols
def perform(temp_files_ids, user_id, team_id)
@user = User.find(user_id)
@team = @user.teams.find(team_id)
- TempFile.where(id: temp_files_ids).each do |temp_file|
+ @tmp_files = TempFile.where(id: temp_files_ids)
+ @tmp_files.each do |temp_file|
temp_file.file.open do |protocol_file|
parse_protocol(protocol_file)
end
@@ -135,15 +136,14 @@ module Protocols
end
def create_notification!
- # TODO: Add proper protocol original file link
- protocol_download_link = "" \
- "#{@protocol.name}"
+ original_file_download_link =
+ "" \
+ "#{@tmp_files.take.file.filename}"
notification = Notification.create!(
type_of: :deliver,
- title: I18n.t('protocols.import_export.import_protocol_notification.title', link: protocol_download_link),
+ title: I18n.t('protocols.import_export.import_protocol_notification.title', link: original_file_download_link),
message: "#{I18n.t('protocols.import_export.import_protocol_notification.message')} " \
"" \