diff --git a/app/assets/javascripts/sitewide/marvinjs_editor.js b/app/assets/javascripts/sitewide/marvinjs_editor.js index df7997f3e..ecb52467a 100644 --- a/app/assets/javascripts/sitewide/marvinjs_editor.js +++ b/app/assets/javascripts/sitewide/marvinjs_editor.js @@ -276,7 +276,7 @@ var MarvinJsEditorApi = (function() { function openMarvinJs() { MarvinJsEditor.open({ mode: 'new-tinymce', - marvinUrl: '/marvin_js_assets', + marvinUrl: '/tiny_mce_assets/marvinjs', editor: editor }); } diff --git a/app/assets/javascripts/sitewide/tiny_mce.js b/app/assets/javascripts/sitewide/tiny_mce.js index 062f2b1c1..54959e6da 100644 --- a/app/assets/javascripts/sitewide/tiny_mce.js +++ b/app/assets/javascripts/sitewide/tiny_mce.js @@ -55,7 +55,7 @@ var TinyMCE = (function() { if (marvinJsEdit) { MarvinJsEditor.open({ mode: 'edit-tinymce', - marvinUrl: '/marvin_js_assets/' + image[0].dataset.sourceId, + marvinUrl: '/tiny_mce_assets/' + image[0].dataset.sourceId + '/marvinjs', image: image }); } diff --git a/app/controllers/marvin_js_assets_controller.rb b/app/controllers/marvin_js_assets_controller.rb index ea4c9401e..71167fa69 100644 --- a/app/controllers/marvin_js_assets_controller.rb +++ b/app/controllers/marvin_js_assets_controller.rb @@ -6,16 +6,6 @@ class MarvinJsAssetsController < ApplicationController before_action :check_read_permission before_action :check_edit_permission, only: %i(update create) - def show - asset = current_team.tiny_mce_assets.find_by_id(params[:id]) if marvin_params[:object_type] == 'TinyMceAsset' - return render_404 unless asset - - render json: { - name: asset.image.metadata[:name], - description: asset.image.metadata[:description] - } - end - def create result = MarvinJsService.create_sketch(marvin_params, current_user) if result[:asset] && marvin_params[:object_type] == 'Step' @@ -38,15 +28,6 @@ class MarvinJsAssetsController < ApplicationController locals: { result: result[:object] } ) }, status: :ok - elsif result[:asset] && marvin_params[:object_type] == 'TinyMceAsset' - render json: { - image: { - url: rails_representation_url(result[:asset].preview), - token: Base62.encode(result[:asset].id), - source_id: result[:asset].id, - source_type: result[:asset].image.metadata[:asset_type] - } - }, content_type: 'text/html' elsif result[:asset] render json: result[:asset] else @@ -56,9 +37,7 @@ class MarvinJsAssetsController < ApplicationController def update asset = MarvinJsService.update_sketch(marvin_params, current_user) - if asset && marvin_params[:object_type] == 'TinyMceAsset' - render json: { url: rails_representation_url(asset.preview), id: asset.id } - elsif asset + if asset render json: { url: rails_representation_url(asset.medium_preview), id: asset.id, file_name: asset.file_name } else render json: { error: t('marvinjs.no_sketches_found') }, status: :unprocessable_entity @@ -68,31 +47,19 @@ class MarvinJsAssetsController < ApplicationController private def load_vars - @asset = if marvin_params[:object_type] == 'TinyMceAsset' - current_team.tiny_mce_assets.find_by_id(params[:id]) - else - current_team.assets.find_by_id(params[:id]) - end + @asset = current_team.assets.find_by_id(params[:id]) if action_name == 'create' - return true if marvin_params[:object_type] == 'TinyMceAsset' - @assoc ||= Step.find_by_id(marvin_params[:object_id]) if marvin_params[:object_type] == 'Step' @assoc ||= MyModule.find_by_id(params[:object_id]) if marvin_params[:object_type] == 'Result' else return render_404 unless @asset - if marvin_params[:object_type] == 'TinyMceAsset' - @assoc ||= @asset.object - else - @assoc ||= @asset.step - @assoc ||= @asset.result - end + @assoc ||= @asset.step + @assoc ||= @asset.result end if @assoc.class == Step @protocol = @assoc.protocol - elsif @assoc.class == Protocol - @protocol = @assoc elsif @assoc.class == MyModule @my_module = @assoc elsif @assoc.class == Result @@ -101,7 +68,7 @@ class MarvinJsAssetsController < ApplicationController end def check_read_permission - if @assoc.class == Step || @assoc.class == Protocol + if @assoc.class == Step render_403 && return unless can_read_protocol_in_module?(@protocol) || can_read_protocol_in_repository?(@protocol) elsif @assoc.class == Result || @assoc.class == MyModule @@ -110,7 +77,7 @@ class MarvinJsAssetsController < ApplicationController end def check_edit_permission - if @assoc.class == Step || @assoc.class == Protocol + if @assoc.class == Step render_403 && return unless can_manage_protocol_in_module?(@protocol) || can_manage_protocol_in_repository?(@protocol) elsif @assoc.class == Result || @assoc.class == MyModule diff --git a/app/controllers/tiny_mce_assets_controller.rb b/app/controllers/tiny_mce_assets_controller.rb index fc7e18bb8..e944967b7 100644 --- a/app/controllers/tiny_mce_assets_controller.rb +++ b/app/controllers/tiny_mce_assets_controller.rb @@ -1,6 +1,11 @@ # frozen_string_literal: true class TinyMceAssetsController < ApplicationController + before_action :load_vars, only: %i(marvinjs_show marvinjs_update) + + before_action :check_read_permission, only: %i(marvinjs_show marvinjs_update) + before_action :check_edit_permission, only: %i(marvinjs_update) + def create image = params.fetch(:file) { render_404 } tiny_img = TinyMceAsset.new(team_id: current_team.id, saved: false) @@ -32,4 +37,80 @@ class TinyMceAssetsController < ApplicationController render_404 end end + + def marvinjs_show + asset = current_team.tiny_mce_assets.find_by_id(params[:id]) + return render_404 unless asset + + render json: { + name: asset.image.metadata[:name], + description: asset.image.metadata[:description] + } + end + + def marvinjs_create + result = MarvinJsService.create_sketch(marvin_params, current_user) + if result[:asset] + render json: { + image: { + url: rails_representation_url(result[:asset].preview), + token: Base62.encode(result[:asset].id), + source_id: result[:asset].id, + source_type: result[:asset].image.metadata[:asset_type] + } + }, content_type: 'text/html' + else + render json: result[:asset].errors, status: :unprocessable_entity + end + end + + def marvinjs_update + asset = MarvinJsService.update_sketch(marvin_params, current_user) + if asset + render json: { url: rails_representation_url(asset.preview), id: asset.id } + else + render json: { error: t('marvinjs.no_sketches_found') }, status: :unprocessable_entity + end + end + + private + + def load_vars + @asset = current_team.tiny_mce_assets.find_by_id(params[:id]) + return render_404 unless @asset + + @assoc ||= @asset.object + + if @assoc.class == Step + @protocol = @assoc.protocol + elsif @assoc.class == Protocol + @protocol = @assoc + elsif @assoc.class == MyModule + @my_module = @assoc + elsif @assoc.class == Result + @my_module = @assoc.my_module + end + end + + def check_read_permission + if @assoc.class == Step || @assoc.class == Protocol + render_403 && return unless can_read_protocol_in_module?(@protocol) || + can_read_protocol_in_repository?(@protocol) + elsif @assoc.class == Result || @assoc.class == MyModule + render_403 and return unless can_read_experiment?(@my_module.experiment) + end + end + + def check_edit_permission + if @assoc.class == Step || @assoc.class == Protocol + render_403 && return unless can_manage_protocol_in_module?(@protocol) || + can_manage_protocol_in_repository?(@protocol) + elsif @assoc.class == Result || @assoc.class == MyModule + render_403 and return unless can_manage_module?(@my_module) + end + end + + def marvin_params + params.permit(:id, :description, :object_id, :object_type, :name, :image) + end end diff --git a/config/routes.rb b/config/routes.rb index 3c5f77ad5..420591b80 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -452,6 +452,11 @@ Rails.application.routes.draw do resources :tiny_mce_assets, only: [:create] do member do get :download + get :marvinjs, to: 'tiny_mce_assets#marvinjs_show' + put :marvinjs, to: 'tiny_mce_assets#marvinjs_update' + end + collection do + post :marvinjs, to: 'tiny_mce_assets#marvinjs_create' end end