mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-01-15 12:01:47 +08:00
103 lines
3 KiB
Ruby
103 lines
3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class MarvinJsAssetsController < ApplicationController
|
|
include MarvinJsActions
|
|
include ActiveStorage::SetCurrent
|
|
|
|
before_action :load_vars, except: :create
|
|
before_action :load_create_vars, only: :create
|
|
|
|
before_action :check_read_permission
|
|
before_action :check_manage_permission, only: %i(update create start_editing)
|
|
|
|
def create
|
|
result = MarvinJsService.create_sketch(marvin_params, current_user, current_team)
|
|
|
|
create_create_marvinjs_activity(result[:asset], current_user)
|
|
|
|
if result[:asset]
|
|
if marvin_params[:object_type] == 'Step' || marvin_params[:object_type] == 'Result'
|
|
render json: {
|
|
html: render_to_string(partial: 'assets/asset', locals: {
|
|
asset: result[:asset],
|
|
gallery_view_id: marvin_params[:object_id]
|
|
})
|
|
}
|
|
else
|
|
render json: result[:asset]
|
|
end
|
|
else
|
|
render json: result[:asset]&.errors, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
def update
|
|
asset = MarvinJsService.update_sketch(marvin_params, current_user, current_team)
|
|
|
|
create_edit_marvinjs_activity(asset, current_user, :finish_editing)
|
|
|
|
if asset
|
|
render json: { url: rails_representation_url(asset.medium_preview),
|
|
id: asset.id,
|
|
file_name: asset.blob.metadata['name'] }
|
|
else
|
|
render json: { error: t('marvinjs.no_sketches_found') }, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
def start_editing
|
|
create_edit_marvinjs_activity(@asset, current_user, :start_editing)
|
|
end
|
|
|
|
private
|
|
|
|
def load_vars
|
|
@asset = current_team.assets.find_by(id: params[:id])
|
|
return render_404 unless @asset
|
|
|
|
@assoc ||= @asset.step
|
|
@assoc ||= @asset.result
|
|
|
|
if @assoc.class == Step
|
|
@protocol = @assoc.protocol
|
|
elsif @assoc.class == Result
|
|
@my_module = @assoc.my_module
|
|
end
|
|
end
|
|
|
|
def load_create_vars
|
|
@assoc = Step.find_by(id: marvin_params[:object_id]) if marvin_params[:object_type] == 'Step'
|
|
@assoc = Result.find_by(id: params[:object_id]) if marvin_params[:object_type] == 'Result'
|
|
|
|
if @assoc.class == Step
|
|
@protocol = @assoc.protocol
|
|
elsif @assoc.class == Result
|
|
@my_module = @assoc.my_module
|
|
end
|
|
end
|
|
|
|
def check_read_permission
|
|
if @assoc.class == Step
|
|
return render_403 unless can_read_protocol_in_module?(@protocol) ||
|
|
can_read_protocol_in_repository?(@protocol)
|
|
elsif @assoc.class == Result
|
|
return render_403 unless can_read_experiment?(@my_module.experiment)
|
|
else
|
|
render_403
|
|
end
|
|
end
|
|
|
|
def check_manage_permission
|
|
if @assoc.class == Step
|
|
return render_403 unless can_manage_step?(@assoc)
|
|
elsif @assoc.class == Result
|
|
return render_403 unless can_manage_my_module?(@assoc.my_module)
|
|
else
|
|
render_403
|
|
end
|
|
end
|
|
|
|
def marvin_params
|
|
params.permit(:id, :description, :object_id, :object_type, :name, :image)
|
|
end
|
|
end
|