mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2025-03-20 11:57:33 +08:00
77 lines
2.2 KiB
Ruby
77 lines
2.2 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class AssetSyncController < ApplicationController
|
|
skip_before_action :authenticate_user!, only: %i(update download)
|
|
skip_before_action :verify_authenticity_token, only: %i(update download)
|
|
before_action :authenticate_asset_sync_token!, only: %i(update download)
|
|
|
|
def show
|
|
asset = Asset.find_by(id: params[:asset_id])
|
|
|
|
head :forbidden unless asset && can_manage_asset?(asset)
|
|
|
|
asset_sync_token = current_user.asset_sync_tokens.find_or_create_by(asset_id: params[:asset_id])
|
|
|
|
unless asset_sync_token.token_valid?
|
|
asset_sync_token = current_user.asset_sync_tokens.create(asset_id: params[:asset_id])
|
|
end
|
|
|
|
render json: AssetSyncTokenSerializer.new(asset_sync_token).as_json
|
|
end
|
|
|
|
def download
|
|
redirect_to(@asset.file.url, allow_other_host: true)
|
|
end
|
|
|
|
def update
|
|
if @asset_sync_token.conflicts?(request.headers['VersionToken'])
|
|
render(
|
|
json: AssetSyncTokenSerializer.new(conflicting_asset_copy_token).as_json,
|
|
status: :conflict
|
|
)
|
|
return
|
|
end
|
|
|
|
@asset.file.attach(io: request.body, filename: @asset.file.filename)
|
|
@asset.touch
|
|
|
|
render json: AssetSyncTokenSerializer.new(@asset_sync_token).as_json
|
|
end
|
|
|
|
def api_url
|
|
render plain: Constants::ASSET_SYNC_URL
|
|
end
|
|
|
|
# private
|
|
|
|
def conflicting_asset_copy_token
|
|
Asset.transaction do
|
|
new_asset = @asset.dup
|
|
new_asset.save
|
|
new_asset.file.attach(
|
|
io: request.body,
|
|
filename: "#{@asset.file.filename.base} (#{t('general.copy')}).#{@asset.file.filename.extension}"
|
|
)
|
|
|
|
case @asset.parent
|
|
when Step
|
|
StepAsset.create!(step: @asset.step, asset: new_asset)
|
|
when Result
|
|
ResultAsset.create!(result: @asset.result, asset: new_asset)
|
|
end
|
|
|
|
current_user.asset_sync_tokens.create!(asset_id: new_asset.id)
|
|
end
|
|
end
|
|
|
|
def authenticate_asset_sync_token!
|
|
@asset_sync_token = AssetSyncToken.find_by(token: request.headers['Authentication'])
|
|
|
|
head(:unauthorized) and return unless @asset_sync_token&.token_valid?
|
|
|
|
@asset = @asset_sync_token.asset
|
|
@current_user = @asset_sync_token.user
|
|
|
|
head :forbidden unless can_manage_asset?(@asset)
|
|
end
|
|
end
|