mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-12-26 09:42:46 +08:00
134 lines
4.1 KiB
Ruby
134 lines
4.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class TinyMceAssetsController < ApplicationController
|
|
include MarvinJsActions
|
|
include ActiveStorage::SetCurrent
|
|
|
|
before_action :load_vars, only: %i(marvinjs_show marvinjs_update download)
|
|
|
|
before_action :check_read_permission, only: %i(marvinjs_show marvinjs_update download)
|
|
before_action :check_edit_permission, only: %i(marvinjs_update)
|
|
|
|
def create
|
|
image = params.fetch(:file) { render_404 }
|
|
unless image.content_type.match?(%r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}})
|
|
return render json: {
|
|
errors: [I18n.t('tiny_mce.unsupported_image_format')]
|
|
}, status: :unprocessable_entity
|
|
end
|
|
|
|
tiny_img = TinyMceAsset.new(team_id: current_team.id, saved: false)
|
|
|
|
tiny_img.transaction do
|
|
tiny_img.save!
|
|
tiny_img.image.attach(io: image, filename: image.original_filename)
|
|
end
|
|
|
|
if tiny_img.persisted?
|
|
render json: {
|
|
image: {
|
|
url: url_for(tiny_img.image),
|
|
token: Base62.encode(tiny_img.id)
|
|
}
|
|
}, content_type: 'text/html'
|
|
else
|
|
render json: {
|
|
errors: tiny_img.errors.full_messages
|
|
}, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
def download
|
|
if @asset&.image&.attached?
|
|
redirect_to rails_blob_path(@asset.image, disposition: 'attachment')
|
|
else
|
|
render_404
|
|
end
|
|
end
|
|
|
|
def marvinjs_show
|
|
asset = current_team.tiny_mce_assets.find_by_id(Base62.decode(params[:id]))
|
|
return render_404 unless asset
|
|
|
|
create_edit_marvinjs_activity(asset, current_user, :start_editing) if params[:show_action] == 'start_edit'
|
|
|
|
render json: {
|
|
name: asset.image.metadata[:name],
|
|
description: asset.image.metadata[:description]
|
|
}
|
|
end
|
|
|
|
def marvinjs_create
|
|
result = MarvinJsService.create_sketch(marvin_params, current_user, current_team)
|
|
if result[:asset]
|
|
render json: {
|
|
image: {
|
|
url: rails_representation_url(result[:asset].preview),
|
|
token: Base62.encode(result[:asset].id),
|
|
source_type: result[:asset].image.metadata[:asset_type]
|
|
}
|
|
}, content_type: 'text/html'
|
|
else
|
|
render json: result[:asset].errors, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
def marvinjs_update
|
|
asset = MarvinJsService.update_sketch(marvin_params, current_user, current_team)
|
|
if asset
|
|
create_edit_marvinjs_activity(asset, current_user, :finish_editing)
|
|
render json: { url: rails_representation_url(asset.preview), id: asset.id }
|
|
else
|
|
render json: { error: t('marvinjs.no_sketches_found') }, status: :unprocessable_entity
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def load_vars
|
|
@asset = current_team.tiny_mce_assets.find_by_id(Base62.decode(params[:id]))
|
|
return render_404 unless @asset
|
|
|
|
@assoc = @asset.object
|
|
|
|
if @assoc.class == Step
|
|
@protocol = @assoc.protocol
|
|
elsif @assoc.class == Protocol
|
|
@protocol = @assoc
|
|
elsif @assoc.class == MyModule
|
|
@my_module = @assoc
|
|
elsif @assoc.class == ResultText
|
|
@my_module = @assoc.result.my_module
|
|
end
|
|
end
|
|
|
|
def check_read_permission
|
|
if @assoc.class == Step || @assoc.class == Protocol
|
|
return render_403 unless can_read_protocol_in_module?(@protocol) ||
|
|
can_read_protocol_in_repository?(@protocol)
|
|
elsif @assoc.class == ResultText || @assoc.class == MyModule
|
|
return render_403 unless can_read_experiment?(@my_module.experiment)
|
|
elsif @assoc.nil?
|
|
return render_403 unless current_team == @asset.team
|
|
else
|
|
render_403
|
|
end
|
|
end
|
|
|
|
def check_edit_permission
|
|
if @assoc.class == Step || @assoc.class == Protocol
|
|
return render_403 unless can_manage_protocol_in_module?(@protocol) ||
|
|
can_manage_protocol_in_repository?(@protocol)
|
|
elsif @assoc.class == ResultText || @assoc.class == MyModule
|
|
return render_403 unless can_manage_module?(@my_module)
|
|
elsif @assoc.nil?
|
|
return render_403 unless current_team == @asset.team
|
|
else
|
|
render_403
|
|
end
|
|
end
|
|
|
|
def marvin_params
|
|
params.permit(:id, :description, :object_id, :object_type, :name, :image)
|
|
end
|
|
end
|