scinote-web/app/controllers/tiny_mce_assets_controller.rb
2019-12-16 16:05:40 +01:00

134 lines
4.1 KiB
Ruby

# frozen_string_literal: true
class TinyMceAssetsController < ApplicationController
include MarvinJsActions
include ActiveStorage::SetCurrent
before_action :load_vars, only: %i(marvinjs_show marvinjs_update download)
before_action :check_read_permission, only: %i(marvinjs_show marvinjs_update download)
before_action :check_edit_permission, only: %i(marvinjs_update)
def create
image = params.fetch(:file) { render_404 }
unless image.content_type.match?(%r{^image/#{Regexp.union(Constants::WHITELISTED_IMAGE_TYPES)}})
return render json: {
errors: [I18n.t('tiny_mce.unsupported_image_format')]
}, status: :unprocessable_entity
end
tiny_img = TinyMceAsset.new(team_id: current_team.id, saved: false)
tiny_img.transaction do
tiny_img.save!
tiny_img.image.attach(io: image, filename: image.original_filename)
end
if tiny_img.persisted?
render json: {
image: {
url: url_for(tiny_img.image),
token: Base62.encode(tiny_img.id)
}
}, content_type: 'text/html'
else
render json: {
errors: tiny_img.errors.full_messages
}, status: :unprocessable_entity
end
end
def download
if @asset&.image&.attached?
redirect_to rails_blob_path(@asset.image, disposition: 'attachment')
else
render_404
end
end
def marvinjs_show
asset = current_team.tiny_mce_assets.find_by_id(Base62.decode(params[:id]))
return render_404 unless asset
create_edit_marvinjs_activity(asset, current_user, :start_editing) if params[:show_action] == 'start_edit'
render json: {
name: asset.image.metadata[:name],
description: asset.image.metadata[:description]
}
end
def marvinjs_create
result = MarvinJsService.create_sketch(marvin_params, current_user, current_team)
if result[:asset]
render json: {
image: {
url: rails_representation_url(result[:asset].preview),
token: Base62.encode(result[:asset].id),
source_type: result[:asset].image.metadata[:asset_type]
}
}, content_type: 'text/html'
else
render json: result[:asset].errors, status: :unprocessable_entity
end
end
def marvinjs_update
asset = MarvinJsService.update_sketch(marvin_params, current_user, current_team)
if asset
create_edit_marvinjs_activity(asset, current_user, :finish_editing)
render json: { url: rails_representation_url(asset.preview), id: asset.id }
else
render json: { error: t('marvinjs.no_sketches_found') }, status: :unprocessable_entity
end
end
private
def load_vars
@asset = current_team.tiny_mce_assets.find_by_id(Base62.decode(params[:id]))
return render_404 unless @asset
@assoc = @asset.object
if @assoc.class == Step
@protocol = @assoc.protocol
elsif @assoc.class == Protocol
@protocol = @assoc
elsif @assoc.class == MyModule
@my_module = @assoc
elsif @assoc.class == ResultText
@my_module = @assoc.result.my_module
end
end
def check_read_permission
if @assoc.class == Step || @assoc.class == Protocol
return render_403 unless can_read_protocol_in_module?(@protocol) ||
can_read_protocol_in_repository?(@protocol)
elsif @assoc.class == ResultText || @assoc.class == MyModule
return render_403 unless can_read_experiment?(@my_module.experiment)
elsif @assoc.nil?
return render_403 unless current_team == @asset.team
else
render_403
end
end
def check_edit_permission
if @assoc.class == Step || @assoc.class == Protocol
return render_403 unless can_manage_protocol_in_module?(@protocol) ||
can_manage_protocol_in_repository?(@protocol)
elsif @assoc.class == ResultText || @assoc.class == MyModule
return render_403 unless can_manage_module?(@my_module)
elsif @assoc.nil?
return render_403 unless current_team == @asset.team
else
render_403
end
end
def marvin_params
params.permit(:id, :description, :object_id, :object_type, :name, :image)
end
end