mirror of
https://github.com/scinote-eln/scinote-web.git
synced 2024-11-14 05:05:55 +08:00
144 lines
3.4 KiB
Ruby
144 lines
3.4 KiB
Ruby
class AssetsController < ApplicationController
|
|
before_action :load_vars, except: [:signature]
|
|
before_action :check_read_permission, except: [:signature, :file_present]
|
|
|
|
# Validates asset and then generates S3 upload posts, because
|
|
# otherwise untracked files could be uploaded to S3
|
|
def signature
|
|
respond_to do |format|
|
|
format.json {
|
|
asset = Asset.new(asset_params)
|
|
if asset.errors.any?
|
|
render json: {
|
|
status: 'error',
|
|
errors: asset.errors
|
|
}, status: :bad_request
|
|
else
|
|
posts = generate_upload_posts asset
|
|
render json: {
|
|
posts: posts
|
|
}
|
|
end
|
|
}
|
|
end
|
|
end
|
|
|
|
def file_present
|
|
respond_to do |format|
|
|
format.json {
|
|
if @asset.file_present
|
|
# Only if file is present,
|
|
# check_read_permission
|
|
check_read_permission
|
|
|
|
# If check_read_permission already rendered error,
|
|
# stop execution
|
|
if performed? then
|
|
return
|
|
end
|
|
|
|
# If check permission passes, return :ok
|
|
render json: {}, status: 200
|
|
else
|
|
render json: {}, status: 404
|
|
end
|
|
}
|
|
end
|
|
end
|
|
|
|
def preview
|
|
if @asset.is_image?
|
|
redirect_to @asset.presigned_url(:medium), status: 307
|
|
else
|
|
render_400
|
|
end
|
|
end
|
|
|
|
def download
|
|
if !@asset.file_present
|
|
render_404 and return
|
|
elsif @asset.file.is_stored_on_s3?
|
|
redirect_to @asset.presigned_url(download: true), status: 307
|
|
else
|
|
send_file @asset.file.path, filename: URI.unescape(@asset.file_file_name),
|
|
type: @asset.file_content_type
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def load_vars
|
|
@asset = Asset.find_by_id(params[:id])
|
|
|
|
unless @asset
|
|
render_404
|
|
end
|
|
|
|
step_assoc = @asset.step
|
|
result_assoc = @asset.result
|
|
|
|
@assoc = step_assoc if not step_assoc.nil?
|
|
@assoc = result_assoc if not result_assoc.nil?
|
|
|
|
if @assoc.class == Step
|
|
@protocol = @asset.step.protocol
|
|
else
|
|
@my_module = @assoc.my_module
|
|
end
|
|
end
|
|
|
|
def check_read_permission
|
|
if @assoc.class == Step
|
|
unless can_view_or_download_step_assets(@protocol)
|
|
render_403 and return
|
|
end
|
|
elsif @assoc.class == Result
|
|
unless can_view_or_download_result_assets(@my_module)
|
|
render_403 and return
|
|
end
|
|
end
|
|
end
|
|
|
|
def generate_upload_posts(asset)
|
|
posts = []
|
|
s3_post = S3_BUCKET.presigned_post(
|
|
key: asset.file.path[1..-1],
|
|
success_action_status: '201',
|
|
acl: 'private',
|
|
storage_class: "STANDARD",
|
|
content_length_range: 1..(FILE_SIZE_LIMIT.megabytes),
|
|
content_type: asset.file_content_type
|
|
)
|
|
posts.push({
|
|
url: s3_post.url,
|
|
fields: s3_post.fields
|
|
})
|
|
|
|
if (asset.file_content_type =~ /^image\//) == 0
|
|
asset.file.options[:styles].each do |style, option|
|
|
s3_post = S3_BUCKET.presigned_post(
|
|
key: asset.file.path(style)[1..-1],
|
|
success_action_status: '201',
|
|
acl: 'public-read',
|
|
storage_class: "REDUCED_REDUNDANCY",
|
|
content_length_range: 1..(FILE_SIZE_LIMIT.megabytes),
|
|
content_type: asset.file_content_type
|
|
)
|
|
posts.push({
|
|
url: s3_post.url,
|
|
fields: s3_post.fields,
|
|
style_option: option,
|
|
mime_type: asset.file_content_type
|
|
})
|
|
end
|
|
end
|
|
|
|
posts
|
|
end
|
|
|
|
def asset_params
|
|
params.permit(
|
|
:file
|
|
)
|
|
end
|
|
end
|