2015-02-20 07:13:48 -05:00
|
|
|
class UploadsController < ApplicationController
|
2017-05-01 09:14:35 -04:00
|
|
|
include UploadsActions
|
2015-03-02 21:11:50 -05:00
|
|
|
|
2017-05-01 09:14:35 -04:00
|
|
|
skip_before_action :authenticate_user!
|
|
|
|
before_action :find_model
|
|
|
|
before_action :authorize_access!, only: [:show]
|
|
|
|
before_action :authorize_create_access!, only: [:create]
|
2015-02-23 22:35:42 -05:00
|
|
|
|
2015-03-02 21:11:50 -05:00
|
|
|
private
|
|
|
|
|
2015-03-10 09:50:42 -04:00
|
|
|
def find_model
|
2017-05-03 11:26:49 -04:00
|
|
|
return nil unless params[:id]
|
|
|
|
|
2017-05-01 09:14:35 -04:00
|
|
|
return render_404 unless upload_model && upload_mount
|
2015-03-10 09:50:42 -04:00
|
|
|
|
|
|
|
@model = upload_model.find(params[:id])
|
|
|
|
end
|
|
|
|
|
|
|
|
def authorize_access!
|
2017-05-29 03:54:35 -04:00
|
|
|
return nil unless model
|
|
|
|
|
2015-04-16 08:03:37 -04:00
|
|
|
authorized =
|
2017-05-01 09:14:35 -04:00
|
|
|
case model
|
2015-03-10 09:50:42 -04:00
|
|
|
when Note
|
2017-05-01 09:14:35 -04:00
|
|
|
can?(current_user, :read_project, model.project)
|
|
|
|
when User
|
2015-03-10 09:50:42 -04:00
|
|
|
true
|
2017-05-19 05:20:51 -04:00
|
|
|
when Appearance
|
|
|
|
true
|
2017-05-01 09:14:35 -04:00
|
|
|
else
|
|
|
|
permission = "read_#{model.class.to_s.underscore}".to_sym
|
|
|
|
|
|
|
|
can?(current_user, permission, model)
|
2015-03-10 09:50:42 -04:00
|
|
|
end
|
|
|
|
|
2017-05-01 09:14:35 -04:00
|
|
|
render_unauthorized unless authorized
|
|
|
|
end
|
|
|
|
|
|
|
|
def authorize_create_access!
|
2017-05-29 03:54:35 -04:00
|
|
|
return nil unless model
|
2017-05-03 11:26:49 -04:00
|
|
|
|
2017-05-01 09:14:35 -04:00
|
|
|
# for now we support only personal snippets comments
|
|
|
|
authorized = can?(current_user, :comment_personal_snippet, model)
|
2015-03-10 09:50:42 -04:00
|
|
|
|
2017-05-01 09:14:35 -04:00
|
|
|
render_unauthorized unless authorized
|
|
|
|
end
|
|
|
|
|
|
|
|
def render_unauthorized
|
2015-03-10 09:50:42 -04:00
|
|
|
if current_user
|
2015-10-09 13:07:29 -04:00
|
|
|
render_404
|
2015-03-10 09:50:42 -04:00
|
|
|
else
|
|
|
|
authenticate_user!
|
2015-02-23 22:35:42 -05:00
|
|
|
end
|
|
|
|
end
|
2015-03-02 21:11:50 -05:00
|
|
|
|
|
|
|
def upload_model
|
|
|
|
upload_models = {
|
2015-05-11 05:55:02 -04:00
|
|
|
"user" => User,
|
|
|
|
"project" => Project,
|
|
|
|
"note" => Note,
|
2016-02-22 14:49:16 -05:00
|
|
|
"group" => Group,
|
2017-05-01 09:14:35 -04:00
|
|
|
"appearance" => Appearance,
|
|
|
|
"personal_snippet" => PersonalSnippet
|
2015-03-02 21:11:50 -05:00
|
|
|
}
|
|
|
|
|
2015-05-11 05:55:02 -04:00
|
|
|
upload_models[params[:model]]
|
2015-03-02 21:11:50 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
def upload_mount
|
2017-05-01 09:14:35 -04:00
|
|
|
return true unless params[:mounted_as]
|
|
|
|
|
2016-02-22 14:49:16 -05:00
|
|
|
upload_mounts = %w(avatar attachment file logo header_logo)
|
2015-03-02 21:11:50 -05:00
|
|
|
|
|
|
|
if upload_mounts.include?(params[:mounted_as])
|
|
|
|
params[:mounted_as]
|
|
|
|
end
|
|
|
|
end
|
2017-05-01 09:14:35 -04:00
|
|
|
|
|
|
|
def uploader
|
|
|
|
return @uploader if defined?(@uploader)
|
|
|
|
|
2017-05-29 03:54:35 -04:00
|
|
|
case model
|
|
|
|
when nil
|
|
|
|
@uploader = PersonalFileUploader.new(nil, params[:secret])
|
|
|
|
|
|
|
|
@uploader.retrieve_from_store!(params[:filename])
|
|
|
|
when PersonalSnippet
|
2017-05-01 09:14:35 -04:00
|
|
|
@uploader = PersonalFileUploader.new(model, params[:secret])
|
|
|
|
|
|
|
|
@uploader.retrieve_from_store!(params[:filename])
|
|
|
|
else
|
|
|
|
@uploader = @model.send(upload_mount)
|
|
|
|
|
|
|
|
redirect_to @uploader.url unless @uploader.file_storage?
|
|
|
|
end
|
|
|
|
|
|
|
|
@uploader
|
|
|
|
end
|
|
|
|
|
|
|
|
def uploader_class
|
|
|
|
PersonalFileUploader
|
|
|
|
end
|
|
|
|
|
|
|
|
def model
|
|
|
|
@model ||= find_model
|
|
|
|
end
|
2015-02-20 07:13:48 -05:00
|
|
|
end
|