2015-02-20 12:13:48 +00:00
|
|
|
class UploadsController < ApplicationController
|
2017-05-01 13:14:35 +00:00
|
|
|
include UploadsActions
|
2015-03-03 02:11:50 +00:00
|
|
|
|
2018-01-29 17:57:34 +00:00
|
|
|
UnknownUploadModelError = Class.new(StandardError)
|
|
|
|
|
|
|
|
MODEL_CLASSES = {
|
|
|
|
"user" => User,
|
|
|
|
"project" => Project,
|
|
|
|
"note" => Note,
|
|
|
|
"group" => Group,
|
|
|
|
"appearance" => Appearance,
|
|
|
|
"personal_snippet" => PersonalSnippet,
|
|
|
|
nil => PersonalSnippet
|
|
|
|
}.freeze
|
|
|
|
|
|
|
|
rescue_from UnknownUploadModelError, with: :render_404
|
|
|
|
|
2017-05-01 13:14:35 +00:00
|
|
|
skip_before_action :authenticate_user!
|
2018-01-29 17:57:34 +00:00
|
|
|
before_action :upload_mount_satisfied?
|
2017-05-01 13:14:35 +00:00
|
|
|
before_action :find_model
|
|
|
|
before_action :authorize_access!, only: [:show]
|
|
|
|
before_action :authorize_create_access!, only: [:create]
|
2015-02-24 03:35:42 +00:00
|
|
|
|
2018-01-29 17:57:34 +00:00
|
|
|
def uploader_class
|
|
|
|
PersonalFileUploader
|
|
|
|
end
|
2015-03-03 02:11:50 +00:00
|
|
|
|
2015-03-10 13:50:42 +00:00
|
|
|
def find_model
|
2017-05-03 15:26:49 +00:00
|
|
|
return nil unless params[:id]
|
|
|
|
|
2018-01-29 17:57:34 +00:00
|
|
|
upload_model_class.find(params[:id])
|
2015-03-10 13:50:42 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def authorize_access!
|
2017-05-29 07:54:35 +00:00
|
|
|
return nil unless model
|
|
|
|
|
2015-04-16 12:03:37 +00:00
|
|
|
authorized =
|
2017-05-01 13:14:35 +00:00
|
|
|
case model
|
2015-03-10 13:50:42 +00:00
|
|
|
when Note
|
2017-05-01 13:14:35 +00:00
|
|
|
can?(current_user, :read_project, model.project)
|
|
|
|
when User
|
2015-03-10 13:50:42 +00:00
|
|
|
true
|
2017-05-19 09:20:51 +00:00
|
|
|
when Appearance
|
|
|
|
true
|
2017-05-01 13:14:35 +00:00
|
|
|
else
|
|
|
|
permission = "read_#{model.class.to_s.underscore}".to_sym
|
|
|
|
|
|
|
|
can?(current_user, permission, model)
|
2015-03-10 13:50:42 +00:00
|
|
|
end
|
|
|
|
|
2017-05-01 13:14:35 +00:00
|
|
|
render_unauthorized unless authorized
|
|
|
|
end
|
|
|
|
|
|
|
|
def authorize_create_access!
|
2017-05-29 07:54:35 +00:00
|
|
|
return nil unless model
|
2017-05-03 15:26:49 +00:00
|
|
|
|
2017-05-01 13:14:35 +00:00
|
|
|
# for now we support only personal snippets comments
|
|
|
|
authorized = can?(current_user, :comment_personal_snippet, model)
|
2015-03-10 13:50:42 +00:00
|
|
|
|
2017-05-01 13:14:35 +00:00
|
|
|
render_unauthorized unless authorized
|
|
|
|
end
|
|
|
|
|
|
|
|
def render_unauthorized
|
2015-03-10 13:50:42 +00:00
|
|
|
if current_user
|
2015-10-09 17:07:29 +00:00
|
|
|
render_404
|
2015-03-10 13:50:42 +00:00
|
|
|
else
|
|
|
|
authenticate_user!
|
2015-02-24 03:35:42 +00:00
|
|
|
end
|
|
|
|
end
|
2015-03-03 02:11:50 +00:00
|
|
|
|
2018-01-29 17:57:34 +00:00
|
|
|
def upload_model_class
|
|
|
|
MODEL_CLASSES[params[:model]] || raise(UnknownUploadModelError)
|
2015-03-03 02:11:50 +00:00
|
|
|
end
|
2017-05-01 13:14:35 +00:00
|
|
|
|
2018-01-29 17:57:34 +00:00
|
|
|
def upload_model_class_has_mounts?
|
|
|
|
upload_model_class < CarrierWave::Mount::Extension
|
2017-05-01 13:14:35 +00:00
|
|
|
end
|
|
|
|
|
2018-01-29 17:57:34 +00:00
|
|
|
def upload_mount_satisfied?
|
|
|
|
return true unless upload_model_class_has_mounts?
|
2017-05-01 13:14:35 +00:00
|
|
|
|
2018-01-29 17:57:34 +00:00
|
|
|
upload_model_class.uploader_options.has_key?(upload_mount)
|
2017-05-01 13:14:35 +00:00
|
|
|
end
|
2015-02-20 12:13:48 +00:00
|
|
|
end
|