htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
092487344a3c538e607325e9867757c5f8a655b1
codeocean/app/controllers/code_ocean/files_controller.rb
Sebastian Serth 092487344a Replace obsolete HTTP status code :unprocessable_entity 
The new naming is :unprocessable_content and required by Rack 3.1+
2024-06-17 15:07:04 +02:00

92 lines
3.6 KiB
Ruby
Raw Blame History

# frozen_string_literal: true
module CodeOcean
class FilesController < ApplicationController
include CommonBehavior
include FileParameters
before_action :set_content_type_nosniff
# Overwrite the CSP header and some default actions for the :render_protected_upload action
content_security_policy false, only: :render_protected_upload
skip_before_action :deny_access_from_render_host, only: :render_protected_upload
skip_before_action :verify_authenticity_token, only: :render_protected_upload
skip_before_action :set_sentry_context, only: :render_protected_upload
before_action :require_user!, except: :render_protected_upload
# In case the .realpath cannot resolve a file (for example because it is no longer available)
rescue_from Errno::ENOENT, with: :render_not_found
def authorize!
authorize(@file)
end
private :authorize!
def show_protected_upload
@file = CodeOcean::File.find(params[:id])
authorize!
# The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.filepath != params[:filename] || @file.native_file.blank?
real_location = Pathname(@file.native_file.current_path).realpath
send_file(real_location, type: 'application/octet-stream', filename: @file.name_with_extension, disposition: 'attachment')
end
def render_protected_upload
# Set @current_user with a new *learner* for Pundit checks
@current_user = ExternalUser.new
@file = authorize AuthenticatedUrlHelper.retrieve!(CodeOcean::File, request)
# The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
raise Pundit::NotAuthorizedError unless @file.filepath == params[:filename] || @file.native_file.present?
real_location = Pathname(@file.native_file.current_path).realpath
send_file(real_location, type: @file.native_file.content_type, filename: @file.name_with_extension)
end
def create
@file = CodeOcean::File.new(file_params)
if @file.file_template_id
content = FileTemplate.find(@file.file_template_id).content
content.sub! '{{file_name}}', @file.name
@file.content = content
end
authorize!
create_and_respond(object: @file, path: proc { implement_exercise_path(@file.context.exercise) })
end
def create_and_respond(options = {})
@object = options[:object]
respond_to do |format|
if @object.save
yield if block_given?
path = options[:path].try(:call) || @object
respond_with_valid_object(format, notice: t('shared.object_created', model: @object.class.model_name.human),
path:, status: :created)
else
filename = "#{@object.path || ''}/#{@object.name || ''}#{@object.file_type.try(:file_extension) || ''}"
format.html do
flash[:danger] = t('code_ocean/files.error.filename', name: filename)
redirect_to(options[:path])
end
format.json { render(json: @object.errors, status: :unprocessable_content) }
end
end
end
def destroy
@file = CodeOcean::File.find(params[:id])
authorize!
destroy_and_respond(object: @file, path: @file.context)
end
def file_params
if params[:code_ocean_file].present?
params[:code_ocean_file].permit(file_attributes).merge(context_type: 'Submission',
role: 'user_defined_file')
end
end
private :file_params
end
end
Reference in New Issue View Git Blame Copy Permalink