Class: AttachmentsController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• AttachmentsController

Defined in:

app/controllers/attachments_controller.rb

Instance Method Summary

• #create ⇒ Object
• #description ⇒ Object

  This returns a json object with description information of the requested file.

• #destroy ⇒ Object
• #download ⇒ Object

  This action allows to download a file, which is not in the public/ directory but at a secured location.

• #index ⇒ Object
• #update ⇒ Object

  PUT /attachments/1 PUT /attachments/1.json.

Methods inherited from ApplicationController

#current_navable, #current_navable=, #current_user, #point_navigation_to, #redirect_www_subdomain, #set_locale

Instance Method Details

#create ⇒ Object

# File 'app/controllers/attachments_controller.rb', line 10

def create
  if secure_parent
    authorize! :create_attachment_for, secure_parent
    secure_parent.touch
  else
    authorize! :create, Attachment
  end
  @attachment = Attachment.create! author: current_user
  @attachment.update_attributes(params[:attachment])
end

#description ⇒ Object

This returns a json object with description information of the requested file.

# File 'app/controllers/attachments_controller.rb', line 64

def description
  @attachment = Attachment.find(params[:attachment_id])
  authorize! :read, @attachment

  respond_to do |format|
    format.json do
      self.formats = [:html, :json]
      render json: {
        title: @attachment.title,
        description: @attachment.description,
        author: @attachment.author.title,
        html: render_to_string(partial: 'attachments/description', formats: [:html], locals: {attachment: @attachment})
      }
    end
  end
end

#destroy ⇒ Object

# File 'app/controllers/attachments_controller.rb', line 38

def destroy
  @attachment = Attachment.find(params[:id])
  @attachment.destroy
end

#download ⇒ Object

This action allows to download a file, which is not in the public/ directory but at a secured location. That way, access control for uploaded files cannot be circumvented by downloading files directly from the public folder.

github.com/carrierwaveuploader/carrierwave/wiki/How-To%3A-Secure-Upload

# File 'app/controllers/attachments_controller.rb', line 49

def download
  path = ""
  if secure_version
    if @attachment.file.versions[secure_version]
      path = @attachment.file.versions[secure_version].current_path
    end
  else
    path = @attachment.file.current_path
  end
  send_file path, x_sendfile: true, disposition: :inline
end

#index ⇒ Object

# File 'app/controllers/attachments_controller.rb', line 7

def index
end

#update ⇒ Object

PUT /attachments/1 PUT /attachments/1.json

# File 'app/controllers/attachments_controller.rb', line 24

def update
  @attachment = Attachment.find(params[:id])

  respond_to do |format|
    if @attachment.update_attributes(params[:attachment])
      format.html { redirect_to @attachment, notice: 'Attachment was successfully updated.' }
      format.json { head :no_content }
    else
      format.html { render action: "edit" }
      format.json { render json: @attachment.errors, status: :unprocessable_entity }
    end
  end
end