OpenProject is the leading open source project management software.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
openproject/lib/api/v3/attachments/attachments_by_container_ap...

190 lines
6.5 KiB

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2020 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2017 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# See docs/COPYRIGHT.rdoc for more details.
#++
require 'api/v3/attachments/attachment_collection_representer'
module API
module V3
module Attachments
module AttachmentsByContainerAPI
module Helpers
# Global helper to set allowed content_types
# This may be overriden when multipart is allowed (file uploads)
def allowed_content_types
if post_request?
%w(multipart/form-data)
else
super
end
end
def post_request?
request.env['REQUEST_METHOD'] == 'POST'
end
def parse_metadata(json)
return nil unless json
metadata = OpenStruct.new
::API::V3::Attachments::AttachmentMetadataRepresenter.new(metadata).from_json(json)
unless metadata.file_name
raise ::API::Errors::Validation.new(
:file_name,
"fileName #{I18n.t('activerecord.errors.messages.blank')}"
)
end
metadata
end
def parse_and_prepare
metadata = parse_metadata params[:metadata]
unless metadata
raise ::API::Errors::InvalidRequestBody.new(I18n.t('api_v3.errors.multipart_body_error'))
end
unless metadata.file_size
raise ::API::Errors::Validation.new(
:file_size,
"fileSize #{I18n.t('activerecord.errors.messages.blank')}"
)
end
with_handled_create_errors do
create_attachment metadata
end
end
def create_attachment(metadata)
Attachment.create_pending_direct_upload(
file_name: metadata.file_name,
container: container,
author: current_user,
content_type: metadata.content_type,
file_size: metadata.file_size
)
end
def parse_and_create
metadata = parse_metadata params[:metadata]
file = params[:file]
unless metadata && file
raise ::API::Errors::InvalidRequestBody.new(I18n.t('api_v3.errors.multipart_body_error'))
end
build_and_attach(metadata, file)
end
def build_and_attach(metadata, file)
uploaded_file = OpenProject::Files.build_uploaded_file file[:tempfile],
file[:type],
file_name: metadata.file_name.to_s
service = ::Attachments::CreateService.new(container, author: current_user)
with_handled_create_errors do
service.call uploaded_file: uploaded_file,
description: metadata.description
end
end
def check_permissions(permissions)
if permissions.empty?
raise API::Errors::Unauthorized unless container.attachments_addable?(current_user)
else
authorize_any(permissions, projects: container.project)
end
end
def require_direct_uploads
unless OpenProject::Configuration.direct_uploads?
raise API::Errors::NotFound, message: "Only available if direct uploads are enabled."
end
end
def with_handled_create_errors
yield
rescue ActiveRecord::RecordInvalid => error
raise ::API::Errors::ErrorBase.create_and_merge_errors(error.record.errors)
rescue StandardError => error
log_attachment_saving_error(error)
message =
if error&.class&.to_s == 'Errno::EACCES'
I18n.t('api_v3.errors.unable_to_create_attachment_permissions')
else
I18n.t('api_v3.errors.unable_to_create_attachment')
end
raise ::API::Errors::InternalError.new(message)
end
def log_attachment_saving_error(error)
container_message = if container
"on #{container.class} with ID #{container.id}"
else
"without container"
end
message = "Failed to save attachment #{container_message}: #{error&.class} - #{error&.message || 'Unknown error'}"
Rails.logger.error message
end
end
def self.read
-> do
attachments = container.attachments
AttachmentCollectionRepresenter.new(attachments,
get_attachment_self_path,
current_user: current_user)
end
end
def self.create(permissions = [])
-> do
check_permissions permissions
::API::V3::Attachments::AttachmentRepresenter.new(parse_and_create,
current_user: current_user)
end
end
def self.prepare(permissions = [])
-> do
require_direct_uploads
check_permissions permissions
::API::V3::Attachments::AttachmentUploadRepresenter.new(parse_and_prepare, current_user: current_user)
end
end
end
end
end
end