openproject/lib/api/v3/attachments/attachment_upload_represent...

#-- encoding: UTF-8

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See docs/COPYRIGHT.rdoc for more details.
#++

require 'roar/decorator'
require 'roar/json/hal'

module API
  module V3
    module Attachments
      class AttachmentUploadRepresenter < ::API::Decorators::Single
        include API::Decorators::DateProperty
        include API::Decorators::FormattableProperty
        include API::Decorators::LinkedResource

        self_link title_getter: ->(*) { represented.filename }

        associated_resource :author,
                            v3_path: :user,
                            representer: ::API::V3::Users::UserRepresenter

        def self.associated_container_getter
          ->(*) do
            next unless embed_links && container_representer

            container_representer
              .new(represented.container, current_user: current_user)
          end
        end

        def self.associated_container_link
          ->(*) do
            return nil unless v3_container_name == 'nil_class' || api_v3_paths.respond_to?(v3_container_name)

            ::API::Decorators::LinkObject
              .new(represented,
                   path: v3_container_name,
                   property_name: :container,
                   title_attribute: container_title_attribute)
              .to_hash
          end
        end

        attr_reader :form_url, :form_fields, :attachment

        def initialize(attachment, current_user:, embed_links: false)
          super

          fog_hash = DirectFogUploader.direct_fog_hash attachment: attachment

          @form_url = fog_hash[:uri]
          @form_fields = fog_hash.except :uri
          @attachment = attachment
        end

        associated_resource :container,
                            getter: associated_container_getter,
                            link: associated_container_link

        link :addAttachment do
          {
            href: form_url,
            method: :post,
            form_fields: form_fields
          }
        end

        link :delete do
          {
            href: api_v3_paths.attachment_upload(represented.id),
            method: :delete
          }
        end

        link :staticDownloadLocation do
          {
            href: api_v3_paths.attachment_content(attachment.id)
          }
        end

        link :downloadLocation do
          location = if attachment.external_storage?
                       attachment.external_url
                     else
                       api_v3_paths.attachment_content(attachment.id)
                     end
          {
            href: location
          }
        end

        link :completeUpload do
          {
            href: api_v3_paths.attachment_uploaded(attachment.id)
          }
        end

        property :id
        property :file_name,
                 getter: ->(*) { filename }

        formattable_property :description,
                             plain: true

        date_time_property :created_at

        def _type
          'AttachmentUpload'
        end

        def container_representer
          name = v3_container_name.camelcase

          "::API::V3::#{name.pluralize}::#{name}Representer".constantize
        rescue NameError
          nil
        end

        def v3_container_name
          ::API::Utilities::PropertyNameConverter.from_ar_name(represented.container.class.name.underscore).underscore
        end

        def container_title_attribute
          represented.container.respond_to?(:subject) ? :subject : :title
        end
      end
    end
  end
end
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`#-- encoding: UTF-8`

			`#-- copyright`
			`# OpenProject is an open source project management software.`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2012-2021 the OpenProject GmbH`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
			`# See docs/COPYRIGHT.rdoc for more details.`
			`#++`

			`require 'roar/decorator'`
			`require 'roar/json/hal'`

			`module API`
			`module V3`
			`module Attachments`
			`class AttachmentUploadRepresenter < ::API::Decorators::Single`
			`include API::Decorators::DateProperty`
			`include API::Decorators::FormattableProperty`
			`include API::Decorators::LinkedResource`

			`self_link title_getter: ->(*) { represented.filename }`

			`associated_resource :author,`
			`v3_path: :user,`
			`representer: ::API::V3::Users::UserRepresenter`

			`def self.associated_container_getter`
			`->(*) do`
			`next unless embed_links && container_representer`

			`container_representer`
			`.new(represented.container, current_user: current_user)`
			`end`
			`end`

			`def self.associated_container_link`
			`->(*) do`
			`return nil unless v3_container_name == 'nil_class' \|\| api_v3_paths.respond_to?(v3_container_name)`

			`::API::Decorators::LinkObject`
			`.new(represented,`
			`path: v3_container_name,`
			`property_name: :container,`
			`title_attribute: container_title_attribute)`
			`.to_hash`
			`end`
			`end`

safe automatic fixes by rubocop (#8994) 4 years ago			`attr_reader :form_url, :form_fields, :attachment`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago
[37868] Whitelist for attachment mime types and extensions on upload (#9431) * Add setting for whitelist * Make attachments API BaseServices compatible * Add prepare service and contract * Correctly pass the filename to the UploadedFile * Add presence check to filename * Fix expected validation message * We no longer raise a multipart error when metadata is empty * Fix filesize validation on prepared uploads * Add parser error if invalid metadata json * When attachment is not saved, use filename property * Return correct error message on JSON parser erroro * Fix specs * Use attachment upload representer * Fix direct uploads mocks with new service layer * Lint * Fix export job using attachment service * Fix IFC controller using attachment prepare service * Fix export job * RenameRename params_getter to params_source * Fix mail handler using attachment service * Fix usage of attachment create service in documents * Reuse shared examples for document attachment spec * Fix stubbed attachment service in export job spec * Use admin user in backup spec * Fix export job for bim * Fix attachment integration spec * Fix issues_controller spec * Make budget resource spec reuse common examples * Fix attachment parsing representer spec * Replace prepare part of attachment spec into separate service spec * Clear cache for login spec * Convert document create/update into services * Budget services * Allow options to be passed to property twin * Remove setting author on budget initialize * Replace meetings update with services * Replace ifc models attachment handling with services * Don't check uploader if changed by system * Fix uploader being changed by system * Replace wiki page attach_files with attachable services * Replace avatar saving * Replace snapshot attach_files * Skip double validation when container present * Set snapshot through attachment service * Remove attach_files * Validate content type in contract * Enforce writing the content type without accepting user input * Expect changed content_type * Fix content of viewpoint image to get correct content type * Fix tsv spec * Add create contract spec * Bypass whitelist in internal services when conflicting with user * Fix expects in specs after whitelist bypass * Render contract errors for wiki * Add before_hook to bodied to allow to pre-authorize permissions * Budget errors from contract * Document errors from contract 3 years ago			`def initialize(attachment, current_user:, embed_links: false)`
direct uploads to S3 for attachments including IFC models Co-authored-by: Oliver Günther <mail@oliverguenther.de> 4 years ago			`super`

			`fog_hash = DirectFogUploader.direct_fog_hash attachment: attachment`

			`@form_url = fog_hash[:uri]`
			`@form_fields = fog_hash.except :uri`
			`@attachment = attachment`
			`end`

			`associated_resource :container,`
			`getter: associated_container_getter,`
			`link: associated_container_link`

			`link :addAttachment do`
			`{`
			`href: form_url,`
			`method: :post,`
			`form_fields: form_fields`
			`}`
			`end`

			`link :delete do`
			`{`
			`href: api_v3_paths.attachment_upload(represented.id),`
			`method: :delete`
			`}`
			`end`

			`link :staticDownloadLocation do`
			`{`
			`href: api_v3_paths.attachment_content(attachment.id)`
			`}`
			`end`

			`link :downloadLocation do`
			`location = if attachment.external_storage?`
			`attachment.external_url`
			`else`
			`api_v3_paths.attachment_content(attachment.id)`
			`end`
			`{`
			`href: location`
			`}`
			`end`

			`link :completeUpload do`
			`{`
			`href: api_v3_paths.attachment_uploaded(attachment.id)`
			`}`
			`end`

			`property :id`
			`property :file_name,`
			`getter: ->(*) { filename }`

			`formattable_property :description,`
			`plain: true`

			`date_time_property :created_at`

			`def _type`
			`'AttachmentUpload'`
			`end`

			`def container_representer`
			`name = v3_container_name.camelcase`

			`"::API::V3::#{name.pluralize}::#{name}Representer".constantize`
			`rescue NameError`
			`nil`
			`end`

			`def v3_container_name`
			`::API::Utilities::PropertyNameConverter.from_ar_name(represented.container.class.name.underscore).underscore`
			`end`

			`def container_title_attribute`
			`represented.container.respond_to?(:subject) ? :subject : :title`
			`end`
			`end`
			`end`
			`end`
			`end`