asset_host_core 2.0.0.beta

data/app/controllers/asset_host_core/admin/assets_controller.rb

@@ -0,0 +1,140 @@
+module AssetHostCore
+  module Admin
+    class AssetsController < BaseController
+      before_filter :get_asset, only: [:show, :update, :replace, :destroy]
+      skip_before_filter :verify_authenticity_token, only: [:upload, :replace]
+
+      #----------
+
+      def index
+        @assets = Asset.visible.order("updated_at desc")
+          .page(params[:page])
+          .per(24)
+      end
+
+      #----------
+
+      def search
+        @query = params[:q]
+
+        @assets = Asset.visible.search(@query,
+          :page          => params[:page] ? params[:page].to_i : 1,
+          :per_page      => 24,
+          :order         => "created_at DESC, @relevance DESC",
+          :field_weights => {
+            :title   => 10,
+            :caption => 5
+          }
+        )
+
+        render :index
+      end
+
+      #----------
+
+      def upload
+        file = params[:file]
+
+        # FIXME: Put in place to keep Firefox 7 happy
+        if !file.original_filename
+          file.original_filename = "upload.jpg"
+        end
+
+        asset = Asset.new(image: file)
+
+        if asset.save
+          render json: asset.as_json
+        else
+          render text: 'ERROR'
+        end
+      end
+
+      #----------
+
+      def metadata
+        @assets = Asset.where(id: params[:ids].split(','))
+      end
+
+      #----------
+
+      def update_metadata
+        params[:assets].each do |id, attributes|
+          asset = Asset.find(id)
+          asset.update_attributes(attributes)
+        end
+
+        redirect_to a_assets_path
+      end
+
+      #----------
+
+      def show
+        # Use "visible" here because we are choosing next/prev based on the
+        # index listing. Hard-coding the order here (ID) because the
+        # AssetHostBrowserUI uses ID if no ORDER option is passed in, which
+        # it currently isn't, so the grid is ordered by ID.
+        @assets   = AssetHostCore::Asset.visible.order('id desc')
+        @prev     = @assets.where('id > ?', @asset.id).last
+        @next     = @assets.where('id < ?', @asset.id).first
+      end
+
+      #----------
+
+      def update
+        if @asset.update_attributes(params[:asset])
+          flash[:notice] = "Successfully updated asset."
+          redirect_to a_asset_path(@asset)
+        else
+          flash[:notice] = @asset.errors.full_messages.join("<br/>")
+          render :action => :edit
+        end
+      end
+
+      #----------
+
+      def replace
+        file = params[:file]
+
+        if !file
+          render :text => 'ERROR' and return
+        end
+
+        # FIXME: Put in place to keep Firefox 7 happy
+        if !file.original_filename
+          file.original_filename = "upload.jpg"
+        end
+
+        # tell paperclip to replace our image
+        @asset.image = file
+
+        if @asset.save
+          render json: @asset.as_json
+        else
+          puts "Error: #{@asset.errors.to_s}"
+          render :text => 'ERROR'
+        end
+      end
+
+      #----------
+
+      def destroy
+        if @asset.destroy
+          flash[:notice] = "Deleted asset #{@asset.title}."
+          redirect_to a_assets_path
+        else
+          flash[:error] = "Unable to delete asset."
+          redirect_to a_asset_path(@asset)
+        end
+      end
+
+
+      #----------
+
+      protected
+
+      def get_asset
+        @asset = Asset.find(params[:id])
+      end
+    end
+  end
+end

data/app/controllers/asset_host_core/admin/base_controller.rb

@@ -0,0 +1,36 @@
+module AssetHostCore
+  module Admin
+    class BaseController < ApplicationController
+      layout 'asset_host_core/application'
+
+      before_filter :_authenticate_user!
+
+      helper_method :_current_user
+      helper_method :_sign_out_path
+
+      def _authenticate_user!
+        instance_eval &AssetHostCore::Config.authentication_method
+      end
+
+
+      def _current_user
+        instance_eval &AssetHostCore::Config.current_user_method
+      end
+
+
+      def _sign_out_path
+        instance_eval &AssetHostCore::Config.sign_out_path
+      end
+
+
+      private
+
+      def authorize_admin
+        unless current_user.is_admin?
+          flash[:error] = "You must be a superuser to do that."
+          redirect_to assethost.a_root_path and return false
+        end
+      end
+    end
+  end
+end

data/app/controllers/asset_host_core/admin/home_controller.rb

@@ -0,0 +1,13 @@
+module AssetHostCore
+  module Admin
+    class HomeController < BaseController
+      def chooser
+        @assets = AssetHostCore::Asset.order("updated_at desc")
+          .page(params[:page])
+          .per(24)
+
+        render layout: 'asset_host_core/minimal'
+      end
+    end
+  end
+end

data/app/controllers/asset_host_core/admin/outputs_controller.rb

@@ -0,0 +1,55 @@
+module AssetHostCore
+  module Admin
+    class OutputsController < BaseController
+      layout 'asset_host_core/full_width'
+
+      before_filter :authorize_admin
+      before_filter :get_output, except: [:index, :new, :create]
+
+
+      def index
+        @outputs = Output.all
+      end
+
+
+      def update
+        if @output.update_attributes(params[:output])
+          flash[:notice] = "Updated Output."
+          redirect_to a_outputs_path
+        else
+          render :edit
+        end
+      end
+
+
+      def new
+        @output = Output.new
+      end
+
+
+      def create
+        @output = Output.new(params[:output])
+
+        if @output.save
+          flash[:notice] = "Created Output."
+          redirect_to a_outputs_path
+        else
+          render :new
+        end
+      end
+
+
+      def destroy
+        @output.destroy
+        flash[:notice] = "Destroyed Output."
+        redirect_to a_outputs_path
+      end
+
+      private
+
+      def get_output
+        @output = Output.find(params[:id])
+      end
+    end
+  end
+end

data/app/controllers/asset_host_core/api/assets_controller.rb

@@ -0,0 +1,110 @@
+module AssetHostCore
+  module Api
+    class AssetsController < BaseController
+      before_filter :set_access_control_headers
+
+      before_filter -> { authorize(:read) }, only: [:index, :show, :tag]
+      before_filter -> { authorize(:write) }, only: [:update, :create]
+
+      before_filter :get_asset, only: [:show, :update, :tag]
+
+
+      def index
+        if params[:q].present?
+          @assets = Asset.visible.search(params[:q],
+            :page          => params[:page] ? params[:page].to_i : 1,
+            :per_page      => 24,
+            :order         => "created_at DESC, @relevance DESC",
+            :field_weights => {
+              :title   => 10,
+              :caption => 3
+            }
+          )
+        else
+          @assets = Asset.visible.order("updated_at desc")
+            .page(params[:page])
+            .per(24)
+        end
+
+        response.headers['X-Next-Page']       = (@assets.last_page? ? nil : @assets.current_page + 1).to_s
+        response.headers['X-Total-Entries']   = @assets.total_count.to_s
+
+        respond_with @assets
+      end
+
+
+      def show
+        respond_with @asset
+      end
+
+
+      def update
+        if @asset.update_attributes(params[:asset])
+          respond_with @asset
+        else
+          respond_with @asset.errors.full_messages, :status => :error
+        end
+      end
+
+
+      def create
+        if !params[:url]
+          render_bad_request(message: "Must provide an asset URL")
+          return false
+        end
+
+        # see if we have a loader for this URL
+        if asset = AssetHostCore.as_asset(params[:url])
+          if params[:note].present?
+            asset.notes += "\n#{params[:note]}"
+          end
+
+          asset.is_hidden   = params[:hidden].present?
+          asset.caption     = params[:caption] if params[:caption].present?
+          asset.owner       = params[:owner] if params[:owner].present?
+          asset.title       = params[:title] if params[:title].present?
+
+          asset.save
+          respond_with asset, location: a_asset_path(asset)
+
+        else
+          render_not_found(message: "Unable to find or load an asset at " \
+                                    "the URL #{params[:url]}")
+          return false
+        end
+      end
+
+
+      def tag
+        output  = Output.find_by_code!(params[:style])
+        ao      = @asset.outputs.where(output_id: output.id).first
+
+        tag = {
+          :id           => @asset.id,
+          :tag          => @asset.image.tag(params[:style].to_sym),
+          :updated_at   => @asset.image_updated_at,
+          :owner        => @asset.owner,
+          :width        => ao.try(:width),
+          :height       => ao.try(:height)
+        }
+
+        respond_with tag
+      end
+
+
+      private
+
+      def authorize(ability)
+        super ability, "AssetHostCore::Asset"
+      end
+
+      def get_asset
+        @asset = Asset.find_by_id(params[:id])
+
+        if !@asset
+          render_not_found and return false
+        end
+      end
+    end
+  end
+end

data/app/controllers/asset_host_core/api/base_controller.rb

@@ -0,0 +1,43 @@
+module AssetHostCore
+  module Api
+    class BaseController < ApplicationController
+      layout false
+
+      before_filter :authenticate_api_user
+      respond_to :json
+
+
+      private
+
+      def set_access_control_headers
+        response.headers['Access-Control-Allow-Origin'] =
+          request.env['HTTP_ORIGIN'] || "*"
+      end
+
+
+      # For the authentication/authorization checks, if the API is being
+      # accessed by AssetHost, then we should give it full write permission.
+      # If we add write ability via the API to Outputs or anything else,
+      # we should reassess this decision.
+      def authenticate_api_user
+        return true if current_user
+        @api_user = ApiUser.authenticate(params[:auth_token])
+
+        if !@api_user
+          render_unauthorized and return false
+        end
+      end
+
+
+      def authorize(ability, resource)
+        return true if current_user
+
+        if !@api_user.may?(ability, resource)
+          render_forbidden and return false
+        else
+          return true
+        end
+      end
+    end
+  end
+end

data/app/controllers/asset_host_core/api/outputs_controller.rb

@@ -0,0 +1,33 @@
+module AssetHostCore
+  module Api
+    class OutputsController < BaseController
+      before_filter -> { authorize(:read) }, only: [:index, :show]
+      before_filter :get_output, only: [:show]
+
+
+      def index
+        @outputs = Output.all
+        respond_with @outputs
+      end
+
+      def show
+        respond_with @output
+      end
+
+
+      private
+
+      def authorize(ability)
+        super ability, "AssetHostCore::Output"
+      end
+
+      def get_output
+        @output = Output.find_by_code(params[:id])
+
+        if !@output
+          render_not_found and return false
+        end
+      end
+    end
+  end
+end

data/app/controllers/asset_host_core/application_controller.rb

@@ -0,0 +1,43 @@
+module AssetHostCore
+  class ApplicationController < ::ApplicationController
+
+
+    private
+
+    def render_not_found(options={})
+      options[:message] ||= "Not Found"
+      render_error(status: 404, message: options[:message])
+    end
+
+    def render_bad_request(options={})
+      options[:message] ||= "Bad Request"
+      render_error(status: 400, message: options[:message])
+    end
+
+    def render_unauthorized(options={})
+      options[:message] ||= "Unauthorized"
+      render_error(status: 401, message: options[:message])
+    end
+
+    def render_forbidden(options={})
+      options[:message] ||= "Forbidden"
+      render_error(status: 403, message: options[:message])
+    end
+
+
+    def render_error(options={})
+      options[:message] ||= "Error"
+
+      respond_to do |format|
+        format.html { render status: options[:status] }
+
+        format.json do
+          render :json => {
+            :status => options[:status],
+            :error  => options[:message]
+          }, :status => options[:status]
+        end
+      end
+    end
+  end
+end