rails-uploader 0.2.8 → 0.3.0

data/app/views/uploader/default/_container.html.erb

@@ -1,52 +1,26 @@
-<%= content_tag(:div, :id => field.id, :class => "uploader-dnd-area") do -%>
-  <%= hidden_field(field.object_name, :fileupload_guid, :object => field.object) if field.object.new_record? %>
-  
+<%= content_tag(:div, id: field.id, class: 'uploader-dnd-area', data: { tpml: field.klass.to_s, exists: field.exists? }) do -%>
+  <%= hidden_field(field.object_name, :fileupload_guid, object: field.object) if field.object.new_record? %>
+
   <div class="uploader-files"></div>
-  
-	<div class="uploader-dnd-hints">  
-	  <span class="uploader-button gray fileinput-button">
+
+  <div class="uploader-dnd-hints">
+    <span class="uploader-button gray fileinput-button">
       <span><%= I18n.t('uploader.button') %></span>
-      <%= fields_for field.object do |f| -%>
-	      <%= f.fields_for field.method_name, field.klass.new do |m| -%>
-          <%= m.file_field(:data, field.input_html) %>
-	      <% end -%>
-	    <% end -%>
+      <%= file_field field.method_name, :data, field.input_html %>
     </span>
-    
-	  <div class="uploader-dnd-hint">
-		  <%= I18n.t('uploader.or') %><span><%= I18n.t('uploader.drop') %></span>
-	  </div>
-	</div>
-	
-	<%= render :partial => "uploader/#{field.theme}/upload", :locals => {:field => field} %>
-  <%= render :partial => "uploader/#{field.theme}/download", :locals => {:field => field} %>
-  <%= render :partial => "uploader/#{field.theme}/sortable", :locals => {:field => field} if field.sortable? %>
-  
-	<script type="text/javascript">
+
+    <div class="uploader-dnd-hint">
+      <%= I18n.t('uploader.or') %><span><%= I18n.t('uploader.drop') %></span>
+    </div>
+  </div>
+
+  <%= render partial: "uploader/#{field.theme}/upload", locals: { field: field } %>
+  <%= render partial: "uploader/#{field.theme}/download", locals: { field: field } %>
+  <%= render partial: "uploader/#{field.theme}/sortable", locals: { field: field } if field.sortable? %>
+
+  <script type="text/javascript">
     $(function() {
-      var uploader, container;
-      container = $("#<%= field.id %> div.uploader-files");
-      
-      $('#<%= field.id %> input[type="file"]').each(function(){
-        $(this).fileupload({
-          dataType: 'json',
-          dropZone: $("#<%= field.id %>"),
-          autoUpload: true,
-          paramName: "asset[data]",
-          formData: function(form){ return []; },
-          filesContainer: container,
-          namespace: 'uploader',
-          uploadTemplateId: 'template-upload-<%= field.klass %>',
-          downloadTemplateId: 'template-download-<%= field.klass %>'
-        });
-        
-        <% if field.exists? -%>
-          uploader = ($(this).data('blueimp-fileupload') || $(this).data('fileupload'));
-          uploader
-            ._renderDownload(<%=raw field.values.to_json(:root => false) %>)
-            .appendTo(container);
-        <% end -%>
-      });
+      $("#<%= field.id %>").uploaderWidget();
     });
   </script>
 <% end -%>

data/app/views/uploader/default/_download.html.erb

@@ -1,18 +1,17 @@
-<!-- The template to display files available for download -->
 <script id="template-download-<%= field.klass %>" type="text/x-tmpl">
 {% for (var i=0, file; file=o.files[i]; i++) { %}
   <div id="asset_{%=file.id%}" class="attach_item template-download">
     <div class="buttons-panel">
-      <a href="#" class="del_btn delete" data-type="DELETE" data-url="/uploader/attachments/{%=file.public_token%}?klass=<%= field.klass %>"></a>
+      <a href="#" class="del_btn delete" data-type="DELETE" data-url="/uploader/attachments/{%=file.id%}?klass=<%= field.klass %>"></a>
     </div>
     <div class="thumbnail preview">
-      <a href="{%=file.url%}" download="{%=file.filename%}">
-        <img src="{%=file.thumb_url%}" title="{%=file.filename%}" rel="gallery" />
+      <a href="{%=file.url%}" download="{%=file.name%}">
+        <img src="{%=file.thumb_url%}" title="{%=file.name%}" rel="gallery" />
       </a>
     </div>
     <div class="infoHolder">
       <div class="fileName">
-        <a href="{%=file.url%}" download="{%=file.filename%}">{%=file.filename%}</a>
+        <a href="{%=file.url%}" download="{%=file.name%}">{%=file.name%}</a>
       </div>
       <div class="fileWeight">{%=o.formatFileSize(file.size)%}</div>
     </div>

data/app/views/uploader/default/_upload.html.erb

@@ -1,4 +1,3 @@
-<!-- The template to display files available for upload -->
 <script id="template-upload-<%= field.klass %>" type="text/x-tmpl">
 {% for (var i=0, file; file=o.files[i]; i++) { %}
   <div class="attach_item loading template-upload">

data/config/locales/en.yml

@@ -4,3 +4,5 @@ en:
     drop: "Drag&Drop files here"
     or: "or"
     confirm_delete: "Are you sure?"
+    access_denied:
+      message: 'Access denied'

data/config/locales/ru.yml

@@ -3,3 +3,6 @@ ru:
     button: "Выберите файл на компьютере"
     drop: "Перетащите файл сюда"
     or: "или"
+    confirm_delete: "Are you sure?"
+    access_denied:
+      message: 'Access denied'

data/config/locales/uk.yml

@@ -3,3 +3,6 @@ uk:
     button: "Виберіть файл на комп'ютері"
     drop: "Перетягніть файл сюди"
     or: "або"
+    confirm_delete: "Are you sure?"
+    access_denied:
+      message: 'Access denied'

data/config/routes.rb

@@ -1,3 +1,3 @@
 Uploader::Engine.routes.draw do
-  resources :attachments, :only => [:create, :update, :destroy]
+  resources :attachments, only: [:index, :create, :update, :destroy]
 end

data/lib/uploader/asset.rb

@@ -1,104 +1,83 @@
+require 'active_support/concern'
+
 module Uploader
   module Asset
-    def self.included(base)
-      base.send(:extend, Uploader::Asset::ClassMethods)
-      base.send(:include, Uploader::Asset::AssetProcessor)
-
-      base.instance_eval do
-        before_create :generate_public_token
-      end
-    end
-
-    module Mongoid
-      def self.included(base)
-        base.send(:extend, Uploader::Asset::ClassMethods)
-        base.send(:include, Uploader::Asset::AssetProcessor)
+    extend ActiveSupport::Concern
 
-        base.instance_eval do
-          field :guid, type: String
-          field :public_token, type: String
-
-          before_create :generate_public_token
-        end
+    module ClassMethods
+      def fileupload_find_asset(params)
+        where(id: params[:id]).first
       end
 
-      def as_json(options = {})
-        json_data = super
-        json_data['filename'] = File.basename(data.path)
-        json_data['size'] = data.file.size
-        json_data['id'] = json_data['_id']
-        json_data['thumb_url'] = data.thumb.url if data.respond_to?(:thumb)
-
-        json_data
+      def fileupload_find_assets(params)
+        where(assetable_type: params[:assetable_type], assetable_id: params[:assetable_id])
       end
 
-      def assetable_id_format(assetable_id)
-        Moped::BSON::ObjectId.from_string(assetable_id)
-      end
+      def fileupload_update_ordering(params)
+        assets = Array.wrap(params[:assets] || [])
 
-      class << self
-        def include_root_in_json
-          false
+        assets.each_with_index do |id, index|
+          where(id: id).update_all(sort_order: index)
         end
       end
     end
 
-    module ClassMethods
-      def generate_token(column)
-        loop do
-          token = Uploader.guid
-          break token unless where({ column => token }).exists?
-        end
-      end
+    # Save asset
+    # Usage:
+    #
+    #   class Asset < ActiveRecord::Base
+    #     include Uploader::Asset
+    #
+    #     def fileupload_create(params, request = nil)
+    #       self.user = request.env['warden'].user
+    #       super
+    #     end
+    #   end
+    #
+    def fileupload_create(params, _request = nil)
+      self[Uploader.guid_column] = params[:guid]
+      fileupload_set_assetable(params)
+      save
     end
 
-    module AssetProcessor
-      # Save asset
-      # Usage:
-      #
-      #   class Asset < ActiveRecord::Base
-      #     include Uploader::Asset
-      #
-      #     def uploader_create(params, request = nil)
-      #       self.user = request.env['warden'].user
-      #       super
-      #     end
-      #   end
-      #
-      def uploader_create(params, request = nil)
-        self.guid = params[:guid]
-        self.assetable_type = params[:assetable_type]
-        self.assetable_id = assetable_id_format(params[:assetable_id])
-        save
-      end
-
-      # Destroy asset
-      # Usage (cancan example):
-      #
-      #   class Asset < ActiveRecord::Base
-      #     include Uploader::Asset
-      #
-      #     def uploader_destroy(params, request = nil)
-      #       ability = Ability.new(request.env['warden'].user)
-      #       if ability.can? :delete, self
-      #         super
-      #       else
-      #         errors.add(:id, :access_denied)
-      #       end
-      #     end
-      #   end
-      #
-      def uploader_destroy(params, request)
-        destroy
-      end
+    # Destroy asset
+    # Usage (cancan example):
+    #
+    #   class Asset < ActiveRecord::Base
+    #     include Uploader::Asset
+    #
+    #     def fileupload_destroy(params, request = nil)
+    #       ability = Ability.new(request.env['warden'].user)
+    #       if ability.can? :delete, self
+    #         super
+    #       else
+    #         errors.add(:id, :access_denied)
+    #       end
+    #     end
+    #   end
+    #
+    def fileupload_destroy(_params, _request = nil)
+      destroy
+    end
 
-      def generate_public_token
-        self.public_token = self.class.generate_token(:public_token)
-      end
+    # Serialize asset to fileupload JSON format
+    #
+    def to_fileupload
+      {
+        id: id,
+        name: filename,
+        content_type: content_type,
+        size: size,
+        url:  url,
+        thumb_url: thumb_url
+      }
     end
 
-    def assetable_id_format(assetable_id)
-      assetable_id || 0
+    protected
+
+    def fileupload_set_assetable(params)
+      self.assetable_type = params[:assetable_type]
+      self.assetable_id = params[:assetable_id]
     end
   end
 end

data/lib/uploader/authorization.rb

@@ -0,0 +1,52 @@
+require 'active_support/concern'
+
+module Uploader
+  module Authorization
+    extend ActiveSupport::Concern
+
+    included do
+      include ActiveSupport::Rescuable
+
+      rescue_from Uploader::AccessDenied, with: :dispatch_uploader_access_denied
+    end
+
+    protected
+
+    # Authorize the action and subject. Available in the controller
+    def authorized?(action, subject = nil)
+      uploader_authorization.authorized?(action, subject)
+    end
+
+    # Authorize the action and subject. Available in the controller.
+    # If the action is not allowd, it raises an Uploader::AccessDenied exception.
+    def authorize!(action, subject = nil)
+      return if authorized?(action, subject)
+      raise Uploader::AccessDenied.new(current_uploader_user, action, subject)
+    end
+
+    # Retrieve or instantiate the authorization instance for this resource
+    def uploader_authorization
+      @uploader_authorization ||= uploader_authorization_adapter.new(current_uploader_user)
+    end
+
+    # Returns the class to be used as the authorization adapter
+    def uploader_authorization_adapter
+      adapter = Uploader.authorization_adapter
+
+      if adapter.is_a? String
+        ActiveSupport::Dependencies.constantize(adapter)
+      else
+        adapter
+      end
+    end
+
+    def dispatch_uploader_access_denied(exception)
+      render json: { message: exception.message }, status: 403
+    end
+
+    def current_uploader_user
+      return if Uploader.current_user_proc.nil?
+      @current_uploader_user ||= Uploader.current_user_proc.call(request)
+    end
+  end
+end

data/lib/uploader/authorization_adapter.rb

@@ -0,0 +1,24 @@
+module Uploader
+  class AuthorizationAdapter
+    attr_reader :user
+
+    # Initialize a new authorization adapter. This happens on each and
+    # every request to a controller.
+    def initialize(user)
+      @user = user
+    end
+
+    # Returns true of false depending on if the user is authorized to perform
+    # the action on the subject.
+    def authorized?(action, subject = nil)
+      true
+    end
+
+    # A hook method for authorization libraries to scope the collection. By
+    # default, we just return the same collection. The returned scope is used
+    # as the starting point for all queries to the db in the controller.
+    def scope_collection(collection, action = :index)
+      collection
+    end
+  end
+end

data/lib/uploader/chunked_uploads.rb

@@ -0,0 +1,15 @@
+module Uploader
+  module ChunkedUploads
+    extend ActiveSupport::Concern
+
+    protected
+
+    def with_chunked_upload(file_or_part)
+      uploader = UploadRequest.new(env, file_or_part)
+      return unless uploader.completed?
+
+      yield uploader.file
+      uploader.cleanup
+    end
+  end
+end

data/lib/uploader/engine.rb

@@ -2,6 +2,12 @@ require 'rails'
 require 'uploader'
 
 module Uploader
+  # Usage (config/routes.rb):
+  #
+  #   Rails.application.routes.draw do
+  #     mount Uploader::Engine => '/uploader'
+  #   end
+  #
   class Engine < ::Rails::Engine
     isolate_namespace Uploader
 

data/lib/uploader/file_part.rb

@@ -0,0 +1,18 @@
+module Uploader
+  class FilePart < File
+    def initialize(path, filename)
+      @filename = filename
+      super(path, 'a')
+    end
+
+    def original_filename
+      @filename
+    end
+
+    def concat(other_file)
+      binmode
+      write(other_file.read)
+      other_file.close
+    end
+  end
+end

data/lib/uploader/fileuploads.rb

@@ -1,25 +1,21 @@
+require 'active_support/concern'
+
 module Uploader
   module Fileuploads
-    def self.included(base)
-      base.send :extend, SingletonMethods
-    end
+    extend ActiveSupport::Concern
 
-    module Mongoid
-      def self.included(base)
-        base.send :include, Uploader::Fileuploads
-      end
+    included do
+      class_attribute :fileupload_options, instance_writer: false
 
-      def self.include_root_in_json
-        false
-      end
+      after_create :fileupload_update, if: :fileupload_changed?
     end
 
-    module SingletonMethods
+    module ClassMethods
       # Join ActiveRecord object with uploaded file
       # Usage:
       #
       #   class Article < ActiveRecord::Base
-      #     has_one :picture, :as => :assetable, :dependent => :destroy
+      #     has_one :picture, as: :assetable, dependent: :destroy
       #
       #     fileuploads :picture
       #   end
@@ -28,27 +24,16 @@ module Uploader
       def fileuploads(*args)
         options = args.extract_options!
 
-        unless respond_to?(:fileuploads_options)
-          class_attribute(:fileuploads_options, instance_writer: false)
-          self.fileuploads_options ||= {}
-
-          include InstanceMethods
-          extend ClassMethods
-
-          after_save :fileuploads_update, if: :fileupload_changed?
-        end
+        self.fileupload_options ||= {}
 
-        args.each do |name|
-          fileuploads_options[name] = options
-          accepts_nested_attributes_for(name, allow_destroy: true)
+        args.each do |column|
+          self.fileupload_options[column] = options
         end
       end
-    end
 
-    module ClassMethods
       # Update reflection klass by guid
       def fileupload_update(record_id, guid, method)
-        fileupload_scope(method, guid).update_all(assetable_id: record_id, guid: nil)
+        fileupload_scope(method, guid).update_all(assetable_id: record_id, Uploader.guid_column => nil)
       end
 
       # Find asset(s) by guid
@@ -58,7 +43,7 @@ module Uploader
       end
 
       def fileupload_scope(method, guid)
-        fileupload_klass(method).where(guid: guid, assetable_type: base_class.name.to_s)
+        fileupload_klass(method).where(assetable_type: base_class.name.to_s, Uploader.guid_column => guid)
       end
 
       # Find class by reflection
@@ -72,54 +57,46 @@ module Uploader
         # many? for Mongoid and :collection? for AR
         method_name = association.respond_to?(:many?) ? :many? : :collection?
 
-        !!(association && association.send(method_name))
-      end
-
-      unless respond_to?(:base_class)
-        def base_class
-          self
-        end
+        association && association.send(method_name)
       end
     end
 
-    module InstanceMethods
-      # Generate unique key
-      def fileupload_guid
-        @fileupload_guid ||= Uploader.guid
-      end
+    # Generate unique key per form
+    def fileupload_guid
+      @fileupload_guid ||= Uploader.guid
+    end
 
-      def fileupload_guid=(value)
-        @fileupload_changed = true unless value.blank?
-        @fileupload_guid = value.blank? ? nil : value
-      end
+    def fileupload_guid=(value)
+      @fileupload_changed = (@fileupload_guid != value)
+      @fileupload_guid = value.blank? ? nil : value
+    end
 
-      def fileupload_changed?
-        @fileupload_changed == true
-      end
+    def fileupload_changed?
+      @fileupload_changed == true
+    end
 
-      def fileupload_multiple?(method)
-        self.class.fileupload_multiple?(method)
-      end
+    def fileupload_multiple?(method)
+      self.class.fileupload_multiple?(method)
+    end
 
-      # Find or build new asset object
-      def fileupload_asset(method)
-        if fileuploads_columns.include?(method.to_sym)
-          asset = new_record? ? self.class.fileupload_find(method, fileupload_guid) : send(method)
-          asset ||= send("build_#{method}") if respond_to?("build_#{method}")
-          asset
-        end
+    # Find or build new asset object
+    def fileupload_asset(method)
+      if fileupload_associations.include?(method.to_sym)
+        asset = new_record? ? self.class.fileupload_find(method, fileupload_guid) : send(method)
+        asset ||= send("build_#{method}") if respond_to?("build_#{method}")
+        asset
       end
+    end
 
-      def fileuploads_columns
-        self.class.fileuploads_options.keys
-      end
+    def fileupload_associations
+      self.class.fileupload_options.keys
+    end
 
-      protected
+    protected
 
-      def fileuploads_update
-        fileuploads_options.each do |method, _options|
-          self.class.fileupload_update(id, fileupload_guid, method)
-        end
+    def fileupload_update
+      fileupload_options.each do |method, _options|
+        self.class.fileupload_update(id, fileupload_guid, method)
       end
     end
   end