spud_media 0.8.3 → 0.9.0

data/Readme.markdown

@@ -0,0 +1,53 @@
+# Spud Media
+
+Spud Media is an engine for managing documents and other media miscellaneous files, designed for use with [Spud][1].
+
+## Installation/Usage
+
+1. In your Gemfile add the following
+
+    gem 'spud_media'
+
+2. Run bundle install
+3. Copy in database migrations to your new rails project
+
+    bundle exec rake railties:install:migrations
+    rake db:migrate
+
+4. Run a rails server instance and point your browser to /spud/admin
+
+## Configuration
+
+Spud Photos accepts the following configuration options:
+
+  Spud::Media.configure do |config|
+  
+    # s3 storage requires the 'aws-sdk' gem. defaults to filesystem
+    config.paperclip_storage = :s3
+    config.s3_credentials = "#{Rails.root}/config/s3.yml"
+
+    # see below for notes on 'storage_path_protected'
+    config.storage_path = "public/system/spud_media/:id/:style/:basename.:extension"
+    config.storage_path_protected = "public/system/spud_media_protected/:id/:style/:basename.:extension"
+    config.storage_url = "/system/spud_media/:id/:style/:basename.:extension"
+  end
+
+## File Protection
+
+Spud Media allows for individual files to be marked as protected. How this is actually implemented depends on whether you are using the local file system or Amazon S3 for file storage.
+
+### Filesystem
+
+Unprotected files are stored under `/public/system/spud_media` and are accessed directly by the web server. No further configuration is required, though you may customize the storage location if desired using `config.storage_path`.
+
+Protected files are moved to `public/system/spud_media_protected`. Note that the public-facing download URL should __not__ reflect the `protected` storage path. Instead the user will hit the same URL as before, but this time their request will hit the `show` action of the `ProtectedMedia` controller. 
+
+It is up to the individual developer to make sure that the protected storage path is not accessible by the public. You may choose to protect this folder via server configurations, or you can move the folder out of the document root using `config.storage_path_protected`.
+
+### Amazon S3
+
+Files marked as unprotected will be uploaded to Amazon using the `public_read` ACL. These files are accessed directly - ie, calling `@media.attachment_url` will link directly to Amazon.
+
+Files marked as protected are uploaded using the `private` ACL. In this case, calling `@media.attachment_url` will return a local URL that hits the show action of our `ProtectedMedia` controller. Once we have verified the user is logged in we generate a secure URL and redirect the user to it. The generated URL is good for 10 minutes. 
+
+[1]:https://github.com/davydotcom/spud_core_admin

data/app/controllers/protected_media_controller.rb

@@ -0,0 +1,26 @@
+class ProtectedMediaController < Spud::ApplicationController
+
+  before_filter :require_user
+
+  def show
+    @media = SpudMedia.where(:id => params[:id]).first
+    if @media.blank?
+      flash[:error] = "The requested file could not be found"
+      redirect_to(root_url)
+    else
+      if Spud::Media.config.paperclip_storage == :s3
+        secure_url = @media.attachment.s3_object.url_for(:read, :secure => true, :expires => 10.minutes)
+        redirect_to(secure_url.to_s)
+      else
+        filepath = File.join(Rails.root, @media.attachment.path)
+        if !File.exists?(filepath)
+          flash[:error] = "The requested file could not be found"
+          redirect_to root_path
+        else
+          send_file(filepath, :disposition => 'inline')
+        end
+      end
+    end
+  end
+
+end

data/app/controllers/spud/admin/media_controller.rb

@@ -2,7 +2,8 @@ class Spud::Admin::MediaController < Spud::Admin::ApplicationController
 	layout 'spud/admin/media/detail'
 	add_breadcrumb "Media", :spud_admin_media_path
 	belongs_to_spud_app :media
-	before_filter :load_media,:only => [:edit,:update,:show,:destroy]
+	before_filter :load_media,:only => [:edit,:update,:show,:destroy,:set_private,:set_access]
+	
 	def index
 		@media = SpudMedia.order("created_at DESC").paginate :page => params[:page]
 		respond_with @media
@@ -31,12 +32,20 @@ class Spud::Admin::MediaController < Spud::Admin::ApplicationController
 	end
 
 	def update
+		
 	end
 
 	def destroy
 		flash[:notice] = "File successfully destroyed" if @media.destroy
 		respond_with @media, :location => spud_admin_media_url
 	end
+
+	def set_access
+		is_protected = params[:protected] || false
+		@media.update_attribute(:is_protected, is_protected)
+		respond_with @media, :location => spud_admin_media_url
+	end
+
 private
 	def load_media
 		@media = SpudMedia.where(:id => params[:id]).first

data/app/helpers/protected_media_helper.rb

@@ -0,0 +1,3 @@
+module ProtectedMediaHelper
+
+end

data/app/models/spud_media.rb

@@ -1,10 +1,19 @@
 class SpudMedia < ActiveRecord::Base
+
 	has_attached_file :attachment,
      :storage => Spud::Media.paperclip_storage,
      :s3_credentials => Spud::Media.s3_credentials,
-     :path => Spud::Media.storage_path,
+     :s3_permissions => lambda { |attachment, style| 
+          attachment.instance.is_protected ? 'private' : 'public-read' 
+     },
+     :path => Spud::Media.paperclip_storage == :s3 ? Spud::Media.storage_path : lambda { |attachment| 
+          attachment.instance.is_protected ? Spud::Media.storage_path_protected : Spud::Media.storage_path
+     },
      :url => Spud::Media.storage_url
-     attr_accessible :attachment_content_type,:attachment_file_name,:attachment_file_size,:attachment
+
+     before_update :validate_permissions
+
+     attr_accessible :attachment_content_type,:attachment_file_name,:attachment_file_size,:attachment, :is_protected
      def image_from_type
      	if self.attachment_content_type.blank?
      		return "spud/admin/files_thumbs/dat_thumb.png"
@@ -14,8 +23,6 @@ class SpudMedia < ActiveRecord::Base
      		return "spud/admin/files_thumbs/jpg_thumb.png"
      	end
 
-     	
-
      	if self.attachment_content_type.match(/png/)
      		return "spud/admin/files_thumbs/png_thumb.png"
      	end
@@ -45,4 +52,50 @@ class SpudMedia < ActiveRecord::Base
 
      	return "spud/admin/files_thumbs/dat_thumb.png"
      end
+
+    # if you are using S3, attachment.url will automatically point to the S3 url
+    # protected files need to hit the rails middle-man first
+    # this method will provide the correct url for either case
+    def attachment_url
+      if Spud::Media.paperclip_storage == :s3 && is_protected
+        return Paperclip::Interpolations.interpolate(Spud::Media.config.storage_url, attachment, 'original')
+      else
+        return attachment.url
+      end
+    end
+
+     # If is_protected has changed, we need to make sure we are setting the appropriate permissions
+     # This means either moving the file in the filesystem or setting the appropriate ACL in S3
+    def validate_permissions
+      if Spud::Media.config.paperclip_storage == :filesystem
+        validate_permissions_filesystem
+      elsif Spud::Media.config.paperclip_storage == :s3
+        validate_permissions_s3
+      end
+    end
+
+private
+
+    def validate_permissions_filesystem
+      if is_protected
+        old_path = Paperclip::Interpolations.interpolate(Spud::Media.config.storage_path, attachment, 'original')
+        new_path = Paperclip::Interpolations.interpolate(Spud::Media.config.storage_path_protected, attachment, 'original')
+      else
+        old_path = Paperclip::Interpolations.interpolate(Spud::Media.config.storage_path_protected, attachment, 'original')
+        new_path = Paperclip::Interpolations.interpolate(Spud::Media.config.storage_path, attachment, 'original') 
+      end
+      new_base_dir = File.dirname(new_path)
+      old_base_dir= File.dirname(old_path)
+      if File.directory?(old_base_dir)
+        FileUtils.mv(old_base_dir, new_base_dir)
+      end
+    end
+
+    def validate_permissions_s3
+      if is_protected
+        attachment.s3_object.acl = :private
+      else
+        attachment.s3_object.acl = :public_read
+      end
+    end
 end

data/app/views/spud/admin/media/index.html.erb

@@ -6,9 +6,20 @@
 			<%@media.each do |media|%>
 				<div class="page_row">
 					
-				<span class="row_meta"><%=image_tag(media.image_from_type,:class => "size-50-thumb")%><%=link_to media.attachment.url.split("/").last,media.attachment.url%></span>
+				<span class="row_meta">
+					<%=image_tag(media.image_from_type,:class => "size-50-thumb")%>
+					<%=link_to media.attachment.url.split("/").last, media.attachment_url %>					
+				</span>
 
-				<span class="edit_controls"><%=link_to "Remove",spud_admin_medium_path(:id => media.id),:method => :delete,:class => 'btn btn-danger',:confirm => "Are you sure you want to remove this file?"%></span>
+				<span class="edit_controls">
+					<% if media.is_protected %>
+						<%= link_to raw('<i class="icon-lock"></i> Protected'), set_access_spud_admin_medium_path(media.id, :protected => false), :method => :put, :class => 'btn' %>
+					<% else %>
+						<%= link_to 'Public', set_access_spud_admin_medium_path(media.id, :protected => true), :method => :put, :class => 'btn' %>
+					<% end %>
+					<%=link_to "Remove",spud_admin_medium_path(:id => media.id),:method => :delete,:class => 'btn btn-danger',:confirm => "Are you sure you want to remove this file?"%>
+				</span>
+				
 				<br style="clear:both;"/>
 			</div>
 			<%end%>

data/app/views/spud/admin/media/new.html.erb

@@ -12,6 +12,13 @@
       </div>
 	  </div>
 	  
+    <div class="control-group">
+      <%= f.label :is_protected, 'Protected File', :class => 'control-label' %>
+      <div class="controls">
+        <%= f.check_box :is_protected %>
+      </div>
+    </div>
+
   <div class="form-actions">
       <%=f.submit "Upload", :class=>"btn btn-primary","data-loading-text"=>"Uploading..."%> or <%=link_to "cancel",spud_admin_media_path,:class => "btn"%>
     </div>

data/config/routes.rb

@@ -1,9 +1,11 @@
 Rails.application.routes.draw do
 	namespace :spud do
 		namespace :admin do
-			resources :media
+			resources :media do
+        put 'set_access', :on => :member
+      end
 		end
 	end
-   
-end
 
+  get Spud::Media.config.storage_url => 'ProtectedMedia#show', :as => 'protected_media'
+end

data/db/migrate/20120101194256_create_spud_media.rb

@@ -8,4 +8,4 @@ class CreateSpudMedia < ActiveRecord::Migration
       t.timestamps
     end
   end
-end
+end

data/db/migrate/20120501203325_add_protected_to_spud_media.rb

@@ -0,0 +1,6 @@
+class AddProtectedToSpudMedia < ActiveRecord::Migration
+  def change
+    add_column :spud_media, :is_protected, :boolean, :default => false
+    add_column :spud_media, :attachment_updated_at, :datetime
+  end
+end

data/lib/spud_media/configuration.rb

@@ -1,10 +1,11 @@
 module Spud
   module Media
     include ActiveSupport::Configurable
-    config_accessor :paperclip_storage,:s3_credentials,:storage_path,:storage_url
+    config_accessor :paperclip_storage,:s3_credentials,:storage_path,:storage_path_protected,:storage_url
     self.paperclip_storage = :filesystem
     self.s3_credentials = "#{Rails.root}/config/s3.yml"
-    self.storage_path = "public/system/:class/:id/attachment/:basename.:extension"
-    self.storage_url = "/system/:class/:id/attachment/:basename.:extension"
+    self.storage_path = "public/system/spud_media/:id/:style/:basename.:extension"
+    self.storage_path_protected = "public/system/spud_media_protected/:id/:style/:basename.:extension"
+    self.storage_url = "/system/spud_media/:id/:style/:basename.:extension"
   end
 end

data/lib/spud_media/version.rb

@@ -1,5 +1,5 @@
 module Spud
 	module Media
-		VERSION = "0.8.3"
+		VERSION = "0.9.0"
 	end
 end

data/lib/tasks/spud_media_tasks.rake

@@ -2,3 +2,14 @@
 # task :spud_media do
 #   # Task goes here
 # end
+
+namespace :spud_media do
+
+  desc "Validate that all media files have the proper permission settings"
+  task :validate_permissions => :environment do
+    SpudMedia.find_each do |m|
+      m.validate_permissions
+    end
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: spud_media
 version: !ruby/object:Gem::Version
-  version: 0.8.3
+  version: 0.9.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-01 00:00:00.000000000 Z
+date: 2012-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70147799490300 !ruby/object:Gem::Requirement
+  requirement: &70279704590120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 3.2.2
   type: :runtime
   prerelease: false
-  version_requirements: *70147799490300
+  version_requirements: *70279704590120
 - !ruby/object:Gem::Dependency
   name: spud_core
-  requirement: &70147799489780 !ruby/object:Gem::Requirement
+  requirement: &70279704589000 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -35,10 +35,10 @@ dependencies:
         version: 0.9.0
   type: :runtime
   prerelease: false
-  version_requirements: *70147799489780
+  version_requirements: *70279704589000
 - !ruby/object:Gem::Dependency
   name: paperclip
-  requirement: &70147799489060 !ruby/object:Gem::Requirement
+  requirement: &70279704603420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -46,10 +46,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70147799489060
+  version_requirements: *70279704603420
 - !ruby/object:Gem::Dependency
   name: mysql2
-  requirement: &70147799488680 !ruby/object:Gem::Requirement
+  requirement: &70279704602440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -57,10 +57,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70147799488680
+  version_requirements: *70279704602440
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70147799488220 !ruby/object:Gem::Requirement
+  requirement: &70279704601520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -68,10 +68,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70147799488220
+  version_requirements: *70279704601520
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70147799487800 !ruby/object:Gem::Requirement
+  requirement: &70279704600080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -79,10 +79,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70147799487800
+  version_requirements: *70279704600080
 - !ruby/object:Gem::Dependency
   name: factory_girl
-  requirement: &70147799487300 !ruby/object:Gem::Requirement
+  requirement: &70279704597640 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -90,10 +90,10 @@ dependencies:
         version: 2.5.0
   type: :development
   prerelease: false
-  version_requirements: *70147799487300
+  version_requirements: *70279704597640
 - !ruby/object:Gem::Dependency
   name: mocha
-  requirement: &70147799486800 !ruby/object:Gem::Requirement
+  requirement: &70279704611520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -101,10 +101,10 @@ dependencies:
         version: 0.10.3
   type: :development
   prerelease: false
-  version_requirements: *70147799486800
+  version_requirements: *70279704611520
 - !ruby/object:Gem::Dependency
   name: database_cleaner
-  requirement: &70147799656040 !ruby/object:Gem::Requirement
+  requirement: &70279704610980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -112,7 +112,7 @@ dependencies:
         version: 0.7.1
   type: :development
   prerelease: false
-  version_requirements: *70147799656040
+  version_requirements: *70279704610980
 description: Spud Media allows you to upload files to your site and manage them in
   the spud administrative panel. It also uses paperclip and supports s3 storage
 email:
@@ -142,7 +142,9 @@ files:
 - app/assets/libs/tiny_mce/plugins/spud_media/langs/en_dlg.js
 - app/assets/libs/tiny_mce/plugins/spud_media/template.htm
 - app/assets/stylesheets/spud/admin/media/application.css
+- app/controllers/protected_media_controller.rb
 - app/controllers/spud/admin/media_controller.rb
+- app/helpers/protected_media_helper.rb
 - app/helpers/spud/admin/users_helper.rb
 - app/helpers/spud/user_sessions_helper.rb
 - app/models/spud_media.rb
@@ -151,6 +153,7 @@ files:
 - app/views/spud/admin/media/new.html.erb
 - config/routes.rb
 - db/migrate/20120101194256_create_spud_media.rb
+- db/migrate/20120501203325_add_protected_to_spud_media.rb
 - lib/spud_media/configuration.rb
 - lib/spud_media/engine.rb
 - lib/spud_media/version.rb
@@ -158,7 +161,7 @@ files:
 - lib/tasks/spud_media_tasks.rake
 - MIT-LICENSE
 - Rakefile
-- README.rdoc
+- Readme.markdown
 - test/dummy/app/assets/javascripts/application.js
 - test/dummy/app/assets/stylesheets/application.css
 - test/dummy/app/controllers/application_controller.rb
@@ -201,7 +204,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3757302158423942530
+      hash: -3389397261865265902
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -210,10 +213,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3757302158423942530
+      hash: -3389397261865265902
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.15
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Spud File upload/management module

data/README.rdoc

@@ -1,3 +0,0 @@
-= SpudMedia
-
-This project rocks and uses MIT-LICENSE.