Class: UploadsController

Inherits:
CrmController show all
Includes:
Controllers::Destroyable, Controllers::UploadsTab, PresignedUploadActions
Defined in:
app/controllers/uploads_controller.rb

Overview

Controller: uploads.

Constant Summary

Constants included from Controllers::ReferenceFindable

Controllers::ReferenceFindable::ID_EMBEDDED_PATTERNS

Constants included from Controllers::AnalyticsEvents

Controllers::AnalyticsEvents::MAX_QUEUED_EVENTS, Controllers::AnalyticsEvents::SESSION_KEY

Constants included from Controllers::ErrorRendering

Controllers::ErrorRendering::NON_CONTENT_PATH_PREFIXES

Constants included from Www::SeoHelper

Www::SeoHelper::AWARDS, Www::SeoHelper::CA_ADDRESS, Www::SeoHelper::CA_BUSINESS_HOURS, Www::SeoHelper::CA_CONTACT_POINT, Www::SeoHelper::CA_CURRENCIES, Www::SeoHelper::CA_DESCRIPTION, Www::SeoHelper::CA_FOUNDING_DATE, Www::SeoHelper::CA_GLOBAL_LOCATION_NUMBER, Www::SeoHelper::CA_LEGAL_NAME, Www::SeoHelper::CA_LOCAL_BUSINESS, Www::SeoHelper::CA_ONLINE_STORE, Www::SeoHelper::CA_RETURN_POLICY, Www::SeoHelper::CA_SALES_DEPARTMENT, Www::SeoHelper::CA_SERVICE_AREA, Www::SeoHelper::CA_URL, Www::SeoHelper::CA_VAT_ID, Www::SeoHelper::CA_WAREHOUSE_DEPARTMENT, Www::SeoHelper::CA_WAREHOUSE_HOURS, Www::SeoHelper::COMPANY_EMAIL, Www::SeoHelper::COMPANY_LOGO, Www::SeoHelper::COMPANY_NAME, Www::SeoHelper::COMPANY_SLOGAN, Www::SeoHelper::EXPERTISE, Www::SeoHelper::FAX_NUMBER, Www::SeoHelper::GS1_COMPANY_PREFIX, Www::SeoHelper::ISO6523_CODE, Www::SeoHelper::PAYMENT_METHODS, Www::SeoHelper::PHONE_NUMBER, Www::SeoHelper::PRIMARY_NAICS, Www::SeoHelper::REFUND_TYPE, Www::SeoHelper::RETURN_FEES, Www::SeoHelper::RETURN_METHOD, Www::SeoHelper::RETURN_POLICY_CATEGORY, Www::SeoHelper::SECONDARY_NAICS, Www::SeoHelper::SOCIAL_PROFILES, Www::SeoHelper::US_ADDRESS, Www::SeoHelper::US_BUSINESS_HOURS, Www::SeoHelper::US_CONTACT_POINT, Www::SeoHelper::US_CURRENCIES, Www::SeoHelper::US_DESCRIPTION, Www::SeoHelper::US_FOUNDING_DATE, Www::SeoHelper::US_GLOBAL_LOCATION_NUMBER, Www::SeoHelper::US_IMAGE, Www::SeoHelper::US_LEGAL_NAME, Www::SeoHelper::US_LOCAL_BUSINESS, Www::SeoHelper::US_ONLINE_STORE, Www::SeoHelper::US_RETURN_POLICY, Www::SeoHelper::US_SALES_DEPARTMENT, Www::SeoHelper::US_SERVICE_AREA, Www::SeoHelper::US_TAX_ID, Www::SeoHelper::US_URL, Www::SeoHelper::US_WAREHOUSE_DEPARTMENT, Www::SeoHelper::US_WAREHOUSE_HOURS

Constants included from IconHelper

IconHelper::CUSTOM_ICON_MAP, IconHelper::CUSTOM_SVG_DIR, IconHelper::DEFAULT_FAMILY

Instance Method Summary collapse

Methods included from PresignedUploadActions

#presigned_url, #upload_complete

Methods included from Controllers::Destroyable

#perform_destroy

Methods inherited from CrmController

#access_denied, #context_id, #context_object, #crm_home_path, #current_ability, #default_url_options, #download_temp, #get_tempfile_path_for_download, #init_status_job_collector, #initialize_crm_lazy_chunks, #persist_enqueued_status_jobs, #record_not_found, #redirect_to_job_or_fallback, #render_edit_action, #set_context, #set_download_path, #stash_file_for_temp_download, #sync_admin_presence_cookie

Methods inherited from ApplicationController

#account_impersonated?, #add_to_flash, #after_sign_in_path_for, #bypass_forgery_protection?, #chat_enabled?, #cloudflare_cleared?, #default_catalog, #default_url_options, #enable_turbo_frames, #find_publication, #fix_invalid_accept_header, #init_js_utils, #is_globals_call?, #layout_by_resource, #locale_store, #redirect_to, #require_employee_for_crm, #set_base_host, #set_real_ip, #set_report_errors_for, #should_render_layout?, #stamp_impersonation_context, #warmlyyours_canada_ip?, #warmlyyours_ip?, #y

Methods included from Controllers::ReturnPathHandling

#check_for_return_path, #redirect_to_return_path_or_default

Methods included from Controllers::AnalyticsEvents

#consume_queued_analytics_events, #track_event

Methods included from Controllers::DeviceDetection

#device_detector, #is_ie?

Methods included from Controllers::SubdomainDetection

#is_crm_request?, #is_www_request?, #json_request?

Methods included from Controllers::TurboSafeRedirect

#redirect_to

Methods included from Controllers::TrackingDetection

#bot_request?, #gdpr_country?, #gdpr_country_data, #prevent_bots, #set_tracking_cookie, #track_visitor?

Methods included from Controllers::AcceleratedFileSending

#send_file_accelerated, #send_upload_accelerated

Methods included from Controllers::ErrorRendering

#excp_string, #mail_to_for_error_reporting, #render_400, #render_404, #render_406, #render_410, #render_500, #render_invalid_authenticity_token, #render_ip_spoof_error, #render_unpermitted_parameters, #safe_referer_or_fallback

Methods included from Controllers::TurnstileVerification

#load_turnstile_script_tag, #turnstile_lazy_widget, #turnstile_script_tag, #turnstile_widget, #validate_turnstile!

Methods included from Controllers::CloudflareCaching

edge_cached, #edge_cached_action?, #reset_cloudflare_cache, #set_cloudflare_cache, #skip_edge_cache!, #skip_session

Methods included from Controllers::Webpackable

#preload_webpack_fonts, #webpack_css_include, #webpack_css_url, #webpack_js_include, #wpd_is_running?

Methods included from Controllers::Localizable

#cloudflare_country_locale, #determine_request_locale, #geocoder_locale, #guest_user_locale_check, #locale_optional_www_auth_path?, #param_locale, #set_locale, #set_request_locale, #skip_localization?, #warmlyyours_ip_locale

Methods included from Controllers::Authenticable

#access_denied, #authenticate_account, #authenticate_account!, #authenticate_account_from_login_token!, #check_is_a_manager, #check_is_a_sales_manager, #check_is_an_admin, #check_is_an_employee, #check_party, #clear_mismatched_guest_user, #create_guest_user, #credentials?, #current_or_guest_user, #current_or_guest_user_id_read_only, #current_user, #devise_mapping, #fully_logged_in?, #generate_bot_id, #guest_user, #identifiable?, #init_current_user, #initialize_guest, #load_context_user, #logging_in, #resource, #resource_name, #restrict_access_for_non_employees, #scrubbed_request_path, #user_object, #warn_on_session_guest_id_leak

Methods included from ApplicationHelper

#better_number_to_currency, #check_force_logout, #check_or_cross, #check_or_times, #embedded_tab_frame_id, #error_messages, #general_disclaimer_on_product_installation_and_local_codes, #gridjs_from_html_table, #gridjs_table, #is_wy_ip, #line_break, #parent_layout, #pass_or_fail, #render_error_messages_list, #render_video_card, #resolved_auth_form_turbo_frame, #return_path_or, #safe_css_color, #set_return_path_if_present, #set_section_if_present, #tab_frame_id, #to_underscore, #track_page?, #turbo_section_wrapper, #turbo_tabs_request?, #url_on_same_domain_as_request, #widget_index_daily_focus_index_path, #working_hours?, #yes_or_no, #yes_or_no_highlighted, #yes_or_no_with_check_or_cross, #youtube_video

Methods included from UppyUploaderHelper

#file_uploader, #image_uploader, #large_file_uploader_s3, #lead_sketch_uploader, #rma_image_uploader, #rma_image_uploader_s3, #uppy_uploader, #video_uploader

Methods included from Www::ImagesHelper

#image_asset_tag, #image_asset_url

Methods included from Www::SeoHelper

#add_page_schema, #add_webpage_schema, #canada?, #company_social_links, #ensure_context_json, #json_ld_script_tag, #local_business_schema, #online_store_id, #online_store_schema, #page_main_entity, #page_main_entity_json, #render_auto_collection_page_schema, #render_collection_page_schema, #render_local_business_schema, #render_online_store_schema, #render_page_schemas, #render_page_video_schemas, #render_webpage_schema, #render_webpage_schema_with_collections, #usa?

Methods included from UrlsHelper

#catalog_breadcrumb_links, #catalog_link, #catalog_link_for_product_line, #catalog_link_for_sku, #cms_link, #delocalized_path, #path_to_sales_product_sku, #path_to_sales_product_sku_for_product_line, #path_to_sales_product_sku_for_product_line_slug, #product_line_from_catalog_link, #protocol_neutral_url, #sanitize_external_url, #valid_external_url?

Methods included from IconHelper

#account_nav_icon, #fa_icon, #star_rating_html

Instance Method Details

#check_for_downloadObject 



99
100
101
102
103
104
105
106
 
# File 'app/controllers/uploads_controller.rb', line 99

def check_for_download
  @download_path = session[:download_path] if session[:download_path].present?
  if @download_path
    redirect_to @download_path
  else
    head :ok
  end
end

#createObject 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'app/controllers/uploads_controller.rb', line 50

def create
  authorize!(:create, Upload)

  # Plain file input handling only (revert Uppy integration on this page)
  @upload = (@resource&.uploads || Upload).new(params[:upload])
  @upload.save

  respond_to do |format|
    format.html do
      if @upload.errors.any?
        render :new, status: :unprocessable_content
      else
        redirect_to_return_path_or_default(@upload.resource || @upload, flash: { notice: 'Upload successfully created' })
      end
    end
  end
end

#destroyObject 



130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'app/controllers/uploads_controller.rb', line 130

def destroy
  return_path = @return_path
  if return_path.nil? && (item = @upload.items.first)
    return_path = item_path(item, tab: 'attachments')
  elsif return_path.nil? && @upload.resource
    return_path = polymorphic_path(@upload.resource)
  end
  return_path ||= request.referer
  return_path ||= root_path

  authorize! :destroy, @upload
  @upload.destroy

  if @upload.destroyed?
    flash[:info] = 'Upload was deleted successfully.'
  else
    @error_msg = @upload.errors.full_messages
    flash[:error] = "Could not delete upload. #{@error_msg.join(', ')}"
  end

  respond_to do |format|
    format.turbo_stream
    format.html { redirect_to_return_path_or_default return_path }
  end
end

#downloadObject 



125
126
127
128
 
# File 'app/controllers/uploads_controller.rb', line 125

def download
  upload = Upload.find(params[:id])
  send_upload_accelerated(upload, download: true)
end

#editObject 



45
46
47
48
 
# File 'app/controllers/uploads_controller.rb', line 45

def edit
  authorize!(:update, @upload)
  @resource = @upload.resource
end

#indexObject 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
# File 'app/controllers/uploads_controller.rb', line 11

def index
  if context_object
    build_uploads_tab_data(context_object)
  else
    @context_object = nil
    @q = Upload.all.ransack(params[:q])
    @q.sorts = 'created_at DESC' if @q.sorts.blank?
    @pagy, @uploads = pagy(@q.result)
  end
  respond_to do |format|
    format.html { render layout: should_render_layout? }
    format.turbo_stream
  end
end

#newObject 



39
40
41
42
43
 
# File 'app/controllers/uploads_controller.rb', line 39

def new
  authorize!(:create, Upload)
  @upload = (@resource&.uploads || Upload).new(document_date: Date.current)
  @upload.item_ids = params[:item_ids].presence
end

#showObject

GET /uploads/1



27
28
29
30
31
32
33
34
35
36
37
 
# File 'app/controllers/uploads_controller.rb', line 27

def show
  authorize!(:read, @upload)
  if @upload.attachment.present?
    # Pass download: true for non-previewable types (CSV, Excel, ZIP, etc.) so
    # S3 returns Content-Disposition: attachment. PDFs and images stay inline so
    # browsers can render them natively. Without this Safari renders text/csv inline.
    redirect_to @upload.presigned_url(expires_in: 1.day, download: !@upload.browser_previewable?), allow_other_host: true
  else
    render inline: 'File is missing', status: :not_found
  end
end

#updateObject 



108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'app/controllers/uploads_controller.rb', line 108

def update
  authorize!(:update, @upload)
  if @upload.update(params[:upload])
    if @resource
      return_path = begin
        polymorphic_path(@resource)
      rescue StandardError
        nil
      end
    end
    return_path ||= upload_path(@upload)
    redirect_to_return_path_or_default return_path
  else
    render :edit, status: :unprocessable_content
  end
end

#uploadObject

Endpoint for uppy.js file uploads



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
 
# File 'app/controllers/uploads_controller.rb', line 69

def upload
  authorize!(:create, Upload)
  uploaded_file = params[:file]
  upload_ids = []

  Rails.logger.debug { "Upload params: #{params.inspect}" }
  Rails.logger.debug { "Uploaded file class: #{uploaded_file.class}" }

  if uploaded_file.is_a?(ActionDispatch::Http::UploadedFile)
    # Create Upload record for the file
    upload = Upload.new(attachment: uploaded_file)
    upload.category = params[:category] || 'photo'
    upload.resource_type = params[:resource_type] if params[:resource_type].present?
    upload.resource_id = params[:resource_id] if params[:resource_id].present?

    if upload.save
      upload_ids << upload.id
      Rails.logger.debug { "Upload created with ID: #{upload.id}" }
    else
      Rails.logger.error { "Upload failed: #{upload.errors.full_messages}" }
    end
  end

  render json: {
    message: 'File uploaded successfully.',
    files_list: upload_ids.to_json,
    upload_ids: upload_ids
  }
end