Use secure token to create attachment links
The link is public but protected by a secure token. This extends the activesupport Attachment model to automatically generate a token
This commit is contained in:
parent
ad317e917d
commit
73c184a4a0
@ -2,7 +2,7 @@ class FileUploadsController < ApplicationController
|
|||||||
def show
|
def show
|
||||||
@form = Form.find_by!(token: params[:form_id])
|
@form = Form.find_by!(token: params[:form_id])
|
||||||
@submission = @form.submissions.find(params[:submission_id])
|
@submission = @form.submissions.find(params[:submission_id])
|
||||||
@file_upload = @submission.files_attachments.find(params[:id])
|
@file_upload = @submission.files_attachments.find_by!(token: params[:id])
|
||||||
redirect_to url_for(@file_upload)
|
redirect_to url_for(@file_upload)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -37,7 +37,7 @@ class Submission < ApplicationRecord
|
|||||||
attachment = ActiveStorage::Attachment.new(record: self, name: 'files', blob: create_one.blob)
|
attachment = ActiveStorage::Attachment.new(record: self, name: 'files', blob: create_one.blob)
|
||||||
attachment.save
|
attachment.save
|
||||||
# return the URL that we use to show in the Spreadsheet
|
# return the URL that we use to show in the Spreadsheet
|
||||||
Rails.application.routes.url_helpers.file_upload_url(form_id: form, submission_id: self, id: attachment.id, host: DEFAULT_HOST)
|
Rails.application.routes.url_helpers.file_upload_url(form_id: form, submission_id: self, id: attachment.token, host: DEFAULT_HOST)
|
||||||
else
|
else
|
||||||
value.to_s
|
value.to_s
|
||||||
end
|
end
|
||||||
|
3
config/initializers/attachment_tokens.rb
Normal file
3
config/initializers/attachment_tokens.rb
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
Rails.configuration.to_prepare do
|
||||||
|
ActiveStorage::Attachment.send(:has_secure_token)
|
||||||
|
end
|
6
db/migrate/20200412214304_add_token_to_attachments.rb
Normal file
6
db/migrate/20200412214304_add_token_to_attachments.rb
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
class AddTokenToAttachments < ActiveRecord::Migration[6.0]
|
||||||
|
def change
|
||||||
|
add_column :active_storage_attachments, :token, :string
|
||||||
|
add_index :active_storage_attachments, :token, unique: true
|
||||||
|
end
|
||||||
|
end
|
@ -10,7 +10,7 @@
|
|||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(version: 2020_04_12_165834) do
|
ActiveRecord::Schema.define(version: 2020_04_12_214304) do
|
||||||
|
|
||||||
# These are extensions that must be enabled in order to support this database
|
# These are extensions that must be enabled in order to support this database
|
||||||
enable_extension "plpgsql"
|
enable_extension "plpgsql"
|
||||||
@ -21,8 +21,10 @@ ActiveRecord::Schema.define(version: 2020_04_12_165834) do
|
|||||||
t.bigint "record_id", null: false
|
t.bigint "record_id", null: false
|
||||||
t.bigint "blob_id", null: false
|
t.bigint "blob_id", null: false
|
||||||
t.datetime "created_at", null: false
|
t.datetime "created_at", null: false
|
||||||
|
t.string "token"
|
||||||
t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id"
|
t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id"
|
||||||
t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true
|
t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true
|
||||||
|
t.index ["token"], name: "index_active_storage_attachments_on_token", unique: true
|
||||||
end
|
end
|
||||||
|
|
||||||
create_table "active_storage_blobs", force: :cascade do |t|
|
create_table "active_storage_blobs", force: :cascade do |t|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user