Merge branch 'release/1.7.5'

.rspec

@@ -1,3 +1,4 @@
+--order defined
 --color
 --profile
---format progress
+--format documentation

.rubocop.yml

@@ -24,6 +24,10 @@ Metrics/AbcSize:
 Metrics/MethodLength:
   Enabled: false
 
+Metrics/ModuleLength:
+  Exclude:
+    - app/controllers/concerns/curation_concerns/file_sets_controller_behavior.rb
+
 Metrics/ClassLength:
   Exclude:
     - 'lib/aic.rb'
@@ -36,11 +40,13 @@ Metrics/CyclomaticComplexity:
   Exclude:
     - app/services/file_set_replacement_service.rb
     - app/models/concerns/permissions/lakeshore_visibility.rb
+    - app/controllers/concerns/curation_concerns/file_sets_controller_behavior.rb
 
 Metrics/PerceivedComplexity:
   Exclude:
     - app/services/file_set_replacement_service.rb
     - app/models/concerns/permissions/lakeshore_visibility.rb
+    - app/controllers/concerns/curation_concerns/file_sets_controller_behavior.rb
 
 Style/BlockDelimiters:
   Exclude:

.travis.yml

@@ -38,6 +38,10 @@ matrix:
   allow_failures:
     - env: TEST_SUITE=jasmine
 
+after_script:
+  - "bundle exec rake db:version"
+  - "bundle exec rake db:migrate:status"
+
 script:
   - "bundle exec rake ci:$TEST_SUITE"
 

app/controllers/application_controller.rb

@@ -12,9 +12,13 @@ class ApplicationController < ActionController::Base
 
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  # protect_from_forgery with: :exception
+  #
+  # before_action :check_authorization, :authenticate_user!, :clear_session_user
 
-  before_action :check_authorization, :authenticate_user!, :clear_session_user
+  protect_from_forgery with: :exception, unless: :api_auth_header?
+
+  before_action :check_authorization, :authenticate_user!, :clear_session_user, unless: :api_auth_header?
 
   # Ensures any user is logged out if they don't match the current SAML user
   def clear_session_user
@@ -42,4 +46,8 @@ def request_access
     flash[:notice] = "#{presenter.depositor_full_name} has been emailed your request to see this resource."
     redirect_to root_url
   end
+
+  def api_auth_header?
+    request.headers["HTTP_AUTHORIZATION"].present?
+  end
 end

app/controllers/concerns/curation_concerns/file_sets_controller_behavior.rb

@@ -0,0 +1,230 @@
+# frozen_string_literal: true
+module CurationConcerns
+  module FileSetsControllerBehavior
+    extend ActiveSupport::Concern
+    include Blacklight::Base
+    include Blacklight::AccessControls::Catalog
+
+    included do
+      include CurationConcerns::ThemedLayoutController
+      with_themed_layout '1_column'
+      load_and_authorize_resource class: ::FileSet, except: :show
+      helper_method :curation_concern
+      include CurationConcerns::ParentContainer
+      copy_blacklight_config_from(::CatalogController)
+
+      class_attribute :show_presenter, :form_class
+      self.show_presenter = CurationConcerns::FileSetPresenter
+      self.form_class = CurationConcerns::Forms::FileSetEditForm
+
+      # A little bit of explanation, CanCan(Can) sets the @file_set via the .load_and_authorize_resource
+      # method. However the interface for various CurationConcern modules leverages the #curation_concern method
+      # Thus we have file_set and curation_concern that are aliases for each other.
+      attr_accessor :file_set
+      alias_method :curation_concern, :file_set
+      private :file_set=
+      alias_method :curation_concern=, :file_set=
+      private :curation_concern=
+      helper_method :file_set
+    end
+
+    # routed to /files/new
+    def new
+    end
+
+    # routed to /files/:id/edit
+    def edit
+      initialize_edit_form
+    end
+
+    # routed to /files (POST)
+    def create
+      create_from_upload(params)
+    end
+
+    def create_from_upload(params)
+      # check error condition No files
+      return render_json_response(response_type: :bad_request, options: { message: 'Error! No file to save' }) unless params.key?(:file_set) && params.fetch(:file_set).key?(:files)
+
+      file = params[:file_set][:files].detect { |f| f.respond_to?(:original_filename) }
+      if !file
+        render_json_response(response_type: :bad_request, options: { message: 'Error! No file for upload', description: 'unknown file' })
+      elsif empty_file?(file)
+        render_json_response(response_type: :unprocessable_entity, options: { errors: { files: "#{file.original_filename} has no content! (Zero length file)" }, description: t('curation_concerns.api.unprocessable_entity.empty_file') })
+      else
+        process_file(file)
+      end
+    rescue RSolr::Error::Http => error
+      logger.error "FileSetController::create rescued #{error.class}\n\t#{error}\n #{error.backtrace.join("\n")}\n\n"
+      render_json_response(response_type: :internal_error, options: { message: 'Error occurred while creating a FileSet.' })
+    ensure
+      # remove the tempfile (only if it is a temp file)
+      file.tempfile.delete if file.respond_to?(:tempfile)
+    end
+
+    # routed to /files/:id
+    def show
+      respond_to do |wants|
+        wants.html { presenter }
+        wants.json { presenter }
+        additional_response_formats(wants)
+      end
+    end
+
+    def destroy
+      parent = curation_concern.parent
+      actor.destroy
+      redirect_to [main_app, parent], notice: 'The file has been deleted.'
+    end
+
+    # routed to /files/:id (PUT)
+    def update
+      success = if wants_to_revert?
+                  actor.revert_content(params[:revision])
+                elsif params.key?(:file_set)
+                  if params[:file_set].key?(:files)
+                    file = params[:file_set][:files].first
+                    sufia_uploaded_file = Sufia::UploadedFile.new(file: file,
+                                                                  uploaded_batch_id: UploadedBatch.create.id,
+                                                                  user: current_user)
+                    sufia_uploaded_file.valid? ? actor.update_content(file) : false
+                  else
+                    update_metadata
+                  end
+                end
+      if success
+        after_update_response
+      else
+        respond_to do |wants|
+          wants.html do
+            initialize_edit_form
+            flash[:error] = "There was a problem processing your request."
+            render 'edit', status: :unprocessable_entity
+          end
+          wants.json { render_json_response(response_type: :unprocessable_entity, options: { errors: curation_concern.errors }) }
+        end
+      end
+    rescue RSolr::Error::Http => error
+      flash[:error] = error.message
+      logger.error "FileSetsController::update rescued #{error.class}\n\t#{error.message}\n #{error.backtrace.join("\n")}\n\n"
+      render action: 'edit'
+    end
+
+    def after_update_response
+      respond_to do |wants|
+        wants.html do
+          redirect_to [main_app, curation_concern], notice: "The file #{view_context.link_to(curation_concern, [main_app, curation_concern])} has been updated."
+        end
+        wants.json do
+          @presenter = show_presenter.new(curation_concern, current_ability)
+          render :show, status: :ok, location: polymorphic_path([main_app, curation_concern])
+        end
+      end
+    end
+
+    def versions
+      @version_list = version_list
+    end
+
+    # this is provided so that implementing application can override this behavior and map params to different attributes
+    def update_metadata
+      file_attributes = form_class.model_attributes(attributes)
+      actor.update_metadata(file_attributes)
+    end
+
+    protected
+
+      def presenter
+        @presenter ||= begin
+          _, document_list = search_results(params)
+          curation_concern = document_list.first
+          raise CanCan::AccessDenied unless curation_concern
+          show_presenter.new(curation_concern, current_ability, request)
+        end
+      end
+
+      def search_builder_class
+        CurationConcerns::FileSetSearchBuilder
+      end
+
+      def initialize_edit_form
+        @groups = current_user.groups
+      end
+
+      # Override this method to add additional response
+      # formats to your local app
+      def additional_response_formats(_)
+        # nop
+      end
+
+      def file_set_params
+        params.require(:file_set).permit(
+          :visibility_during_embargo, :embargo_release_date, :visibility_after_embargo, :visibility_during_lease, :lease_expiration_date, :visibility_after_lease, :visibility, title: [])
+      end
+
+      def version_list
+        CurationConcerns::VersionListPresenter.new(curation_concern.original_file.versions.all)
+      end
+
+      def wants_to_revert?
+        params.key?(:revision) && params[:revision] != curation_concern.latest_content_version.label
+      end
+
+      def actor
+        @actor ||= ::CurationConcerns::Actors::FileSetActor.new(curation_concern, current_user)
+      end
+
+      def attributes
+        # params.fetch(:file_set, {}).dup  # use a copy of the hash so that original params stays untouched when interpret_visibility modifies things
+        params.fetch(:file_set, {}).except(:files).permit!.dup # use a copy of the hash so that original params stays untouched when interpret_visibility modifies things
+      end
+
+      def _prefixes
+        # This allows us to use the unauthorized and form_permission template in curation_concerns/base
+        @_prefixes ||= super + ['curation_concerns/base']
+      end
+
+      def json_error(error, name = nil, additional_arguments = {})
+        args = { error: error }
+        args[:name] = name if name
+        render additional_arguments.merge(json: [args])
+      end
+
+      def empty_file?(file)
+        (file.respond_to?(:tempfile) && file.tempfile.empty?) || (file.respond_to?(:size) && file.empty?)
+      end
+
+      def process_file(file)
+        update_metadata_from_upload_screen
+        actor.create_metadata(find_parent_by_id, params[:file_set])
+        if actor.create_content(file)
+          respond_to do |format|
+            format.html do
+              if request.xhr?
+                render 'jq_upload', formats: 'json', content_type: 'text/html'
+              else
+                redirect_to [main_app, curation_concern.parent]
+              end
+            end
+            format.json do
+              render 'jq_upload', status: :created, location: polymorphic_path([main_app, curation_concern])
+            end
+          end
+        else
+          msg = curation_concern.errors.full_messages.join(', ')
+          flash[:error] = msg
+          json_error "Error creating file #{file.original_filename}: #{msg}"
+        end
+      end
+
+      # this is provided so that implementing application can override this behavior and map params to different attributes
+      def update_metadata_from_upload_screen
+        # Relative path is set by the jquery uploader when uploading a directory
+        curation_concern.relative_path = params[:relative_path] if params[:relative_path]
+      end
+
+      def curation_concern_type
+        ::FileSet
+      end
+  end
+end

app/controllers/lakeshore/api_controller.rb

@@ -8,7 +8,11 @@ def authenticate_api_user
         resource = User.find_by_email(username)
         return head :unauthorized unless resource
         if resource.valid_password?(password) && resource.api?
-          sign_in :user, resource
+          if params[:depositor]
+            sign_in :user, User.find_by_email!(params[:depositor])
+          else
+            sign_in :user, resource
+          end
         end
       end
     end

app/controllers/lakeshore/file_sets_controller.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Lakeshore
+  class FileSetsController < APIController
+    def update
+      file_sets_controller = CurationConcerns::FileSetsController.new
+      file_sets_controller.request = request
+      file_sets_controller.response = response
+      begin
+        # does callbacks https://stackoverflow.com/questions/5767222/rails-call-another-controller-action-from-a-controller/30143216#comment74479993_30143216
+        file_sets_controller.process(:update)
+      rescue Permissions::WithAICDepositor::AICUserNotFound => e
+        render plain: e.message, status: 500
+      else
+        head file_sets_controller.response.code
+      end
+    end
+  end
+end

app/controllers/lakeshore/ingest_controller.rb

@@ -6,7 +6,7 @@ class IngestController < APIController
     # load_and_authorize_resource :curation_concern, class: 'GenericWork'
 
     delegate :intermediate_file, :asset_type, :ingestor, :attributes_for_actor,
-             :check_duplicates_turned_off?, :represented_resources, :force_preferred_representation?, to: :ingest
+             :represented_resources, :force_preferred_representation?, to: :ingest
 
     before_action :validate_ingest, :validate_asset_type, only: [:create]
     before_action :validate_duplicate_upload, :validate_preferred_representations, only: [:create, :update]
@@ -41,10 +41,8 @@ def validate_asset_type
       end
 
       def validate_duplicate_upload
-        return if check_duplicates_turned_off?
-        return if duplicate_upload.empty?
-        ingest.errors.add(:intermediate_file, "is a duplicate of #{duplicate_upload.first}")
-        render json: duplicate_error, status: :conflict
+        return if ingest.unique?
+        render json: ingest.duplicate_error, status: :conflict
       end
 
       def validate_preferred_representations
@@ -70,23 +68,5 @@ def curation_concern
                                 GenericWork.new
                               end
       end
-
-      def duplicate_upload
-        @duplicate_upload ||= DuplicateUploadVerificationService.new(intermediate_file).duplicate_file_sets
-      end
-
-      def duplicate_error
-        {
-          message: "Duplicate detected.",
-          uploaded_resource: {
-            id: ingest.params["metadata"].fetch("uid", nil),
-            file_name: intermediate_file.original_filename
-          },
-          stored_resource: {
-            fileset_id: duplicate_upload.first.id,
-            pref_label: duplicate_upload.first.parent.pref_label
-          }
-        }
-      end
   end
 end

app/controllers/sufia/batch_uploads_controller.rb

@@ -2,6 +2,8 @@
 class Sufia::BatchUploadsController < ApplicationController
   include Sufia::BatchUploadsControllerBehavior
 
+  after_action :set_uploaded_file_status, only: [:create]
+
   def self.form_class
     BatchUploadForm
   end
@@ -23,4 +25,9 @@ def build_form
       @form.current_ability = current_ability
       @form.parameterized_relationships = ParameterizedRelationships.new(params)
     end
+
+    def set_uploaded_file_status
+      uploaded_file_ids = params["uploaded_files"]
+      Sufia::UploadedFile.change_status(uploaded_file_ids, "begun_ingestion")
+    end
 end