migrate exercise show and update to ActiveStorage

Author: kkoehn

app/controllers/code_ocean/files_controller.rb

@@ -6,7 +6,6 @@ class FilesController < ApplicationController
     include FileParameters
 
     before_action :set_content_type_nosniff
-    # Overwrite the CSP header and some default actions for the :render_protected_upload action
     content_security_policy false, only: :render_protected_upload
     skip_before_action :deny_access_from_render_host, only: :render_protected_upload
     skip_before_action :verify_authenticity_token, only: :render_protected_upload
@@ -25,54 +24,54 @@ def show_protected_upload
       @file = CodeOcean::File.find(params[:id])
       authorize!
       # The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
-      raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.filepath != params[:filename] || @file.native_file.blank?
+      raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.filepath != params[:filename] || @file.attachment.blank?
 
-      real_location = Pathname(@file.native_file.current_path).realpath
-      send_file(real_location, type: 'application/octet-stream', filename: @file.name_with_extension, disposition: 'attachment')
+      url = rails_blob_path(@file.attachment, disposition: 'attachment', expires_in: 5.minutes)
+      redirect_to url, allow_other_host: true
     end
 
     def render_protected_upload
       # Set @current_user with a new *learner* for Pundit checks
       @current_user = ExternalUser.new
 
       @file = authorize AuthenticatedUrlHelper.retrieve!(CodeOcean::File, request)
-
       # The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
-      raise Pundit::NotAuthorizedError unless @file.filepath == params[:filename] || @file.native_file.present?
+      raise Pundit::NotAuthorizedError unless @file.filepath == params[:filename] || @file.attachment.present?
 
-      real_location = Pathname(@file.native_file.current_path).realpath
-      send_file(real_location, type: @file.native_file.content_type, filename: @file.name_with_extension)
-    end
+      url = rails_blob_path(@file.attachment, disposition: 'inline', expires_in: 5.minutes)
 
-    def create
-      @file = CodeOcean::File.new(file_params)
-      if @file.file_template_id
-        content = FileTemplate.find(@file.file_template_id).content
-        content.sub! '{{file_name}}', @file.name
-        @file.content = content
-      end
-      authorize!
-      create_and_respond(object: @file, path: proc { implement_exercise_path(@file.context.exercise) })
+      redirect_to url, allow_other_host: true
     end
 
-    def create_and_respond(options = {})
-      @object = options[:object]
-      respond_to do |format|
-        if @object.save
-          yield if block_given?
-          path = options[:path].try(:call) || @object
-          respond_with_valid_object(format, notice: t('shared.object_created', model: @object.class.model_name.human),
-            path:, status: :created)
-        else
-          filename = "#{@object.path || ''}/#{@object.name || ''}#{@object.file_type.try(:file_extension) || ''}"
-          format.html do
-            flash[:danger] = t('code_ocean/files.error.filename', name: filename)
-            redirect_to options[:path], status: :see_other
-          end
-          format.json { render json: @object.errors, status: :unprocessable_content }
-        end
-      end
-    end
+    # def create
+    #   @file = CodeOcean::File.new(file_params)
+    #   if @file.file_template_id
+    #     content = FileTemplate.find(@file.file_template_id).content
+    #     content.sub! '{{file_name}}', @file.name
+    #     @file.content = content
+    #   end
+    #   authorize!
+    #   create_and_respond(object: @file, path: proc { implement_exercise_path(@file.context.exercise) })
+    # end
+    #
+    # def create_and_respond(options = {})
+    #   @object = options[:object]
+    #   respond_to do |format|
+    #     if @object.save
+    #       yield if block_given?
+    #       path = options[:path].try(:call) || @object
+    #       respond_with_valid_object(format, notice: t('shared.object_created', model: @object.class.model_name.human),
+    #         path:, status: :created)
+    #     else
+    #       filename = "#{@object.path || ''}/#{@object.name || ''}#{@object.file_type.try(:file_extension) || ''}"
+    #       format.html do
+    #         flash[:danger] = t('code_ocean/files.error.filename', name: filename)
+    #         redirect_to options[:path], status: :see_other
+    #       end
+    #       format.json { render json: @object.errors, status: :unprocessable_content }
+    #     end
+    #   end
+    # end
 
     def destroy
       @file = CodeOcean::File.find(params[:id])

app/controllers/concerns/file_parameters.rb

@@ -33,8 +33,8 @@ def reject_illegal_file_attributes(exercise, params)
   private :reject_illegal_file_attributes
 
   def file_attributes
-    %w[content context_id feedback_message file_id file_type_id hidden id name native_file path read_only role weight
-       file_template_id hidden_feedback]
+    %w[content context_id feedback_message file_id file_type_id hidden id name path read_only role weight
+       file_template_id hidden_feedback attachment]
   end
   private :file_attributes
 end

app/controllers/exercises_controller.rb

@@ -304,12 +304,12 @@ def exercise_params_with_tags
   def handle_file_uploads
     if exercise_params
       exercise_params[:files_attributes].try(:each) do |_index, file_attributes|
-        if file_attributes[:content].respond_to?(:read)
+        if file_attributes[:attachment].respond_to?(:read)
           if FileType.find_by(id: file_attributes[:file_type_id]).try(:binary?)
-            file_attributes[:native_file] = file_attributes[:content]
             file_attributes[:content] = nil
           else
-            file_attributes[:content] = file_attributes[:content].read.detect_encoding!.encode.delete("\x00")
+            file_attributes[:content] = file_attributes[:attachment].read.detect_encoding!.encode.delete("\x00")
+            file_attributes[:attachment] = nil
           end
         end
       end

app/controllers/submissions_controller.rb

@@ -65,7 +65,7 @@ def download
   def download_file
     raise Pundit::NotAuthorizedError if @embed_options[:disable_download]
 
-    if @file.native_file?
+    if @file.attachment.attached?
       redirect_to protected_upload_path(id: @file.id, filename: @file.filepath), status: :see_other
     else
       response.set_header('Content-Length', @file.size)
@@ -96,7 +96,7 @@ def render_file
     end
 
     # Finally grant access and send the file
-    if @file.native_file?
+    if @file.attachment.attached?
       url = render_protected_upload_url(id: @file.id, filename: @file.filepath)
       redirect_to AuthenticatedUrlHelper.sign(url, @file), status: :see_other
     else

app/models/code_ocean/file.rb

@@ -36,7 +36,7 @@ class File < ApplicationRecord
     has_many :events_synchronized_editor, class_name: 'Event::SynchronizedEditor'
     alias descendants files
 
-    mount_uploader :native_file, FileUploader
+    has_one_attached :attachment
 
     scope :editable, -> { where(read_only: false) }
     scope :visible, -> { where(hidden: false) }
@@ -73,21 +73,13 @@ class File < ApplicationRecord
     end
 
     def read
-      if native_file?
-        return nil unless native_file_location_valid?
-
-        native_file.read
+      if attachment.attached?
+        attachment.download
       else
         content
       end
     end
 
-    def native_file_location_valid?
-      real_location = Pathname(native_file.current_path).realpath
-      upload_location = Pathname(::File.join(native_file.root, 'uploads')).realpath
-      real_location.fnmatch? ::File.join(upload_location.to_s, '**')
-    end
-
     def ancestor_id
       file_id || id
     end
@@ -102,7 +94,7 @@ def teacher_defined_assessment?
     end
 
     def content_present?
-      content? || native_file?
+      content? || attachment.attached?
     end
     private :content_present?
 
@@ -123,7 +115,7 @@ def filepath_without_extension
     end
 
     def hash_content
-      self.hashed_content = Digest::MD5.new.hexdigest(read || '')
+      self.hashed_content = Digest::MD5.new.hexdigest(read || '') # fix this!
     end
     private :hash_content
 
@@ -158,8 +150,8 @@ def visible?
     end
 
     def size
-      @size ||= if native_file?
-                  native_file.size
+      @size ||= if attachment.attached?
+                  attachment.byte_size
                 else
                   content.size
                 end

app/policies/code_ocean/file_policy.rb

@@ -7,8 +7,6 @@ def author?
     end
 
     def show?
-      return no_one if @record.native_file? && !@record.native_file_location_valid?
-
       if @record.context.is_a?(Exercise)
         admin? || author? || !@record.hidden
       else
@@ -17,8 +15,6 @@ def show?
     end
 
     def show_protected_upload?
-      return no_one if @record.native_file? && !@record.native_file_location_valid?
-
       if @record.context.is_a?(Exercise)
         admin? || author? || (!@record.context.unpublished && !@record.hidden)
       else
@@ -27,7 +23,6 @@ def show_protected_upload?
     end
 
     def render_protected_upload?
-      return no_one if @record.native_file? && !@record.native_file_location_valid?
       return no_one if @record.context.is_a?(Exercise) && (@record.context.unpublished || @record.hidden)
 
       # The AuthenticatedUrlHelper will check for more details, but we cannot determine a specific user

app/services/proforma_service/convert_exercise_to_task.rb

@@ -211,7 +211,7 @@ def filename(file)
     end
 
     def add_content_to_task_file(file, task_file)
-      if file.native_file.present?
+      if file.attachment.attached?
         file_content = file.read
         task_file.content = file_content
         task_file.used_by_grader = false

app/services/proforma_service/convert_task_to_exercise.rb

@@ -119,7 +119,7 @@ def codeocean_file_from_task_file(file, parent_object = nil)
         xml_id_path: (parent_object.nil? ? [file.id] : [parent_object.id, file.id]).map(&:to_s)
       )
       if file.binary
-        codeocean_file.native_file = FileIO.new(file.content.dup.force_encoding('UTF-8'), File.basename(file.filename))
+        codeocean_file.attachment.attach(io: StringIO.new(file.content.dup.force_encoding('UTF-8')), filename: file.filename)
       else
         codeocean_file.content = file.content
       end

app/views/exercises/_code_field.html.slim

@@ -1,6 +1,6 @@
 .mb-3
-  = form.label(attribute, class: 'form-label')
-  = form.text_area(attribute, class: 'code-field form-control', rows: 16, style: 'display:none;')
+  = form.label('content', class: 'form-label')
+  = form.text_area('content', class: 'code-field form-control', rows: 16, style: 'display:none;')
   = render(partial: 'editor_edit', locals: {exercise: @exercise})
   .card.border-warning.p-2.my-2
     = form.file_field(attribute, class: 'form-control', style: 'display: inline-block;')

app/views/exercises/_editor_frame.html.slim

@@ -10,7 +10,7 @@ div class=(defined?(own_solution) ? 'own-frame' : 'frame') data-executable=file.
         - elsif file.file_type.video?
           = video_tag(file_path, controls: true)
       - else
-        = link_to(file.native_file.file.filename, file_path)
+        = link_to(file.attachment.filename, file_path)
   - else
     .editor-content.d-none data-file-id=file.ancestor_id = file.content
     div class=(defined?(own_solution) ? 'own-editor' : 'editor') data-file-id=file.ancestor_id data-indent-size=file.file_type.indent_size data-mode=file.file_type.editor_mode data-allow-auto-completion=exercise.allow_auto_completion.to_s data-id=file.id