migrate exercise show and update to ActiveStorage

Author: kkoehn

app/controllers/code_ocean/files_controller.rb

@@ -6,7 +6,6 @@ class FilesController < ApplicationController
     include FileParameters
 
     before_action :set_content_type_nosniff
-    # Overwrite the CSP header and some default actions for the :render_protected_upload action
     content_security_policy false, only: :render_protected_upload
     skip_before_action :deny_access_from_render_host, only: :render_protected_upload
     skip_before_action :verify_authenticity_token, only: :render_protected_upload
@@ -25,54 +24,54 @@ def show_protected_upload
       @file = CodeOcean::File.find(params[:id])
       authorize!
       # The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
-      raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.filepath != params[:filename] || @file.native_file.blank?
+      raise Pundit::NotAuthorizedError if @embed_options[:disable_download] || @file.filepath != params[:filename] || @file.attachment.blank?
 
-      real_location = Pathname(@file.native_file.current_path).realpath
-      send_file(real_location, type: 'application/octet-stream', filename: @file.name_with_extension, disposition: 'attachment')
+      url = rails_blob_path(@file.attachment, disposition: 'attachment', expires_in: 5.minutes)
+      redirect_to url, allow_other_host: true
     end
 
     def render_protected_upload
       # Set @current_user with a new *learner* for Pundit checks
       @current_user = ExternalUser.new
 
       @file = authorize AuthenticatedUrlHelper.retrieve!(CodeOcean::File, request)
-
       # The `@file.name_with_extension` is assembled based on the user-selected file type, not on the actual file name stored on disk.
-      raise Pundit::NotAuthorizedError unless @file.filepath == params[:filename] || @file.native_file.present?
+      raise Pundit::NotAuthorizedError unless @file.filepath == params[:filename] || @file.attachment.present?
 
-      real_location = Pathname(@file.native_file.current_path).realpath
-      send_file(real_location, type: @file.native_file.content_type, filename: @file.name_with_extension)
-    end
+      url = rails_blob_path(@file.attachment, disposition: 'inline', expires_in: 5.minutes)
 
-    def create
-      @file = CodeOcean::File.new(file_params)
-      if @file.file_template_id
-        content = FileTemplate.find(@file.file_template_id).content
-        content.sub! '{{file_name}}', @file.name
-        @file.content = content
-      end
-      authorize!
-      create_and_respond(object: @file, path: proc { implement_exercise_path(@file.context.exercise) })
+      redirect_to url, allow_other_host: true
     end
 
-    def create_and_respond(options = {})
-      @object = options[:object]
-      respond_to do |format|
-        if @object.save
-          yield if block_given?
-          path = options[:path].try(:call) || @object
-          respond_with_valid_object(format, notice: t('shared.object_created', model: @object.class.model_name.human),
-            path:, status: :created)
-        else
-          filename = "#{@object.path || ''}/#{@object.name || ''}#{@object.file_type.try(:file_extension) || ''}"
-          format.html do
-            flash[:danger] = t('code_ocean/files.error.filename', name: filename)
-            redirect_to options[:path], status: :see_other
-          end
-          format.json { render json: @object.errors, status: :unprocessable_content }
-        end
-      end
-    end
+    # def create
+    #   @file = CodeOcean::File.new(file_params)
+    #   if @file.file_template_id
+    #     content = FileTemplate.find(@file.file_template_id).content
+    #     content.sub! '{{file_name}}', @file.name
+    #     @file.content = content
+    #   end
+    #   authorize!
+    #   create_and_respond(object: @file, path: proc { implement_exercise_path(@file.context.exercise) })
+    # end
+    #
+    # def create_and_respond(options = {})
+    #   @object = options[:object]
+    #   respond_to do |format|
+    #     if @object.save
+    #       yield if block_given?
+    #       path = options[:path].try(:call) || @object
+    #       respond_with_valid_object(format, notice: t('shared.object_created', model: @object.class.model_name.human),
+    #         path:, status: :created)
+    #     else
+    #       filename = "#{@object.path || ''}/#{@object.name || ''}#{@object.file_type.try(:file_extension) || ''}"
+    #       format.html do
+    #         flash[:danger] = t('code_ocean/files.error.filename', name: filename)
+    #         redirect_to options[:path], status: :see_other
+    #       end
+    #       format.json { render json: @object.errors, status: :unprocessable_content }
+    #     end
+    #   end
+    # end
 
     def destroy
       @file = CodeOcean::File.find(params[:id])

app/controllers/concerns/file_parameters.rb

@@ -34,7 +34,7 @@ def reject_illegal_file_attributes(exercise, params)
 
   def file_attributes
     %w[content context_id feedback_message file_id file_type_id hidden id name native_file path read_only role weight
-       file_template_id hidden_feedback]
+       file_template_id hidden_feedback attachment]
   end
   private :file_attributes
 end

app/controllers/exercises_controller.rb

@@ -304,12 +304,11 @@ def exercise_params_with_tags
   def handle_file_uploads
     if exercise_params
       exercise_params[:files_attributes].try(:each) do |_index, file_attributes|
-        if file_attributes[:content].respond_to?(:read)
+        if file_attributes[:attachment].respond_to?(:read)
           if FileType.find_by(id: file_attributes[:file_type_id]).try(:binary?)
-            file_attributes[:native_file] = file_attributes[:content]
             file_attributes[:content] = nil
           else
-            file_attributes[:content] = file_attributes[:content].read.detect_encoding!.encode.delete("\x00")
+            file_attributes[:content] = file_attributes[:attachment].read.detect_encoding!.encode.delete("\x00")
           end
         end
       end

app/models/code_ocean/file.rb

@@ -36,6 +36,8 @@ class File < ApplicationRecord
     has_many :events_synchronized_editor, class_name: 'Event::SynchronizedEditor'
     alias descendants files
 
+    has_one_attached :attachment
+
     mount_uploader :native_file, FileUploader
 
     scope :editable, -> { where(read_only: false) }

app/views/exercises/_code_field.html.slim

@@ -1,6 +1,6 @@
 .mb-3
-  = form.label(attribute, class: 'form-label')
-  = form.text_area(attribute, class: 'code-field form-control', rows: 16, style: 'display:none;')
+  = form.label('content', class: 'form-label')
+  = form.text_area('content', class: 'code-field form-control', rows: 16, style: 'display:none;')
   = render(partial: 'editor_edit', locals: {exercise: @exercise})
   .card.border-warning.p-2.my-2
     = form.file_field(attribute, class: 'form-control', style: 'display: inline-block;')

app/views/exercises/_file_form.html.slim

@@ -48,4 +48,5 @@ li.card.mt-2
         .mb-3
           = f.label(:weight, class: 'form-label')
           = f.number_field(:weight, class: 'form-control', min: 0, step: 'any')
-      = render('code_field', attribute: :content, form: f)
+      = render('code_field', attribute: :attachment, form: f)
+      / = render('code_field', attribute: :content, form: f)

app/views/shared/_file.html.slim

@@ -8,4 +8,4 @@
   = row(label: 'code_ocean/file.hidden_feedback', value: file.hidden_feedback)
   = row(label: 'code_ocean/file.feedback_message', value: render_markdown(file.feedback_message), class: 'm-0')
   = row(label: 'code_ocean/file.weight', value: file.weight)
-= row(label: 'code_ocean/file.content', value: file.native_file? ? link_to_if(policy(file).show?, file.native_file.file.filename, protected_upload_path(id: file.id, filename: file.filepath)) : code_tag(file.content, file.file_type.programming_language))
+= row(label: 'code_ocean/file.content', value: file.attachment.attached? ? link_to_if(policy(file).show?, file.attachment.filename, protected_upload_path(id: file.id, filename: file.filepath)) : code_tag(file.content, file.file_type.programming_language))