diff --git a/app/controllers/generic_files_controller.rb b/app/controllers/generic_files_controller.rb index b0ede56a..a8a46871 100644 --- a/app/controllers/generic_files_controller.rb +++ b/app/controllers/generic_files_controller.rb @@ -51,7 +51,7 @@ def show else authorize current_user, :nil_file? respond_to do |format| - format.json { render json: { status: 'error', message: 'This file could not be found. Please check to make sure the identifier was properly escaped.' }, status: :not_found } + format.json { render json: { status: 'error', message: 'This file could not be found. Please check to make sure the identifier was properly escaped.', url: request.original_url }, status: 404 } format.html { redirect_to root_url, alert: "A Generic File with identifier: #{params[:generic_file_identifier]} was not found. Please check to make sure the identifier was properly escaped." } end end @@ -106,40 +106,56 @@ def update # nested params cause new events to be created, # and it would require too much logic to determine which # events should not be duplicated. - authorize @generic_file - @generic_file.state = 'A' - if resource.update(single_generic_file_params) - render json: object_as_json, status: :ok + if @generic_file + authorize @generic_file + @generic_file.state = 'A' + if resource.update(single_generic_file_params) + render json: object_as_json, status: :ok + else + log_model_error(resource) + render json: resource.errors, status: :unprocessable_entity + end else - log_model_error(resource) - render json: resource.errors, status: :unprocessable_entity + authorize current_user, :nil_file? + respond_to do |format| + format.json { render json: { status: 'error', message: 'This file could not be found. Please check to make sure the identifier was properly escaped.', url: request.original_url }, status: 404 } + format.html { redirect_to root_url, alert: "A Generic File with identifier: #{params[:generic_file_identifier]} was not found. Please check to make sure the identifier was properly escaped." } + end end end def destroy - authorize @generic_file, :soft_delete? - # Don't allow a delete request if an ingest or restore is in process - # for this object. OK to delete if another delete request is in process. - result = WorkItem.can_delete_file?(@generic_file.intellectual_object.identifier, @generic_file.identifier) - if @generic_file.state == 'D' - redirect_to @generic_file - flash[:alert] = 'This file has already been deleted.' - elsif result == 'true' - log = Email.log_deletion_request(@generic_file) - ConfirmationToken.where(generic_file_id: @generic_file.id).delete_all #delete any old tokens. Only the new one should be valid - token = ConfirmationToken.create(generic_file: @generic_file, token: SecureRandom.hex) - token.save! - NotificationMailer.deletion_request(@generic_file, current_user, log, token).deliver! - respond_to do |format| - format.json { head :no_content } - format.html { - redirect_to @generic_file - flash[:notice] = 'An email has been sent to the administrators of this institution to confirm deletion of this file.' - } + if @generic_file + authorize @generic_file, :soft_delete? + # Don't allow a delete request if an ingest or restore is in process + # for this object. OK to delete if another delete request is in process. + result = WorkItem.can_delete_file?(@generic_file.intellectual_object.identifier, @generic_file.identifier) + if @generic_file.state == 'D' + redirect_to @generic_file + flash[:alert] = 'This file has already been deleted.' + elsif result == 'true' + log = Email.log_deletion_request(@generic_file) + ConfirmationToken.where(generic_file_id: @generic_file.id).delete_all #delete any old tokens. Only the new one should be valid + token = ConfirmationToken.create(generic_file: @generic_file, token: SecureRandom.hex) + token.save! + NotificationMailer.deletion_request(@generic_file, current_user, log, token).deliver! + respond_to do |format| + format.json { head :no_content } + format.html { + redirect_to @generic_file + flash[:notice] = 'An email has been sent to the administrators of this institution to confirm deletion of this file.' + } + end + else + redirect_to @generic_file + flash[:alert] = "Your file cannot be deleted at this time due to a pending #{result} request." end else - redirect_to @generic_file - flash[:alert] = "Your file cannot be deleted at this time due to a pending #{result} request." + authorize current_user, :nil_file? + respond_to do |format| + format.json { render json: { status: 'error', message: 'This file could not be found. Please check to make sure the identifier was properly escaped.', url: request.original_url }, status: 404 } + format.html { redirect_to root_url, alert: "A Generic File with identifier: #{params[:generic_file_identifier]} was not found. Please check to make sure the identifier was properly escaped." } + end end end @@ -194,37 +210,44 @@ def finished_destroy end end - def restore - authorize @generic_file, :restore? - message = "" - api_status_code = :ok - restore_item = nil - pending = WorkItem.pending_action_for_file(@generic_file.identifier) - if @generic_file.state == 'D' - api_status_code = :conflict - message = 'This file has been deleted and cannot be queued for restoration.' - elsif pending.nil? - restore_item = WorkItem.create_restore_request_for_file(@generic_file, current_user.email) - message = 'Your file has been queued for restoration.' + if @generic_file + authorize @generic_file, :restore? + message = "" + api_status_code = :ok + restore_item = nil + pending = WorkItem.pending_action_for_file(@generic_file.identifier) + if @generic_file.state == 'D' + api_status_code = :conflict + message = 'This file has been deleted and cannot be queued for restoration.' + elsif pending.nil? + restore_item = WorkItem.create_restore_request_for_file(@generic_file, current_user.email) + message = 'Your file has been queued for restoration.' + else + api_status_code = :conflict + message = "Your file cannot be queued for restoration at this time due to a pending #{pending.action} request." + end + respond_to do |format| + status = restore_item.nil? ? 'error' : 'ok' + item_id = restore_item.nil? ? 0 : restore_item.id + format.json { + render :json => { status: status, message: message, work_item_id: item_id }, :status => api_status_code + } + format.html { + if restore_item.nil? + flash[:alert] = message + else + flash[:notice] = message + end + redirect_to @generic_file + } + end else - api_status_code = :conflict - message = "Your file cannot be queued for restoration at this time due to a pending #{pending.action} request." - end - respond_to do |format| - status = restore_item.nil? ? 'error' : 'ok' - item_id = restore_item.nil? ? 0 : restore_item.id - format.json { - render :json => { status: status, message: message, work_item_id: item_id }, :status => api_status_code - } - format.html { - if restore_item.nil? - flash[:alert] = message - else - flash[:notice] = message - end - redirect_to @generic_file - } + authorize current_user, :nil_file? + respond_to do |format| + format.json { render json: { status: 'error', message: 'This file could not be found. Please check to make sure the identifier was properly escaped.', url: request.original_url }, status: 404 } + format.html { redirect_to root_url, alert: "A Generic File with identifier: #{params[:generic_file_identifier]} was not found. Please check to make sure the identifier was properly escaped." } + end end end diff --git a/app/controllers/intellectual_objects_controller.rb b/app/controllers/intellectual_objects_controller.rb index 3845582e..d9d53cbf 100644 --- a/app/controllers/intellectual_objects_controller.rb +++ b/app/controllers/intellectual_objects_controller.rb @@ -54,7 +54,7 @@ def show else authorize current_user, :nil_object? respond_to do |format| - format.json { render json: { status: 'error', message: 'This object could not be found.' }, :status => 404 } + format.json { render json: { status: 'error', message: 'This object could not be found.', url: request.original_url }, :status => 404 } format.html { redirect_to root_url, alert: "An intellectual object with identifer: #{params[:intellectual_object_identifier]} could not be found." } end end @@ -66,49 +66,65 @@ def edit end def update - authorize @intellectual_object - @intellectual_object.update!(update_params) - respond_to do |format| - format.json { render json: object_as_json } - format.html { redirect_to intellectual_object_path(@intellectual_object) } + if @intellectual_object + authorize @intellectual_object + @intellectual_object.update!(update_params) + respond_to do |format| + format.json { render json: object_as_json } + format.html { redirect_to intellectual_object_path(@intellectual_object) } + end + else + authorize current_user, :nil_object? + respond_to do |format| + format.json { render json: { status: 'error', message: 'This object could not be found.', url: request.original_url }, :status => 404 } + format.html { redirect_to root_url, alert: "An intellectual object with identifer: #{params[:intellectual_object_identifier]} could not be found." } + end end end def destroy - authorize @intellectual_object, :soft_delete? - pending = WorkItem.pending_action(@intellectual_object.identifier) - if @intellectual_object.state == 'D' - respond_to do |format| - format.json { head :conflict } - format.html { - redirect_to @intellectual_object - flash[:alert] = 'This item has already been deleted.' - } - end - elsif pending.nil? - log = Email.log_deletion_request(@intellectual_object) - ConfirmationToken.where(intellectual_object_id: @intellectual_object.id).delete_all #delete any old tokens. Only the new one should be valid - token = ConfirmationToken.create(intellectual_object: @intellectual_object, token: SecureRandom.hex) - token.save! - NotificationMailer.deletion_request(@intellectual_object, current_user, log, token).deliver! - respond_to do |format| - format.json { head :no_content } - format.html { - redirect_to @intellectual_object - flash[:notice] = 'An email has been sent to the administrators of this institution to confirm deletion of this object.' - } + if @intellectual_object + authorize @intellectual_object, :soft_delete? + pending = WorkItem.pending_action(@intellectual_object.identifier) + if @intellectual_object.state == 'D' + respond_to do |format| + format.json { head :conflict } + format.html { + redirect_to @intellectual_object + flash[:alert] = 'This item has already been deleted.' + } + end + elsif pending.nil? + log = Email.log_deletion_request(@intellectual_object) + ConfirmationToken.where(intellectual_object_id: @intellectual_object.id).delete_all #delete any old tokens. Only the new one should be valid + token = ConfirmationToken.create(intellectual_object: @intellectual_object, token: SecureRandom.hex) + token.save! + NotificationMailer.deletion_request(@intellectual_object, current_user, log, token).deliver! + respond_to do |format| + format.json { head :no_content } + format.html { + redirect_to @intellectual_object + flash[:notice] = 'An email has been sent to the administrators of this institution to confirm deletion of this object.' + } + end + else + respond_to do |format| + message = "Your object cannot be deleted at this time due to a pending #{pending.action} request. " + + "You may delete this object after the #{pending.action} request has completed." + format.json { + render :json => { status: 'error', message: message }, :status => :conflict + } + format.html { + redirect_to @intellectual_object + flash[:alert] = message + } + end end else + authorize current_user, :nil_object? respond_to do |format| - message = "Your object cannot be deleted at this time due to a pending #{pending.action} request. " + - "You may delete this object after the #{pending.action} request has completed." - format.json { - render :json => { status: 'error', message: message }, :status => :conflict - } - format.html { - redirect_to @intellectual_object - flash[:alert] = message - } + format.json { render json: { status: 'error', message: 'This object could not be found.', url: request.original_url }, :status => 404 } + format.html { redirect_to root_url, alert: "An intellectual object with identifer: #{params[:intellectual_object_identifier]} could not be found." } end end end @@ -227,40 +243,48 @@ def send_to_dpn end def restore - authorize @intellectual_object, :restore? - message = "" - api_status_code = :ok - restore_item = nil - pending = WorkItem.pending_action(@intellectual_object.identifier) - if @intellectual_object.state == 'D' - api_status_code = :conflict - message = 'This item has been deleted and cannot be queued for restoration.' - elsif pending.nil? - if @intellectual_object.storage_option == 'Standard' - restore_item = WorkItem.create_restore_request(@intellectual_object.identifier, current_user.email) + if @intellectual_object + authorize @intellectual_object, :restore? + message = "" + api_status_code = :ok + restore_item = nil + pending = WorkItem.pending_action(@intellectual_object.identifier) + if @intellectual_object.state == 'D' + api_status_code = :conflict + message = 'This item has been deleted and cannot be queued for restoration.' + elsif pending.nil? + if @intellectual_object.storage_option == 'Standard' + restore_item = WorkItem.create_restore_request(@intellectual_object.identifier, current_user.email) + else + restore_item = WorkItem.create_glacier_restore_request(@intellectual_object.identifier, current_user.email) + end + + message = 'Your item has been queued for restoration.' else - restore_item = WorkItem.create_glacier_restore_request(@intellectual_object.identifier, current_user.email) + api_status_code = :conflict + message = "Your object cannot be queued for restoration at this time due to a pending #{pending.action} request." + end + respond_to do |format| + status = restore_item.nil? ? 'error' : 'ok' + item_id = restore_item.nil? ? 0 : restore_item.id + format.json { + render :json => { status: status, message: message, work_item_id: item_id }, :status => api_status_code + } + format.html { + if restore_item.nil? + flash[:alert] = message + else + flash[:notice] = message + end + redirect_to @intellectual_object + } end - - message = 'Your item has been queued for restoration.' else - api_status_code = :conflict - message = "Your object cannot be queued for restoration at this time due to a pending #{pending.action} request." - end - respond_to do |format| - status = restore_item.nil? ? 'error' : 'ok' - item_id = restore_item.nil? ? 0 : restore_item.id - format.json { - render :json => { status: status, message: message, work_item_id: item_id }, :status => api_status_code - } - format.html { - if restore_item.nil? - flash[:alert] = message - else - flash[:notice] = message - end - redirect_to @intellectual_object - } + authorize current_user, :nil_object? + respond_to do |format| + format.json { render json: { status: 'error', message: 'This object could not be found.', url: request.original_url }, :status => 404 } + format.html { redirect_to root_url, alert: "An intellectual object with identifer: #{params[:intellectual_object_identifier]} could not be found." } + end end end