From 70ea5e167efcf60823137f3ad9b149ee0ffdebcc Mon Sep 17 00:00:00 2001 From: clemkeirua Date: Wed, 2 Oct 2019 15:51:37 +0200 Subject: [PATCH] procedure download is performed through a controller in order not to leak the URL --- .../instructeurs/procedures_controller.rb | 12 ++++++++++-- ...oad_dossiers_job.rb => export_procedure_job.rb} | 14 +++++++------- app/mailers/instructeur_mailer.rb | 3 +-- app/models/procedure.rb | 1 + ...ml.haml => download_procedure_export.html.haml} | 2 +- config/routes.rb | 1 + 6 files changed, 21 insertions(+), 12 deletions(-) rename app/jobs/{download_dossiers_job.rb => export_procedure_job.rb} (58%) rename app/views/instructeur_mailer/{download_procedure.html.haml => download_procedure_export.html.haml} (70%) diff --git a/app/controllers/instructeurs/procedures_controller.rb b/app/controllers/instructeurs/procedures_controller.rb index 4284eaf9e..271ea602b 100644 --- a/app/controllers/instructeurs/procedures_controller.rb +++ b/app/controllers/instructeurs/procedures_controller.rb @@ -206,13 +206,21 @@ module Instructeurs end def download_dossiers_mail - options = params.permit(:format, tables: []) - DownloadDossiersJob.perform_later(procedure, options, current_instructeur) + ExportProcedureJob.perform_later(procedure, current_instructeur, params[:format]) flash.notice = "Le dossier va vous être envoyé par mail" redirect_to procedure end + def download_export + if procedure.export_file.attachment.created_at < 1.day.ago + flash.alert = "Cet export n'est plus disponible. Vous devez en générer un nouveau qui vous sera transmis par mail" + redirect_to instructeur_procedure_url(procedure) + else + redirect_to url_for(procedure.export_file) + end + end + def email_notifications @procedure = procedure @assign_to = assign_to diff --git a/app/jobs/download_dossiers_job.rb b/app/jobs/export_procedure_job.rb similarity index 58% rename from app/jobs/download_dossiers_job.rb rename to app/jobs/export_procedure_job.rb index 8d3401eaf..194c13ebe 100644 --- a/app/jobs/download_dossiers_job.rb +++ b/app/jobs/export_procedure_job.rb @@ -1,10 +1,9 @@ -class DownloadDossiersJob < ApplicationJob - def perform(procedure, options, instructeur) +class ExportProcedureJob < ApplicationJob + def perform(procedure, instructeur, export_format) dossiers = instructeur.dossiers.for_procedure(procedure) - format = options[:format] - options.delete(:format) + options = { :version => 'v2', :tables => [:dossiers, :etablissements] } - case format + case export_format when 'csv' filename = procedure.export_filename(:csv) data = procedure.to_csv(dossiers, options) @@ -20,12 +19,13 @@ class DownloadDossiersJob < ApplicationJob IO.write(file_path, data) File.open(file_path) do |io| - blob = ActiveStorage::Blob.create_after_upload!( + # todo: add a TTL to the uploaded file, even though it's checked for in the controller too + procedure.export_file = ActiveStorage::Blob.create_after_upload!( io: io, filename: filename ) - InstructeurMailer.download_procedure(instructeur, procedure, blob).deliver_now + InstructeurMailer.download_procedure_export(instructeur, procedure).deliver_now File.delete(file_path) end end diff --git a/app/mailers/instructeur_mailer.rb b/app/mailers/instructeur_mailer.rb index 8aa2d9a83..52c4fe429 100644 --- a/app/mailers/instructeur_mailer.rb +++ b/app/mailers/instructeur_mailer.rb @@ -43,9 +43,8 @@ class InstructeurMailer < ApplicationMailer mail(to: instructeur.email, subject: subject) end - def download_procedure(instructeur, procedure, blob) + def download_procedure_export(instructeur, procedure) @procedure = procedure - @lien_telechargement = url_for(blob) subject = "Votre export de la procédure #{procedure.id} est disponible" mail(to: instructeur.email, subject: subject) diff --git a/app/models/procedure.rb b/app/models/procedure.rb index 1d24b7ae4..843e2ce47 100644 --- a/app/models/procedure.rb +++ b/app/models/procedure.rb @@ -34,6 +34,7 @@ class Procedure < ApplicationRecord has_one_attached :logo has_one_attached :notice has_one_attached :deliberation + has_one_attached :export_file accepts_nested_attributes_for :types_de_champ, reject_if: proc { |attributes| attributes['libelle'].blank? }, allow_destroy: true accepts_nested_attributes_for :types_de_champ_private, reject_if: proc { |attributes| attributes['libelle'].blank? }, allow_destroy: true diff --git a/app/views/instructeur_mailer/download_procedure.html.haml b/app/views/instructeur_mailer/download_procedure_export.html.haml similarity index 70% rename from app/views/instructeur_mailer/download_procedure.html.haml rename to app/views/instructeur_mailer/download_procedure_export.html.haml index 9c8108f6c..251f6668f 100644 --- a/app/views/instructeur_mailer/download_procedure.html.haml +++ b/app/views/instructeur_mailer/download_procedure_export.html.haml @@ -3,6 +3,6 @@ %p Vous avez demandé un export des dossiers de la procédure nº #{@procedure.id} « #{@procedure.libelle} ». Cliquez sur le lien ci-dessous pour le télécharger : - = link_to('Télécharger les dossiers', @lien_telechargement) + = link_to('Télécharger les dossiers', download_export_instructeur_procedure_url(@procedure)) = render partial: "layouts/mailers/signature" diff --git a/config/routes.rb b/config/routes.rb index 7ddf6c7c7..51cb1b35e 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -294,6 +294,7 @@ Rails.application.routes.draw do get 'remove_filter' => 'procedures#remove_filter', as: 'remove_filter' get 'download_dossiers' get 'download_dossiers_mail' + get 'download_export' get 'stats' get 'email_notifications' patch 'update_email_notifications'