procedure download is performed through a controller in order not to leak the URL

This commit is contained in:
clemkeirua 2019-10-02 15:51:37 +02:00
parent 1af2b63ed1
commit 70ea5e167e
6 changed files with 21 additions and 12 deletions

View file

@ -206,13 +206,21 @@ module Instructeurs
end end
def download_dossiers_mail def download_dossiers_mail
options = params.permit(:format, tables: []) ExportProcedureJob.perform_later(procedure, current_instructeur, params[:format])
DownloadDossiersJob.perform_later(procedure, options, current_instructeur)
flash.notice = "Le dossier va vous être envoyé par mail" flash.notice = "Le dossier va vous être envoyé par mail"
redirect_to procedure redirect_to procedure
end end
def download_export
if procedure.export_file.attachment.created_at < 1.day.ago
flash.alert = "Cet export n'est plus disponible. Vous devez en générer un nouveau qui vous sera transmis par mail"
redirect_to instructeur_procedure_url(procedure)
else
redirect_to url_for(procedure.export_file)
end
end
def email_notifications def email_notifications
@procedure = procedure @procedure = procedure
@assign_to = assign_to @assign_to = assign_to

View file

@ -1,10 +1,9 @@
class DownloadDossiersJob < ApplicationJob class ExportProcedureJob < ApplicationJob
def perform(procedure, options, instructeur) def perform(procedure, instructeur, export_format)
dossiers = instructeur.dossiers.for_procedure(procedure) dossiers = instructeur.dossiers.for_procedure(procedure)
format = options[:format] options = { :version => 'v2', :tables => [:dossiers, :etablissements] }
options.delete(:format)
case format case export_format
when 'csv' when 'csv'
filename = procedure.export_filename(:csv) filename = procedure.export_filename(:csv)
data = procedure.to_csv(dossiers, options) data = procedure.to_csv(dossiers, options)
@ -20,12 +19,13 @@ class DownloadDossiersJob < ApplicationJob
IO.write(file_path, data) IO.write(file_path, data)
File.open(file_path) do |io| File.open(file_path) do |io|
blob = ActiveStorage::Blob.create_after_upload!( # todo: add a TTL to the uploaded file, even though it's checked for in the controller too
procedure.export_file = ActiveStorage::Blob.create_after_upload!(
io: io, io: io,
filename: filename filename: filename
) )
InstructeurMailer.download_procedure(instructeur, procedure, blob).deliver_now InstructeurMailer.download_procedure_export(instructeur, procedure).deliver_now
File.delete(file_path) File.delete(file_path)
end end
end end

View file

@ -43,9 +43,8 @@ class InstructeurMailer < ApplicationMailer
mail(to: instructeur.email, subject: subject) mail(to: instructeur.email, subject: subject)
end end
def download_procedure(instructeur, procedure, blob) def download_procedure_export(instructeur, procedure)
@procedure = procedure @procedure = procedure
@lien_telechargement = url_for(blob)
subject = "Votre export de la procédure #{procedure.id} est disponible" subject = "Votre export de la procédure #{procedure.id} est disponible"
mail(to: instructeur.email, subject: subject) mail(to: instructeur.email, subject: subject)

View file

@ -34,6 +34,7 @@ class Procedure < ApplicationRecord
has_one_attached :logo has_one_attached :logo
has_one_attached :notice has_one_attached :notice
has_one_attached :deliberation has_one_attached :deliberation
has_one_attached :export_file
accepts_nested_attributes_for :types_de_champ, reject_if: proc { |attributes| attributes['libelle'].blank? }, allow_destroy: true accepts_nested_attributes_for :types_de_champ, reject_if: proc { |attributes| attributes['libelle'].blank? }, allow_destroy: true
accepts_nested_attributes_for :types_de_champ_private, reject_if: proc { |attributes| attributes['libelle'].blank? }, allow_destroy: true accepts_nested_attributes_for :types_de_champ_private, reject_if: proc { |attributes| attributes['libelle'].blank? }, allow_destroy: true

View file

@ -3,6 +3,6 @@
%p %p
Vous avez demandé un export des dossiers de la procédure nº #{@procedure.id} « #{@procedure.libelle} ». Cliquez sur le lien ci-dessous pour le télécharger : Vous avez demandé un export des dossiers de la procédure nº #{@procedure.id} « #{@procedure.libelle} ». Cliquez sur le lien ci-dessous pour le télécharger :
= link_to('Télécharger les dossiers', @lien_telechargement) = link_to('Télécharger les dossiers', download_export_instructeur_procedure_url(@procedure))
= render partial: "layouts/mailers/signature" = render partial: "layouts/mailers/signature"

View file

@ -294,6 +294,7 @@ Rails.application.routes.draw do
get 'remove_filter' => 'procedures#remove_filter', as: 'remove_filter' get 'remove_filter' => 'procedures#remove_filter', as: 'remove_filter'
get 'download_dossiers' get 'download_dossiers'
get 'download_dossiers_mail' get 'download_dossiers_mail'
get 'download_export'
get 'stats' get 'stats'
get 'email_notifications' get 'email_notifications'
patch 'update_email_notifications' patch 'update_email_notifications'