Skip to content

Commit

Permalink
fix: Improve assessment attachment downloads (#5613)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nwalters512
nwalters512 committed Apr 5, 2022
1 parent ba4c1bc commit 393b052
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 13 deletions.
2 changes: 1 addition & 1 deletion pages/partials/attachFilePanel.ejs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
<% file_list.forEach(function(file, iFile) { %>
<tr>
<td style="word-break:break-all;">
<a class="attached-file" target="_blank" href="<%= urlPrefix %>/assessment_instance/<%= assessment_instance.id %>/file/<%= file.id %>/<%= file.display_filename %>">
<a class="attached-file" href="<%= urlPrefix %>/assessment_instance/<%= assessment_instance.id %>/file/<%= file.id %>/<%= file.display_filename %>">
<%= file.display_filename %>
</a>
</td>
Expand Down
26 changes: 21 additions & 5 deletions pages/studentAssessmentInstanceFile/studentAssessmentInstanceFile.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,34 @@ const express = require('express');
const router = express.Router();
const asyncHandler = require('express-async-handler');

const error = require('../../prairielib/error');
const sqlLoader = require('../../prairielib/lib/sql-loader');
const sqldb = require('../../prairielib/lib/sql-db');
const fileStore = require('../../lib/file-store');

const sql = sqlLoader.loadSqlEquiv(__filename);

router.get(
'/:file_id/:display_filename',
'/:unsafe_file_id/:unsafe_display_filename',
asyncHandler(async (req, res, next) => {
const options = {
const params = {
assessment_instance_id: res.locals.assessment_instance.id,
file_id: req.params.file_id,
display_filename: req.params.display_filename,
unsafe_file_id: req.params.unsafe_file_id,
unsafe_display_filename: req.params.unsafe_display_filename,
};

const stream = await fileStore.getStream(options.file_id);
// Assert that the file belongs to this assessment, that the display
// filename matches, and that the file is not deleted.
const result = await sqldb.queryZeroOrOneRowAsync(sql.select_file, params);
if (result.rows.length === 0) {
return next(error.make(404, 'File not found'));
}

const { id: fileId, display_filename: displayFilename } = result.rows[0];
const stream = await fileStore.getStream(fileId);
// Ensure the response is interpreted as an "attachment" (file to be downloaded)
// and not as a webpage.
res.attachment(displayFilename);
stream.on('error', next).pipe(res);
})
);
Expand Down
13 changes: 6 additions & 7 deletions pages/studentAssessmentInstanceFile/studentAssessmentInstanceFile.sql
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
-- BLOCK select_file
SELECT f.storage_filename
FROM
files AS f
SELECT id, display_filename
FROM files
WHERE
f.id = $file_id
AND f.assessment_instance_id = $assessment_instance_id
AND f.display_filename = $display_filename
AND f.deleted_at IS NULL;
id = $unsafe_file_id
AND assessment_instance_id = $assessment_instance_id
AND display_filename = $unsafe_display_filename
AND deleted_at IS NULL;

0 comments on commit 393b052

Please sign in to comment.