Show a default image for files when user doesn't have read access

samvera-deprecated · Feb 1, 2017 · c9094e6 · c9094e6
1 parent 137686e
commit c9094e6
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 6 deletions.
diff --git a/app/controllers/concerns/curation_concerns/download_behavior.rb b/app/controllers/concerns/curation_concerns/download_behavior.rb
@@ -40,6 +40,12 @@ def derivative_download_options
       # that files are in a LDP basic container, and thus, included in the asset's uri.
       def authorize_download!
         authorize! :read, params[asset_param_key]
+      rescue CanCan::AccessDenied
+        redirect_to default_image
+      end
+
+      def default_image
+        ActionController::Base.helpers.image_path 'default.png'
       end
 
       # Overrides Hydra::Controller::DownloadBehavior#load_file, which is hard-coded to assume files are in BasicContainer.

diff --git a/spec/controllers/downloads_controller_spec.rb b/spec/controllers/downloads_controller_spec.rb
@@ -6,6 +6,7 @@
     let(:file_set) do
       FactoryGirl.create(:file_with_work, user: user, content: File.open(fixture_file_path('files/image.png')))
     end
+    let(:default_image) { ActionController::Base.helpers.image_path 'default.png' }
     it 'calls render_404 if the object does not exist' do
       expect(controller).to receive(:render_404) { controller.render body: nil }
       get :show, params: { id: '8675309' }
@@ -15,18 +16,16 @@
       let(:another_user) { FactoryGirl.create(:user) }
       before { sign_in another_user }
 
-      it 'redirects to root' do
+      it 'redirects to the default image' do
         get :show, params: { id: file_set.to_param }
-        expect(response).to redirect_to root_path
-        expect(flash['alert']).to eq 'You are not authorized to access this page.'
+        expect(response).to redirect_to default_image
       end
     end
 
     context "when user isn't logged in" do
-      it 'redirects to sign in' do
+      it 'redirects to the default image' do
         get :show, params: { id: file_set.to_param }
-        expect(response).to redirect_to new_user_session_path
-        expect(flash['alert']).to eq 'You are not authorized to access this page.'
+        expect(response).to redirect_to default_image
       end
 
       it 'authorizes the resource using only the id' do