-
Notifications
You must be signed in to change notification settings - Fork 78
/
items_controller.rb
80 lines (64 loc) · 2.21 KB
/
items_controller.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
module API
# Adds an endpoint that consumes and RESTfully emits JSON from Arkivo
# representing new and updated Zotero-managed publications. An item in the
# Zotero parlance is mapped to a GenericWork in Sufia.
class ItemsController < ApplicationController
skip_before_action :verify_authenticity_token
before_action :validate_item, only: [:create, :update]
before_action :authorize_token
before_action :my_load_and_authorize_resource, only: [:update, :destroy, :show]
attr_reader :item
def create
head :created, location: sufia.api_item_path(actor.create_work_from_item)
end
def update
actor.update_work_from_item(@work)
head :no_content
end
def destroy
actor.destroy_work(@work)
head :no_content
end
def show
head :no_content
end
private
def my_load_and_authorize_resource
@work = CurationConcerns::WorkRelation.new.find(params[:id])
unless user.can? :edit, @work
return render plain: "#{user} lacks access to #{@work}", status: :unauthorized
end
if @work.arkivo_checksum.nil?
return render plain: "Forbidden: #{@work} not deposited via Arkivo", status: :forbidden
end
rescue ActiveFedora::ObjectNotFoundError
return render plain: "id '#{params[:id]}' not found", status: :not_found
end
def actor
Sufia::Arkivo::Actor.new(user, item)
end
def token
(request.get? || request.delete?) ? params[:token] : item['token']
end
def user
User.find_by(arkivo_token: token)
end
def validate_item
return render plain: 'no item parameter', status: :bad_request if post_data.blank?
Sufia::Arkivo::SchemaValidator.new(post_data).call
rescue Sufia::Arkivo::InvalidItem => exception
return render plain: "invalid item parameter: #{exception.message}", status: :bad_request
else
@item = JSON.parse(post_data)
end
def post_data
request.raw_post
end
def authorize_token
render plain: "invalid user token: #{token}", status: :unauthorized unless valid_token?
end
def valid_token?
user.present?
end
end
end