class PapermillController < ApplicationController # Create is protected because of the Ajax same origin policy. # Yet SwfUpload doesn't send the right header for request.xhr? to be true and thus fails to disable verify_authenticity_token automatically. skip_before_filter :verify_authenticity_token, :only => [:create] prepend_before_filter :load_asset, :only => [ "show", "destroy", "update", "edit" ] prepend_before_filter :load_assets, :only => [ "sort", "mass_delete", "mass_edit" ] def show if @asset.create_thumb_file(params[:style]) redirect_to @asset.url(params[:style]) else render :nothing => true, :status => 404 end end def destroy render :update do |page| if @asset.destroy page << %{ jQuery("#papermill_asset_#{params[:id]}").remove(); } else page << %{ jQuery("#papermill_asset_#{params[:id]}").show(); } page << %{ notify("#{ escape_javascript t('papermill.not-deleted', :ressource => @asset.name) }", "error"); } end end end def update render :update do |page| if @asset.update_attributes(params[:papermill_asset]) page << %{ notify("#{ escape_javascript t("papermill.updated", :ressource => @asset.name)}", "notice"); close_popup(self); } else page << %{ jQuery("#error").html("#{ escape_javascript @asset.errors.full_messages.join('
') }"); jQuery("#error").show(); } end end end def edit render :action => "edit" end def create @asset = params[:asset_class].constantize.new(params.reject{|k, v| !(PapermillAsset.columns.map(&:name)+["Filedata", "Filename"]).include?(k)}) if @asset.save PapermillAsset.find(:all, :conditions => { :assetable_id => @asset.assetable_id, :assetable_type => @asset.assetable_type, :assetable_key => @asset.assetable_key }).each do |asset| asset.destroy unless asset == @asset end if !params[:gallery] render :partial => "papermill/asset", :object => @asset, :locals => { :gallery => params[:gallery], :thumbnail_style => params[:thumbnail_style] } else render :update do |page| page << %{ notify("#{ escape_javascript(@asset.errors.join('
')) }", "warning"); } end end end def sort @assets.each_with_index do |asset, index| asset.update_attribute(:position, index + 1) end render :nothing => true end def mass_delete render :update do |page| @assets.each do |asset| page << %{ jQuery("#papermill_asset_#{asset.id}").remove(); } if asset.destroy end end end def mass_edit ok_messages = [] ko_messages = [] @assets.each do |asset| if asset.update_attributes({params[:attribute] => params[:value]}) ok_messages << t("papermill.updated", :ressource => asset.name) else ko_messages << "#{asset.name} -> #{asset.errors.full_messages.to_sentence}" end end render :update do |page| page << %{ notify("#{ escape_javascript ok_messages.join('\n') }", "notice"); } unless ok_messages.empty? page << %{ notify("#{ escape_javascript ko_messages.join('\n') }", "error"); } unless ko_messages.empty? end end private def load_asset @asset = PapermillAsset.find(params[:id] || (params[:id0] + params[:id1] + params[:id2]).to_i) end def load_assets @assets = (params[:papermill_asset] || []).map{ |id| PapermillAsset.find(id) } end end