2016-11-15 17:56:29 +02:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-09-17 18:47:26 +03:00
|
|
|
class MediaController < ApplicationController
|
2017-05-29 19:22:22 +03:00
|
|
|
include Authorization
|
|
|
|
|
2018-02-16 08:22:20 +02:00
|
|
|
before_action :set_media_attachment
|
|
|
|
before_action :verify_permitted_status!
|
2016-09-17 18:47:26 +03:00
|
|
|
|
2018-12-18 17:40:30 +02:00
|
|
|
content_security_policy only: :player do |p|
|
|
|
|
p.frame_ancestors(false)
|
|
|
|
end
|
|
|
|
|
2016-09-17 18:47:26 +03:00
|
|
|
def show
|
2018-02-16 08:22:20 +02:00
|
|
|
redirect_to @media_attachment.file.url(:original)
|
|
|
|
end
|
|
|
|
|
|
|
|
def player
|
|
|
|
@body_classes = 'player'
|
2018-12-18 17:40:30 +02:00
|
|
|
response.headers['X-Frame-Options'] = 'ALLOWALL'
|
2018-02-16 08:22:20 +02:00
|
|
|
raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
|
2016-09-17 18:47:26 +03:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2018-02-16 08:22:20 +02:00
|
|
|
def set_media_attachment
|
|
|
|
@media_attachment = MediaAttachment.attached.find_by!(shortcode: params[:id] || params[:medium_id])
|
2017-04-17 21:02:00 +03:00
|
|
|
end
|
|
|
|
|
2018-02-16 08:22:20 +02:00
|
|
|
def verify_permitted_status!
|
|
|
|
authorize @media_attachment.status, :show?
|
2017-05-29 19:22:22 +03:00
|
|
|
rescue Mastodon::NotPermittedError
|
|
|
|
# Reraise in order to get a 404 instead of a 403 error code
|
|
|
|
raise ActiveRecord::RecordNotFound
|
2016-09-17 18:47:26 +03:00
|
|
|
end
|
|
|
|
end
|