Merge pull request #3556 from mlibrary/HELIO-4033/author_read_access_…

…share_link HELIO-4033 use share links for author review
mlibrary · Dec 19, 2023 · d607b3b · d607b3b
2 parents e282181 + 029d7ef
commit d607b3b
Show file tree

Hide file tree

Showing 10 changed files with 292 additions and 98 deletions.
diff --git a/app/controllers/e_pubs_controller.rb b/app/controllers/e_pubs_controller.rb
@@ -156,6 +156,7 @@ def share_link
       ShareLinkLog.create(ip_address: request.ip,
                           institution: current_institutions.map(&:name).join("|"),
                           press: subdomain,
+                          user: current_actor.email,
                           title: @presenter.parent.title,
                           noid: @presenter.id,
                           token: token,
@@ -188,6 +189,7 @@ def log_share_link_use
       ShareLinkLog.create(ip_address: request.ip,
                           institution: current_institutions.map(&:name).join("|"),
                           press: @subdomain,
+                          user: current_actor.email,
                           title: @parent_presenter.title,
                           noid: @noid,
                           token: @share_link,

diff --git a/app/overrides/hyrax/downloads_controller_overrides.rb b/app/overrides/hyrax/downloads_controller_overrides.rb
@@ -103,14 +103,39 @@ def allow_download?
     end
 
     # HELIO-4501 Override to use the Hyrax 3.4 version of this with no workflow related code.
-    # We really only depend on allow_download? above for this.
     def authorize_download!
+      return true if authorize_embeds_for_epub_share_link?
+
       authorize! :download, params[asset_param_key]
     rescue CanCan::AccessDenied
       unauthorized_image = Rails.root.join("app", "assets", "images", "unauthorized.png")
       send_file unauthorized_image, status: :unauthorized
     end
 
+    def authorize_embeds_for_epub_share_link?
+      # adding some logic to allow *draft* FileSet "downloads" to work when a session holds the sibling EPUB's share link.
+      # This is specifically so that draft embedded video, jpeg (video poster), audio and animated gif resources will display in CSB.
+      # Images will work anyway seeing as RIIIF tiles get served regardless of the originating FileSet's publication status.
+
+      if presenter.visibility == 'restricted' && presenter&.parent&.epub? && (jpeg? || video? || sound? || animated_gif? || closed_captions? || visual_descriptions?)
+        # I think the link could only be in the session here, but will check for `params[:share]` anyway
+        share_link = params[:share] || session[:share_link]
+        session[:share_link] = share_link
+
+        if share_link.present?
+          begin
+            decoded = JsonWebToken.decode(share_link)
+
+            return true if decoded[:data] == presenter&.parent&.epub_id
+          rescue JWT::ExpiredSignature
+            false
+          end
+        end
+      else
+        false
+      end
+    end
+
     def thumbnail?
       params[:file] == 'thumbnail'
     end

diff --git a/app/policies/e_pub_policy.rb b/app/policies/e_pub_policy.rb
@@ -7,7 +7,7 @@ def initialize(actor, target, share = false)
   end
 
   def show?
-    return true if ebook.published? && !ebook.tombstone? && share
+    return true if !ebook.tombstone? && share
 
     EbookReaderOperation.new(actor, ebook).allowed?
   end

diff --git a/app/views/e_pubs/_cozy_controls_bottom.js.erb b/app/views/e_pubs/_cozy_controls_bottom.js.erb
@@ -72,8 +72,11 @@ cozy.control.download({
 }).addTo(reader);
 <% end %>
 
-// Restricted Share Link widget
-<% if @component.present? && @press.allow_share_links? && !@parent_presenter.open_access? && @share_link.nil? %>
+// Restricted Share Link widget. If the press allows share links, then logged-in editors/admins can share draft...
+// content (e.g. with authors) while regular readers can share published, restricted content forward
+<% if @press.allow_share_links? &&
+     (@presenter.visibility == 'restricted' && (current_user.present? && (current_user.editor_presses | current_user.admin_presses)&.include?(@press)) ||
+     (@presenter.visibility == 'open' && @component.present? && !@parent_presenter.open_access? && @share_link.nil?)) %>
 modal = reader.modal({
         region: 'left',
         title: 'Share Temporary Access to this Book',

diff --git a/db/migrate/20231218205001_add_user_to_share_link_log.rb b/db/migrate/20231218205001_add_user_to_share_link_log.rb
@@ -0,0 +1,5 @@
+class AddUserToShareLinkLog < ActiveRecord::Migration[5.2]
+  def change
+    add_column :share_link_logs, :user, :string, after: :press
+  end
+end