datadryad · ryscher · Sep 23, 2024 · Sep 23, 2024 · Sep 23, 2024 · Sep 23, 2024
diff --git a/app/controllers/api_application_controller.rb b/app/controllers/api_application_controller.rb
@@ -35,25 +35,35 @@ def require_json_headers
  accept_ok = accept.nil? || (accept.include?('*/*') || accept.include?('application/json'))
  return if ct_ok && accept_ok
 
+ api_logger.error('require_json_headers')
  render json: { error: UNACCEPTABLE_MSG }.to_json, status: 406
  end
 
  def require_stash_identifier(doi:)
  # check to see if the identifier is actually an id and not a DOI first
  @stash_identifier = StashEngine::Identifier.where(id: doi).first
- @stash_identifier = StashEngine::Identifier.find_with_id(doi) if @stash_identifier.blank?
- render json: { error: 'not-found' }.to_json, status: 404 if @stash_identifier.blank?
+
+ return unless @stash_identifier.blank?
+
+ api_logger.error('require_stash_identifier')
+ @stash_identifier = StashEngine::Identifier.find_with_id(doi)
+ render json: { error: 'not-found' }.to_json, status: 404
  end
 
  def require_resource_id(resource_id:)
  @stash_resources = StashEngine::Resource.where(id: resource_id)
  @resource = @stash_resources&.first if @stash_resources.count.positive?
- render json: { error: 'not-found' }.to_json, status: 404 if @stash_resources.count < 1
+
+ return unless @stash_resources.count < 1
+
+ api_logger.error('require_resource_id')
+ render json: { error: 'not-found' }.to_json, status: 404
  end
 
  def require_file_id(file_id:)
  @stash_files = StashEngine::DataFile.where(id: file_id)
  if @stash_files.count < 1
+ api_logger.error('require_file_id')
  render json: { error: 'not-found' }.to_json, status: 404
  else
  @stash_file = @stash_files.first
@@ -63,7 +73,10 @@ def require_file_id(file_id:)
 
  def require_api_user
  optional_api_user
- render json: { error: 'Unauthorized, must have current bearer token' }.to_json, status: 401 if @user.blank?
+ return unless @user.blank?
+
+ api_logger.error('require_api_user')
+ render json: { error: 'Unauthorized, must have current bearer token' }.to_json, status: 401
  end
 
  def optional_api_user
@@ -85,52 +98,61 @@ def optional_api_user
 
  def require_in_progress_resource
  unless @stash_identifier.in_progress?
+ api_logger.error('require_in_progress_resource')
  render json: { error: 'You must have an in_progress version to perform this operation' }.to_json, status: 403
  end
  @resource = @stash_identifier.in_progress_resource
  end
 
  def require_viewable_resource(resource_id:)
  res = StashEngine::Resource.where(id: resource_id).first
+ api_logger.error('require_viewable_resource')
  render json: { error: 'not-found' }.to_json, status: 404 if res.nil? || !res.may_view?(ui_user: @user)
  end
 
  # based on user and resource set in "require_api_user" and 'require_resource_in_progress'
  def require_permission
  return if @resource.nil? # this not needed for dataset upsert with identifier
 
+ api_logger.error('require_permission')
  render json: { error: 'unauthorized' }.to_json, status: 401 unless @resource.permission_to_edit?(user: @user)
  end
 
  def require_superuser
  return if @user.superuser?
 
+ api_logger.error('require_superuser')
  render json: { error: 'unauthorized' }.to_json, status: 401
  end
 
  def require_min_app_admin
  return if @user.min_app_admin?
 
+ api_logger.error('require_min_app_admin')
  render json: { error: 'unauthorized' }.to_json, status: 401
  end
 
  def require_curator
  return if @user.min_curator?
 
+ api_logger.error('require_curator')
  render json: { error: 'unauthorized' }.to_json, status: 401
  end
 
  def require_admin
  return if current_user && current_user.min_admin?
 
+ api_logger.error('require_admin')
  render json: { error: 'unauthorized' }.to_json, status: 401
  end
 
  # call this like return_error(messages: 'blah', status: 400) { yield }
  def return_error(messages:, status:)
  if messages.instance_of?(String)
+ api_logger.error("Status: #{status} Message: #{messages}")
  (render json: { error: messages }.to_json, status: status) && yield
  elsif messages.instance_of?(Array)
+ api_logger.error("Status: #{status} Message: #{messages.map { |e| { error: e } }.to_json}")
  (render json: messages.map { |e| { error: e } }.to_json, status: status) && yield
  end
  end

diff --git a/app/controllers/stash_api/files_controller.rb b/app/controllers/stash_api/files_controller.rb
@@ -23,6 +23,10 @@ class FilesController < ApiApplicationController
  before_action :require_viewable_file, only: %i[show download]
  before_action -> { require_viewable_resource(resource_id: params[:version_id]) }, only: :index
 
+ def api_logger
+ Rails.application.config.api_logger
+ end
+
  # GET /files/<id>
  def show
  file = StashApi::File.new(file_id: params[:id], user: @user)
@@ -48,6 +52,7 @@ def update
  # DELETE /files/<id>
  def destroy
  unless @resource.current_state == 'in_progress'
+ api_logger.error('version is not in_progress')
  render json: { error: 'This file must be part of an an in-progress version' }.to_json, status: 403
  return
  end
@@ -96,13 +101,15 @@ def require_file_current_uploads
  the_type = @resource.upload_type
  return if %i[files unknown].include?(the_type)
 
+ api_logger.error('duplicating files via URL and direct upload')
  render json: { error:
  'You may not submit a file by direct upload in the same version when you have submitted files by URL' }.to_json, status: 409
  end
 
  def check_header_file_size
  return if request.headers['CONTENT-LENGTH'].blank? || request.headers['CONTENT-LENGTH'].to_i <= APP_CONFIG.maximums.merritt_size
 
+ api_logger.error('file too large')
  (render json: { error:
  "Your file size is larger than the maximum submission size of #{APP_CONFIG.maximums.merritt_size} bytes" }.to_json,
  status: 403) && yield
@@ -111,6 +118,7 @@ def check_header_file_size
  def check_file_size
  return if Stash::Aws::S3.new.size(s3_key: @file_path) <= APP_CONFIG.maximums.merritt_size
 
+ api_logger.error('file too large')
  (render json: { error:
  "Your file size is larger than the maximum submission size of #{view_context.filesize(APP_CONFIG.maximums.merritt_size)}" }.to_json,
  status: 403) && yield
@@ -153,6 +161,7 @@ def handle_previous_duplicates(upload_filename:)
  def check_total_size_violations
  return if @resource.new_size <= APP_CONFIG.maximums.merritt_size && @resource.size <= APP_CONFIG.maximums.merritt_size
 
+ api_logger.error('file too large')
  (render json: { error:
  'The files for this dataset are larger than the allowed version or total object size' }.to_json,
  status: 403) && yield
@@ -203,7 +212,10 @@ def make_deleted(data_file:)
 
  def require_viewable_file
  f = StashEngine::DataFile.where(id: params[:id]).first
- render json: { error: 'not-found' }.to_json, status: 404 if f.nil? || !f.resource.may_view?(ui_user: @user)
+ return unless f.nil? || !f.resource.may_view?(ui_user: @user)
+
+ api_logger.error('require_viewable_file')
+ render json: { error: 'not-found' }.to_json, status: 404
  end
  end
 end