diff --git a/BrainPortal/app/controllers/userfiles_controller.rb b/BrainPortal/app/controllers/userfiles_controller.rb
index 49ec78f2f..2d7c397ec 100644
--- a/BrainPortal/app/controllers/userfiles_controller.rb
+++ b/BrainPortal/app/controllers/userfiles_controller.rb
@@ -440,6 +440,36 @@ def show #:nodoc:
end
end
+ # establishes trust in all the files of a creator of this file for the duration of the session
+ # This method is used to render html userfiles or collection elements
+ def trust_creator
+ @userfile = Userfile.find_accessible_by_user(params[:id], current_user, :access_requested => :read)
+ cbrain_session[:trust_user_files] ||= []
+ unless cbrain_session[:trust_user_files].include?(@userfile.user_id)
+ ids = cbrain_session[:trust_user_files] # in place modification does not work well within a session
+ ids.shift if ids.length > 99 # cap to 100 ids, session storage is limited
+ cbrain_session[:trust_userfiles] = ids << @userfile.user_id
+ end
+ respond_to do |format|
+ format.js { render js: "" } # no need to do anything as of now
+ end
+ end
+
+ # establishes trust in a file or all the other files of a collection for the duration of the session
+ # This method is used to render html userfiles or collection elements
+ def trust
+ @userfile = Userfile.find_accessible_by_user(params[:id], current_user, :access_requested => :read)
+ cbrain_session[:trust_userfiles] ||= []
+ unless cbrain_session[:trust_userfiles].include?(@userfile.id)
+ ids = cbrain_session[:trust_userfiles] # in place modification does not work well within a session
+ ids.shift if ids.length > 199 # limit to 200 file ids, session size is limited
+ cbrain_session[:trust_userfiles] = ids << @userfile.id
+ end
+ respond_to do |format|
+ format.js { render js: "" } # no need to do anything as of now
+ end
+ end
+
# Triggers the mass synchronization of several userfiles
# or mass 'desynchronization' (ProvNewer) of several userfiles.
def sync_multiple #:nodoc:
diff --git a/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/html_file.rb b/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/html_file.rb
index 2a556bd66..ca029c678 100644
--- a/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/html_file.rb
+++ b/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/html_file.rb
@@ -33,6 +33,6 @@ def self.file_name_pattern #:nodoc:
def self.pretty_type #:nodoc:
"HTML File"
- end
+ end
end
diff --git a/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/views/_html.html.erb b/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/views/_html.html.erb
index 37a386454..4224ebffb 100644
--- a/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/views/_html.html.erb
+++ b/BrainPortal/cbrain_plugins/cbrain-plugins-base/userfiles/html_file/views/_html.html.erb
@@ -1,4 +1,3 @@
-
<%
#
# CBRAIN Project
@@ -22,29 +21,68 @@
#
%>
-<% if params[:new_tab].blank? # show only on userfile page %>
+This HTML document is not part of CBRAIN. You should not view or
+ interact with it unless you fully trust it. (Forms and external links are disabled.)
+
+
+<% if params[:new_tab].blank?
+ # show only on userfile page %>
<%= link_to(
- "Open in a separate tab",
- display_userfile_url(@userfile,
- :viewer => :html,
- :content_viewer => "on",
- :file_name => @userfile.name,
- :viewer_userfile_class => "HtmlFile",
- :new_tab => "yes"
- ),
- :target => "_blank"
- ) %>
+ "Open in a separate tab",
+ display_userfile_url(@userfile,
+ :viewer => :html,
+ :content_viewer => "on",
+ :file_name => @userfile.name,
+ :viewer_userfile_class => "HtmlFile",
+ :new_tab => "yes"
+ ),
+ :target => "_blank"
+ )
+ %>
<% end %>
-The HTML document previewed in the frame below is not part of CBRAIN. You should not open it or
-interact with it unless you fully trust it. Forms and external links are disabled.
+
+<%# -- for other user's files ask confirmation, unless user of files is marked as trusted %>
+<% hide_frame = params[:new_tab].blank? && current_user.id != @userfile.user_id %>
+<% hide_frame &&= !cbrain_session[:trust_user_files]&.include?(@userfile.user_id) %>
+<% hide_frame &&= !cbrain_session[:trust_userfiles]&.include?(@userfile.id) %>
+<% if hide_frame %>
+
+
+ <%= link_to "I trust all #{@userfile.user.login}'s files,",
+ trust_creator_userfile_path(@userfile),
+ method: :post,
+ remote: true
+ %>
+ show them without warnings during this session
+
+
+ <%= link_to "Show just this userfile",
+ trust_userfile_path(@userfile),
+ method: :post,
+ remote: true
+ %>
+
+<% end %>
+
-
+
+
diff --git a/BrainPortal/config/routes.rb b/BrainPortal/config/routes.rb
index b9df53946..3dfe84a1c 100644
--- a/BrainPortal/config/routes.rb
+++ b/BrainPortal/config/routes.rb
@@ -140,6 +140,8 @@
get 'stream/*file_path' => 'userfiles#stream'
get 'display'
post 'extract_from_collection'
+ post 'trust'
+ post 'trust_creator'
end
collection do
post 'download'
diff --git a/BrainPortal/public/javascripts/cbrain.js b/BrainPortal/public/javascripts/cbrain.js
index bba95fcd8..caddcfbd8 100644
--- a/BrainPortal/public/javascripts/cbrain.js
+++ b/BrainPortal/public/javascripts/cbrain.js
@@ -759,6 +759,15 @@
form.submit();
});
+ // show HMTL file in a frame after user indicates trust (to that file or file owner)
+ $(document).on("ajax:success", ".trust-file-btn", function (event) {
+ let trustBtn = $(".trust-file-btn");
+ let iframe = $("body").find('.html-viewer');
+ let iframeContainer = $("body").find('.iframe-container');
+ iframe.attr('src', iframe.data('frame-url'));
+ trustBtn.hide();
+ iframeContainer.show(); // css trumps html
+ });
//html_tool_tip_code based on xstooltip provided by
//http://www.texsoft.it/index.php?%20m=sw.js.htmltooltip&c=software&l=it