feat: Enhance Person data structure and improve TablePersons component

- Updated Person interface to include first_name and last_name fields for better clarity and organization handling. - Modified TablePersons.vue to support new fields, including improved pagination and drag-and-drop functionality. - Added loading states and error handling for form controls within the table. - Enhanced the visual layout of the table with responsive design adjustments. - Updated solr.xslt to correctly reference ServerDateModified and EmbargoDate attributes. - updated AvatarController - improved download method for editor, and reviewer - improved security for officlial download file file API: filterd by server_state
2025-09-08 12:28:26 +02:00 · 2025-09-08 12:28:26 +02:00 · 06ed2f3625
commit 06ed2f3625
parent e1ccf0ddc8
12 changed files with 3143 additions and 1387 deletions
--- a/app/Controllers/Http/Api/FileController.ts
+++ b/app/Controllers/Http/Api/FileController.ts
@ -2,7 +2,6 @@ import type { HttpContext } from '@adonisjs/core/http';
 import File from '#models/file';
 import { StatusCodes } from 'http-status-codes';
 import * as fs from 'fs';
-import * as path from 'path';
 import { DateTime } from 'luxon';

 // node ace make:controller Author
@ -23,8 +22,13 @@ export default class FileController {
            });
        }

-        // Check embargo date
-        const dataset = file.dataset; // or file.dataset
+        const dataset = file.dataset;
+        // Files from unpublished datasets are now blocked
+        if (dataset.server_state !== 'published') {
+        return response.status(StatusCodes.FORBIDDEN).send({
+            message: `File access denied: Dataset is not published.`,
+        });
+    }
        if (dataset && this.isUnderEmbargo(dataset.embargo_date)) {
            return response.status(StatusCodes.FORBIDDEN).send({
                message: `File is under embargo until ${dataset.embargo_date?.toFormat('yyyy-MM-dd')}`,
@ -32,13 +36,16 @@ export default class FileController {
        }

        // Proceed with file download
-        const filePath = '/storage/app/data/' + file.pathName;
-        const ext = path.extname(filePath);
-        const fileName = file.label + ext;
+        const filePath = '/storage/app/data/' + file.pathName;      
+        const fileExt = file.filePath.split('.').pop() || '';
+        // const fileName = file.label + fileExt;       
+        const fileName = file.label.toLowerCase().endsWith(`.${fileExt.toLowerCase()}`) 
+            ? file.label 
+            : `${file.label}.${fileExt}`;

        try {
            fs.accessSync(filePath, fs.constants.R_OK); //| fs.constants.W_OK);
-            // console.log("can read/write:", path);
+            // console.log("can read/write:", filePath);

            response
                .header('Cache-Control', 'no-cache private')
@ -47,7 +54,7 @@ export default class FileController {
                .header('Content-Disposition', 'inline; filename=' + fileName)
                .header('Content-Transfer-Encoding', 'binary')
                .header('Access-Control-Allow-Origin', '*')
-                .header('Access-Control-Allow-Methods', 'GET,POST');
+                .header('Access-Control-Allow-Methods', 'GET');

            response.status(StatusCodes.OK).download(filePath);
        } catch (err) {