diff --git a/web/app/assets/javascripts/jam_rest.js b/web/app/assets/javascripts/jam_rest.js
index ff031af99..9c9cf107f 100644
--- a/web/app/assets/javascripts/jam_rest.js
+++ b/web/app/assets/javascripts/jam_rest.js
@@ -68,6 +68,13 @@
});
}
+ function getMusicNotation(query) {
+ return $.ajax({
+ type: "GET",
+ url: "/api/music_notations/"+query
+ });
+ }
+
function legacyJoinSession(options) {
var sessionId = options["session_id"];
delete options["session_id"];
@@ -1223,6 +1230,7 @@
this.legacyCreateSession = legacyCreateSession;
this.createScheduledSession = createScheduledSession;
this.uploadMusicNotations = uploadMusicNotations;
+ this.getMusicNotation = getMusicNotation;
this.legacyJoinSession = legacyJoinSession;
this.joinSession = joinSession;
this.cancelSession = cancelSession;
diff --git a/web/app/assets/javascripts/sessionList.js b/web/app/assets/javascripts/sessionList.js
index d58218dbf..a54ba7cec 100644
--- a/web/app/assets/javascripts/sessionList.js
+++ b/web/app/assets/javascripts/sessionList.js
@@ -122,6 +122,18 @@
$('a.more.slots', $parentRow).click(toggleSlots);
$('a.more.rsvps', $parentRow).click(toggleRsvps);
+ $('.notation-link').click(function(evt) {
+ rest.getMusicNotation($(this).attr('data-notation-id'))
+ .done(function(result) {
+ window.open(result, '_blank');
+ })
+ .fail(function(xhr, textStatus, errorMessage) {
+ if (xhr.status === 403) {
+ app.ajaxError(xhr, textStatus, errorMessage);
+ }
+ });
+ });
+
if (showJoinLink) {
// wire up the Join Link to the T&Cs dialog
@@ -429,8 +441,9 @@
function createNotationFile(notation) {
var notationVals = {
notation_id: notation.id,
- file_url: notation.file_url,
- file_name: notation.file_name
+ file_url: notation.viewable ? notation.file_url + '?target=_blank' : '#',
+ file_name: notation.file_name,
+ link_class: notation.viewable ? '' : 'notation-link'
};
return context.JK.fillTemplate($notationFileTemplate.html(), notationVals);
diff --git a/web/app/controllers/api_music_notations_controller.rb b/web/app/controllers/api_music_notations_controller.rb
index 896c20b63..25997b24b 100644
--- a/web/app/controllers/api_music_notations_controller.rb
+++ b/web/app/controllers/api_music_notations_controller.rb
@@ -19,15 +19,20 @@ class ApiMusicNotationsController < ApiController
@music_notations.push music_notation
end if params[:files]
- respond_with @music_notations, responder: ApiResponder, :statue => 201
+ respond_with @music_notations, responder: ApiResponder, :status => 201
end
def download
@music_notation = MusicNotation.find(params[:id])
- unless @music_notation.music_session.nil? || @music_notation.music_session.can_join?(current_user, true)
- raise PermissionError, ValidationMessages::PERMISSION_VALIDATION_ERROR
- end
- redirect_to @music_notation.sign_url
+ unless @music_notation.music_session.nil? || @music_notation.music_session.can_join?(current_user, true)
+ render :text => "Permission denied", status:403
+ return
+ end
+ if '_blank'==params[:target]
+ redirect_to @music_notation.sign_url
+ else
+ render :text => @music_notation.sign_url
+ end
end
-end
\ No newline at end of file
+end
diff --git a/web/app/views/api_music_sessions/show_history.rabl b/web/app/views/api_music_sessions/show_history.rabl
index 9d732d843..e027c0874 100644
--- a/web/app/views/api_music_sessions/show_history.rabl
+++ b/web/app/views/api_music_sessions/show_history.rabl
@@ -85,7 +85,9 @@ else
attributes :id, :file_name
node do |music_notation|
- { file_url: "/api/music_notations/#{music_notation.id}" }
+ { file_url: "/api/music_notations/#{music_notation.id}",
+ viewable: music_notation.music_session.can_join?(current_user, true)
+ }
end
}
diff --git a/web/app/views/clients/_findSession.html.erb b/web/app/views/clients/_findSession.html.erb
index 4f2b383bc..094794387 100644
--- a/web/app/views/clients/_findSession.html.erb
+++ b/web/app/views/clients/_findSession.html.erb
@@ -245,7 +245,7 @@