#47

backend/app/controllers/wiki_assets_controller.rb

@@ -0,0 +1,38 @@
+require 'digest'
+
+
+class WikiAssetsController < ApplicationController
+  def index
+    page_id = params[:wiki_page_id].to_i
+    page = WikiPage.find_by(id: page_id)
+    return head :not_found unless page
+
+    render json: page.assets
+  end
+
+  def create
+    return head :unauthorized unless current_user
+    return head :forbidden unless current_user.gte_member?
+
+    wiki_page_id = params[:wiki_page_id].to_i
+    page = WikiPage.find_by(id: wiki_page_id)
+    return head :not_found unless page
+
+    file = params[:file]
+    return head :bad_request if file.blank?
+
+    page.with_lock do
+      no = page.next_asset_no
+      alt_text = params[:alt_text].presence
+      sha256 = Digest::SHA256.file(file.tempfile.path).digest
+
+      asset = WikiAsset.new(wiki_page_id:, no:, alt_text:, sha256:, created_by_user: current_user)
+      asset.file.attach(file)
+      asset.save!
+
+      page.update!(next_asset_no: no + 1)
+    end
+
+    render json: asset
+  end
+end

backend/app/models/wiki_asset.rb

@@ -0,0 +1,10 @@
+class WikiAsset < ApplicationRecord
+  self.primary_key = :wiki_page_id, :no
+
+  belongs_to :wiki_page
+  belongs_to :created_by_user, class_name: 'User'
+
+  has_one_attached :file
+
+  validates :file, presence: true
+end

backend/app/models/wiki_page.rb

@@ -15,6 +15,8 @@ class WikiPage < ApplicationRecord
            foreign_key: :redirect_page_id,
            dependent: :nullify
 
+  has_many :assets, class_name: 'WikiAsset', dependent: :destroy
+
   belongs_to :tag_name
   validates :tag_name, presence: true