grecia/app/controllers/direct_uploads_controller.rb

class DirectUploadsController < ApplicationController
  include DirectUploadsHelper
  include ActionView::Helpers::UrlHelper
  before_action :authenticate_user!

  load_and_authorize_resource except: :create
  skip_authorization_check only: :create

  helper_method :render_destroy_upload_link

  def create
    @direct_upload = DirectUpload.new(direct_upload_params.merge(user: current_user, attachment: params[:attachment]))

    if @direct_upload.valid?
      @direct_upload.save_attachment
      @direct_upload.relation.set_cached_attachment_from_attachment

      render json: { cached_attachment: @direct_upload.relation.cached_attachment,
                     filename: @direct_upload.relation.attachment.original_filename,
                     destroy_link: render_destroy_upload_link(@direct_upload),
                     attachment_url: @direct_upload.relation.attachment.url }
    else
      @direct_upload.destroy_attachment
      render json: { errors: @direct_upload.errors[:attachment].join(", ") },
             status: 422
    end
  end

  def destroy
    @direct_upload = DirectUpload.new(direct_upload_params.merge(user: current_user))
    @direct_upload.relation.set_attachment_from_cached_attachment

    if @direct_upload.destroy_attachment
      render json: :ok
    else
      render json: :error
    end
  end

  private

    def direct_upload_params
      params.require(:direct_upload)
            .permit(:resource, :resource_type, :resource_id, :resource_relation,
                    :attachment, :cached_attachment, attachment_attributes: [])
    end
end