grecia/app/controllers/direct_uploads_controller.rb

class DirectUploadsController < ApplicationController
  include DirectUploadsHelper
  include ActionView::Helpers::UrlHelper
  before_action :authenticate_user!

  load_and_authorize_resource except: :create
  skip_authorization_check only: :create

  helper_method :render_destroy_upload_link

  # It should return cached attachment path or attachment errors
  def create
    @direct_upload = DirectUpload.new(direct_upload_params.merge(user: current_user, attachment: params[:attachment]))

    if @direct_upload.valid?
      @direct_upload.save_attachment
      @direct_upload.relation.set_cached_attachment_from_attachment(URI(request.url))
      render json: { cached_attachment: @direct_upload.relation.cached_attachment,
                     filename: @direct_upload.relation.attachment.original_filename,
                     destroy_link: render_destroy_upload_link(@direct_upload).html_safe,
                     attachment_url: @direct_upload.relation.attachment.url
                   }
    else
      @direct_upload.destroy_attachment
      render json: { errors: @direct_upload.errors[:attachment].join(", ") },
             status: 422
    end
  end

  def destroy
    @direct_upload = DirectUpload.new(direct_upload_params.merge(user: current_user) )

    @direct_upload.relation.set_attachment_from_cached_attachment

    if @direct_upload.destroy_attachment
      render json: :ok
    else
      render json: :error
    end
  end

  private

  def direct_upload_params
    params.require(:direct_upload)
          .permit(:resource, :resource_type, :resource_id, :resource_relation,
                  :attachment, :cached_attachment, attachment_attributes: [])
  end

  def set_attachment_container_resource
    @container_resource = params[:resource_type]
  end

  def find_attachment_container_resource
    @uplo = params[:documentable_type].constantize.find_or_initialize_by(id: params[:documentable_id])
  end

end