feat(transaction): add support for file attachments using Active Storage (#713)

* feat(transaction): add support for file attachments using Active Storage

* feat(attachments): implement transaction attachments with upload, show, and delete functionality

* feat(attachments): enhance attachment upload functionality to support multiple files and improved error handling

* feat(attachments): add attachment upload form and display functionality in transaction views

* feat(attachments): implement attachment validation for count, size, and content type; enhance upload form with validation hints

* fix(attachments): use correct UI components

* feat(attachments): Implement Turbo Stream responses for creating and deleting transaction attachments.

* fix(attachments): include auth in activestorage controller

* test(attachments): add test coverage for turbostream and auth

* feat(attachments): extract strings to i18n

* fix(attachments): ensure only newly added attachments are purged when transaction validation fails.

* fix(attachments): validate attachment params

* refactor(attachments): use stimulus declarative actions

* fix(attachments): add auth for other representations

* refactor(attachments): use Browse component for attachment uploads

* fix(attachments): reject empty values on attachment upload

* fix(attachments): hide the upload form if reached max uploads

* fix(attachments): correctly purge only newly added attachments on upload failure

* fix(attachments): ensure attachment count limit is respected within a transaction lock

* fix(attachments): update attachment parameter handling to avoid `ParameterMissing` errors.

* fix(components): adjust icon_only logic for buttonish

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>

config/initializers/active_storage_authorization.rb

@@ -0,0 +1,45 @@
+# Override Active Storage blob serving to enforce authorization
+Rails.application.config.to_prepare do
+  module ActiveStorageAttachmentAuthorization
+    extend ActiveSupport::Concern
+
+    included do
+      include Authentication
+      before_action :authorize_transaction_attachment, if: :transaction_attachment?
+    end
+
+    private
+
+      def authorize_transaction_attachment
+        attachment = ActiveStorage::Attachment.find_by(blob: authorized_blob)
+        return unless attachment&.record_type == "Transaction"
+
+        transaction = attachment.record
+
+        # Check if current user has access to this transaction's family
+        unless Current.family == transaction.entry.account.family
+          raise ActiveRecord::RecordNotFound
+        end
+      end
+
+      def transaction_attachment?
+        return false unless authorized_blob
+
+        attachment = ActiveStorage::Attachment.find_by(blob: authorized_blob)
+        attachment&.record_type == "Transaction"
+      end
+
+      def authorized_blob
+        @blob || @representation&.blob
+      end
+  end
+
+  [
+    ActiveStorage::Blobs::RedirectController,
+    ActiveStorage::Blobs::ProxyController,
+    ActiveStorage::Representations::RedirectController,
+    ActiveStorage::Representations::ProxyController
+  ].each do |controller|
+    controller.include ActiveStorageAttachmentAuthorization
+  end
+end