From 4519f3f1370e0bab592d8b3beb30d3c8a11165e9 Mon Sep 17 00:00:00 2001 From: Martin Brennan Date: Wed, 15 Dec 2021 14:08:11 +1000 Subject: [PATCH] FIX: Add more actions to the uploads API key scope (#15306) The uploads API key create scope did not cover the external upload API endpoints, or the direct S3 multipart endpoints, and this commit adds them. cf. https://meta.discourse.org/t/upload-create-api-key-insufficient/211896 --- app/models/api_key_scope.rb | 12 +++++++++++- config/locales/client.en.yml | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/app/models/api_key_scope.rb b/app/models/api_key_scope.rb index f0dcc91415a..0de8dd4ca8b 100644 --- a/app/models/api_key_scope.rb +++ b/app/models/api_key_scope.rb @@ -36,7 +36,17 @@ class ApiKeyScope < ActiveRecord::Base edit: { actions: %w[posts#update], params: %i[id] } }, uploads: { - create: { actions: %w[uploads#create] } + create: { + actions: %w[ + uploads#create + uploads#generate_presigned_put + uploads#complete_external_upload + uploads#create_multipart + uploads#batch_presign_multipart_parts + uploads#abort_multipart + uploads#complete_multipart + ] + } }, users: { bookmarks: { actions: %w[users#bookmarks], params: %i[username] }, diff --git a/config/locales/client.en.yml b/config/locales/client.en.yml index cfe37659c19..4ab54229ae7 100644 --- a/config/locales/client.en.yml +++ b/config/locales/client.en.yml @@ -4210,7 +4210,7 @@ en: posts: edit: Edit any post or a specific one. uploads: - create: Upload a new file. + create: Upload a new file or initiate single or multipart direct uploads to external storage. users: bookmarks: List user bookmarks. It returns bookmark reminders when using the ICS format. sync_sso: Synchronize a user using DiscourseConnect.