github-mirror/BookStack
github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-02-20 22:40:39 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed app logo visibility with secure_restricted images

Browse Source 
Includes test to cover.
For #3827
This commit is contained in:
Dan Brown 2022-11-10 14:15:59 +00:00
parent 832356d56e
commit d2260b234c
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
2 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/Uploads/ImageService.php
View File

@ -88,16 +88,17 @@ class ImageService
protected function getStorageDiskName(string $imageType): string
{
$storageType = config('filesystems.images');
$localSecureInUse = ($storageType === 'local_secure' || $storageType === 'local_secure_restricted');
// Ensure system images (App logo) are uploaded to a public space
if ($imageType === 'system' && $storageType === 'local_secure') {
$storageType = 'local';
if ($imageType === 'system' && $localSecureInUse) {
return 'local';
}
// Rename local_secure options to get our image specific storage driver which
// is scoped to the relevant image directories.
if ($storageType === 'local_secure' || $storageType === 'local_secure_restricted') {
$storageType = 'local_secure_images';
if ($localSecureInUse) {
return 'local_secure_images';
}
return $storageType;

19
tests/Uploads/ImageTest.php
View File

@ -310,7 +310,7 @@ class ImageTest extends TestCase
}
}
public function test_system_images_remain_public()
public function test_system_images_remain_public_with_local_secure()
{
config()->set('filesystems.images', 'local_secure');
$this->asAdmin();
@ -327,6 +327,23 @@ class ImageTest extends TestCase
}
}
public function test_system_images_remain_public_with_local_secure_restricted()
{
config()->set('filesystems.images', 'local_secure_restricted');
$this->asAdmin();
$galleryFile = $this->getTestImage('my-system-test-restricted-upload.png');
$expectedPath = public_path('uploads/images/system/' . date('Y-m') . '/my-system-test-restricted-upload.png');
$upload = $this->call('POST', '/settings/customization', [], [], ['app_logo' => $galleryFile], []);
$upload->assertRedirect('/settings/customization');
$this->assertTrue(file_exists($expectedPath), 'Uploaded image not found at path: ' . $expectedPath);
if (file_exists($expectedPath)) {
unlink($expectedPath);
}
}
public function test_secure_restricted_images_inaccessible_without_relation_permission()
{
config()->set('filesystems.images', 'local_secure_restricted');