mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 00:33:02 +08:00
DEV: Introduce post_should_secure_uploads? plugin modifier (#26508)
This modifier allows plugins to alter the outcome of `should_secure_uploads?` on a Post record, for cases when plugins need post-attached uploads to always be secure (or not secure) in specific scenarios.
This commit is contained in:
parent
98ec4af327
commit
b7a2d29b7b
|
@ -565,11 +565,26 @@ class Post < ActiveRecord::Base
|
|||
ReviewableFlaggedPost.pending.find_by(target: self)
|
||||
end
|
||||
|
||||
# NOTE (martin): This is turning into hack city; when changing this also
|
||||
# consider how it interacts with UploadSecurity and the uploads.rake tasks.
|
||||
def should_secure_uploads?
|
||||
return false if !SiteSetting.secure_uploads?
|
||||
topic_including_deleted = Topic.with_deleted.find_by(id: self.topic_id)
|
||||
return false if topic_including_deleted.blank?
|
||||
|
||||
# NOTE: This is to be used for plugins where adding a new public upload
|
||||
# type that should not be secured via UploadSecurity.register_custom_public_type
|
||||
# is not an option. This also is not taken into account in the secure upload
|
||||
# rake tasks, and will more than likely change in future.
|
||||
modifier_result =
|
||||
DiscoursePluginRegistry.apply_modifier(
|
||||
:post_should_secure_uploads?,
|
||||
nil,
|
||||
self,
|
||||
topic_including_deleted,
|
||||
)
|
||||
return modifier_result if !modifier_result.nil?
|
||||
|
||||
# NOTE: This is meant to be a stopgap solution to prevent secure uploads
|
||||
# in a single place (private messages) for sensitive admin data exports.
|
||||
# Ideally we would want a more comprehensive way of saying that certain
|
||||
|
|
|
@ -21,6 +21,7 @@ class TopicUploadSecurityManager
|
|||
end
|
||||
|
||||
def run
|
||||
rebaked_posts = []
|
||||
Rails.logger.debug("Updating upload security in topic #{@topic.id}")
|
||||
posts_owning_uploads.each do |post|
|
||||
Post.transaction do
|
||||
|
@ -35,14 +36,18 @@ class TopicUploadSecurityManager
|
|||
upload.access_control_post = post
|
||||
upload.update_secure_status(source: "topic upload security")
|
||||
end
|
||||
post.rebake! if secure_status_did_change
|
||||
|
||||
if secure_status_did_change
|
||||
post.rebake!
|
||||
rebaked_posts << post
|
||||
end
|
||||
Rails.logger.debug(
|
||||
"Security updated & rebake complete in topic #{@topic.id} - post #{post.id}",
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
return if !SiteSetting.secure_uploads
|
||||
return rebaked_posts if !SiteSetting.secure_uploads
|
||||
|
||||
# We only want to do this if secure uploads is enabled. If
|
||||
# the setting is turned on after a site has been running
|
||||
|
@ -76,7 +81,10 @@ class TopicUploadSecurityManager
|
|||
end
|
||||
end
|
||||
|
||||
post.rebake! if secure_status_did_change
|
||||
if secure_status_did_change
|
||||
post.rebake!
|
||||
rebaked_posts << post
|
||||
end
|
||||
Rails.logger.debug(
|
||||
"Completed changing access control posts #{secure_status_did_change ? "and rebaking" : ""} in topic #{@topic.id} - post #{post.id}",
|
||||
)
|
||||
|
@ -84,6 +92,7 @@ class TopicUploadSecurityManager
|
|||
end
|
||||
|
||||
Rails.logger.debug("Completed updating upload security in topic #{@topic.id}!")
|
||||
rebaked_posts
|
||||
end
|
||||
|
||||
private
|
||||
|
|
Loading…
Reference in New Issue
Block a user