mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 08:49:06 +08:00
DEV: Introduce post_should_secure_uploads? plugin modifier (#26508)
This modifier allows plugins to alter the outcome of `should_secure_uploads?` on a Post record, for cases when plugins need post-attached uploads to always be secure (or not secure) in specific scenarios.
This commit is contained in:
parent
98ec4af327
commit
b7a2d29b7b
|
@ -565,11 +565,26 @@ class Post < ActiveRecord::Base
|
||||||
ReviewableFlaggedPost.pending.find_by(target: self)
|
ReviewableFlaggedPost.pending.find_by(target: self)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# NOTE (martin): This is turning into hack city; when changing this also
|
||||||
|
# consider how it interacts with UploadSecurity and the uploads.rake tasks.
|
||||||
def should_secure_uploads?
|
def should_secure_uploads?
|
||||||
return false if !SiteSetting.secure_uploads?
|
return false if !SiteSetting.secure_uploads?
|
||||||
topic_including_deleted = Topic.with_deleted.find_by(id: self.topic_id)
|
topic_including_deleted = Topic.with_deleted.find_by(id: self.topic_id)
|
||||||
return false if topic_including_deleted.blank?
|
return false if topic_including_deleted.blank?
|
||||||
|
|
||||||
|
# NOTE: This is to be used for plugins where adding a new public upload
|
||||||
|
# type that should not be secured via UploadSecurity.register_custom_public_type
|
||||||
|
# is not an option. This also is not taken into account in the secure upload
|
||||||
|
# rake tasks, and will more than likely change in future.
|
||||||
|
modifier_result =
|
||||||
|
DiscoursePluginRegistry.apply_modifier(
|
||||||
|
:post_should_secure_uploads?,
|
||||||
|
nil,
|
||||||
|
self,
|
||||||
|
topic_including_deleted,
|
||||||
|
)
|
||||||
|
return modifier_result if !modifier_result.nil?
|
||||||
|
|
||||||
# NOTE: This is meant to be a stopgap solution to prevent secure uploads
|
# NOTE: This is meant to be a stopgap solution to prevent secure uploads
|
||||||
# in a single place (private messages) for sensitive admin data exports.
|
# in a single place (private messages) for sensitive admin data exports.
|
||||||
# Ideally we would want a more comprehensive way of saying that certain
|
# Ideally we would want a more comprehensive way of saying that certain
|
||||||
|
|
|
@ -21,6 +21,7 @@ class TopicUploadSecurityManager
|
||||||
end
|
end
|
||||||
|
|
||||||
def run
|
def run
|
||||||
|
rebaked_posts = []
|
||||||
Rails.logger.debug("Updating upload security in topic #{@topic.id}")
|
Rails.logger.debug("Updating upload security in topic #{@topic.id}")
|
||||||
posts_owning_uploads.each do |post|
|
posts_owning_uploads.each do |post|
|
||||||
Post.transaction do
|
Post.transaction do
|
||||||
|
@ -35,14 +36,18 @@ class TopicUploadSecurityManager
|
||||||
upload.access_control_post = post
|
upload.access_control_post = post
|
||||||
upload.update_secure_status(source: "topic upload security")
|
upload.update_secure_status(source: "topic upload security")
|
||||||
end
|
end
|
||||||
post.rebake! if secure_status_did_change
|
|
||||||
|
if secure_status_did_change
|
||||||
|
post.rebake!
|
||||||
|
rebaked_posts << post
|
||||||
|
end
|
||||||
Rails.logger.debug(
|
Rails.logger.debug(
|
||||||
"Security updated & rebake complete in topic #{@topic.id} - post #{post.id}",
|
"Security updated & rebake complete in topic #{@topic.id} - post #{post.id}",
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
return if !SiteSetting.secure_uploads
|
return rebaked_posts if !SiteSetting.secure_uploads
|
||||||
|
|
||||||
# We only want to do this if secure uploads is enabled. If
|
# We only want to do this if secure uploads is enabled. If
|
||||||
# the setting is turned on after a site has been running
|
# the setting is turned on after a site has been running
|
||||||
|
@ -76,7 +81,10 @@ class TopicUploadSecurityManager
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
post.rebake! if secure_status_did_change
|
if secure_status_did_change
|
||||||
|
post.rebake!
|
||||||
|
rebaked_posts << post
|
||||||
|
end
|
||||||
Rails.logger.debug(
|
Rails.logger.debug(
|
||||||
"Completed changing access control posts #{secure_status_did_change ? "and rebaking" : ""} in topic #{@topic.id} - post #{post.id}",
|
"Completed changing access control posts #{secure_status_did_change ? "and rebaking" : ""} in topic #{@topic.id} - post #{post.id}",
|
||||||
)
|
)
|
||||||
|
@ -84,6 +92,7 @@ class TopicUploadSecurityManager
|
||||||
end
|
end
|
||||||
|
|
||||||
Rails.logger.debug("Completed updating upload security in topic #{@topic.id}!")
|
Rails.logger.debug("Completed updating upload security in topic #{@topic.id}!")
|
||||||
|
rebaked_posts
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
Loading…
Reference in New Issue
Block a user