github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 09:11:17 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Add SecureUploadEndpointHelpers for controllers (#25758)

Browse Source 
This commit moves some code out of UploadController#show_secure
so it can be reused in other controllers if a secure upload
needs to have permission checks run.
This commit is contained in:
Martin Brennan
2024-02-20 11:19:22 +10:00
committed by GitHub
parent bf3c4b634a
commit 0b3180c86f
2 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/secure_upload_endpoint_helpers.rb Normal file
View File

@ -0,0 +1,25 @@
# frozen_string_literal: true
module SecureUploadEndpointHelpers
include ActiveSupport::Concern
def upload_from_path_and_extension(path_with_ext)
sha1 = File.basename(path_with_ext, File.extname(path_with_ext))
# this takes care of optimized image requests
sha1 = sha1.partition("_").first if sha1.include?("_")
Upload.find_by(sha1: sha1)
end
def upload_from_full_url(url)
Upload.find_by(sha1: Upload.sha1_from_long_url(url))
end
def check_secure_upload_permission(upload)
if upload.access_control_post_id.present?
raise Discourse::InvalidAccess if current_user.nil? && SiteSetting.login_required
raise Discourse::InvalidAccess if !guardian.can_see?(upload.access_control_post)
else
raise Discourse::NotFound if current_user.nil?
end
end
end