FEATURE: add system_user_max_attachment_size_kb site setting (#28351)

* System user attachment size WIP * spec check * controller update * add max to system_user_max_attachment_size_kb * DEV: update to use static method for `max_attachment_size_for_user` add test to use large image. add check for failure. * DEV: update `system_user_max_attachment_size_kb` default value to 0 remove unecessary test. update tests to reflect the new default value of `system_user_max_attachment_size_kb` * DEV: update maximum_file_size to check when is an attachment made by a system user Add tests for when `system_user_max_attachment_size_kb` is over and under the limit Add test for checking interaction with `max_attachment_size_kb` * DEV: move `max_attachment_size_for_user` to private methods * DEV: turn `max_attachment_size_for_user` into a static method * DEV: typo in test case * DEV: move max_attachment_size_for_user to private class method * Revert "DEV: move max_attachment_size_for_user to private class method" This reverts commit 5d5ae0b715de7c3453dc1392df299ef3bb58990c. --------- Co-authored-by: Gabriel Grubba <gabriel@discourse.org>
2025-05-30 07:11:34 +08:00 · 2024-08-16 09:03:39 -05:00
parent a59c89211b
commit 9c1812e071
4 changed files with 94 additions and 5 deletions
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@ -25,7 +25,6 @@ class UploadsController < ApplicationController
  def create
    # capture current user for block later on
    me = current_user
-
    RateLimiter.new(
      current_user,
      "uploads-per-minute",
@ -228,7 +227,7 @@ class UploadsController < ApplicationController
                "upload.attachments.too_large_humanized",
                max_size:
                  ActiveSupport::NumberHelper.number_to_human_size(
-                    SiteSetting.max_attachment_size_kb.kilobytes,
+                    UploadsController.max_attachment_size_for_user(current_user).kilobytes,
                  ),
              ),
            )
@ -277,7 +276,7 @@ class UploadsController < ApplicationController
      if url.present? && is_api
        maximum_upload_size = [
          SiteSetting.max_image_size_kb,
-          SiteSetting.max_attachment_size_kb,
+          UploadsController.max_attachment_size_for_user(current_user),
        ].max.kilobytes
        tempfile =
          begin
@ -319,12 +318,20 @@ class UploadsController < ApplicationController

  private

+  def self.max_attachment_size_for_user(user)
+    if user.id == Discourse::SYSTEM_USER_ID && !SiteSetting.system_user_max_attachment_size_kb.zero?
+      SiteSetting.system_user_max_attachment_size_kb
+    else
+      SiteSetting.max_attachment_size_kb
+    end
+  end
+
  # We can preemptively check size for attachments, but not for (most) images
  # as they may be further reduced in size by UploadCreator (at this point
  # they may have already been reduced in size by preprocessors)
  def attachment_too_big?(file_name, file_size)
    !FileHelper.is_supported_image?(file_name) &&
-      file_size >= SiteSetting.max_attachment_size_kb.kilobytes
+      file_size >= UploadsController.max_attachment_size_for_user(current_user).kilobytes
  end

  # Gifs are not resized on the client and not reduced in size by UploadCreator