FEATURE: support uploads for themes

This allows themes to bundle various assets
2025-05-22 16:21:18 +08:00 · 2017-05-09 17:20:28 -04:00
parent f709899a1d
commit bc0b9af576
25 changed files with 368 additions and 51 deletions
--- a/lib/validators/upload_validator.rb
+++ b/lib/validators/upload_validator.rb
@ -24,11 +24,11 @@ class Validators::UploadValidator < ActiveModel::Validator
  end

  def is_authorized?(upload, extension)
-    authorized_extensions(upload, extension, authorized_uploads)
+    authorized_extensions(upload, extension, authorized_uploads(upload))
  end

  def authorized_image_extension(upload, extension)
-    authorized_extensions(upload, extension, authorized_images)
+    authorized_extensions(upload, extension, authorized_images(upload))
  end

  def maximum_image_file_size(upload)
@ -36,7 +36,7 @@ class Validators::UploadValidator < ActiveModel::Validator
  end

  def authorized_attachment_extension(upload, extension)
-    authorized_extensions(upload, extension, authorized_attachments)
+    authorized_extensions(upload, extension, authorized_attachments(upload))
  end

  def maximum_attachment_file_size(upload)
@ -45,10 +45,12 @@ class Validators::UploadValidator < ActiveModel::Validator

  private

-  def authorized_uploads
+  def authorized_uploads(upload)
    authorized_uploads = Set.new

-    SiteSetting.authorized_extensions
+    extensions = upload.for_theme ? SiteSetting.theme_authorized_extensions : SiteSetting.authorized_extensions
+
+    extensions
      .gsub(/[\s\.]+/, "")
      .downcase
      .split("|")
@ -57,20 +59,21 @@ class Validators::UploadValidator < ActiveModel::Validator
    authorized_uploads
  end

-  def authorized_images
-    authorized_uploads & FileHelper.images
+  def authorized_images(upload)
+    authorized_uploads(upload) & FileHelper.images
  end

-  def authorized_attachments
-    authorized_uploads - FileHelper.images
+  def authorized_attachments(upload)
+    authorized_uploads(upload) - FileHelper.images
  end

-  def authorizes_all_extensions?
-    SiteSetting.authorized_extensions.include?("*")
+  def authorizes_all_extensions?(upload)
+    extensions = upload.for_theme ? SiteSetting.theme_authorized_extensions : SiteSetting.authorized_extensions
+    extensions.include?("*")
  end

  def authorized_extensions(upload, extension, extensions)
-    return true if authorizes_all_extensions?
+    return true if authorizes_all_extensions?(upload)

    unless authorized = extensions.include?(extension.downcase)
      message = I18n.t("upload.unauthorized", authorized_extensions: extensions.to_a.join(", "))