FEATURE: Secure uploads in PMs only (#23398)

This adds a new secure_uploads_pm_only site setting. When secure_uploads is true with this setting, only uploads created in PMs will be marked secure; no uploads in secure categories will be marked as secure, and the login_required site setting has no bearing on upload security either. This is meant to be a stopgap solution to prevent secure uploads in a single place (private messages) for sensitive admin data exports. Ideally we would want a more comprehensive way of saying that certain upload types get secured which is a hybrid/mixed mode secure uploads, but for now this will do the trick.
2025-05-25 00:32:52 +08:00 · 2023-09-06 09:39:09 +10:00
parent de9b567c19
commit c532f6eb3d
14 changed files with 283 additions and 43 deletions
--- a/spec/system/page_objects/components/composer.rb
+++ b/spec/system/page_objects/components/composer.rb
@ -82,8 +82,8 @@ module PageObjects
      end

      def switch_category(category_name)
-        find(".category-chooser").click
-        find(".category-row[data-name='#{category_name}']").click
+        category_chooser.expand
+        category_chooser.select_row_by_name(category_name)
      end

      def preview
@ -216,6 +216,14 @@ module PageObjects
        find("#{COMPOSER_ID}").has_css?("#file-uploading")
      end

+      def select_pm_user(username)
+        select_kit = PageObjects::Components::SelectKit.new("#private-message-users")
+        select_kit.expand
+        select_kit.search(username)
+        select_kit.select_row_by_value(username)
+        select_kit.collapse
+      end
+
      private

      def emoji_preview_selector(emoji)