FIX: Mark secure media upload insecure automatically if used for theme component (#8413)

When uploading a file to a theme component, and that file is existing and has already been marked as secure, we now automatically mark the file as secure: false, change the ACL, and log the action as the user (also rebake the posts for the upload)
2025-06-02 04:08:41 +08:00 · 2019-11-28 07:32:17 +10:00
parent d12f2580de
commit e7c7a05097
9 changed files with 87 additions and 4 deletions
--- a/app/controllers/admin/themes_controller.rb
+++ b/app/controllers/admin/themes_controller.rb
@ -23,12 +23,24 @@ class Admin::ThemesController < Admin::AdminController
        if upload.errors.count > 0
          render_json_error upload
        else
+          # we assume a user intends to make some media public
+          # if they are uploading it to a theme component
+          mark_upload_insecure(upload) if upload.secure?
          render json: { upload_id: upload.id }, status: :created
        end
      end
    end
  end

+  def mark_upload_insecure(upload)
+    upload.update_secure_status(secure_override_value: false)
+    StaffActionLogger.new(current_user).log_change_upload_secure_status(
+      upload_id: upload.id,
+      new_value: false
+    )
+    Jobs.enqueue(:rebake_posts_for_upload, id: upload.id)
+  end
+
  def generate_key_pair
    require 'sshkey'
    k = SSHKey.generate