effective_storage 0.4.0 → 0.4.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d31c97986b5166e4bd1fa34d329ea5a6b8f7c355a9ab952f010100ba8ed33f63
4
- data.tar.gz: e88cce63f52489de5fed02e3c5119f4ff17cb5ca07fba05472b15d5cfcfdd814
3
+ metadata.gz: 0e845ec308c0f8172341a2a427b3f3d87dfae2bf970484cf35ffd57659cf0359
4
+ data.tar.gz: c36875b2f938f2bacad35031edc878998fb1000385ae63e91396f2906a3c81c9
5
5
  SHA512:
6
- metadata.gz: 405aa9bb4a51b937c3c551af74327774078418ed01e96b13340806c0dca6dc6fc1bd9824147d3472f65aec8bdc8db49d9dfe5903215e87ee17f3958aefa3f518
7
- data.tar.gz: d6058d78e87602fdfbb7639e0e66628c691edd6c22c1823c6697343a8ede5359d09da98c3daa729f146c2e608cc1bf66045cad9785c228d01e1b69ce4b60d55f
6
+ metadata.gz: '079f895f60a5bb4c4288f7c3d77b99f27822f44956f529baf98a7ec8982aaeecfa80addebdfb9363e61847974a30cd293a38b095d52c169a6c97e0544ed88f94'
7
+ data.tar.gz: b90dba9ec5b38775667539bbdd6bf84a0fcd4435f62e4da043fbc2263382bec0cce6cf1d808bc5e92145670d7cfde4e47a6999d676516550f235bf7dd0537cff
@@ -35,7 +35,6 @@ module ActiveStorageAuthorization
35
35
  # Send an ExceptionNotification email with the unauthorized details
36
36
  # This is not visible to users
37
37
  def unauthorized_active_storage_request(exception)
38
- return if request.referer.to_s.include?('.test:')
39
38
 
40
39
  if defined?(ExceptionNotifier)
41
40
  data = { 'current_user_id': current_user&.id || 'none' }.merge(@blob&.attributes || {})
@@ -79,6 +78,8 @@ module ActiveStorageAuthorization
79
78
  record = attachment.record if attachment
80
79
  resource = record.record if record.respond_to?(:record)
81
80
 
81
+ return if skip_notification?(record || resource || @blob)
82
+
82
83
  error = [
83
84
  "unauthorized active storage request for #{@blob.filename}",
84
85
  ("on #{record.class.name} #{record.id}" if record.present?),
@@ -91,6 +92,14 @@ module ActiveStorageAuthorization
91
92
  raise Effective::UnauthorizedStorageException.new(error + '. ' + resolution)
92
93
  end
93
94
 
95
+ def skip_notification?(resource)
96
+ return true if EffectiveStorage.skip_notification?
97
+ return true if EffectiveStorage.skip_notifications.include?(resource.class.name)
98
+ return true if request.referer.to_s.include?('.test:')
99
+
100
+ false
101
+ end
102
+
94
103
  # This is a file that was drag & drop or inserted into the article editor
95
104
  # I think this might only happen with article editor edit screens
96
105
  def authorize_content_download?(blob)
@@ -9,6 +9,8 @@ module ActiveStorageBlobExtension
9
9
  scope :deep, -> { includes(:active_storage_extensions, attachments: [record: :record]) }
10
10
 
11
11
  scope :attached, -> { joins(:attachments) }
12
+ scope :unattached, -> { where.not(id: attached) }
13
+
12
14
  end
13
15
 
14
16
  module ClassMethods
@@ -9,4 +9,9 @@ EffectiveStorage.setup do |config|
9
9
 
10
10
  # Do not delete ActiveStorage::Blobs
11
11
  config.never_delete = true
12
+
13
+ # Skip Notifications for unauthorized active storage requests
14
+ # config.skip_notification = true
15
+ # config.skip_notification = ['Effective::Classified']
16
+
12
17
  end
@@ -1,3 +1,3 @@
1
1
  module EffectiveStorage
2
- VERSION = '0.4.0'.freeze
2
+ VERSION = '0.4.2'.freeze
3
3
  end
@@ -6,7 +6,7 @@ require 'effective_storage/version'
6
6
  module EffectiveStorage
7
7
 
8
8
  def self.config_keys
9
- [:layout, :authorize_active_storage, :never_delete]
9
+ [:layout, :authorize_active_storage, :never_delete, :skip_notification]
10
10
  end
11
11
 
12
12
  include EffectiveGem
@@ -19,4 +19,12 @@ module EffectiveStorage
19
19
  never_delete == true
20
20
  end
21
21
 
22
+ def self.skip_notification?
23
+ skip_notification == true
24
+ end
25
+
26
+ def self.skip_notifications
27
+ Array(skip_notification)
28
+ end
29
+
22
30
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: effective_storage
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Code and Effect
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-20 00:00:00.000000000 Z
11
+ date: 2023-03-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails