effective_storage 0.4.3 → 0.4.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/app/datatables/admin/effective_storage_datatable.rb +13 -1
  3. data/app/models/concerns/active_storage_authorization.rb +9 -21
  4. data/lib/effective_storage/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9230c3cd21cf195cdf1b24f42bf4221c8a7a2619a78b2ba3cc4ef7d132906e4d
4
- data.tar.gz: 7121042e8928e76541e60f595f93461ed767563e62d5e3f2251dda5f9b6239da
3
+ metadata.gz: 8de0c7807726e325a8a2f34f1e205c14dd27740daed1f7622db12dd39fb865a2
4
+ data.tar.gz: 126797b758eed3ad5d192cde7ce3f365096dfad96ebdf232f217b8b5428b91b1
5
5
  SHA512:
6
- metadata.gz: 8798dd36a2b61b525416d8eb27a4c4d291d8380df42690c088f17ec76ddd1ebef5e995a0a97293fa105a19b00bb44b12cb325073345a975a245aeaf25dfcd3b2
7
- data.tar.gz: ab3c5af1ae73962ada0a37cfdb2edda28a81ff8bd3b081b62e5e90eb5a1ee4335eda7247c34af16982ca79adf4fdff11e0a7eb27150d98a47e8d1f2bce8dea40
6
+ metadata.gz: bba482aece015938fa979889a7d7da64ab68681100250409a3a147698c97274fe237c7257b2e2d5c6dec6ed97f8ab234e8b7cab654a36ab2a12ca53577996d07
7
+ data.tar.gz: 837259796bbbe60101329b80e96bfc0a1743b2b5afbcf42e2a59ef70b6ad97c433a5400bd8aeb91e5f9a5d01a44407599982f37c311fd29353a3b240341bf4e4
data/app/datatables/admin/effective_storage_datatable.rb CHANGED
@@ -56,6 +56,10 @@ module Admin
56
56
  end.join.html_safe
57
57
  end
58
58
 
59
+ col :bucket, visible: false do |blob|
60
+ blob.attachments.map { |attachment| attachment.name }.join.html_safe
61
+ end
62
+
59
63
  col :filename, label: 'File' do |blob|
60
64
  content_tag(:div, class: 'col-resource_item') do
61
65
  link_to(blob.filename, url_for(blob), target: '_blank')
@@ -80,7 +84,15 @@ module Admin
80
84
  end
81
85
 
82
86
  collection do
83
- ActiveStorage::Blob.all.deep.left_outer_joins(:attachments)
87
+ scope = ActiveStorage::Blob.all.deep.left_outer_joins(:attachments)
88
+
89
+ if attributes[:resource_id].present? && attributes[:resource_type].present?
90
+ attachments = ActiveStorage::Attachment.where(record_id: attributes[:resource_id], record_type: attributes[:resource_type])
91
+ scope = scope.where(id: attachments.select(:blob_id))
92
+ end
93
+
94
+ scope
95
+
84
96
  end
85
97
 
86
98
  end
data/app/models/concerns/active_storage_authorization.rb CHANGED
@@ -54,11 +54,8 @@ module ActiveStorageAuthorization
54
54
  def authorize_active_storage!
55
55
  return unless @blob.present?
56
56
 
57
- # If the blob has been given permission
58
- return true if authorized?(@blob)
59
-
60
57
  # If the blob is not attached to anything, permit the blob
61
- return true if @blob.attachments.blank? && authorize_content_download?(@blob)
58
+ return true if @blob.attachments.blank?
62
59
 
63
60
  # If the blob is an ActiveStorage::Variant it's been previously authorized
64
61
  return true if @blob.attachments.any? { |attachment| authorized_variant_download?(attachment) }
@@ -66,6 +63,9 @@ module ActiveStorageAuthorization
66
63
  # If we are authorized on any attached record, permit the download
67
64
  return true if @blob.attachments.any? { |attachment| authorized_attachment_download?(attachment) }
68
65
 
66
+ # If the blob has been given permission using Mark Public
67
+ return true if authorized?(@blob)
68
+
69
69
  # Otherwise raise a 404 Not Found and block the download
70
70
  head(:not_found)
71
71
 
@@ -100,19 +100,6 @@ module ActiveStorageAuthorization
100
100
  false
101
101
  end
102
102
 
103
- # This is a file that was drag & drop or inserted into the article editor
104
- # I think this might only happen with article editor edit screens
105
- def authorize_content_download?(blob)
106
- # Allow signed out users to view images
107
- return true if blob.image?
108
-
109
- # Require sign in to view any attached files
110
- # current_user.present?
111
-
112
- # Let anyone view these files
113
- true
114
- end
115
-
116
103
  # This was included and resized in an ActionText::RichText object
117
104
  # But these ones don't belong_to any record
118
105
  def authorized_variant_download?(attachment)
@@ -122,10 +109,14 @@ module ActiveStorageAuthorization
122
109
  # This is a has_one_attached or has_many_attached record
123
110
  # Or an ActionText::RichText object, that belongs_to a record
124
111
  def authorized_attachment_download?(attachment)
112
+ return false if attachment.record_type.blank?
113
+
114
+ # Attachment itself
115
+ return true if EffectiveResources.authorized?(self, :show, attachment)
116
+
125
117
  # DO NOT USE .blank? or .present? here. They return incorrect values.
126
118
  return false if attachment.record.nil?
127
119
 
128
- # Associated Record
129
120
  record = attachment.record
130
121
  return true if authorized?(record)
131
122
 
@@ -133,9 +124,6 @@ module ActiveStorageAuthorization
133
124
  resource = record.record if record.respond_to?(:record)
134
125
  return true if authorized?(resource)
135
126
 
136
- # Attachment itself
137
- return true if authorized?(attachment)
138
-
139
127
  false
140
128
  end
141
129
 
data/lib/effective_storage/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module EffectiveStorage
2
- VERSION = '0.4.3'.freeze
2
+ VERSION = '0.4.5'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: effective_storage
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.3
4
+ version: 0.4.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Code and Effect
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-11 00:00:00.000000000 Z
11
+ date: 2023-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails