effective_storage 0.4.4 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/concerns/active_storage_authorization.rb +27 -20
- data/lib/effective_storage/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ce0b1d8d9b061e3e2a3b81d4662a6ff7f4bea772bb3b639068e4148867b79e7c
|
|
4
|
+
data.tar.gz: 88115f4894e78a14807ef47eaf8af3f4f20e300ca42ac5f8e6148ff4b56aa84f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c261ab3931f45c6892f7c1df8780e27f0f17fdf4af5b2eb1046682c8580496f23e9275f0a649f795c91421c33a012eacce8d352d335cf7150412640f97afe16a
|
|
7
|
+
data.tar.gz: e8bd885fe445aeb7b9b071cb101225199ff411ceb8da2194ed727ee18cb2e66d433640ef4e455190c6184ff40f1e6f350a43e67a0fc24e602ccf06a52c825917
|
|
@@ -14,6 +14,13 @@
|
|
|
14
14
|
module ActiveStorageAuthorization
|
|
15
15
|
extend ActiveSupport::Concern
|
|
16
16
|
|
|
17
|
+
AUTHORIZED_EFFECTIVE_DOWNLOADS = [
|
|
18
|
+
'Effective::CarouselItem',
|
|
19
|
+
'Effective::PageBanner',
|
|
20
|
+
'Effective::PageSection',
|
|
21
|
+
'Effective::Permalink'
|
|
22
|
+
]
|
|
23
|
+
|
|
17
24
|
included do
|
|
18
25
|
rescue_from(Effective::UnauthorizedStorageException, with: :unauthorized_active_storage_request)
|
|
19
26
|
end
|
|
@@ -54,18 +61,24 @@ module ActiveStorageAuthorization
|
|
|
54
61
|
def authorize_active_storage!
|
|
55
62
|
return unless @blob.present?
|
|
56
63
|
|
|
57
|
-
#
|
|
58
|
-
|
|
64
|
+
# Disable strict loading and let the @blob just pull :attachments
|
|
65
|
+
@blob.strict_loading!(false) if @blob.try(:strict_loading?)
|
|
59
66
|
|
|
60
67
|
# If the blob is not attached to anything, permit the blob
|
|
61
|
-
return true if @blob.attachments.blank?
|
|
68
|
+
return true if @blob.attachments.blank?
|
|
62
69
|
|
|
63
70
|
# If the blob is an ActiveStorage::Variant it's been previously authorized
|
|
64
71
|
return true if @blob.attachments.any? { |attachment| authorized_variant_download?(attachment) }
|
|
65
72
|
|
|
73
|
+
# If the blob is a known good effective class fast path it
|
|
74
|
+
return true if @blob.attachments.any? { |attachment| authorized_effective_download?(attachment) }
|
|
75
|
+
|
|
66
76
|
# If we are authorized on any attached record, permit the download
|
|
67
77
|
return true if @blob.attachments.any? { |attachment| authorized_attachment_download?(attachment) }
|
|
68
78
|
|
|
79
|
+
# If the blob has been given permission using Mark Public
|
|
80
|
+
return true if authorized?(@blob)
|
|
81
|
+
|
|
69
82
|
# Otherwise raise a 404 Not Found and block the download
|
|
70
83
|
head(:not_found)
|
|
71
84
|
|
|
@@ -100,32 +113,29 @@ module ActiveStorageAuthorization
|
|
|
100
113
|
false
|
|
101
114
|
end
|
|
102
115
|
|
|
103
|
-
# This is a file that was drag & drop or inserted into the article editor
|
|
104
|
-
# I think this might only happen with article editor edit screens
|
|
105
|
-
def authorize_content_download?(blob)
|
|
106
|
-
# Allow signed out users to view images
|
|
107
|
-
return true if blob.image?
|
|
108
|
-
|
|
109
|
-
# Require sign in to view any attached files
|
|
110
|
-
# current_user.present?
|
|
111
|
-
|
|
112
|
-
# Let anyone view these files
|
|
113
|
-
true
|
|
114
|
-
end
|
|
115
|
-
|
|
116
116
|
# This was included and resized in an ActionText::RichText object
|
|
117
117
|
# But these ones don't belong_to any record
|
|
118
118
|
def authorized_variant_download?(attachment)
|
|
119
119
|
attachment.record_type == 'ActiveStorage::VariantRecord'
|
|
120
120
|
end
|
|
121
121
|
|
|
122
|
+
# These are always public images
|
|
123
|
+
# Fast path them so we don't have to load any user for a permission check
|
|
124
|
+
def authorized_effective_download?(attachment)
|
|
125
|
+
AUTHORIZED_EFFECTIVE_DOWNLOADS.include?(attachment.record_type)
|
|
126
|
+
end
|
|
127
|
+
|
|
122
128
|
# This is a has_one_attached or has_many_attached record
|
|
123
129
|
# Or an ActionText::RichText object, that belongs_to a record
|
|
124
130
|
def authorized_attachment_download?(attachment)
|
|
131
|
+
return false if attachment.record_type.blank?
|
|
132
|
+
|
|
133
|
+
# Attachment itself
|
|
134
|
+
return true if EffectiveResources.authorized?(self, :show, attachment)
|
|
135
|
+
|
|
125
136
|
# DO NOT USE .blank? or .present? here. They return incorrect values.
|
|
126
137
|
return false if attachment.record.nil?
|
|
127
138
|
|
|
128
|
-
# Associated Record
|
|
129
139
|
record = attachment.record
|
|
130
140
|
return true if authorized?(record)
|
|
131
141
|
|
|
@@ -133,9 +143,6 @@ module ActiveStorageAuthorization
|
|
|
133
143
|
resource = record.record if record.respond_to?(:record)
|
|
134
144
|
return true if authorized?(resource)
|
|
135
145
|
|
|
136
|
-
# Attachment itself
|
|
137
|
-
return true if authorized?(attachment)
|
|
138
|
-
|
|
139
146
|
false
|
|
140
147
|
end
|
|
141
148
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: effective_storage
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Code and Effect
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|