effective_storage 0.4.1 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4f1b5a4ba6185fdd5c81e33afacd6dfb6ec8dc2e5c24fa07fb05be840d196740
-  data.tar.gz: e82b0d3bea47958aabd007a0a444088b92124421149357dd9998e1f0c30c4346
+  metadata.gz: 0e845ec308c0f8172341a2a427b3f3d87dfae2bf970484cf35ffd57659cf0359
+  data.tar.gz: c36875b2f938f2bacad35031edc878998fb1000385ae63e91396f2906a3c81c9
 SHA512:
-  metadata.gz: aebccce481ef3f36dac0a1f1855e957abca8f6d30465f3bb214875210a98aa24fd1ea7df14b5de80c727d503fb69ef2a226e81f23b7b7381ea88165ccdf85df3
-  data.tar.gz: af51fe35aeed80cd5409aa39c3048b6e4128ad80429d383e2639d8b3afa19500ba05ee2647e6ff93c46fdca6d4af3700cfcc914d81aa3f1136afcf27e873d6ad
+  metadata.gz: '079f895f60a5bb4c4288f7c3d77b99f27822f44956f529baf98a7ec8982aaeecfa80addebdfb9363e61847974a30cd293a38b095d52c169a6c97e0544ed88f94'
+  data.tar.gz: b90dba9ec5b38775667539bbdd6bf84a0fcd4435f62e4da043fbc2263382bec0cce6cf1d808bc5e92145670d7cfde4e47a6999d676516550f235bf7dd0537cff

data/app/models/concerns/active_storage_authorization.rb

@@ -35,7 +35,6 @@ module ActiveStorageAuthorization
   # Send an ExceptionNotification email with the unauthorized details
   # This is not visible to users
   def unauthorized_active_storage_request(exception)
-    return if request.referer.to_s.include?('.test:')
 
     if defined?(ExceptionNotifier)
       data = { 'current_user_id': current_user&.id || 'none' }.merge(@blob&.attributes || {})
@@ -79,6 +78,8 @@ module ActiveStorageAuthorization
     record = attachment.record if attachment
     resource = record.record if record.respond_to?(:record)
 
+    return if skip_notification?(record || resource || @blob)
+
     error = [
       "unauthorized active storage request for #{@blob.filename}",
       ("on #{record.class.name} #{record.id}" if record.present?),
@@ -91,6 +92,14 @@ module ActiveStorageAuthorization
     raise Effective::UnauthorizedStorageException.new(error + '. ' + resolution)
   end
 
+  def skip_notification?(resource)
+    return true if EffectiveStorage.skip_notification?
+    return true if EffectiveStorage.skip_notifications.include?(resource.class.name)
+    return true if request.referer.to_s.include?('.test:')
+
+    false
+  end
+
   # This is a file that was drag & drop or inserted into the article editor
   # I think this might only happen with article editor edit screens
   def authorize_content_download?(blob)

data/config/effective_storage.rb

@@ -9,4 +9,9 @@ EffectiveStorage.setup do |config|
 
   # Do not delete ActiveStorage::Blobs
   config.never_delete = true
+
+  # Skip Notifications for unauthorized active storage requests
+  # config.skip_notification = true
+  # config.skip_notification = ['Effective::Classified']
+
 end

data/lib/effective_storage/version.rb

@@ -1,3 +1,3 @@
 module EffectiveStorage
-  VERSION = '0.4.1'.freeze
+  VERSION = '0.4.2'.freeze
 end

data/lib/effective_storage.rb

@@ -6,7 +6,7 @@ require 'effective_storage/version'
 module EffectiveStorage
 
   def self.config_keys
-    [:layout, :authorize_active_storage, :never_delete]
+    [:layout, :authorize_active_storage, :never_delete, :skip_notification]
   end
 
   include EffectiveGem
@@ -19,4 +19,12 @@ module EffectiveStorage
     never_delete == true
   end
 
+  def self.skip_notification?
+    skip_notification == true
+  end
+
+  def self.skip_notifications
+    Array(skip_notification)
+  end
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_storage
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.2
 platform: ruby
 authors:
 - Code and Effect
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-20 00:00:00.000000000 Z
+date: 2023-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails