effective_storage 0.4.4 → 0.4.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3fd5855eb03beb973377deab121f3a632fe8afc28999b802717ab8300c1bfb60
4
- data.tar.gz: b519d27a7ad134900899897874b40bf6a10cf36b34c64a3836507731880a8ba0
3
+ metadata.gz: 8de0c7807726e325a8a2f34f1e205c14dd27740daed1f7622db12dd39fb865a2
4
+ data.tar.gz: 126797b758eed3ad5d192cde7ce3f365096dfad96ebdf232f217b8b5428b91b1
5
5
  SHA512:
6
- metadata.gz: '0093a45fdfe5cabef645f11913770d36070ccc395dc6aa85b71a9aa0fb750e8319be4f752dc628f8e9379ebf229503c0b5cdcf2d5179fec304d86a0f3504041e'
7
- data.tar.gz: 255295667680f5a9dd9b5c9a097ea06d4b7d93ea1e849ecd5fb84cf5966634b9ec844acc92ce0148683f3e1a04c29fa2d034e78f044ff1f1b3c8126492725290
6
+ metadata.gz: bba482aece015938fa979889a7d7da64ab68681100250409a3a147698c97274fe237c7257b2e2d5c6dec6ed97f8ab234e8b7cab654a36ab2a12ca53577996d07
7
+ data.tar.gz: 837259796bbbe60101329b80e96bfc0a1743b2b5afbcf42e2a59ef70b6ad97c433a5400bd8aeb91e5f9a5d01a44407599982f37c311fd29353a3b240341bf4e4
@@ -54,11 +54,8 @@ module ActiveStorageAuthorization
54
54
  def authorize_active_storage!
55
55
  return unless @blob.present?
56
56
 
57
- # If the blob has been given permission
58
- return true if authorized?(@blob)
59
-
60
57
  # If the blob is not attached to anything, permit the blob
61
- return true if @blob.attachments.blank? && authorize_content_download?(@blob)
58
+ return true if @blob.attachments.blank?
62
59
 
63
60
  # If the blob is an ActiveStorage::Variant it's been previously authorized
64
61
  return true if @blob.attachments.any? { |attachment| authorized_variant_download?(attachment) }
@@ -66,6 +63,9 @@ module ActiveStorageAuthorization
66
63
  # If we are authorized on any attached record, permit the download
67
64
  return true if @blob.attachments.any? { |attachment| authorized_attachment_download?(attachment) }
68
65
 
66
+ # If the blob has been given permission using Mark Public
67
+ return true if authorized?(@blob)
68
+
69
69
  # Otherwise raise a 404 Not Found and block the download
70
70
  head(:not_found)
71
71
 
@@ -100,19 +100,6 @@ module ActiveStorageAuthorization
100
100
  false
101
101
  end
102
102
 
103
- # This is a file that was drag & drop or inserted into the article editor
104
- # I think this might only happen with article editor edit screens
105
- def authorize_content_download?(blob)
106
- # Allow signed out users to view images
107
- return true if blob.image?
108
-
109
- # Require sign in to view any attached files
110
- # current_user.present?
111
-
112
- # Let anyone view these files
113
- true
114
- end
115
-
116
103
  # This was included and resized in an ActionText::RichText object
117
104
  # But these ones don't belong_to any record
118
105
  def authorized_variant_download?(attachment)
@@ -122,10 +109,14 @@ module ActiveStorageAuthorization
122
109
  # This is a has_one_attached or has_many_attached record
123
110
  # Or an ActionText::RichText object, that belongs_to a record
124
111
  def authorized_attachment_download?(attachment)
112
+ return false if attachment.record_type.blank?
113
+
114
+ # Attachment itself
115
+ return true if EffectiveResources.authorized?(self, :show, attachment)
116
+
125
117
  # DO NOT USE .blank? or .present? here. They return incorrect values.
126
118
  return false if attachment.record.nil?
127
119
 
128
- # Associated Record
129
120
  record = attachment.record
130
121
  return true if authorized?(record)
131
122
 
@@ -133,9 +124,6 @@ module ActiveStorageAuthorization
133
124
  resource = record.record if record.respond_to?(:record)
134
125
  return true if authorized?(resource)
135
126
 
136
- # Attachment itself
137
- return true if authorized?(attachment)
138
-
139
127
  false
140
128
  end
141
129
 
@@ -1,3 +1,3 @@
1
1
  module EffectiveStorage
2
- VERSION = '0.4.4'.freeze
2
+ VERSION = '0.4.5'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: effective_storage
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.4
4
+ version: 0.4.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Code and Effect
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-11 00:00:00.000000000 Z
11
+ date: 2023-11-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails