effective_storage 0.4.6 → 0.4.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ce0b1d8d9b061e3e2a3b81d4662a6ff7f4bea772bb3b639068e4148867b79e7c
-  data.tar.gz: 88115f4894e78a14807ef47eaf8af3f4f20e300ca42ac5f8e6148ff4b56aa84f
+  metadata.gz: de41d5679792d22ce1d00b2d9f4ba396de441a723eaef5359c8475fa00732538
+  data.tar.gz: 9c6e0a0c32fbcaf488ce51b3857aab7322dede9936d842783f04f2ae6eae5c17
 SHA512:
-  metadata.gz: c261ab3931f45c6892f7c1df8780e27f0f17fdf4af5b2eb1046682c8580496f23e9275f0a649f795c91421c33a012eacce8d352d335cf7150412640f97afe16a
-  data.tar.gz: e8bd885fe445aeb7b9b071cb101225199ff411ceb8da2194ed727ee18cb2e66d433640ef4e455190c6184ff40f1e6f350a43e67a0fc24e602ccf06a52c825917
+  metadata.gz: e07be03e0526dea2ebbcefb438d3ce9a4fd8d3c76eb273d15ed9bfa775b4b7f161daa37d7f189638d58ef79e571e1084ced3722d73562aa088a5cae76be46718
+  data.tar.gz: 5fa8b3f7a68a1b0c14dde1e29838f25570ca7bc3f48aa4434be0e95857c5a0d088af6fa67ac5d6f5a3852e85679a9b996583f25799d58bfc19426e535898d09d

data/app/models/concerns/active_storage_authorization.rb

@@ -14,12 +14,12 @@
 module ActiveStorageAuthorization
   extend ActiveSupport::Concern
 
-  AUTHORIZED_EFFECTIVE_DOWNLOADS = [
-    'Effective::CarouselItem', 
-    'Effective::PageBanner', 
-    'Effective::PageSection', 
+  AUTHORIZED_EFFECTIVE_DOWNLOADS = Set.new([
+    'Effective::CarouselItem',
+    'Effective::PageBanner',
+    'Effective::PageSection',
     'Effective::Permalink'
-  ]
+  ]).freeze
 
   included do
     rescue_from(Effective::UnauthorizedStorageException, with: :unauthorized_active_storage_request)
@@ -54,7 +54,7 @@ module ActiveStorageAuthorization
   private
 
   def set_download_blob
-    @blob ||= ActiveStorage::Blob.where(key: decode_verified_key().try(:dig, :key)).first
+    @blob ||= ActiveStorage::Blob.includes(:attachments, :active_storage_extensions).where(key: decode_verified_key().try(:dig, :key)).first
   end
 
   # Authorize the current blob and prevent it from being served if unauthorized
@@ -73,12 +73,12 @@ module ActiveStorageAuthorization
     # If the blob is a known good effective class fast path it
     return true if @blob.attachments.any? { |attachment| authorized_effective_download?(attachment) }
 
+    # If the blob has been marked public, permit the download (in-memory check, no queries)
+    return true if @blob.permission_public?
+
     # If we are authorized on any attached record, permit the download
     return true if @blob.attachments.any? { |attachment| authorized_attachment_download?(attachment) }
 
-    # If the blob has been given permission using Mark Public
-    return true if authorized?(@blob)
-
     # Otherwise raise a 404 Not Found and block the download
     head(:not_found)
 

data/lib/effective_storage/engine.rb

@@ -30,10 +30,22 @@ module EffectiveStorage
 
           ActiveStorage::Blobs::RedirectController.class_eval do
             before_action :authorize_active_storage_redirect!, only: [:show]
+
+            private
+
+            def blob_scope
+              ActiveStorage::Blob.includes(:attachments, :active_storage_extensions)
+            end
           end
 
           ActiveStorage::Representations::RedirectController.class_eval do
             before_action :authorize_active_storage_redirect!, only: [:show]
+
+            private
+
+            def blob_scope
+              ActiveStorage::Blob.scope_for_strict_loading.includes(:attachments, :active_storage_extensions)
+            end
           end
         end
       end

data/lib/effective_storage/version.rb

@@ -1,3 +1,3 @@
 module EffectiveStorage
-  VERSION = '0.4.6'.freeze
+  VERSION = '0.4.7'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_storage
 version: !ruby/object:Gem::Version
-  version: 0.4.6
+  version: 0.4.7
 platform: ruby
 authors:
 - Code and Effect
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-01 00:00:00.000000000 Z
+date: 2026-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails