FIX: Mark secure media upload insecure automatically if used for theme component (#8413)

When uploading a file to a theme component, and that file is existing and has already been marked as secure, we now automatically mark the file as secure: false, change the ACL, and log the action as the user (also rebake the posts for the upload)
2025-02-25 18:55:32 -06:00 · 2019-11-28 07:32:17 +10:00
parent d12f2580de
commit e7c7a05097
9 changed files with 87 additions and 4 deletions
--- a/app/controllers/admin/themes_controller.rb
+++ b/app/controllers/admin/themes_controller.rb
@@ -23,12 +23,24 @@ class Admin::ThemesController < Admin::AdminController
        if upload.errors.count > 0
          render_json_error upload
        else
+          # we assume a user intends to make some media public
+          # if they are uploading it to a theme component
+          mark_upload_insecure(upload) if upload.secure?
          render json: { upload_id: upload.id }, status: :created
        end
      end
    end
  end

+  def mark_upload_insecure(upload)
+    upload.update_secure_status(secure_override_value: false)
+    StaffActionLogger.new(current_user).log_change_upload_secure_status(
+      upload_id: upload.id,
+      new_value: false
+    )
+    Jobs.enqueue(:rebake_posts_for_upload, id: upload.id)
+  end
+
  def generate_key_pair
    require 'sshkey'
    k = SSHKey.generate
--- a/app/jobs/regular/rebake_posts_for_upload.rb
+++ b/app/jobs/regular/rebake_posts_for_upload.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Jobs
+  class RebakePostsForUpload < ::Jobs::Base
+    def execute(args)
+      upload = Upload.find_by(id: args[:id])
+      return if upload.blank?
+      upload.posts.find_each(&:rebake!)
+    end
+  end
+end
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@@ -230,9 +230,9 @@ class Upload < ActiveRecord::Base
    self.posts.where("cooked LIKE '%/_optimized/%'").find_each(&:rebake!)
  end

-  def update_secure_status
+  def update_secure_status(secure_override_value: nil)
    return false if self.for_theme || self.for_site_setting
-    mark_secure = should_be_secure?
+    mark_secure = secure_override_value.nil? ? should_be_secure? : secure_override_value

    self.update_column("secure", mark_secure)
    Discourse.store.update_upload_ACL(self) if Discourse.store.external?
--- a/app/models/user_history.rb
+++ b/app/models/user_history.rb
@@ -102,7 +102,8 @@ class UserHistory < ActiveRecord::Base
      api_key_update: 81,
      api_key_destroy: 82,
      revoke_title: 83,
-      change_title: 84
+      change_title: 84,
+      override_upload_secure_status: 85
    )
  end

@@ -181,7 +182,8 @@ class UserHistory < ActiveRecord::Base
      :change_title,
      :api_key_create,
      :api_key_update,
-      :api_key_destroy
+      :api_key_destroy,
+      :override_upload_secure_status
    ]
  end

--- a/app/services/staff_action_logger.rb
+++ b/app/services/staff_action_logger.rb
@@ -373,6 +373,17 @@ class StaffActionLogger
    ))
  end

+  def log_change_upload_secure_status(opts = {})
+    UserHistory.create!(params(opts).merge(
+      action: UserHistory.actions[:override_upload_secure_status],
+      details: [
+        "upload_id: #{opts[:upload_id]}",
+        "reason: #{I18n.t("uploads.marked_insecure_from_theme_component_reason")}"
+      ].join("\n"),
+      new_value: opts[:new_value]
+    ))
+  end
+
  def log_check_email(user, opts = {})
    raise Discourse::InvalidParameters.new(:user) unless user
    UserHistory.create!(params(opts).merge(