Module: ActiveStorageAuthorization

Extended by:
ActiveSupport::Concern
Defined in:
app/models/concerns/active_storage_authorization.rb

Overview

This authorizes all ActiveStorage downloads This is included automatically by the engine It can be disabled by setting config.authorize_active_storage = false in config/initializers/effective_storage.rb

There are 3 ways to add permissions: 1.) can?(:show, resource) 2.) can?(:show, ActionText::RichText) { |text| … } 3.) can?(:show, ActiveStorage::Attachment) { |attachment| … }

The :show and :edit will both work.

Instance Method Summary collapse

Instance Method Details

#authorize_active_storage_download!Object

Authorize ActiveStorage DiskController downloads Used for local storage



23
24
25
26
 
# File 'app/models/concerns/active_storage_authorization.rb', line 23

def authorize_active_storage_download!
  @blob || set_download_blob()
  authorize_active_storage!
end

#authorize_active_storage_redirect!Object

Authorize ActiveStorage Blob and Representation redirects Used for amazon storage



30
31
32
33
 
# File 'app/models/concerns/active_storage_authorization.rb', line 30

def authorize_active_storage_redirect!
  @blob || set_blob()
  authorize_active_storage!
end

#unauthorized_active_storage_request(exception) ⇒ Object

Send an ExceptionNotification email with the unauthorized details This is not visible to users



37
38
39
40
41
42
43
44
45
 
# File 'app/models/concerns/active_storage_authorization.rb', line 37

def unauthorized_active_storage_request(exception)

  if defined?(ExceptionNotifier)
    data = { 'current_user_id': current_user&.id || 'none' }.merge(@blob&.attributes || {})
    ExceptionNotifier.notify_exception(exception, env: request.env, data: data)
  else
    raise(exception)
  end
end