Module: SecureUploadEndpointHelpers

Includes:

ActiveSupport::Concern

Included in:

UploadsController

Defined in:

lib/secure_upload_endpoint_helpers.rb

Instance Method Summary

• #check_secure_upload_permission(upload) ⇒ Object
• #upload_from_full_url(url) ⇒ Object
• #upload_from_path_and_extension(path_with_ext) ⇒ Object

Instance Method Details

#check_secure_upload_permission(upload) ⇒ Object

# File 'lib/secure_upload_endpoint_helpers.rb', line 17

def check_secure_upload_permission(upload)
  if upload.access_control_post_id.present?
    raise Discourse::InvalidAccess if current_user.nil? && SiteSetting.login_required
    raise Discourse::InvalidAccess if !guardian.can_see?(upload.access_control_post)
  else
    raise Discourse::NotFound if current_user.nil?
  end
end

#upload_from_full_url(url) ⇒ Object

# File 'lib/secure_upload_endpoint_helpers.rb', line 13

def upload_from_full_url(url)
  Upload.find_by(sha1: Upload.sha1_from_long_url(url))
end

#upload_from_path_and_extension(path_with_ext) ⇒ Object

# File 'lib/secure_upload_endpoint_helpers.rb', line 6

def upload_from_path_and_extension(path_with_ext)
  sha1 = File.basename(path_with_ext, File.extname(path_with_ext))
  # this takes care of optimized image requests
  sha1 = sha1.partition("_").first if sha1.include?("_")
  Upload.find_by(sha1: sha1)
end