Class: UploadSecurity
- Inherits:
-
Object
- Object
- UploadSecurity
- Defined in:
- lib/upload_security.rb
Overview
A note on determining whether an upload should be marked as secure:
Some of these flags checked (e.g. all of the for_X flags and the opts) are only set when _initially uploading_ via UploadCreator and are not present when an upload already exists, these will only be checked when the @creating option is present.
If the upload already exists the best way to figure out whether it should be secure alongside the site settings is the access_control_post_id, because the original post the upload is linked to has far more bearing on its security context post-upload. If the access_control_post_id does not exist then we just rely on the current secure? status, otherwise there would be a lot of additional complex queries and joins to perform.
These queries will be performed only if the @creating option is false. So if an upload is included in a post, and it’s an upload from a different source (e.g. a category logo, site setting upload) then we will determine secure state _based on the first place the upload was referenced_.
NOTE: When updating this to add more cases where uploads will be marked secure, consider uploads:secure_upload_analyse_and_update as well, which does not use this class directly but uses an SQL version of its rules for efficient updating of many uploads in bulk.
Constant Summary collapse
- PUBLIC_TYPES =
%w[ avatar custom_emoji profile_background card_background category_logo category_logo_dark category_background group_flair badge_image site_setting ]
- PUBLIC_UPLOAD_REFERENCE_TYPES =
%w[ Badge Category CustomEmoji Group SiteSetting ThemeField User UserAvatar UserProfile ]
- @@custom_public_types =
[]
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(upload, opts = {}) ⇒ UploadSecurity
constructor
A new instance of UploadSecurity.
- #should_be_secure? ⇒ Boolean
- #should_be_secure_with_reason ⇒ Object
Constructor Details
#initialize(upload, opts = {}) ⇒ UploadSecurity
Returns a new instance of UploadSecurity.
64 65 66 67 68 69 |
# File 'lib/upload_security.rb', line 64 def initialize(upload, opts = {}) @upload = upload @opts = opts @upload_type = @opts[:type] @creating = @opts[:creating] end |
Class Method Details
.register_custom_public_type(type) ⇒ Object
55 56 57 |
# File 'lib/upload_security.rb', line 55 def self.register_custom_public_type(type) @@custom_public_types << type if !@@custom_public_types.include?(type) end |
.reset_custom_public_types ⇒ Object
used in tests
60 61 62 |
# File 'lib/upload_security.rb', line 60 def self.reset_custom_public_types @@custom_public_types = [] end |
Instance Method Details
#should_be_secure? ⇒ Boolean
71 72 73 |
# File 'lib/upload_security.rb', line 71 def should_be_secure? should_be_secure_with_reason.first end |
#should_be_secure_with_reason ⇒ Object
75 76 77 78 79 80 81 82 83 |
# File 'lib/upload_security.rb', line 75 def should_be_secure_with_reason insecure_context_checks.each { |check, reason| return false, reason if perform_check(check) } secure_context_checks.each do |check, reason| return perform_check(check), reason if priority_check?(check) return true, reason if perform_check(check) end [false, "no checks satisfied"] end |