discourse/db/migrate/20190716173854_add_secure_t...

# frozen_string_literal: true

class AddSecureToUploads < ActiveRecord::Migration[5.2]
  def up
    add_column :uploads, :secure, :boolean, default: false, null: false

    prevent_anons_from_downloading_files = \
      DB.query_single("SELECT value FROM site_settings WHERE name = 'prevent_anons_from_downloading_files'").first == 't'

    if prevent_anons_from_downloading_files
      execute(
        <<-SQL
        UPDATE uploads SET secure = 't' WHERE id IN (
          SELECT DISTINCT(uploads.id) FROM uploads
          INNER JOIN post_uploads ON post_uploads.upload_id = uploads.id
          WHERE LOWER(original_filename) NOT SIMILAR TO '%\.(jpg|jpeg|png|gif|svg|ico)'
        )
        SQL
      )
    end
  end

  def down
    remove_column :uploads, :secure
  end
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3 2019-11-17 20:25:42 -05:00			`# frozen_string_literal: true`

			`class AddSecureToUploads < ActiveRecord::Migration[5.2]`
			`def up`
			`add_column :uploads, :secure, :boolean, default: false, null: false`

			`prevent_anons_from_downloading_files = \`
			`DB.query_single("SELECT value FROM site_settings WHERE name = 'prevent_anons_from_downloading_files'").first == 't'`

			`if prevent_anons_from_downloading_files`
			`execute(`
			`<<-SQL`
			`UPDATE uploads SET secure = 't' WHERE id IN (`
			`SELECT DISTINCT(uploads.id) FROM uploads`
			`INNER JOIN post_uploads ON post_uploads.upload_id = uploads.id`
			`WHERE LOWER(original_filename) NOT SIMILAR TO '%\.(jpg\|jpeg\|png\|gif\|svg\|ico)'`
			`)`
			`SQL`
			`)`
			`end`
			`end`

			`def down`
			`remove_column :uploads, :secure`
			`end`
			`end`