FIX: Allow private media uploads to be reused in login_required sites

In non-login-required sites, we prevent secure uploads already used in PMs from being used in public topics. In login_required sites, secure uploads should be reusable in any topic, PM or not.
2019-11-21 09:13:33 -05:00 · 2019-11-21 09:13:33 -05:00 · 11d22293fb
parent cc0df69ea6
commit 11d22293fb
2 changed files with 13 additions and 1 deletions
--- a/app/models/post.rb
+++ b/app/models/post.rb
@ -898,7 +898,7 @@ class Post < ActiveRecord::Base
    upload_ids |= Upload.where(id: downloaded_images.values).pluck(:id)

    disallowed_uploads = []
-    if SiteSetting.secure_media? && !topic&.private_message?
+    if SiteSetting.secure_media? && !self.with_secure_media?
      disallowed_uploads = Upload.where(id: upload_ids, secure: true).pluck(:original_filename)
    end
    return disallowed_uploads if disallowed_uploads.count > 0
--- a/spec/components/post_creator_spec.rb
+++ b/spec/components/post_creator_spec.rb
@ -1445,6 +1445,18 @@ describe PostCreator do
      expect(public_post.errors.full_messages).to include(I18n.t('secure_upload_not_allowed_in_public_topic', upload_filenames: video_upload.original_filename))
    end

+    it "allows an existing upload to be used again in nonPM topics in login_required sites" do
+      SiteSetting.login_required = true
+
+      public_post = PostCreator.create(
+        user,
+        topic_id: public_topic.id,
+        raw: "Reusing this image on a public topic in a login_required site:\n![](#{image_upload.short_path})"
+      )
+
+      expect(public_post.errors.count).to be(0)
+    end
+
  end

 end