add newuser-max-attachments setting
This commit is contained in:
parent
33e3f123b4
commit
2986798ba7
|
@ -174,9 +174,13 @@ Discourse.Utilities = {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
var upload = files[0];
|
var upload = files[0];
|
||||||
// ensures that new users can upload image
|
// ensures that new users can upload image/attachment
|
||||||
if (Discourse.User.current('trust_level') === 0 && Discourse.SiteSettings.newuser_max_images === 0) {
|
if (Discourse.Utilities.isUploadForbidden(upload.name)) {
|
||||||
bootbox.alert(I18n.t('post.errors.upload_not_allowed_for_new_user'));
|
if (Discourse.Utilities.isAnImage(upload.name)) {
|
||||||
|
bootbox.alert(I18n.t('post.errors.image_upload_not_allowed_for_new_user'));
|
||||||
|
} else {
|
||||||
|
bootbox.alert(I18n.t('post.errors.attachment_upload_not_allowed_for_new_user'));
|
||||||
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// if the image was pasted, sets its name to a default one
|
// if the image was pasted, sets its name to a default one
|
||||||
|
@ -242,6 +246,17 @@ Discourse.Utilities = {
|
||||||
**/
|
**/
|
||||||
maxUploadSizeInKB: function(path) {
|
maxUploadSizeInKB: function(path) {
|
||||||
return Discourse.Utilities.isAnImage(path) ? Discourse.SiteSettings.max_image_size_kb : Discourse.SiteSettings.max_attachment_size_kb;
|
return Discourse.Utilities.isAnImage(path) ? Discourse.SiteSettings.max_image_size_kb : Discourse.SiteSettings.max_attachment_size_kb;
|
||||||
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
Test whether an upload is forbidden or not
|
||||||
|
|
||||||
|
@method isUploadForbidden
|
||||||
|
@param {String} path The path
|
||||||
|
**/
|
||||||
|
isUploadForbidden: function(path) {
|
||||||
|
if (Discourse.User.current('trust_level') > 0) { return false; }
|
||||||
|
return Discourse.Utilities.isAnImage(path) ? Discourse.SiteSettings.newuser_max_images === 0 : Discourse.SiteSettings.newuser_max_attachments === 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
require_dependency 'jobs'
|
require_dependency 'jobs'
|
||||||
require_dependency 'pretty_text'
|
require_dependency 'pretty_text'
|
||||||
|
require_dependency 'local_store'
|
||||||
|
require_dependency 's3_store'
|
||||||
require_dependency 'rate_limiter'
|
require_dependency 'rate_limiter'
|
||||||
require_dependency 'post_revisor'
|
require_dependency 'post_revisor'
|
||||||
require_dependency 'enum'
|
require_dependency 'enum'
|
||||||
|
@ -89,7 +91,7 @@ class Post < ActiveRecord::Base
|
||||||
@post_analyzer = PostAnalyzer.new(raw, topic_id)
|
@post_analyzer = PostAnalyzer.new(raw, topic_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
%w{raw_mentions linked_hosts image_count link_count raw_links}.each do |attr|
|
%w{raw_mentions linked_hosts image_count attachment_count link_count raw_links}.each do |attr|
|
||||||
define_method(attr) do
|
define_method(attr) do
|
||||||
PostAnalyzer.new(raw, topic_id).send(attr)
|
PostAnalyzer.new(raw, topic_id).send(attr)
|
||||||
end
|
end
|
||||||
|
|
|
@ -39,6 +39,18 @@ class PostAnalyzer
|
||||||
end.count
|
end.count
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# How many attachments are present in the post
|
||||||
|
def attachment_count
|
||||||
|
return 0 unless @raw.present?
|
||||||
|
|
||||||
|
if SiteSetting.enable_s3_uploads?
|
||||||
|
cooked_document.css("a.attachment[href^=\"#{S3Store.base_url}\"]")
|
||||||
|
else
|
||||||
|
cooked_document.css("a.attachment[href^=\"#{LocalStore.directory}\"]") +
|
||||||
|
cooked_document.css("a.attachment[href^=\"#{LocalStore.base_url}\"]")
|
||||||
|
end.count
|
||||||
|
end
|
||||||
|
|
||||||
def raw_mentions
|
def raw_mentions
|
||||||
return [] if @raw.blank?
|
return [] if @raw.blank?
|
||||||
|
|
||||||
|
|
|
@ -212,6 +212,7 @@ class SiteSetting < ActiveRecord::Base
|
||||||
|
|
||||||
setting(:newuser_max_links, 2)
|
setting(:newuser_max_links, 2)
|
||||||
client_setting(:newuser_max_images, 0)
|
client_setting(:newuser_max_images, 0)
|
||||||
|
client_setting(:newuser_max_attachments, 0)
|
||||||
|
|
||||||
setting(:newuser_spam_host_threshold, 3)
|
setting(:newuser_spam_host_threshold, 3)
|
||||||
|
|
||||||
|
|
|
@ -757,7 +757,8 @@ en:
|
||||||
upload_too_large: "Sorry, the file you are trying to upload is too big (maximum size is {{max_size_kb}}kb), please resize it and try again."
|
upload_too_large: "Sorry, the file you are trying to upload is too big (maximum size is {{max_size_kb}}kb), please resize it and try again."
|
||||||
too_many_uploads: "Sorry, you can only upload one file at a time."
|
too_many_uploads: "Sorry, you can only upload one file at a time."
|
||||||
upload_not_authorized: "Sorry, the file you are trying to upload is not authorized (authorized extension: {{authorized_extensions}})."
|
upload_not_authorized: "Sorry, the file you are trying to upload is not authorized (authorized extension: {{authorized_extensions}})."
|
||||||
upload_not_allowed_for_new_user: "Sorry, new users can not upload images."
|
image_upload_not_allowed_for_new_user: "Sorry, new users can not upload images."
|
||||||
|
attachment_upload_not_allowed_for_new_user: "Sorry, new users can not upload attachments."
|
||||||
|
|
||||||
abandon: "Are you sure you want to abandon your post?"
|
abandon: "Are you sure you want to abandon your post?"
|
||||||
|
|
||||||
|
|
|
@ -737,7 +737,8 @@ fr:
|
||||||
upload_too_large: "Désolé, le fichier que vous êtes en train d'envoyer est trop grand (maximum {{max_size_kb}}Kb). Merci de le redimensionner et de réessayer."
|
upload_too_large: "Désolé, le fichier que vous êtes en train d'envoyer est trop grand (maximum {{max_size_kb}}Kb). Merci de le redimensionner et de réessayer."
|
||||||
too_many_uploads: "Désolé, vous ne pouvez envoyer qu'un seul fichier à la fois."
|
too_many_uploads: "Désolé, vous ne pouvez envoyer qu'un seul fichier à la fois."
|
||||||
upload_not_authorized: "Désole, le fichier que vous êtes en train d'uploader n'est pas autorisé (extensions autorisées : {{authorized_extensions}})."
|
upload_not_authorized: "Désole, le fichier que vous êtes en train d'uploader n'est pas autorisé (extensions autorisées : {{authorized_extensions}})."
|
||||||
upload_not_allowed_for_new_user: "Désolé, les nouveaux utilisateurs ne peuvent pas uploader d'images."
|
image_upload_not_allowed_for_new_user: "Désolé, les nouveaux utilisateurs ne peuvent pas uploader d'image."
|
||||||
|
attachment_upload_not_allowed_for_new_user: "Désolé, les nouveaux utilisateurs ne peuvent pas uploader de fichier."
|
||||||
|
|
||||||
abandon: "Voulez-vous vraiment abandonner ce message ?"
|
abandon: "Voulez-vous vraiment abandonner ce message ?"
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,10 @@ en:
|
||||||
zero: "Sorry, new users can't put images in posts."
|
zero: "Sorry, new users can't put images in posts."
|
||||||
one: "Sorry, new users can only put one image in a post."
|
one: "Sorry, new users can only put one image in a post."
|
||||||
other: "Sorry, new users can only put %{count} images in a post."
|
other: "Sorry, new users can only put %{count} images in a post."
|
||||||
|
too_many_attachments:
|
||||||
|
zero: "Sorry, new users can't put attachments in posts."
|
||||||
|
one: "Sorry, new users can only put one attachment in a post."
|
||||||
|
other: "Sorry, new users can only put %{count} attachments in a post."
|
||||||
too_many_links:
|
too_many_links:
|
||||||
zero: "Sorry, new users can't put links in posts."
|
zero: "Sorry, new users can't put links in posts."
|
||||||
one: "Sorry, new users can only put one link in a post."
|
one: "Sorry, new users can only put one link in a post."
|
||||||
|
@ -606,6 +610,7 @@ en:
|
||||||
|
|
||||||
newuser_max_links: "How many links a new user can add to a post"
|
newuser_max_links: "How many links a new user can add to a post"
|
||||||
newuser_max_images: "How many images a new user can add to a post"
|
newuser_max_images: "How many images a new user can add to a post"
|
||||||
|
newuser_max_attachments: "How many attachments a new user can add to a post"
|
||||||
newuser_max_mentions_per_post: "Maximum number of @name notifications a new user can use in a post"
|
newuser_max_mentions_per_post: "Maximum number of @name notifications a new user can use in a post"
|
||||||
max_mentions_per_post: "Maximum number of @name notifications you can use in a post"
|
max_mentions_per_post: "Maximum number of @name notifications you can use in a post"
|
||||||
|
|
||||||
|
|
|
@ -41,6 +41,10 @@ fr:
|
||||||
zero: "Désolé, les visiteurs ne peuvent pas ajouter d'image."
|
zero: "Désolé, les visiteurs ne peuvent pas ajouter d'image."
|
||||||
one: "Désolé, les visiteurs ne peuvent ajouter qu'une seule image."
|
one: "Désolé, les visiteurs ne peuvent ajouter qu'une seule image."
|
||||||
other: "Désolé, les visiteurs ne peuvent ajouter que %{count} images."
|
other: "Désolé, les visiteurs ne peuvent ajouter que %{count} images."
|
||||||
|
too_many_attachments:
|
||||||
|
zero: "Désolé, les visiteurs ne peuvent pas ajouter de fichier."
|
||||||
|
one: "Désolé, les visiteurs ne peuvent ajouter qu'un seul fichier."
|
||||||
|
other: "Désolé, les visiteurs ne peuvent ajouter que %{count} fichiers."
|
||||||
too_many_links:
|
too_many_links:
|
||||||
zero: "Désolé, les visiteurs ne peuvent pas insérer de liens."
|
zero: "Désolé, les visiteurs ne peuvent pas insérer de liens."
|
||||||
one: "Désolé, les visiteurs ne peuvent insérer qu'un seul lien."
|
one: "Désolé, les visiteurs ne peuvent insérer qu'un seul lien."
|
||||||
|
@ -534,6 +538,7 @@ fr:
|
||||||
|
|
||||||
newuser_max_links: "Nombre maximum de liens qu'un visiteur peut ajouter à un message"
|
newuser_max_links: "Nombre maximum de liens qu'un visiteur peut ajouter à un message"
|
||||||
newuser_max_images: "Nombre maximum d'images qu'un visiteur peut ajouter à un message"
|
newuser_max_images: "Nombre maximum d'images qu'un visiteur peut ajouter à un message"
|
||||||
|
newuser_max_attachments: "Nombre maximum de fichiers qu'un visiteur peut ajouter à un message"
|
||||||
newuser_max_mentions_per_post: "Nombre maximum de référence à un @utilisateur qu'un visiteur peut ajouter à un message"
|
newuser_max_mentions_per_post: "Nombre maximum de référence à un @utilisateur qu'un visiteur peut ajouter à un message"
|
||||||
max_mentions_per_post: "Le nombre maximal de @mentions que vous pouvez ajouter à un message"
|
max_mentions_per_post: "Le nombre maximal de @mentions que vous pouvez ajouter à un message"
|
||||||
|
|
||||||
|
|
|
@ -223,10 +223,12 @@ class CookedPostProcessor
|
||||||
|
|
||||||
def attachments
|
def attachments
|
||||||
if SiteSetting.enable_s3_uploads?
|
if SiteSetting.enable_s3_uploads?
|
||||||
@doc.css("a[href^=\"#{S3Store.base_url}\"]")
|
@doc.css("a.attachment[href^=\"#{S3Store.base_url}\"]")
|
||||||
else
|
else
|
||||||
# local uploads are identified using a relative uri
|
# local uploads are identified using a relative uri
|
||||||
@doc.css("a[href^=\"#{LocalStore.directory}\"]")
|
@doc.css("a.attachment[href^=\"#{LocalStore.directory}\"]") +
|
||||||
|
# when cdn is enabled, we have the whole url
|
||||||
|
@doc.css("a.attachment[href^=\"#{LocalStore.base_url}\"]")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,7 @@ class Validators::PostValidator < ActiveModel::Validator
|
||||||
raw_quality(record)
|
raw_quality(record)
|
||||||
max_mention_validator(record)
|
max_mention_validator(record)
|
||||||
max_images_validator(record)
|
max_images_validator(record)
|
||||||
|
max_attachments_validator(record)
|
||||||
max_links_validator(record)
|
max_links_validator(record)
|
||||||
unique_post_validator(record)
|
unique_post_validator(record)
|
||||||
end
|
end
|
||||||
|
@ -41,6 +42,11 @@ class Validators::PostValidator < ActiveModel::Validator
|
||||||
add_error_if_count_exceeded(post, :too_many_images, post.image_count, SiteSetting.newuser_max_images) unless acting_user_is_trusted?(post)
|
add_error_if_count_exceeded(post, :too_many_images, post.image_count, SiteSetting.newuser_max_images) unless acting_user_is_trusted?(post)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Ensure new users can not put too many attachments in a post
|
||||||
|
def max_attachments_validator(post)
|
||||||
|
add_error_if_count_exceeded(post, :too_many_attachments, post.attachment_count, SiteSetting.newuser_max_attachments) unless acting_user_is_trusted?(post)
|
||||||
|
end
|
||||||
|
|
||||||
# Ensure new users can not put too many links in a post
|
# Ensure new users can not put too many links in a post
|
||||||
def max_links_validator(post)
|
def max_links_validator(post)
|
||||||
add_error_if_count_exceeded(post, :too_many_links, post.link_count, SiteSetting.newuser_max_links) unless acting_user_is_trusted?(post)
|
add_error_if_count_exceeded(post, :too_many_links, post.link_count, SiteSetting.newuser_max_links) unless acting_user_is_trusted?(post)
|
||||||
|
|
|
@ -184,6 +184,54 @@ describe Post do
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "maximum attachments" do
|
||||||
|
let(:newuser) { Fabricate(:user, trust_level: TrustLevel.levels[:newuser]) }
|
||||||
|
let(:post_no_attachments) { Fabricate.build(:post, post_args.merge(user: newuser)) }
|
||||||
|
let(:post_one_attachment) { post_with_body('<a class="attachment" href="/uploads/default/1/2082985.txt">file.txt</a>', newuser) }
|
||||||
|
let(:post_two_attachments) { post_with_body('<a class="attachment" href="/uploads/default/2/20947092.log">errors.log</a> <a class="attachment" href="/uploads/default/3/283572385.3ds">model.3ds</a>', newuser) }
|
||||||
|
|
||||||
|
it "returns 0 attachments for an empty post" do
|
||||||
|
Fabricate.build(:post).attachment_count.should == 0
|
||||||
|
end
|
||||||
|
|
||||||
|
it "finds attachments from HTML" do
|
||||||
|
post_two_attachments.attachment_count.should == 2
|
||||||
|
end
|
||||||
|
|
||||||
|
context "validation" do
|
||||||
|
|
||||||
|
before do
|
||||||
|
SiteSetting.stubs(:newuser_max_attachments).returns(1)
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'newuser' do
|
||||||
|
it "allows a new user to post below the limit" do
|
||||||
|
post_one_attachment.should be_valid
|
||||||
|
end
|
||||||
|
|
||||||
|
it "doesn't allow more than the maximum" do
|
||||||
|
post_two_attachments.should_not be_valid
|
||||||
|
end
|
||||||
|
|
||||||
|
it "doesn't allow a new user to edit their post to insert an attachment" do
|
||||||
|
post_no_attachments.user.trust_level = TrustLevel.levels[:new]
|
||||||
|
post_no_attachments.save
|
||||||
|
-> {
|
||||||
|
post_no_attachments.revise(post_no_attachments.user, post_two_attachments.raw)
|
||||||
|
post_no_attachments.reload
|
||||||
|
}.should_not change(post_no_attachments, :raw)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it "allows more attachments from a not-new account" do
|
||||||
|
post_two_attachments.user.trust_level = TrustLevel.levels[:basic]
|
||||||
|
post_two_attachments.should be_valid
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
context "links" do
|
context "links" do
|
||||||
let(:newuser) { Fabricate(:user, trust_level: TrustLevel.levels[:newuser]) }
|
let(:newuser) { Fabricate(:user, trust_level: TrustLevel.levels[:newuser]) }
|
||||||
let(:no_links) { post_with_body("hello world my name is evil trout", newuser) }
|
let(:no_links) { post_with_body("hello world my name is evil trout", newuser) }
|
||||||
|
|
|
@ -22,13 +22,22 @@ test("uploading one file", function() {
|
||||||
ok(bootbox.alert.calledWith(I18n.t('post.errors.too_many_uploads')));
|
ok(bootbox.alert.calledWith(I18n.t('post.errors.too_many_uploads')));
|
||||||
});
|
});
|
||||||
|
|
||||||
test("new user", function() {
|
test("new user cannot upload images", function() {
|
||||||
Discourse.SiteSettings.newuser_max_images = 0;
|
Discourse.SiteSettings.newuser_max_images = 0;
|
||||||
this.stub(Discourse.User, 'current').withArgs("trust_level").returns(0);
|
this.stub(Discourse.User, 'current').withArgs("trust_level").returns(0);
|
||||||
this.stub(bootbox, "alert");
|
this.stub(bootbox, "alert");
|
||||||
|
|
||||||
ok(!validUpload([1]));
|
ok(!validUpload([{name: "image.png"}]));
|
||||||
ok(bootbox.alert.calledWith(I18n.t('post.errors.upload_not_allowed_for_new_user')));
|
ok(bootbox.alert.calledWith(I18n.t('post.errors.image_upload_not_allowed_for_new_user')));
|
||||||
|
});
|
||||||
|
|
||||||
|
test("new user cannot upload attachments", function() {
|
||||||
|
Discourse.SiteSettings.newuser_max_attachments = 0;
|
||||||
|
this.stub(Discourse.User, 'current').withArgs("trust_level").returns(0);
|
||||||
|
this.stub(bootbox, "alert");
|
||||||
|
|
||||||
|
ok(!validUpload([{name: "roman.txt"}]));
|
||||||
|
ok(bootbox.alert.calledWith(I18n.t('post.errors.attachment_upload_not_allowed_for_new_user')));
|
||||||
});
|
});
|
||||||
|
|
||||||
test("ensures an authorized upload", function() {
|
test("ensures an authorized upload", function() {
|
||||||
|
|
Loading…
Reference in New Issue