FIX: Update upload secure status when revising posts (#13110)

When uploads are created from the composer (editing or creating a post), for sites with secure uploads enabled we assume security by default and that new upload is set to secure. When the post is created, we then check whether the post uploads _actually_ need to be secure and adjust accordingly. We were not doing this when revising a post, so when a new upload was created when editing a post in a public topic, the secure status stayed true erroneously causing issues with image previews, among other things.
2025-02-28 16:29:22 +00:00 · 2021-05-21 13:32:32 +10:00 · 2021-05-21 13:32:32 +10:00 · afb2b4c6b9
commit afb2b4c6b9
parent 59097b207f
2 changed files with 36 additions and 0 deletions
--- a/lib/post_revisor.rb
+++ b/lib/post_revisor.rb
@ -226,6 +226,11 @@ class PostRevisor
    # it can fire events in sidekiq before the post is done saving
    # leading to corrupt state
    QuotedPost.extract_from(@post)
+
+    # This must be done before post_process_post, because that uses
+    # post upload security status to cook URLs.
+    @post.update_uploads_secure_status(source: "post revisor")
+
    post_process_post

    update_topic_word_counts
--- a/spec/components/post_revisor_spec.rb
+++ b/spec/components/post_revisor_spec.rb
@ -1115,6 +1115,37 @@ describe PostRevisor do

        expect(post.reload.post_uploads.pluck(:upload_id)).to contain_exactly(image2.id, image3.id, image4.id)
      end
+
+      context "secure media uploads" do
+        let!(:image5) { Fabricate(:secure_upload) }
+        before do
+          setup_s3
+          SiteSetting.authorized_extensions = "png|jpg|gif|mp4"
+          SiteSetting.secure_media = true
+          stub_upload(image5)
+        end
+
+        it "updates the upload secure status, which is secure by default from the composer. set to false for a public topic" do
+          subject.revise!(user, raw: <<~RAW)
+              This is a post with a secure upload
+              ![image5](#{image5.short_url})
+          RAW
+
+          expect(image5.reload.secure).to eq(false)
+          expect(image5.security_last_changed_reason).to eq("access control post dictates security | source: post revisor")
+        end
+
+        it "does not update the upload secure status, which is secure by default from the composer for a private" do
+          post.topic.update(category: Fabricate(:private_category,  group: Fabricate(:group)))
+          subject.revise!(user, raw: <<~RAW)
+              This is a post with a secure upload
+              ![image5](#{image5.short_url})
+          RAW
+
+          expect(image5.reload.secure).to eq(true)
+          expect(image5.security_last_changed_reason).to eq("access control post dictates security | source: post revisor")
+        end
+      end
    end
  end