Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE: new 'allow_all_attachments_for_group_messages' site setting

This commit is contained in:
Régis Hanol 2016-02-29 22:39:24 +01:00
parent d538bcbe40
commit be5a54d67d
7 changed files with 72 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/models/upload.rb
View File

@ -14,6 +14,8 @@ class Upload < ActiveRecord::Base
has_many :optimized_images, dependent: :destroy
attr_accessor :is_attachment_for_group_message
validates_presence_of :filesize
validates_presence_of :original_filename
@ -62,8 +64,9 @@ class Upload < ActiveRecord::Base
# options
# - content_type
# - origin
# - image_type
# - origin (url)
# - image_type ("avatar", "profile_background", "card_background")
# - is_attachment_for_group_message (boolean)
def self.create_for(user_id, file, filename, filesize, options = {})
DistributedMutex.synchronize("upload_#{user_id}_#{filename}") do
# do some work on images
@ -141,6 +144,10 @@ class Upload < ActiveRecord::Base
upload.height = height
upload.origin = options[:origin][0...1000] if options[:origin]
if options[:is_attachment_for_group_message]
upload.is_attachment_for_group_message = true
end
if is_dimensionless_image?(filename, upload.width, upload.height)
upload.errors.add(:base, I18n.t("upload.images.size_not_found"))
return upload

2
config/locales/server.en.yml
View File

@ -1001,6 +1001,8 @@ en:
default_opengraph_image_url: "URL of the default opengraph image."
allow_all_attachments_for_group_messages: "Allow all email attachments for group messages."
enable_flash_video_onebox: "Enable embedding of swf and flv (Adobe Flash) links in oneboxes. WARNING: may introduce security risks."
default_invitee_trust_level: "Default trust level (0-4) for invited users."

2
config/site_settings.yml
View File

@ -617,8 +617,8 @@ files:
client: true
regex: '^((https?:)?\/)?\/.+[^\/]'
shadowed_by_global: true
default_opengraph_image_url: ''
allow_all_attachments_for_group_messages: false
trust:
default_trust_level:

25
lib/email/receiver.rb
View File

@ -72,20 +72,35 @@ module Email
case destination[:type]
when :group
group = destination[:obj]
create_topic(user: user, raw: body, title: subject, archetype: Archetype.private_message, target_group_names: [group.name], skip_validations: true)
create_topic(user: user,
raw: body,
title: subject,
archetype: Archetype.private_message,
target_group_names: [group.name],
is_group_message: true,
skip_validations: true)
when :category
category = destination[:obj]
raise StrangersNotAllowedError if user.staged? && !category.email_in_allow_strangers
raise InsufficientTrustLevelError if !user.has_trust_level?(SiteSetting.email_in_min_trust)
create_topic(user: user, raw: body, title: subject, category: category.id, skip_validations: user.staged?)
create_topic(user: user,
raw: body,
title: subject,
category: category.id,
skip_validations: user.staged?)
when :reply
email_log = destination[:obj]
raise ReplyUserNotMatchingError if email_log.user_id != user.id
create_reply(user: user, raw: body, post: email_log.post, topic: email_log.post.topic)
create_reply(user: user,
raw: body,
post: email_log.post,
topic: email_log.post.topic)
end
end
end
@ -271,6 +286,7 @@ module Email
else
options[:topic_id] = options[:post].try(:topic_id)
options[:reply_to_post_number] = options[:post].try(:post_number)
options[:is_group_message] = options[:topic].private_message? && options[:topic].allowed_groups.exists?
create_post_with_attachments(options)
end
end
@ -291,7 +307,8 @@ module Email
# read attachment
File.open(tmp.path, "w+b") { |f| f.write attachment.body.decoded }
# create the upload for the user
upload = Upload.create_for(options[:user].id, tmp, attachment.filename, tmp.size)
opts = { is_attachment_for_group_message: options[:is_group_message] }
upload = Upload.create_for(options[:user].id, tmp, attachment.filename, tmp.size, opts)
if upload && upload.errors.empty?
# try to inline images
if attachment.content_type.start_with?("image/") && options[:raw][/\[image: .+ \d+\]/]

2
lib/validators/upload_validator.rb
View File

@ -5,6 +5,8 @@ module Validators; end
class Validators::UploadValidator < ActiveModel::Validator
def validate(upload)
return true if upload.is_attachment_for_group_message && SiteSetting.allow_all_attachments_for_group_messages
extension = File.extname(upload.original_filename)[1..-1] || ""
if is_authorized?(upload, extension)

6
spec/components/email/receiver_spec.rb
View File

@ -271,6 +271,12 @@ describe Email::Receiver do
expect { process(:email_reply_4) }.to change { topic.posts.count }
end
it "supports any kind of attachments when 'allow_all_attachments_for_group_messages' is enabled" do
SiteSetting.allow_all_attachments_for_group_messages = true
expect { process(:attached_rb_file) }.to change(Topic, :count)
expect(Post.last.raw).to match(/discourse\.rb/)
end
end
context "new topic in a category" do

31
spec/fixtures/emails/attached_rb_file.eml vendored Normal file
View File

@ -0,0 +1,31 @@
Return-Path: <discourse@bar.com>
From: Foo Bar <discourse@bar.com>
To: team@bar.com
Date: Mon, 29 Feb 2016 21:54:01 +0100
Message-ID: <56d4afe991ed0_3ab83fdf94441a20677f0@HAL.lan.mail>
Subject: Email with .rb file attached
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="--==_mimepart_56d4afe991d17_3ab83fdf94441a206765";
charset=UTF-8
Content-Transfer-Encoding: 7bit
----==_mimepart_56d4afe991d17_3ab83fdf94441a206765
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Please find the source code of Discourse attached.
----==_mimepart_56d4afe991d17_3ab83fdf94441a206765
Content-Type: application/x-ruby;
charset=UTF-8;
filename=discourse.rb
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename=discourse.rb
Content-ID: <56d4afe992cb6_3ab83fdf94441a20678c3@HAL.lan.mail>
cHV0cyAiSGVsbG8gRGlzY291cnNlIgo=
----==_mimepart_56d4afe991d17_3ab83fdf94441a206765--