discourse

Commit Graph

Author	SHA1	Message	Date
Martin Brennan	0388653a4d	DEV: Upload and secure media retroactive rake task improvements (#9027 ) * Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security * Improved uploads:disable_secure_media to be more efficient and provide better messages to the user. * Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL * Many improvements to uploads:secure_upload_analyse_and_update * Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload. * Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.	2020-03-03 10:03:58 +11:00
Martin Brennan	6a2bde4d48	Fix broken secure media specs	2020-02-21 10:01:32 +10:00
Martin Brennan	02cb01406e	FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373 ) The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent. Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.	2019-11-20 07:46:44 +10:00

Author

SHA1

Message

Date

Martin Brennan

0388653a4d

DEV: Upload and secure media retroactive rake task improvements (#9027 )

* Add uploads:sync_s3_acls rake task to ensure the ACLs in S3 are the correct (public-read or private) setting based on upload security

* Improved uploads:disable_secure_media to be more efficient and provide better messages to the user.

* Rename uploads:ensure_correct_acl task to uploads:secure_upload_analyse_and_update as it does more than check the ACL

* Many improvements to uploads:secure_upload_analyse_and_update

* Make sure that upload.access_control_post is unscoped so deleted posts are still fetched, because they still affect the security of the upload.

* Add escape hatch for capture_stdout in the form of RAILS_ENABLE_TEST_STDOUT. If provided the capture_stdout code will be ignored, so you can see the output if you need.

2020-03-03 10:03:58 +11:00

Martin Brennan

6a2bde4d48

Fix broken secure media specs

2020-02-21 10:01:32 +10:00

Martin Brennan

02cb01406e

FIX: Allow secure uploads if global s3 setting active and enable_s3_uploads validations (#8373 )

The secure media functionality relied on `SiteSetting.enable_s3_uploads?` which, as we found in dev, did not take into account global S3 settings via `GlobalSetting.use_s3?`. We now use `SiteSetting.Upload.enable_s3_uploads` instead to be more consistent.

Also, we now validate `enable_s3_uploads` changes, because if `GlobalSetting.use_s3?` is true users should NOT be enabling S3 uploads manually.

2019-11-20 07:46:44 +10:00

3 Commits