adjust blob proxy

2 years ago · 6727d3be83
parent 4bbd5c3bcb
commit 6727d3be83
2 changed files with 14 additions and 5 deletions
--- a/app/controllers/api/active_storage_blobs_proxy_controller.rb
+++ b/app/controllers/api/active_storage_blobs_proxy_controller.rb
@ -10,7 +10,11 @@ module Api
    def show
      blob_uuid = ApplicationRecord.signed_id_verifier.verified(params[:signed_uuid])

-      return head :not_found unless blob_uuid
+      unless blob_uuid
+        Rollbar.error('Blob not found') if defined?(Rollbar)
+
+        return head :not_found
+      end

      blob = ActiveStorage::Blob.find_by!(uuid: blob_uuid)

--- a/app/controllers/api/active_storage_blobs_proxy_legacy_controller.rb
+++ b/app/controllers/api/active_storage_blobs_proxy_legacy_controller.rb
@ -7,17 +7,21 @@ module Api
    skip_before_action :authenticate_user!
    skip_authorization_check

+    # rubocop:disable Metrics
    def show
      Rollbar.info('Blob legacy') if defined?(Rollbar)

-      return render json: { error: 'Not authenticated' }, status: :unauthorized unless current_user
-
      blob = ActiveStorage::Blob.find_signed!(params[:signed_blob_id] || params[:signed_id])

-      if blob.attachments.none? { |a| a.record.account.id == current_user.account_id }
+      is_permitted = blob.attachments.any? do |a|
+        (current_user && a.record.account.id == current_user.account_id) ||
+          a.record.account.account_configs.any? { |e| e.key == 'legacy_blob_proxy' }
+      end
+
+      unless is_permitted
        Rollbar.error("Blob account not found: #{blob.id}") if defined?(Rollbar)

-        return head :not_found
+        return render json: { error: 'Not authenticated' }, status: :unauthorized
      end

      if request.headers['Range'].present?
@ -31,5 +35,6 @@ module Api
        end
      end
    end
+    # rubocop:enable Metrics
  end
 end