Skip to content

Commit 2c3523f

Browse files
ssddanbrownssddanbrown
committed
Updated image permission setting logic
To ensure thhat the visibility is still set on local storage options since the previous recent changes could cause problems where in scenarios where the server user could not read images uploaded by the php process user. Closes #2758
1 parent 7a059a5 commit 2c3523f

File tree

2 files changed

+17
-16
lines changed

2 files changed

+17
-16
lines changed

app/Uploads/ImageService.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -140,12 +140,13 @@ protected function saveImageDataInPublicSpace(Storage $storage, string $path, st
140140
{
141141
$storage->put($path, $data);
142142

143-
// Set visibility if using s3 without an endpoint set.
144-
// Done since this call can break s3-like services but desired for actual
145-
// AWS s3 usage. Attempting to set ACL during above put request requires
146-
// different permissions hence would technically be a breaking change.
143+
// Set visibility when a non-AWS-s3, s3-like storage option is in use.
144+
// Done since this call can break s3-like services but desired for other image stores.
145+
// Attempting to set ACL during above put request requires different permissions
146+
// hence would technically be a breaking change for actual s3 usage.
147147
$usingS3 = strtolower(config('filesystems.images')) === 's3';
148-
if ($usingS3 && is_null(config('filesystems.disks.s3.endpoint'))) {
148+
$usingS3Like = $usingS3 && !is_null(config('filesystems.disks.s3.endpoint'));
149+
if (!$usingS3Like) {
149150
$storage->setVisibility($path, 'public');
150151
}
151152
}

tests/Uploads/ImageTest.php

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ class ImageTest extends TestCase
1414

1515
public function test_image_upload()
1616
{
17-
$page = Page::first();
17+
$page = Page::query()->first();
1818
$admin = $this->getAdmin();
1919
$this->actingAs($admin);
2020

@@ -38,7 +38,7 @@ public function test_image_upload()
3838

3939
public function test_image_display_thumbnail_generation_does_not_increase_image_size()
4040
{
41-
$page = Page::first();
41+
$page = Page::query()->first();
4242
$admin = $this->getAdmin();
4343
$this->actingAs($admin);
4444

@@ -108,7 +108,7 @@ public function test_gallery_get_list_format()
108108

109109
public function test_image_usage()
110110
{
111-
$page = Page::first();
111+
$page = Page::query()->first();
112112
$editor = $this->getEditor();
113113
$this->actingAs($editor);
114114

@@ -128,7 +128,7 @@ public function test_image_usage()
128128

129129
public function test_php_files_cannot_be_uploaded()
130130
{
131-
$page = Page::first();
131+
$page = Page::query()->first();
132132
$admin = $this->getAdmin();
133133
$this->actingAs($admin);
134134

@@ -150,7 +150,7 @@ public function test_php_files_cannot_be_uploaded()
150150

151151
public function test_php_like_files_cannot_be_uploaded()
152152
{
153-
$page = Page::first();
153+
$page = Page::query()->first();
154154
$admin = $this->getAdmin();
155155
$this->actingAs($admin);
156156

@@ -202,7 +202,7 @@ public function test_url_entities_removed_from_filenames()
202202
];
203203
foreach ($badNames as $name) {
204204
$galleryFile = $this->getTestImage($name);
205-
$page = Page::first();
205+
$page = Page::query()->first();
206206
$badPath = $this->getTestImagePath('gallery', $name);
207207
$this->deleteImage($badPath);
208208

@@ -227,7 +227,7 @@ public function test_secure_images_uploads_to_correct_place()
227227
config()->set('filesystems.images', 'local_secure');
228228
$this->asEditor();
229229
$galleryFile = $this->getTestImage('my-secure-test-upload.png');
230-
$page = Page::first();
230+
$page = Page::query()->first();
231231
$expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png');
232232

233233
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
@@ -245,7 +245,7 @@ public function test_secure_images_included_in_exports()
245245
config()->set('filesystems.images', 'local_secure');
246246
$this->asEditor();
247247
$galleryFile = $this->getTestImage('my-secure-test-upload.png');
248-
$page = Page::first();
248+
$page = Page::query()->first();
249249
$expectedPath = storage_path('uploads/images/gallery/' . Date('Y-m') . '/my-secure-test-upload.png');
250250

251251
$upload = $this->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $galleryFile], []);
@@ -282,7 +282,7 @@ public function test_system_images_remain_public()
282282

283283
public function test_image_delete()
284284
{
285-
$page = Page::first();
285+
$page = Page::query()->first();
286286
$this->asAdmin();
287287
$imageName = 'first-image.png';
288288
$relPath = $this->getTestImagePath('gallery', $imageName);
@@ -304,7 +304,7 @@ public function test_image_delete()
304304

305305
public function test_image_delete_does_not_delete_similar_images()
306306
{
307-
$page = Page::first();
307+
$page = Page::query()->first();
308308
$this->asAdmin();
309309
$imageName = 'first-image.png';
310310

@@ -383,7 +383,7 @@ public function test_user_images_deleted_on_user_deletion()
383383

384384
public function test_deleted_unused_images()
385385
{
386-
$page = Page::first();
386+
$page = Page::query()->first();
387387
$admin = $this->getAdmin();
388388
$this->actingAs($admin);
389389

0 commit comments

Comments
 (0)