102909edb3
This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3 |
||
|---|---|---|
| .. | ||
| components | ||
| fabricators | ||
| fixtures | ||
| helpers | ||
| import_export | ||
| integration | ||
| integrity | ||
| jobs | ||
| lib | ||
| mailers | ||
| models | ||
| multisite | ||
| requests | ||
| serializers | ||
| services | ||
| support | ||
| tasks | ||
| views/omniauth_callbacks | ||
| rails_helper.rb | ||