Implement authorization for Active Storage endpoints

Consider blobs attached to any public records accessible to anyone with
the URL.
This commit is contained in:
Rosa Gutierrez
2025-12-19 11:13:06 +01:00
parent 24c20ad55f
commit 196d685f8d
7 changed files with 264 additions and 1 deletions
+8
View File
@@ -16,6 +16,14 @@ module ActionText
def storage_tracked_record
record.try(:storage_tracked_record)
end
def accessible_to?(user)
record.try(:accessible_to?, user) || record.try(:publicly_accessible?)
end
def publicly_accessible?
record.try(:publicly_accessible?)
end
end
end
end